KAS Flashcards

1
Q

NIST Special Publication – defines PII as any information that can be used to trace a person’s identity such as SSN, name, DOB, place of birth, mother’s maiden name

A

800-122

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

build/implement info security continuous monitoring program: define, establish, implement, analyze and report

A

800-137

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

GAPP for securing information technology systems

A

800-14

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

cloud computing

A

800-145

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to develop security plans

A

800-18 NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Baseline for achieving security, five lifecycle planning phases (defined in 800-14), 33 IT security principles

A

800-27

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

NIST guidelines for sanitation and disposition, prevents data remanence

A

800-88

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Assign permission to access and handle data

A

Administrators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

examines security controls

A

Auditor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Starting point that can be tailored to an organization for a minimum security standard. Common security configurations, Use Group Policies to check and enforce compliance

A

Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

value of data exceeds cost of media; Sanitation is business normal, not destruction for costs reasons

A

Buy high quality media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

a class of media on which data are recorded by optical means.

A

CD
Compact Disc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

creates list of security controls for OS, mobile, server, and network devices

A

CIS
Center for Internet Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

costs are not a factor in classifying data but are in controls

A

Classifying Costs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

To use software or hardware products to overwrite storage space on the media with non- sensitive data. This process may include overwriting not only the logical storage location of a file(s) (e.g., file allocation table) but also may include all addressable locations.

A

Clear
See comments on clear/purge convergence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

z-Prepping media for reuse at same level. Removal of sensitive data from storage devices in such a way that the data may not be reconstructed using normal system functions or utilities. May be recoverable with special lab equipment. Data just overwritten.

A

Clearing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

operators of commercial websites post a privacy policy if collecting personal information on CA residents

A

COPPA, California Online Privacy Protection Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Value, age, useful life, personal association

A

Criteria

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Critical point where a material’s intrinsic magnetic alignment changes direction.

A

Curie Temperature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Pieces of information from which “understandable information” is derived

A

Data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Dar; inactive data that is physically stored, not RAM, biggest threat is a data breach, full disk encryption protects it (Microsoft Bitlocker and Microsoft EFS, which use AES, are apps)

A

Data at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Creation, use, destruction (subservient to security policy)

A

Data Life

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.

A

Degauss

Degaussing any current generation hard disk (including but not limited to IDE, EIDE, ATA, SCSI and Jaz) will render the drive permanently unusable since these drives store track location information on the hard drive in dedicated regions of the drive in between the data sectors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

AC erasure; alternating magnetic fields , DC erasure; unidirectional magnetic field or permanent magnet, can erase tapes

A

Degaussing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

The result of actions taken to ensure that media cannot be reused as originally intended and that information is virtually impossible to recover or prohibitively expensive.

A

Destruction

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

The binary coding scheme generally used in computer technology to represent data as binary bits (1s and 0s).

A

Digital

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A physically destructive method of sanitizing media; the act of separating into component parts.

A

Disintegration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

The act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing non-confidential information but may also include other media.

A

Disposal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

use labels to determine the appropriate control to apply to data. Won’t modify labels in real-time.

A

DLP

Data Loss/Leakage Prevention

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

establishes DIACAP

A

DOD 8510.01

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

a disc the same shape and size as a CD; but the ? has a higher density and gives the option for data to be double-sided or double-layered.

A

DVD
Digital Video Disc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

ECM

A

Enterprise Content Management; centrally managed and controlled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

General term that refers to media on which data are recorded via an electrically based process.

A

Electronic Media

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

a good way to secure files sent through the internet

A

Encrypt data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

You can see ALL BUT PAYLOAD, normally done by users

A

End to End

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Uses information as their job
Follows instructions in policies and guidelines
Due care (prevents open view by e.g. Clean desk)
Use corporation resources for corporation use

A

End user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

deletion of files or media, removes link to file, least effective

A

Erasing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Process intended to render magnetically stored information irretrievable by normal means.

A

Erasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

official series of publications relating to standards and guidelines adopted under the FISMA, Federal Information Security Management Act of 2002.

A

FIPS, Federal Information Processing Standards;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Standards for categorizing information and information systems.

A

FIPS 199

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

minimum security requirements for Federal information and information systems

A

FIPS 200

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Pre-established layout for data.

A

Format

43
Q

z-overseas compliance framework for organizations wishing to use personal data of EU citizens
Self-certify but Dpt. Of Transportation or ? can enforce
Gramm/Leach/Bailey Act delaying application to financial markets

A

FTC

44
Q

FTP and Telnet are unencrypted!

A

SFTP and SSH provide encryption to protect data and credentials that are used to log in

45
Q

A rigid magnetic disk fixed permanently within a drive unit and used for storing data.

A

Hard Disk

46
Q

A physically destructive method of sanitizing media; the act of burning completely to ashes.

A

Incineration

47
Q

Meaningful interpretation or expression of data.

A

Information

48
Q

classifications and defines level of access and method to store and transmit information

A

Information policy

49
Q

Metadata of subject (its classification) or object (its clearance) relating to the operational processes of mandatory access control systems .

A

Label

50
Q

to make sure data is identifiable by its classification level. Some label all media that contains data to prevent reuse of Public media for sensitive data.

A

Label Data

51
Q

z-is usually point to point EVERYTHING ENCRYPTED
“Black pipe, black oil, black ping pong balls” all data is encrypted, normally did by service providers

A

Link

52
Q

act of identifying that material is classified but not revealing the classification; no label is visible.

A

Marking

53
Q

Plural of medium.

A

Media

54
Q

A general term referring to the actions taken to render data written on media unrecoverable by both ordinary and extraordinary means.

A

Media Sanitization

55
Q

Material on which data are or may be recorded, such as paper, punched cards, magnetic tape, magnetic disks, solid state devices, or optical discs.

A

Medium

56
Q

A physically destructive method of sanitizing media; to be changed from a solid to a liquid state generally by the application of heat.

A

Melting

57
Q

NIST

A

National Institute of Standards and Technology

58
Q

z-special publications address computer security in a variety of areas

A

NIST SP 800 series

59
Q

z-legal agreement that prevents employees from sharing proprietary information

A

Non-disclosure Agreement

60
Q

A plastic disk that is “written” (encoded) and “read” using an optical laser device.

A

Optical Disks

61
Q

Writing patterns of data on top of the data stored on a magnetic medium.

A

Overwrite

NSA has researched that one overwrite is good enough to sanitize most drives. See comments on clear/purge convergence.

62
Q

z-overwrites with pattern, may miss

A

Overwriting wiping shredding

63
Q

credit cards, provides a set of security controls /standards

A

PCI-DSS

Payment and Card Industry – Security Standards Council;

64
Q

Deals with the knowledge that employees gain while employed.

A

Personnel Retention

65
Q

A sanitization method for optical media, such as CDs.

A

Physical Destruction

66
Q

A physically destructive method of sanitizing media; the act of grinding to a powder or dust.

A

Pulverization

67
Q

Rendering sanitized data unrecoverable by laboratory attack methods. See comments on clear/purge convergence.

A

Purge

68
Q

More intense than clearing. Media can be reused in lower systems. Removal of sensitive data with the intent that the data cannot be reconstructed by any known technique.

A

Purging

69
Q

assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes.

A

QA

70
Q

assessment of quality based on internal standards

A

QC

71
Q

Fundamental process in an information system that results only in the flow of information from an object to a subject.

A

Read

72
Q

To write data on a medium, such as a magnetic tape, magnetic disk, or optical disc.

A

Record

73
Q

retaining and maintaining information for as long as it’s needed

A

Record Retention

74
Q

how long data retained and maintained

A

Record Retention Policies

75
Q

Action necessary to store data files of an information system and computational capability after a system failure.

A

Recovery Procedures

76
Q

Residual information remaining on storage media after clearing.

A

Remanence

77
Q

use strong encryption, like AES256, to ensure loss of media does not result in data breach

A

Removable Media

78
Q

Data left in storage after information processing operations are complete, but before degaussing or overwriting has taken place.

A

Residue

79
Q

Downgrading equipment for reuse will probably be more expensive than buying new

A

Reuse

80
Q

Generally a commercially available disc or solid state device on which the content was recorded during the manufacturing process.

A

ROM
Read Only Memory

81
Q

Process to remove information from media such that data recovery is not possible. It includes removing all classified labels, markings, and activity logs.

A

Sanitize

82
Q

Series of processes that removes data, ensures data is unrecoverable by any means. Removing a computer from service and disposed of. All storage media removed or destroyed.

A

Sanitizing

83
Q

reviewing baseline security controls and selecting only those controls that apply to the IT system you’re trying to protect.

A

Scoping

84
Q

An overwrite technology using firmware based process to overwrite a hard drive. Is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.

A

Secure Erase

85
Q

Strategic, develops policies and guidelines

A

Security Analyst

86
Q

involves security scope, providing security management responsibilities and testing security measures for effectiveness. Strategic 5 years Tactical shorter than strategic Operational day to day, short term

A

Security planning

87
Q

authenticates and defines technology used to control information access and distribution

A

Security policies

88
Q

ultimate responsibility

A

Senior Manager

89
Q

A method of sanitizing media; the act of cutting or tearing into small particles.

A

Shred

90
Q

Specify use of specific technologies in a uniform way

A

Standards

91
Q

Retrievable retention of data. Electronic, electrostatic, or electrical hardware or other elements (media) into which data may be entered, and from which data may be retrieved.

A

Storage

92
Q

adding assessment procedures or assessment details to adequately meet the risk management needs of the organization.

A

Supplementation

93
Q

Select security controls

A

System Owners

94
Q

lists hardware / software to be used and steps to undertake to protect infrastructure

A

SYSTEM security policy

95
Q

modifying the list of security controls within a baseline so that they align with the mission of the organization.

A

Tailoring

96
Q

WORM

A

Write-Once Read Many.

97
Q

wipe a drive and fill with zeros

A

Zero fill

98
Q

exculpatory

A

evidence that is favorable to defendant, tends to exonerate

99
Q

inculpatory

A

evidence that shows guilt

100
Q

colocation cloud

A

Colocation cloud combines the benefits of colocation and cloud computing to provide a comprehensive solution that addresses the limitations of traditional data management approaches.

101
Q

blue team

A

defends from attacks

102
Q

red team

A

attacks

103
Q

white team

A

handles security incidents