Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TPCRA: Lesson 2: Pre-Contract Due Diligence > Pre-Contract: InfoSec Questionnaire > Flashcards

Pre-Contract: InfoSec Questionnaire Flashcards

1
Q

Cyber Intake

A

Now what do you do?
Access to determine Residual Risk
Using a risk-based approach
-Assuming there are triggers in the IRQ, then you use those triggers to determine residual risk and the risk based approach. How much effort you’re going to don on an ongoing basis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Info-Sec Questionnaire

A

-Data protection
-Encryption
-Server Security
-Application Security
-Application Programing Interface (API)
-Network Security
-Security Administration
-Physical/Environmental Security
-Incident Response
-Change Management
-Technology Oversight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Info-Sec Questionnaire:
Data protection

A

Evaluation of controls around data governance, data loss prevention, data recovery, and data integrity.
-Set of controls around data governance, data loss, data loss prevention, data integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Info-Sec Questionnaire:
Encryption

A

Evaluation of controls around encryption protocol, key management, and password storage.
-protocols, password storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Info-Sec Questionnaire:
Sever Security

A

Evaluation of controls related to patch management, server configuration, and technology refresh activities.
-hardware, patch management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Info-Sec Questionnaire:
Application Security

A

Evaluation of controls related to application testing, patch management, and access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Info-Sec Questionnaire:
Application Programming Interface (API)

A

Evaluation of controls around data collection, rate limits, and API service definitions.
-Two apps talk to each other the way they can talk to each other

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Info-Sec Questionnaire:
Network Security

A

Evaluation of controls around patch management, penetration testing, network segmentation, & firewall rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Info-Sec Questionnaire:
Security Administration

A

Evaluation of controls around access reviews & logon attempts.
-Access reviews, login attempts
-Access reviews elevated access or access that should be cut off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Info-Sec Questionnaire:
Physical/Environmental Security

A

Evaluation of controls around physical & environmental security.
-handling paper documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Info-Sec Questionnaire:
Incident Response

A

Evaluation of controls around incident response plans and testing.
-Critical in third party space
-How the vendor does incident response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Info-Sec Questionnaire:
Change Management

A

Evaluation of controls around development & testing.
-How they do development and testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Info-Sec Questionnaire:
Technology Oversight

A

Evaluation of controls around technology governance.
-How they do technology governance, governance around controls in technology

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

TEST

A

Question on how you figure out what your next step is. Your evaluated on how you access controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TPCRA: Lesson 2: Pre-Contract Due Diligence (8 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions