Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information Security Management Principles > Information Security Management Principles_learner_stats_20121120 > Flashcards

Information Security Management Principles_learner_stats_20121120 Flashcards

1
Q

Information Security - Confidentiality

A

The property that information is not made available or disclosed to unauthorised individuals, entities or processes (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Information Security - Integrity

A

The property of safeguarding the accuracy and completeness of assets (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Information Security - Availability

A

The property of being accessible and usable upon demand by an authorised entity (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Assets & Asset Types - Asset Definition

A

Anything that has valve to the organisation, its business operations and its continuity (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assets & Asset Types - 3 Main Asset Types

A

Pure Information, Physical Assets, Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Assets & Asset Types - Pure Information Definition

A

Information in what ever format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Assets & Asset Types - Physical Assets Definition

A

Buildings, Computer Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Assets & Asset Types - Software Definition

A

Software used to process or manage information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Threat, Vulnerability, Risk & Impact - Threat Definition

A

A potenial cause of an incident that may result in harm to a system or organisation (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Threat, Vulnerability, Risk & Impact - Vulnerability Definition

A

A weakness of an asset or group of assets that can be exploited by one or more threats (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Threat, Vulnerability, Risk & Impact - Risk Definition

A

The potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organisation (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Threat, Vulnerability, Risk & Impact - Impact Definition

A

The result of an Information Security Incident, caused by a threat, which affects assets (ISO 13335)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Information Security Policy Concepts - Information Assurance Control Definition

A

Controls in the Information Assurance sense are these activities that are taken to manage the risks identified. There are 4 main types of control.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Information Security Policy Concepts - The Types of Information Assurance Controls are:

A

Eliminate Risk, Reduce Risk, Transfer Risk & Accept Risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Information Security Policy Concepts - Define Information Assurance Control: Eliminate Definition

A

Eliminate: Risk avoidance - decision not to be involved in, or action to withdraw from a risk situation (ISO Guide 73)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Information Security Policy Concepts - Define Information Assurance Control: Reduce Definition

A

Reduce: Risk reduction - action taken to lessen the probability or the negative consequences or both, associated with risk (ISO Guide 73)

17
Q

Information Security Policy Concepts - Define Information Assurance Control: Transfer Definition

A

Transfer: Risk Transfer - Sharing with another party the burden of loss or benefit of gain for a risk (ISO Guide 73)

18
Q

Information Security Policy Concepts - Define Information Assurance Control: Accept Definition

A

Accept: Risk Acceptance - Decision to accept a risk (ISO Guide 73)

19
Q

Identity, Authentication and Authorisation - Define Identity

A

Indentity: The properties of an individual or resouce that can be used to identify uniquely one individual or resource (Authors)

20
Q

Identity, Authentication and Authorisation - Define Authentication

A

Authentication: Ensuring that the identity of a subject or resouce is the one claimed (Dervied from Authenticity in ISO 13335)

21
Q

Identity, Authentication and Authorisation - Define Authorisation

A

The process of checking the authentication of an individual or resouce to establish and confirm their authorished use of or access to information or other assets (Authors)

22
Q

Accountability, Audit & Compliance - Define Accountability

A

Accountiability: The responsibility for actions and processes (Authors)

23
Q

Accountability, Audit & Compliance - Define Audit

A

Audit: Formal review of actions, processes, policies and procedures (Authors)

24
Q

Accountability, Audit & Compliance - Define Compliance

A

Compliance: Working in accordance with actions, processes, policies and procedures liad down without necessarily having indepentant reviews (Authors)

Information Security Management Principles (2 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions