Vocab 1 Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

Organizational policy that describes both acceptable and unacceptable actions when using organizational computing resources, as well as the consequences of violating the policy.

A

acceptable use policy (AUP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The processes and technologies involved in protecting information, systems, and data against unauthorized disclosure, modification, or loss through the control of access to those resources physically and/or logically.

A

access control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The ability to trace an action or event to a definitive user and to hold that user responsible for their actions.

A

accountability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Tools that interact actively with a system and can often give you a more realistic perspective of vulnerabilities and the overall control effectiveness; can also cause performance issues.

A

active tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The process of determining whether a program or a project is meeting specified objectives and of determining whether the controls selected to protect the system are performing their desired function to the level required.

A

assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Anything of value to an organization; assets can include tangible items such as information, data, equipment, supplies, facilities, and systems, or intangible items such as customer loyalty and reputation.

A

asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The process of reviewing different data sources, including log files and access control records, to determine compliance with security policy or detect deviations or anomalies.

A

auditing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The process of validating credentials that a user has supplied to verify that they are the actual authorized user and that the credentials belong to that user.

A

authentication

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The process of giving authenticated users the proper accesses to systems, data, and facilities.

A

authorization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The goal of having information and systems available to authorized users whenever and however they need them.

A

availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Must be made if the response can’t be quickly or easily implemented without a significant cost or change to the organization or the system. A business case for a risk response justifies the expense and work required to make the response function properly.

A

business case

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The process, generally detailed in a supporting plan, that keeps the company operating and functioning in the event of a power outage, IT malfunction, or major disaster.

A

business continuity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The process of analyzing the critical missions and business processes and the systems used to complete those tasks and of determining the impact to the mission of a loss or disruption in access to those systems.

A

business impact assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The ability for the organization to implement a risk response.

A

capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Control Objectives for Information and Related Technology (but now typically referred to by its acronym). This management and governance framework was developed and is used extensively by ISACA in its various risk management and business process frameworks. It is currently in version 5.

A

COBIT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Controls spanning the entire organization and protecting multiple assets rather than only a specific system. Physical controls are good examples of common controls, and the responsible entity for these controls would be the common controls provider.

A

common controls

17
Q

The goal of protecting systems and information from unauthorized disclosure.

A

confidentiality

18
Q

A measure put in place to increase protection for an asset, to make up for a lack of protection for an asset, or to strengthen a weakness for an asset. Controls can be administrative, technical, or physical and operational. They can also be further divided by functionality, including deterrent, preventative, detective, and so on.

A

control

19
Q

The process of determining the difference between the existing state of a control’s effectiveness and its desired state.

A

control gap analysis

20
Q

The financial impacts of any decision, as well as the less-easily quantified aspects such as loss of goodwill, loss of brand status, and other hard-to-define attributes. Cost also includes the maintenance of the responsive mitigation over its required life span.

A

cost

21
Q

The level of protection information or data required based upon its impact to the organization if it were disclosed to unauthorized people, subject to unauthorized modification, or otherwise lost.

A

data sensitivity

22
Q

When risk response options simply don’t make good business sense, risk is assumed temporarily, perhaps until the costs are reduced, alternate measures are adopted, or risk is ultimately accepted.

A

deferral

23
Q

The process of reacting to an incident or disaster and recovering an organization, its personnel, and systems to a functioning state.

A

disaster recovery (DR)

24
Q

The design principle that states that you should attempt to design and implement controls that can be applied to more than one system or set of data or that provide more than one function in effectively mitigating risk. The goal is to minimize single-use controls (controls that apply only to a specific system or set of data) because they can be more expensive and specialized to implement.

A

economy of use

25
Q

The extent to which the response reduces the likelihood or the impact of the risk event to the organization; also the degree and depth that a control fulfills its security requirements.

A

effectiveness