Info Security Governance and Risk Management Flashcards
What is the CIA Triad?
Confidentiality, Integrity & Availability
Describe CIA, “Confidentiality”
Prevents the unauthorized use or disclosure of information, aka “Privacy”.
PII
Personally Identifiable Information
Integrity
Integrity safeguards the accuracy and completeness of information and
processing methods
Availability
Availability ensures that authorized users have reliable and timely access to
information, and associated systems and assets, when needed
What is DAD?
The opposite of CIA. Disclosure, Alteration & Destruction
Defense in Depth
Defense in depth is an information security strategy based on multiple layers
of defense. Includes security management principles, security technologies and vendor solutions
Elements of Commercial Data Classification (4)
Used to protect information that has monetary value, to comply with applicable laws, protect privacy and limit liability
What are the elements of Government Data Classification (3)
Protect national security, comply with applicable laws and protect privacy.
What are Government Security Classifications (5)
Unclassified, FOUO, Confidential, Secret, Top Secret
Governance
Collectively represents the system of policies, standards, guidelines and procedures that help steer an organization’s day to day operations and decisions
TYPES of InfoSec Policies (4)
Senior Management, Regulatory, Advisory and Informative
What is an SLA?
Service-level Agreements establish minimum performance standards for a system, application, network or service.
Information OWNER
The OWNER has ultimate responsibility for the security of the information. Responsible for determining classification, policy for access, maintain inventory, review classification and delegate day-to-day functions.
Information CUSTODIAN
Responsibility for day-to-day security of information.