Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP > Domain 2: Determining Data Security Controls > Flashcards

Domain 2: Determining Data Security Controls Flashcards

1
Q

System has been approved to meet the security requirements of the data owner

A

Certification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data owner’s acceptance of the certification and of the residual risk

A

Accreditation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk Management framework from Carnegie Mellon University

A

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What’s the three phase process for managing risk according to OCTAVE?

A

Phase 1 - Identify staff knowledge, assets, and threats
Phase 2 - Identify vulnerabilities and evaluate safeguards
Phase 3 - Conduct the risk analysis and develop the risk mitigation strategy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  • Internationally agreed-upon standard for describing and testing the security of IT products
  • Replaced the TCSEC (US) and ITSEC (Europe)
A

International Common Criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • The system or product that is being evaluated

- International Common Criteria term

A

Target of Evaluation (ToE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • Documentation describing the ToE, including the security requirements and operational environment
  • International Common Criteria term
A

Security target

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  • Independent set of security requirements and objectives for a specific category of products or systems, such as firewalls or intrusion detection systems
  • International Common Criteria term
A

Protection Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  • The evaluation score of the tested product or system

- International Common Criteria term

A

Evaluation Assurance Level (EAL)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  • Functionally tested

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  • Structurally test

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  • Methodically tested and checked

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  • Methodically, designed, tested and reviewed

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  • Semi Formally designed and tested

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Semi Formally verified, designed and tested

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  • Formally verified, designed, and tested

- International Common Criteria Evaluation Assurance Level (EAL)

A

EAL7

17
Q

Control framework for employing security governance best practices within an organization

A

COBIT

18
Q

What are the four COBIT domains?

A
  1. Plan and Organize
  2. Acquire and Implement
  3. Deliver and Support
  4. Monitor and Evaluate
19
Q

Framework for providing the best service in IT service management

A

Information Technology Infrastructure Library (ITIL)

20
Q

What are the five ITIL Service Management Practices?

A
  1. Service Strategy - Helps IT provide services
  2. Service Design - Details the infrastructure and architecture required to deliver IT services
  3. Service Transition - Describes taking new projects and making them operational
  4. Service Operation - Covers IT operations controls
  5. Continual Service Improvement - Describes easy to improve existing IT services
21
Q

Process of determining which ports of a standard will be employed by an organization

A

Scoping

22
Q

Process of customizing a standard for an organization

A

Tailoring

23
Q
  • Data stored on a media
  • i.e. hard drives, external USB drives, SANs, etc
  • Best protection encryption
A

Data at Rest

24
Q
  • Data transmitted over a network

- Best protection end-to-end encryption

A

Data in Transit

25
Q

Data in memory or temporary storage buffers, while an application is using it.

A

Data in Use

26
Q
  • An alias
  • i.e. In a medical database instead of referencing a patient’s personal name it could just refer to the patient as Patient 95764 in the record
A

Pseudonymization

27
Q

The process of removing all relevant data so that it is impossible to identify the original subject or person.

A

Anonymization

28
Q

Swaps data in individual data columns so that records no longer represent the actual data.

A

Data Masking

29
Q

Typically designed around a limited set of specific functions in relation to the larger product of which it’s a component

A

Embedded system

30
Q

Applications, OSs, hardware sets, or networks that are configured for a specific need, capability, or function and then set to remain unaltered

A

Static environments

CISSP (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions