Quick Tips 4 Flashcards
BLANK are documents that outline rules that are compulsory in nature and support the organization’s security policies.
Standards
A BLANK is a minimum level of security.
baseline
BLANK are recommendations and general approaches that provide advice and flexibility.
Guidelines
Job rotation is a BLANK control to detect fraud.
detective administrative
BLANK are a detective administrative control type that can help detect fraudulent activities.
Mandatory vacations
BLANK ensures no single person has total control over a critical activity or task. It is a preventative administrative control.
Separation of duties
BLANK are two aspects of separation of duties.
Split knowledge and dual control
BLANK specify the classification of data, and data custodians implement and maintain controls to enforce the set classification levels.
Data owners
Security has BLANK, which define the expected behavior from a product or system, and BLANK, which establish confidence in the implemented products or systems overall.
functional requirements, assurance requirements
BLANK must define the scope and purpose of security management, provide support, appoint a security team, delegate responsibility, and review the team’s findings.
Management
The BLANK should include individuals from different departments within the organization, not just technical personnel.
risk management team
BLANK is a nontechnical attack carried out to manipulate a person into providing sensitive data to an unauthorized individual.
Social engineering
BLANK is a collection of identity-based data that can be used in identity theft and financial fraud, and thus must be highly protected.
Personal identification information (PII)
BLANK is a framework that provides oversight, accountability, and compliance.
Security governance
BLANK is an international standard for information security measurement management.
ISO/IEC 27004:2009
