Study Guide Ch 2 Flashcards
The six steps of the risk management
framework
Categorize, Select, Implement, Assess, Authorize, Monitor
Separation of duties
the security concept in which critical, significant,
and sensitive work tasks are divided among personnel
Job responsibilities
the specific work tasks an employee is required
to perform on a regular basis
Job rotation serves two functions
First, it provides a type of knowledge redundancy
Second, moving personnel around reduces the risk of fraud, data modification, theft, sabotage, and misuse of information
Collusion
When several people work together to perpetrate a crime
NDA
nondisclosure agreement
What is the purpose of a NDA?
An NDA is used to protect the confidential information within an organization from being disclosed by a former employee
NCA
non-compete agreement
What purpose does a NCA serve?
NCAs attempt to prevent an employee with special knowledge of secrets from one organization from working in a competing organization
NCAs are also used to prevent workers from jumping from one company to another competing company just because of salary increases or other incentives
the best time to terminate an employee…
at the end of their shift midweek
The primary purpose of the exit interview…
To review the liabilities and restrictions placed on the former employee based on the employment agreement, nondisclosure agreement, and any other security-related documentation
Compliance
the act of conforming to or adhering to rules, policies, regulations, standards, or requirements
Pll
personally identifiable information = any data item that can be easily and/or obviously traced back to the person of origin or concern
Security governance
the collection of practices related to supporting, defining, and directing the security efforts of an organization
Third-party governance
the system of oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements
Documentation review
the process of reading the exchanged materials and verifying them against standards and expectations
ATO
authorization to operate
Risk
The possibility that something could happen to damage, destroy, or disclose data or other resources
What is the primary goal of risk management?
To reduce risk to an acceptable level
Risk analysis
The process by which the goals of risk management are achieved
Asset
An asset is anything within an environment that should be protected
Asset valuation
A dollar value assigned to an asset based on actual
cost and non-monetary expenses
Threats
Any potential occurrence that may cause an undesirable or unwanted outcome for an organization or for a specific asset is a threat
Vulnerability
The weakness in an asset or the absence or the weakness of a safeguard or countermeasure