Lecture 5 Flashcards
Security Governance/Risk Management
______ ensures proper creation, implemenation and enforcement of a ecurity policy
security management planning
A ____ plan is long-term and is stable. Should define the mission, long-term goal and vision.
Strategic
A ____ plan is a midterm plan with more details on how to achieve the long-term goals.
Tactical
The _____ plan is a short-term, highly detailed plan. Based more on day to day operations.
Operational
A set of practices to support, define and direct the security efforts of an organization.
A: Security policy
B: Security plan
C: Security governance
C: Security governance
Who is ultimately responsible for the security maintained by the organization? Usually sign off on policies.
Senior Manager
Who is responsible for classifying information?
Data owner
A(n) _____is responsible for testing and verifying that the security policy is properly implemented and the security solutions are adequate
auditor
_____ is used by grouping security controls together by type or function in order to simplify security.
A. collecting
B. abstraction
c. grouping
b. Abstraction
Data hiding is used for what?
Prevent data from being discovered or accessed by a subject
______ is the art and science of hiding the meaning or intent of a communication from unintended recipients.
Encryption
**
A control framework. A documented set of best IT security practices. It encourages mapping IT security ideals to business objectives.
CobiT
Control Objectives for Information and Related Technology
_________ is using reasonable care to protect the interests of an organization.
Due care
__________ is practicing the activities that maintain the due care effort.
Due diligence
____ is information that can be traced back to a person and can be used to compromise their identity.
Personally identifiable information (PII)
T/F: Privacy must be addressed in an organizational security policy.
True
Match the type of documents to what they are.
- Policy
- Standards
- Guidelines
- Procedures
A. Recommendations/best practices
B. Specific mandatory controls
C. Step by step instructions
D. General management statements
- Policy, D. General management
- Standards, B. specific mandatory controls
- Guidelines, A. Recommendations/best practices
- Procedures, C. Step by step instructions
A ___ defines the scope of security, assets to protect, security goals and practices, roles, responsibilities, risk levels. Mandatory to have.
security policy
A ____ defines mandatory requirements for the use of hardware, software, technology, and security controls.
standard
The minimum level of security that every system must meet is the ____.
baseline
A _____ is a recommendation on how standards and baselines can be implemented.
guideline
A ___ is a detailed step-by-step document to describe exact actions needed to do a specific security mechanism.
procedure