Domain 6 - Information Security Flashcards
Who should be included for insider threat?
employees, vendors, and customers
do copyrights have to be registered to be protected
no, but it helps
what is trade dress
the commercial look and feel of a product or service that identifies and distinguishes the source of the product or service
how long does a patent last and what laws are relevant
20 years, and there are no criminal laws on infringement
what must information protection measures ensure in both the physical and cyber environment
confidentiality
integrity
availability
accountability
recoverability
auditability
nonrepudiation (inability to dispute) of information
What is ISO/IEC 27001:2005
the keystone for continual improvement in the organization’s ability to effectively manage the security of its information assets
What does ISO 27000 cover
people, technology, and processes
What is NIST
National Institue of Standards and Technology
What is ISO
International Organization for Standardization
What is IEC
International Electrotechnical Commission
What businesses is the Framework for Improving Critical Infrastructure Cybersecurity suitable for
appropriate for wide range of organizations both private and public because of simplicity and scalability
What is ransomware and what was it previously called
once known as cryptoware; encrypting a user’s files and demanding payment to decrypt them (via phising, trojan attacks, compromised credentials, or software vulnerabilities)
what are business email compromise schemes
posing as an executive to initiate a wire transfer to an account controlled by criminals
what is the name for the process by which an organizational user is identified and granted privileges to levels of network information, systems, or resources, is called which of the following?
logical network access control
