Domain 2: Asset Security Flashcards
Accountability
Ensures that account management has assurance that only authorized users are accessing the system and using it properly.
Asset
Anything of value owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.
Baseline
A document, the lowest level of security configuration allowed by a standard or organization.
Categorization
The process of grouping sets of data, information, or knowledge that have comparable sensitivities (impact or loss ratings), and have similar security needs mandated by law, contracts or other compliance regimes.
Classification
The process of recognizing the impacts to the organization if its information suffers any security compromise to its confidentiality-, integrity-, availability-, non-repudiation-, authenticity-, privacy-, or safety-related characteristics. Classifications are derived from the compliance mandates the organization must operate within, whether these are laws, regulations, contract-specified standards, or other business expectations.
Clearing
The removal of sensitive data from storage devices in such a way that there is assurance the data may not be reconstructed using normal system functions or software recovery utilities.
Data Custodian, Custodian
The individual who manages permissions and access on a day-to-day basis based on instructions from the data owner. Responsible for protecting an asset that has value, while in the custodian’s possession.
Defensible Destruction
Eliminating data using a controlled, legally defensible, and regulatory compliant way.
Inventory
Complete list of items.
Purging
The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.
Qualitative
Measuring something without using numbers, using adjectives, scales, or grades.
Quantitative
Using numbers to measure something—usually monetary values.
Recovery
The process of jointly addressing business resiliency and restoration of critical infrastructure and functionality after a disruption.
Responsibility
Obligation for doing something. Can be delegated.
Scoping
Limiting the general baseline recommendations by removing those that do not apply.
Tailoring
The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization defined parameters in the security controls via explicit assignment and selection statements.
discoverizing
Data Loss Prevention
systems attempt to detect and block data exfiltration attempts
Marking Sensitive Data
Ensuring data has a classification label, important for DLP systems to deny sensitive data from leaving the organization
Data Remanence
the data that remains on media after the data was supposedly erased
degausser
a heavy magnetic field, which realigns the magnetic fields in magnetic media such as traditional hard drives, magnetic tape, and floppy disks.
Does not work with SSDs
Erasing
simply performing a delete operation against a file, or selection of files
Digital Rights Management
attempts to provide copywrite protection for copyrighted works
Cloud Access Security Broker
software placed logically between users and cloud based resources, monitors all activity, typically provides authentication and authz,
they BROKER the ACCESS
Shadow IT
The Use of IT without approval or even knowledge of the IT department
