KAS Flashcards
NIST Special Publication – defines PII as any information that can be used to trace a person’s identity such as SSN, name, DOB, place of birth, mother’s maiden name
800-122
build/implement info security continuous monitoring program: define, establish, implement, analyze and report
800-137
GAPP for securing information technology systems
800-14
cloud computing
800-145
How to develop security plans
800-18 NIST
Baseline for achieving security, five lifecycle planning phases (defined in 800-14), 33 IT security principles
800-27
NIST guidelines for sanitation and disposition, prevents data remanence
800-88
Assign permission to access and handle data
Administrators
examines security controls
Auditor
Starting point that can be tailored to an organization for a minimum security standard. Common security configurations, Use Group Policies to check and enforce compliance
Baseline
value of data exceeds cost of media; Sanitation is business normal, not destruction for costs reasons
Buy high quality media
a class of media on which data are recorded by optical means.
CD
Compact Disc
creates list of security controls for OS, mobile, server, and network devices
CIS
Center for Internet Security
costs are not a factor in classifying data but are in controls
Classifying Costs
To use software or hardware products to overwrite storage space on the media with non- sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations.
Clear
See comments on clear/purge convergence.
z-Prepping media for reuse at same level. Removal of sensitive data from storage devices in such a way that the data may not be reconstructed using normal system functions or utilities. May be recoverable with special lab equipment. Data just overwritten.
Clearing
operators of commercial websites post a privacy policy if collecting personal information on CA residents
COPPA, California Online Privacy Protection Act
Value, age, useful life, personal association
Criteria
Critical point where a material’s intrinsic magnetic alignment changes direction.
Curie Temperature
Pieces of information from which “understandable information” is derived
Data
Dar; inactive data that is physically stored, not RAM, biggest threat is a data breach, full disk encryption protects it (Microsoft Bitlocker and Microsoft EFS, which use AES, are apps)
Data at rest
Creation, use, destruction (subservient to security policy)
Data Life
To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.
Degauss
Degaussing any current generation hard disk (including but not limited to IDE, EIDE, ATA, SCSI and Jaz) will render the drive permanently unusable since these drives store track location information on the hard drive in dedicated regions of the drive in between the data sectors.
AC erasure; alternating magnetic fields , DC erasure; unidirectional magnetic field or permanent magnet, can erase tapes
Degaussing
The result of actions taken to ensure that media cannot be reused as originally intended and that information is virtually impossible to recover or prohibitively expensive.
Destruction
The binary coding scheme generally used in computer technology to represent data as binary bits (1s and 0s).
Digital
A physically destructive method of sanitizing media; the act of separating into component parts.
Disintegration
The act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing non-confidential information but may also include other media.
Disposal
use labels to determine the appropriate control to apply to data. Won’t modify labels in real-time.
DLP
Data Loss/Leakage Prevention
establishes DIACAP
DOD 8510.01
a disc the same shape and size as a CD; but the ? has a higher density and gives the option for data to be double-sided or double-layered.
DVD
Digital Video Disc
ECM
Enterprise Content Management; centrally managed and controlled
General term that refers to media on which data are recorded via an electrically based process.
Electronic Media
a good way to secure files sent through the internet
Encrypt data
You can see ALL BUT PAYLOAD, normally done by users
End to End
Uses information as their job
Follows instructions in policies and guidelines
Due care (prevents open view by e.g. Clean desk)
Use corporation resources for corporation use
End user
deletion of files or media, removes link to file, least effective
Erasing
Process intended to render magnetically stored information irretrievable by normal means.
Erasure
official series of publications relating to standards and guidelines adopted under the FISMA, Federal Information Security Management Act of 2002.
FIPS, Federal Information Processing Standards;
Standards for categorizing information and information systems.
FIPS 199
minimum security requirements for Federal information and information systems
FIPS 200