Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

05 Assets, Threats, and Vulnerabilities > MD2 Safeguard Information: Security Controls > Flashcards

MD2 Safeguard Information: Security Controls Flashcards

1
Q

Security controls can be organized into three types

A
  1. Technical
  2. Operational
  3. Managerial
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Technical

A

Technical control types include the many technologies used to protect assets. This includes encryption, authentication systems, and others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Operational

A

Operational controls relate to maintaining the day-to-day security environment. Generally, people perform these controls like awareness training and incident response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Managerial

A

Managerial controls are centered around how the other two reduce risk. Examples of management controls include policies, standards, and procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Information privacy

A

Information privacy is the protection of unauthorized access and distribution of data. Information privacy is about the right to choose. People and organizations alike deserve the right to decide when, how, and to what extent private information about them is shared. Security controls are the technologies used to regulate information privacy.

For example, imagine using a travel app to book a flight. You might browse through a list of flights and find one at a good price. To reserve a seat, you enter some personal information, like your name, email, and credit card number for payment. The transaction goes through successfully, and you booked your flight. Now, you reasonably expect the airline company to access this information you enter when signing up to complete the reservation.

However, should everyone at the company have access to your information? A person working in the marketing department shouldn’t need access to your credit card information. It makes sense to share that information with a customer support agent. Except, they should only need to access it while helping with your reservation. To maintain privacy, security controls are intended to limit access based on the user and situation. This is known as the principle of least privilege.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Principle of least privilege

A

To maintain privacy, security controls are intended to limit access based on the user and situation.

Security controls should be designed with the principle of least privilege in mind. When they are, they rely on differentiating between data owners and data custodian

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data owner

A

A data owner is a person who decides who can access, edit, use, or destroy their information. The idea is very straightforward except in cases where there are multiple owners. For example, the intellectual property of an organization can have multiple data owners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Data Custodian

A

A data custodian is anyone or anything that’s responsible for the safe handling, transport, and storage of information. Did you notice that I mentioned, “anything?” That’s because, aside from people, organisations and their systems are also custodians of people’s information.

Remember that data is an asset. Like any other asset, information privacy requires proper classification and handling. As we progress in this section, we’ll continue exploring other security controls that make this possible.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

05 Assets, Threats, and Vulnerabilities (50 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions