IS4680 Chapter 8

Question 1

(AUPs) Acceptable use policies

Answer 1

.Policies that define what actions are acceptable and which are not.

Question 2

Background check

Answer 2

An investigation to divulge evidence of past behavior that may indicate a prospect is a security risk.

Question 3

Business drivers

Answer 3

The components, including people, information, and conditions, that support business objectives.

Question 4

Confidentiality agreement

Answer 4

A legally binding document in which the parties agree that certain types of information will pass among the parties and must remain confidential and not divulged. (Non-disclosure agreement NDA)

Question 5

Corrective controls

Answer 5

Mechanisms that repair damage caused by an undesired action and limit further damage, such as the procedure to remove detected viruses.

Question 6

Detective controls

Answer 6

Mechanisms that recognize when an undesired action has occurred, such as motion detectors or usage log analysis tools.

Question 7

(DAC) Discretionary access control

Answer 7

Access permissions based on roles, or groups, that allows object owners and administrators to grant access rights at their discretion.

Question 8

(FCRA) Fair Credit Reporting Act

Answer 8

US legislation that defines national standards for all consumer reports.

Question 9

(MAC) Mandatory access control

Answer 9

Access control method based on data classification and user clearance.

Question 10

Need to know

Answer 10

A subject has a need to access an object to complete a task.

Question 11

Preventive controls

Answer 11

Mechanisms that keep an undesired action from happening, such as locked doors or computer access controls.

Question 12

Principle of least privilege

Answer 12

A principle that states that users should not have access above what is required to perform their duties

Question 13

Separation of duties

Answer 13

The process of dividing roles and responsibilities so a single individual cannot undermine a critical process