IS4550 CHAPTER 11 Flashcards
The process of granting permission to some people to access systems, applications, and data is called ___.
AUTHORIZATION
Automatically removing a classification after a certain period of time, such as 25 years is called ___.
AUTOMATIC DECLASSIFICATION
A plan on how to continue business after a disaster. It includes a disaster recovery plan as a component is called ___.
BUSINESS CONTINUITY PLAN (BCP)
A formal analysis to determine the impact on an organization in the event that key processes and technology are not available is called ___.
BUSINESS IMPACT ANALYSIS (BIA)
The process of labeling information so that only authorized personnel may access it is called ___.
CLASSIFICATION
A level of government classification that refers to data in which unauthorized disclosure would reasonably be expected to cause some damage to the national security is called ___.
CONFIDENTIAL
A plan that provides the detail procedures and processes needed to coordinate operations during a disaster is called ___.
CONTINUITY OF OPERATION PLAN (COOP)
The process of changing the status of classified data to unclassified data is called ___.
DECLASSIFICATION
A plan to recover an organizations IT assets during a disaster, including software, data, and hardware is called ___.
DISASTER RECOVERY PLAN (DRP)
A classification level used to protect highly regulated data or strategic information is called ___.
HIGHLY SENSITIVE CLASSIFICATION
A classification level for data that would cause disruption to daily operations and some financial loss to the business if leaked is called ___.
INTERNAL CLASSIFICATION
A process of reviewing specific records when requested and declassifying them if warranted is called ___.
MANDATORY DECLASSIFICATION
A classification level for data that has no negative impact on the business if released to the public is called ___.
PUBLIC CLASSIFICATION
A measure of how quickly a business process should be recovered after a disaster. It identifies the maximum allowed downtime for a given business process is called ___.
RECOVERY TIME OBJECTIVE (RTO)
The maximum acceptable level of data loss after a disaster is called ___.
RECOVERY POINT OBJECTIVES (RPO)
A level of government classification that refers to data, the unauthorized disclosure of which would reasonably be expected to cause serious damage to the national security is called ___.
SECRET
A hardware device or software code that generates a token (usually represented as a series of numbers) at logon. It is extremely difficult and some say impossible to replicate. When assigned to an individual as part of the required logon, it provides assurance of who is accessing the network. This is called ___.
SECURITY TOKEN
A level of government classification that refers to data that is confidential and not subject to release under the Freedom of Information Act is called ___.
SENSITIVE BUT UNCLASSIFIED
A classification level for data that would mean significant financial loss if leaked is called ___.
SENSITIVE CLASSIFICATION
A process of reviewing records exempted from automatic declassification and then removing the data from classification is called ___.
SYSTEMATIC DECLASSIFICATION
A level of government classification that refers to data, the unauthorized disclosure of which would reasonably be expected to cause grave damage to the national security is called ___.
TOP SECRET
A level of government classification that refers to data available to the public is called ___.
UNCLASSIFIED
- Which of the following is not a common need for most organizations to classify data?
- Protect information
- Retain information
- Sell information
- Recover information
Sell information
- Authorization is the process used to prove the identity of the person accessing systems, applications, and data.
TRUE OR FALSE
FALSE
- You need to retain data fro what major reasons?
- Legal obligation
- Needs of the business
- For recovery
- 1 and 2
- All the above
Legal obligation
Needs of the business
For recovery
- What qualities should the data owner possess?
- Is in a senior position within the business
- Understands the data operations of the business
- Understands the importance and value of the information to the business
- Understand the ramifications of inaccurate data or unauthorized access
- All the above
- Is in a senior position within the business
- Understands the data operations of the business *Understands the importance and value of the information to the business
- Understand the ramifications of inaccurate data or unauthorized access
- In all businesses you will always have data that needs to be protected.
TRUE OR FALSE
TRUE
- Risk exposure is best-guess professional judgement using a qualitative technique.
TRUE OR FALSE
FALSE
- The lowest federal government data classification rating for classified material is ___.
Confidential
- Federal agencies can customize their own data classification scheme.
TRUE OR FALSE
FALSE
- A BIA identifies which of the following?
- Critical business processes
- Minimum downtime
- Process dependencies
- All the above
Critical business processes
Minimum downtime
Process dependencies
- A BIA is not required when creating a BCP.
TRUE OR FALSE
FALSE
- What does RTO stand for?
- Restoration team objectives
- Recovery timeline owner
- Restoration time objective
- Recovery time objective
Recovery time objective
- A man-made disaster is easier to plan for than a natural disaster.
TRUE OR FALSE
FALSE
- Data in transit refers to what type of data?
- Data backup tapes being moved to a recovery facility
- Data on your USB drive
- Data traversing a network
- Data being stored for later transmission
Data traversing a network
- Encryption protects data at rest from all types of breaches.
TRUE OR FALSE
FALSE
