Info Security Governance and Risk Management Flashcards

1
Q

What is the CIA Triad?

A

Confidentiality, Integrity & Availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe CIA, “Confidentiality”

A

Prevents the unauthorized use or disclosure of information, aka “Privacy”.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

PII

A

Personally Identifiable Information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Integrity

A

Integrity safeguards the accuracy and completeness of information and
processing methods

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Availability

A

Availability ensures that authorized users have reliable and timely access to
information, and associated systems and assets, when needed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is DAD?

A

The opposite of CIA. Disclosure, Alteration & Destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Defense in Depth

A

Defense in depth is an information security strategy based on multiple layers
of defense. Includes security management principles, security technologies and vendor solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Elements of Commercial Data Classification (4)

A

Used to protect information that has monetary value, to comply with applicable laws, protect privacy and limit liability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the elements of Government Data Classification (3)

A

Protect national security, comply with applicable laws and protect privacy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are Government Security Classifications (5)

A

Unclassified, FOUO, Confidential, Secret, Top Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Governance

A

Collectively represents the system of policies, standards, guidelines and procedures that help steer an organization’s day to day operations and decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

TYPES of InfoSec Policies (4)

A

Senior Management, Regulatory, Advisory and Informative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an SLA?

A

Service-level Agreements establish minimum performance standards for a system, application, network or service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Information OWNER

A

The OWNER has ultimate responsibility for the security of the information. Responsible for determining classification, policy for access, maintain inventory, review classification and delegate day-to-day functions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Information CUSTODIAN

A

Responsibility for day-to-day security of information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Separation of Duties and Responsibilities

A

Ensures that no single individual has complete authority and control over a critical system or process

17
Q

What are the three parts of a RISK in the risk management concept (Risk Management triple)

A

Threat, Vulnerability & an Asset

18
Q

Threat x Vulnerability = ?

A

Risk

19
Q

What are the three parts of Risk Management

A

Identification, analysis & Risk Treatment

20
Q

Steps of Threat Analysis

A

Define the actual threat, Identify possible consequences if threat event transpires, determine probable frequency of a threat event, assess the probability that the threat will actually occur

21
Q

Steps of Risk Analysis (RA)

A
  1. Identify assets to be protected, 2. Define threats (threat analysis), 3. Calculate ALE, annualized loss expectancy, 4. Select appropriate safeguards
22
Q

SLE

A

Single Loss Expectancy

23
Q

ARO

A

Annualized Rate of Occurrence

24
Q

ALE

A

Annualized Loss Expectancy

25
Q

What is a qualitative risk analysis

A

A scenario-base RA

26
Q

Elements of a Security Awareness Program (3)

A

Awareness Program, Formal Training & Education