Lot 3 Flashcards
The individual(s) and/or department(s) responsible for the storage and safeguarding of computerized data
Data custodian -
The individual(s), normally a manager or director, who has responsibility for the integrity, accurate reporting and use of computerized data
Data owner -
The practice of layering defenses to provide added protection.
Defense in depth increases security by raising the effort needed in an attack. This
strategy places multiple barriers between an attacker and an organization’s computing
and information resources.
Defense in depth -
A set of human, physical, technical, and procedural
resources to recover, within a defined time and cost, an activity interrupted by an
emergency or disaster
Disaster recovery plan (DRP) -
A means of restricting access to objects based
on the identity of subjects and/or groups to which they belong. The controls are
discretionary in the sense that a subject with a certain access permission is capable of
passing that permission (perhaps indirectly) on to any other subject.
Discretionary access control (DAC) -
A procedure that uses two or more entities (usually persons) operating in
concert to protect a system resource so that no single entity acting alone can access that
resource
Dual control -
The level of care expected from a reasonable person of similar competency
under similar conditions
Due care -
The performance of those actions that are generally regarded as
prudent, responsible, and necessary to conduct a thorough and objective investigation,
review, and/or analysis
Due diligence -
A set of responsibilities and practices exercised by the board
and executive management with the goal of providing strategic direction, ensuring that
objectives are achieved, ascertaining that risks are managed appropriately, and verifying
that the enterprise’s resources are used responsibly
Enterprise governance -
The potential loss to an area due to the occurrence of an adverse event
Exposure -
