study set 1 Flashcards
learn it
What are the 4 codes of Ethics?
- Protect the Society, commonwealth and the infrastructure
- Act Honorably, honestly, justly, responsibly, and legally
- Provide Diligent and competent Service to principals
- Advance and protect the profession
Known as a Program Policy
Organizational security Policy
ISO 27002
Provides practical Advice for HOW TO implement Security controls, use 10 domain to Address ISMS
ISO 27005
Approach To Risk Management
What are The Risk control Frameworks?
- COSO
- COBIT
- ISO 27001
- NIST 800_53 (government agencies)
Long term focus on sustaining Operation of the business following a Disaster
Business Recovery Plan
What type of policy is Mandatory with High level statements that supports strategic Goals of the Organization.
Organizational security Policy
A Risk Methodologies that focuses on IT Systems not the Organizational Strategy
NIST SP 800-30
A system meets the requirements of the Data Owner is called?
Certification
A dollar figure that represents what the asset is worth to the organization
(AV) Asset Value
ITADA
Identity Theft and Assumption Deterrence Act
BIA
Business Impact Analysis
ECPA
Electronic communication Privacy Act
Restricts Governments of interception of communications
CISO
Chief Info Security Officer
SCI
Sensitive Compartmented Information
Which standard comes from ISACA?
COBIT
Responding to a Risk is called?
Risk Mitigation
The Key items in privacy protection for DATA Processors are?
Training and Auditing
To identify Assets, threats and vulnerabilities
Risk Assessment
The 7 phases of BCP
- Project Initiation
- Business Impact Analysis
- Recovery Strategy
- Plan Design and Development
- Implementation
- Testing
- Maintenance
Will help you decide the correct risk mitigation Strategy?
Cost / Benefit Analysis
ISO 27004
Metrics
TCO
Total cost of Ownership
The total cost of implementing a safeguard.
includes maintenance fees
Ensures that the state holders needs conditions and options are evaluated.
Governance
How long is a trademark?
10 years
What are the Steps in Risk Management?
- Risk Assessment
- Risk Analysis
- Risk Mitigation
- Risk Monitoring
ESI
Electronically Stored information
Instance of a compromise
Exploit
System specific policy
Is Geared towards use of networks, systems, and approved software lists
A Risk assessment that use Qualitative analysis to calculate An Risk value
FRAP?
Vertical Control and Horizontal Control are?
(SCI) Sensitive Compartmented Information Government
Determining which portions of the a standard an organization will use?
Scoping
Who handles the Day to Day Data Governance
Data Steward
The 3 Risk Methodologies?
- Octave
- Frap
- NIST 800-30
What process finds trust boundaries and data flow paths?
Reduction Analysis
ISO 27001
Establishment Implementation of controls and improvements of ISMS.
Follow the PDCA
What are the 9 steps in NIST 800-30
- System characterization
- Threat Identification
- Vulnerability Identification
- Control Analysis
- Likelihood Determination
- Impact Analysis
- Risk Determination
- Control Recommendations
- Results Documentation
A Scheme for classifying Data with Categories?
Taxonomy
HR, Executives, union, ETC…
An analysts to identify assets and their criticality, identify Vulnerabilities and threats and base the protection strategy to reduce Risk
OCTAVE
What are the 7 steps to implement a Classification Scheme?
- Identity Custodian
- Specify Evaluation Criteria
- Classify and Label each Resource
- Document Exceptions
- Select Security Controls
- Specify declassification Procedures
- create Awareness Program
