Domain 2 - Asset Security

Question 1

Categorization

Answer 1

The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization.

Question 2

Clearing

Answer 2

The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.

Question 3

Curie Temperature

Answer 3

The critical point where a material’s intrinsic magnetic alignment changes direction.

Question 4

Data Classification

Answer 4

Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.

Question 5

Data Custodians

Answer 5

Ensure important datasets are developed, maintained, and accessible within their defined specifications.

Question 6

Data Modeling

Answer 6

The methodology that identifies the path to meet user requirements.

Question 7

Data Remanence

Answer 7

The residual physical representation of data that has been in some way erased.

Question 8

Data Standards

Answer 8

Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations.

Question 9

Federal Information Processing Standards (FIPS)

Answer 9

The official series of publications relating to standards and guidelines adopted.

Question 10

File Encryption Software

Answer 10

Allows greater flexibility in applying encryption to specific file(s).

Question 11

Framework Core

Answer 11

A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.

Question 12

Framework Implementation Tiers

Answer 12

Provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.

Question 13

Framework Profile

Answer 13

Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.

Question 14

IT Asset Management (ITAM)

Answer 14

ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders.

Question 15

Media Encryption Software

Answer 15

Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB drives, or laptop hard drives.

Question 16

The National Checklist Program (NCP)

Answer 16

The U.S. Government repository of publicly available security checklists (or benchmarks) that provide detailed low-level guidance on setting the security configuration of operating systems and applications.

Question 17

NIST Computer Security Division (CSD)

Answer 17

Focuses on providing measurements and standards to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology systems.

Question 18

Purging

Answer 18

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Question 19

Quality Assurance (QA)

Answer 19

An assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality.

Question 20

Quality Control (QC)

Answer 20

An assessment of quality based on internal standards, processes, and procedures established to control and monitor quality.

Question 21

Self-Encrypting USB Drives

Answer 21

Portable USB drives that embed encryption algorithms within the hard drive, thus eliminating the need to install any encryption software.