Physical & Information Security Flashcards
13%
What are audit trails?
The complete history kept of transaction data and of all changes to data.
What are the three key components of information security?
Confidentiality, data integrity, and availability.
What is a cyber attack?
An attempt to damage, disrupt, or gain unauthorized access to a computer, computer system, or electronic communications network.
What is a data loss prevention (DLP) program?
A comprehensive approach (covering people, processes, and systems) of implementing policies and controls designed specifically to discover, monitor, and protect confidential data wherever it is stored, used, or in transit over the network and at the perimeter.
What is an IT strategic plan?
A comprehensive blueprint that guides the organization’s technology management and contains high-level goals and plans for all areas of information technology that affect the business, not just the infrastructure.
What is an official record?
Any form of paper, electronic, audio or video recording, etc., that an organization must retain for legal, regulatory, or practical operational reasons.
What is business email compromise (BEC)?
BEC is when a legitimate business’ email account is either compromised or impersonated.
What is confidentiality?
When information is not made available or disclosed to unauthorized individuals, entities, or processes.
What is data integrity?
The process of maintaining and assuring the accuracy and completeness of data over its life cycle.
What is file accountability?
Ensuring that in each step of a process only current files are processed and to ensure a file is not inadvertently duplicated or omitted from processing.
What is file balancing?
A process completed at each step to ensure that transactions were not dropped, changed, or duplicated.
What is layered security?
The use of different controls at different points in a transaction process so that weakness in one control is generally compensated for by the strength of a different control.
What is limited access?
Restricting data access to authorized personnel.
What is nonpublic personal information?
Any personally identifiable information a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise publicly available.
What is public information?
Information lawfully made available to the general public from government records, widely distributed media, or legally required disclosures to the general public.
What is redundancy?
Data backed up at a site physically separate from the data processing area, to guard against the loss or destruction of data.
What is secure storage?
Protecting electronic files and paper records against unauthorized or inadvertent change through the use of file security techniques.
What is the National Institute of Standards and Technology (NIST)?
The agency that developed a voluntary cybersecurity framework based on existing standards, guidelines, and practices for reducing cyber risks to critical infrastructures.
Who are internal IT audit staff?
The department whose primary role is to assess, independently and objectively, the controls, reliability, and integrity of the institution’s IT environment.
What is authentication?
The process of confirming the identity of a person, an object, or a piece of information.
What is information security?
The protection of information against unauthorized access to or modification whether in storage, processing, or transit, and against the denial of service to authorized users, including what is necessary to detect, document, and counter such threats.
What is change management?
The broad processes for managing organizational changes that encompass planning, oversight or governance, project management, testing, and implementation.
What is end-point security?
A method of protecting a network when accessed with remote devices, such as laptops, or other wireless and mobile devices.
What is middleware?
Software that connects two or more software components or applications, aka application programmer interface (API).
What is a software patch?
Code that replaces or updates other code, and is frequently used to correct security flaws.
What is a sandbox?
It is a restricted, controlled execution environment often used for testing new programs that prevents potentially malicious software, such as mobile code, from accessing any system resources.
What is a secure sockets layer (SSL)?
A protocol that is used to transmit private documents through the internet.
What is a zero-day attack?
An attack on a piece of software that has a vulnerability for which there is no known patch.
