security policies Flashcards
_______ is performed to ensure that critical business functions will be available to those that must have access to those functions
business continuity
a _________ identifies appropriate disaster responses in order to maintain business operations during reduced or restricted infrastructure and resource capabilities.
Business Continuity Plan (BCP)
when a small number of individuals get together and test just one part of the BCP this is called
a tabletop exercise
in a _________ , a larger number of individuals get together and work though a larger-scale simulation that incorporates many parts of the BCP
medium exercise
this involves a large number of individuals using realistic scenario that may involve full-scale practice exercises effort
complex exercise
a ________ is similar to a BCP, but can also refer to the preparations and institutions maintained by the United States government
Continuity of Operations Planning (COOP)
a _______ focuses on how losses will effect an organization.
Business Impact Analysis (BIA)
the _______ identifies short-term actions to take to stop the incident and restore critical functions so the organization can continue to operate.
Disaster Recovery Plan (DRP) identifies
this defines the security requirements for a computer system when designing, assembling, delivering, installing, configuring, and initializing applications and data
common criteria
____ manages the interaction between subjects and objects using an access control database.
reference monitor
the actual operating system implementation of the reference monitor concept is called
security kernel
using the reference monitor method, the system gives the user a _____ which allows them to access resources associated with their account
tokens
__________ separates various processes and tasks into trusted rings.
Ring architecture
_________ separates the trusted from the untrusted.
security perimeter
_________ restricts the ability of a program to read and write to memory according to its permissions or access level.
confinement
_________ protect a system from exploitation by controlling the amount of a subject’s access to system resources, such as memory.
bounds
__________ separates the resources used by one process from the resources used by other processes.
isolation
______ define the rules for communication between layers.
application programing interfaces (APIs)
________ is a layering security technique that causes information within a single layer to be hidden from upper and lower layers of processing, thus securing individual layers.
hiding
if refers to the product or system that is being evaluated.
Target of Evaluation
TOE
a _________ is an application running on a real system that mimics hardware platforms in order to support the running of multiple operating systems on a single real machine.
virtual machine
VMWare and Microsoft hyper -v is an example of
virtual machine software
________ are the documents that explicitly identify the terms and conditions of employment
employment agreement
a legal contract between the organization and the employee that specifies the employee is not to disclose the organization’s confidential information.
non disclosure agreement
it prohibits an employee from working for a competing organization for a specified time after the employee leaves the organization.
Non-compete agreement
________ specifies the organization’s ownership of intellectual property created by the employee during the employment period.
ownership of materials agreement
it documents the security classification levels of information and the guidelines for handling each level of classified materials.
Data handling and
classification policy
the _______ is designed to prevent confidential information being left where it is easily accessible.
clean desk policy
the _______ identifies the employee’s rights to use company property such as Internet access and computer equipment for personal use
acceptable use agreement
the ______ outlines the organization’s monitoring activities
employee monitoring agreement
