Domain 2 - Asset Security Flashcards

1
Q

Data Value Criteria

A

Value, age, useful life, personal association

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Government, military

A

Unclassified, Sensitive but unclassified, Confidential, Secret, Top Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Private sector

A

Public, Company Confidential, Private, Confidential, Sensitive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

CIRTs

A

Cyber Incident Response Team

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Data System Owners

A

Select security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Administrators

A

Assign permission to access and handle data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Auditor

A

Examines security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Quality Control (QC)

A

Assessment of quality based on internal standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Quality Assurance (QA)

A

Assessment of quality based on standards external to the process and
involves reviewing of the activities and quality control processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Sanitizing

A

Series of processes that removes data, ensures data is unrecoverable by any means.
Removing a computer from service and disposed of. All storage media removed or destroyed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Erasing

A

Deletion of files or media, removes link to file, least effective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Overwriting/wiping/shredding

A

Overwrites with pattern, may miss

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Zero fill

A

Wipe a drive and fill with zeros

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Clearing

A

Prepping media for reuse at same level. Removal of sensitive data from storage devices in
such a way that the data may not be reconstructed using normal system functions or utilities. May be
recoverable with special lab equipment. Data just overwritten.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Purging

A

More intense than clearing. Media can be reused in lower systems. Removal of sensitive
data with the intent that the data cannot be reconstructed by any known technique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data mart

A

metadata is stored in a more secure container

17
Q

Scoping

A

Reviewing baseline security controls and selecting only those controls that apply to the IT
system you’re trying to protect.

18
Q

Tailoring

A

Modifying the list of security controls within a baseline so that they align with the mission
of the organization

19
Q

Supplementation

A

Adding assessment procedures or assessment details to adequately meet the risk
management needs of the organization

20
Q

Link

A

EVERYTHING ENCRYPTED

21
Q

End to End

A

You can see ALL BUT PAYLOAD, normally done by users

22
Q

S/MIME

A

secure email

23
Q

NIST

A

National Institute of Standards and Technology

24
Q

NIST SP 800 series

A

Address computer security in a variety of areas

25
Q

800-14 NIST SP

A

GAPP for securing information technology systems

26
Q

800-18 NIST

A

How to develop security plans

27
Q

800-27 NIST SP

A
Baseline for achieving security, five lifecycle planning phases (defined in 800-14),
33 IT security principles
• Initiation
• Development/Acquisition
• Implementation
• Operation/Maintenance
• Disposal
28
Q

800-88 NIST

A

NIST guidelines for sanitation and disposition, prevents data remanence

29
Q

800-122 NIST

A

NIST Special Publication – defines PII as any information that can be used to trace a person
identity such as SSN, name, DOB, place of birth, mother’s maiden name

30
Q

800-137 NIST

A

build/implement info security continuous monitoring program: define, establish, implement,
analyze and report,

31
Q

800-145 NIST

A

Cloud computing

32
Q

FIPS – Federal Information Processing Standards

A

Official series of publications relating to standards

and guidelines adopted under the FISMA, Federal Information Security Management Act of 2002

33
Q

FIPS 199

A

Standards for categorizing information and information systems.

34
Q

FIPS 200

A

Minimum security requirements for Federal information and information systems

35
Q

ISO 15288

A
International systems engineering standard covering processes and life cycle stages
• Agreement
• Organization Project
• enabling
• Technical Management
• Technical