Udemy-Domain 1 Flashcards
the opposite of CIA is ___
Disclosure, Destruction and Alteration
Type 1 authentication is \_\_\_, type 2 is \_\_\_, type 3 is \_\_\_, type 4 is \_\_\_, type 5 is \_\_\_
- something you know
- something you have
- something you are (inherent)
- somewhere you are
- something you do
a cookie on your PC could be a type ___ authentication
2 (something you have)
the IP/Mac address of your computer could serve as a type ___ authentication
4 (somewhere you are)
a pattern unlock on a cellphone could serve as a type ___ authentication
5 (something you do)
the risk appetite of an organization could be ___, ___ or ___
aggressive; neutral; adverse
OCTAVE
Self Directed risk management (Operationally Critical Threat, Asset and Vulnerability Evaluation)
COBIT
Goals for IT - stakeholder needs are mapped down to IT related goals (Control Objectives for Information and related Technologies)
COSO
Goals for an entire organization (Committee Of Sponsoring Organizations)
ITIL
IT service management (Information Technology Infrastructure Library)
FRAP
Analyses one business unit/application/system at a time in a roundtable with Internal employees. Impact analyzed, threats and risks prioritized (Facilitated Risk Analysis Process)
PCI-DSS
Payment Card Industry Data Security Standard
ISO 27001
framework of Requirements for establishing, implementing and improving an information security management system (Plan, Do, Check, Act)
ISO 27002
framework of practical advise on implementing security controls in 10 domains
ISO 27004
framework of metrics of success for an information security management system
ISO 27005
framework for a Standards based approach to risk management
ISO 27799
framework of directives on how to protect PHI
Criminal standard of proof is ___,
the victim is ___
and possible punishments include ___
for the purpose of ___
- “beyond a reasonable doubt”
- society
- incarceration, death or fines
- deterrence
Civil/tort standard of proof is ___,
possible punishments include ___
for the purpose of ___
- majority of the proof (“preponderance of the evidence”)
- financial fines
- compensating the victims
Administrative/regulatory standard of proof is ___
“more likely than not”
Due Diligence is satisfied by ___, but Due Care is satisfied by ___
research; action (what would a prudent person do?)
negligence is the opposite of ___
Due Care
___ determines your liability for an event
Due Care
Real evidence is ___,
Direct evidence is ___,
- physical objects
- first-hand witness testimony
the Basic Evidence rule says that evidence should be ___ (5)
- accurate
- relevant
- convincing
- complete
- authentic
logs and documents from systems are considered ___ evidence
secondary
the ___ protects against unreasonable search and seizure
fourth amendment
___ circumstances may allow certain searches and seizures if there is immediate threat to human life or destruction of evidence
exigent
(illegal) entrapment is ___ but (legal) enticement is ___
persuading someone to commit a crime (creating intent/motive); making a crime easier (presenting means/opportunity)
copyrights are granted ___ for ___ years,
trademarks are granted ___ for ___ years
- automatically; 70/95
- after registration; 10