Section 3 Flashcards
Which tool is used for vulnerability assessment?
Qualys
Which standards apply to any financial entity policies?
Gramm-Leach-Bliley
What company audits other companies for licensing requirements?
BSA (business software alliance)
Which term is synonymous with symmetric cryptography?
secret key cryptography
Which term is synonymous with asymmetric cryptography?
public key cryptography
what are hash functions used for
determining whether the message has changed
-verify integrity of data
Symmetric cryptography
uses a single key to both encrypt the plaintext and decrypt the ciphertext
examples of symmetric cryptography
DES, 3DES, AES
asymmetric cryptography
uses public and private key
- public key encrypts data and anyone can access it
- private key decrypts
Examples of asymmetric cryptography
RSA, ECC, DSA
protocols: PGP, SSL/TSL
examples of hash functions
MD5, SHA
regulatory compliance
Adherence to laws specific to industry in which you’re operating
industry compliance
Regulations not mandated by law but can have severe impacts upon ability to conduct business
PCI DSS
processing credit card transactions
Steps for compliance
- monitoring
- reviewing
- documenting
- reporting
Federal Information Security Management Act (FISMA)
- Organization implement information security controls that use a risk-based approach
- provides a framework for ensuring the effectiveness of information security controls in government.
Federal Risk and Authorization Management (FedRAMP)
defines rules for government agencies contracting with cloud providers
Sarbanes-Oxley Act (SOX)
Regulates financial data, operation, and assets for publicly held companies
Gramm-Leach-Bliley Act (GLBA)
Protect information and financial data belonging to customers of financial institutions
Children’s Internet Protection Act (CIPA)
Requires schools and libraries to prevent children from accessing obscene or harmful content over the internet
Children’s Online Privacy Protection Act (COPPA)
Protects privacy of minors under 13 by restricting organization from collecting their PII
Family Educational Rights and Privacy Act (FERPA)
protects students’ records
General Data Protection Regulation (GDPR)
- EU
- data protection and privacy for all individuals
NIST Framework
□ Categorize data
□ Select controls
□ Implement controls
□ Assess controls
□ Authorize use of system
□ Monitor controls
IaaS
access to virtual servers and storage
- AWS, google cloud
PaaS
provides prebuilt servers
SaaS
access to specific app
What is the disadvantage of logging?
resources/ takes up storage
Which act regulates federal departments in the United States?
FISMA
Which act regulates customer privacy in the finance industry?
GLBA
Which act regulates reporting of publicly traded companies?
SOX
Which algorithm supports encryption for email?
PGP