Vocab 2 Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

The documentation and tracking of accepted exceptions to policy.

A

exception management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When a vulnerability isn’t detected but it does actually exist.

A

false negative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When a vulnerability is reported that isn’t actually legitimate.

A

false positive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

U.S. law designed to protect the privacy of students in educational institutions. FERPA covers access control over data, as well as the circumstances under which information may be disclosed about students from educational records. The law, in particular, prescribes access control requirements for students older than 18 with regard to parents’ rights of access to data, including grades, financial, and other records.

A

Family Educational Rights and Privacy Act (FERPA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

An overall methodology prescribing higher-level processes.

A

framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The legal or corporate standards that prescribe how an organization will conduct itself with regard to its behavior in handling information and data.

A

governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

U.S. law that requires financial institutions (to include banks, loan companies, insurance, and investment companies) to protect sensitive financial data and make their information-sharing practices known to their customers. Of particular interest to security professionals is the Safeguards Rule incorporated into GLBA, which requires institutions under the jurisdiction of the Federal Trade Commission to have specific measures in place to protect customer information.

A

Gramm-Leach-Bliley Act (GLBA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Law passed in 1996 requiring the U.S. government’s Health and Human Services Department to establish requirements for protecting the privacy and security of personal health information (PHI). The two important elements of HIPAA of interest to security professionals are the HIPAA Privacy Rule and the HIPAA Security Rule, which set forth specific standards on how to protect electronic PHI.

A

Health Insurance Portability and Accountability Act (HIPAA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The process of initially presenting credentials to a system for the purposes of identifying an authorized user.

A

identification

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The level of potential harm or damage to an asset or the organization if a given threat were to exploit a given vulnerability.

A

impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The processes and methods used to manage the security life cycle of information and systems. ISSE typically follows and is adapted to the organization’s system development life-cycle model but embeds security processes into each phase of the life cycle so that security is considered early on in the development process, rather than as an afterthought when the system is implemented and data produced.

A

Information System Security Engineering (ISSE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The goal of preventing unauthorized modification to a system or data.

A

integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), which together are responsible for a majority of information technology standards that are used worldwide, including several that apply to information security and risk management.

A

ISO/IEC standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Used to understand and enable the measurement of control performance.

A

key performance indicators (KPIs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Highly probable indicators designed to accurately predict important levels of risk based on defined thresholds.

A

key risk indicators (KRIs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A security principle that dictates that entities should be given only the minimum level of rights, permissions, and privileges necessary to perform their designated functions or jobs, and no more than that.

A

least privilege