Security+ 10 Flashcards
three main types of fire extinguishers include A (for ash fires), B (for gas and other flammable liquid fires), and C (for electrical fires).
business impact analysis—the examination of critical versus noncritical functions. These functions are assigned two different values or metrics: recovery time objective (RTO), the acceptable amount of time to restore a function (for example, the time required for a service to be restored after a disaster), and recovery point objective (RPO), the acceptable latency of data, or the maximum tolerable time that data can remain inaccessible after a disaster.
info …
Contact information: Who you should contact if a disaster occurs and how employees will contact the organization.
Impact determination: A procedure to determine a disaster’s full impact on the organization. This includes an evaluation of assets lost and the cost to replace those assets.
Generally, the chief security officer (CSO) or other high-level executive will be in charge of DR planning, often with the help of the information systems security officer (ISSO).
info …
Pretexting is when a person invents a scenario, or pretext, in the hope of persuading a victim to divulge information.
Diversion theft is when a thief attempts to take responsibility for a shipment by diverting the delivery to a nearby location.
Spear Phishing : targeting specific groups of people or specific persons. Whaling : attacker targets senior executives.
Baiting is when a malicious individual leaves malware-infected removable media such as a USB drive or optical disc lying around in plain view.
info …
The watering hole attack is a strategy that targets users based on the common websites that they frequent. The attacker loads malware beforehand on one or more websites in the hopes that the user(s) will access those sites and activate the malware, ultimately infecting the user’s system and possibly spreading through the network.
Fire Class D : for electrical fires. Fire Class K : cooking oil fires. Most common fire ext. Is multipurpose dry-chemical ABC ext. For server rooms BC ext.’s are used sometimes most common is CO2 ext.
pre-action sprinkler system is similar to a dry pipe system, but there are requirements for it to be set off such as heat or smoke.
HVAC shielding: By installing a shield around air conditioners and other similar equipment, you end up shielding them, and thereby keep EMI generated by that equipment inside the shield.
info …
Controller Area Network (CAN) bus to allow communications between the dozens of control units, including the engine control unit and possibly the onscreen display. air gap is a method of isolating an entity, effectively separating it from everything else—the entity could be a CPU, a system, or an entire network.
due diligence is ensuring that IT infrastructure risks are known and managed. Due care is the mitigation action that an organization takes to defend against the risks that have been uncovered during due diligence. Due process is the principle that an organization must respect and safeguard personnel’s rights. This is to protect the employee from the state and from frivolous lawsuits.
info …
memorandum of understanding (MoU), or a letter of intent, in regard to a BPA; it could be that two agencies have a sort of convergence when it comes to ordering services.
interconnection security agreement (ISA). It is an agreement that is established between two (or more) organizations that own and operate connected IT systems and data sets. Its purpose is to specifically document the technical and security requirements of the interconnection between the organizations.
Clearing: This is the removal of data with a certain amount of assurance that it cannot be reconstructed.
info …
Purging: Also known as sanitizing, this is once again the removal of data, but this time, it’s done in such a way so that it cannot be reconstructed by any known technique; in this case the media is released outside the company.
Destruction: This is when the storage media is physically destroyed through pulverizing, shredding, pulping, incineration, and so on.
OOV can be summarized as the life expectancy of various types of captured data during forensic analysis.
info …