Section 2: Security Management Concepts Flashcards

1
Q

Code of Ethics Canons

A

Protect society, the common good, necessary public trust and confidence, and the infrastructure
Act honorably, honestly, justly, responsibly, and legally
Provide diligent and competent service to principals
Advance and protect the profession

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who must define the security policies for the business?

A

Senior management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Strategic Plan

A

Outlines the long-term business goals and objectives over a 3-5 year period, but updated annually

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Tactical Plan

A

Outlines the mid-range goals and objectives to meet the strategic plan over a 1 year period

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Operational Plan

A

Outlines the short-range goals and objectives to meet the tactical and strategic plan objectives over the next 1-3 months

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security Manager

A

Responsible for developing and managing a security program and personnel involved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Security Officer

A

Responsible to implement and maintain the information security strategy or program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Security Analyst

A

Detect, analyze, and respond to security threats and attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Security Engineer

A

Design, test, and implement security solutions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Owner

A

Responsible for the classification and protection of their data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Data Custodian

A

Responsible for implementing data protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Data Steward

A

Provide subject matter expertise for specific data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Administrator

A

Responsible for implementing and maintaining the information system - privileged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Auditor

A

Responsible for auditing the compliance with security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

User

A

A subject with access to the information system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Pretexting

A

The creation of a fictitious story to encourage trust or create guilt. “The hook”

17
Q

NCA

A

Non-Compete Agreement
Prevent employees from working for a competing organization for a certain amount of time

18
Q

Information System Owner

A

Responsible for the overall procurement, development, integration, and maintenance of a system