Vocabulary

Question 1

Redundancy

Answer 1

Redundancy is the intentional duplication of critical components or functions of a system with the goal of increasing reliability of the systems usually in the form of backup or fai-safe, or to improve actual system performance such as in the case of GNSS receivers, or multi-threaded computer processing.

Question 2

Defense in Depth

Answer 2

Defense in Depth is the overlap, mutually reinforced layers of security (controls) that serve to provide protection to an organisation and its assets.

Question 3

Due Diligence

Answer 3

How we prepare

Question 4

Due care

Answer 4

How we act

Question 5

Accountability

Answer 5

The acknowledge and assumption of responsibility for actions, decisions, and policies including administration, governance, and implementation within the scope of the role or employment position and encompassing the obligation to report, explain and be answerable for resulting consequences.

Question 6

Responsibility

Answer 6

The duty to respond t and complete tasks.

Question 7

Privacy

Answer 7

Freedom from intrusion by others.

Question 8

Non-repudiaiton

Answer 8

General: Assurance that someone cannot deny the vaility of something.
Security specific: Assurance that the sender of the information i provided with proof of delivery and the recipient is provided with proof of the sender’s idedntity, so neither can later eny having processed the information.

Question 9

Need-to-Know

Answer 9

Focuses on permissions & ability to access information.
Reember:
1. Permissions allow access to objects (access rights)
2. Rights refer to ability to take action
3. Privileges = rights + permissions

Question 10

Entitlement

Answer 10

Amount of privileges granted to a user.

Question 11

Aggregation

Answer 11

Amount of privileges that a user “collects” over time.

Question 12

Least privilege

Answer 12

Permissions + Rights = privilege / Minimum amount of privilege requied to perform a task.

Question 13

Separation of duties & responsibilities

Answer 13

Ensures that no single person has “total control”.
1. Separation of Privileges - applies concept of least privilege to applications & processes.
2. Segregation of Duties - separation of duties + least privilege; designed to guard against excessive access to prevent conflicts of interest.
3. Two-Person Control (rule) - actvity requires the approval of 2 people to be carried out.
4. Split-knowldge - separation of duties + 2 person rule

Question 14

Privilege account management

Answer 14

Ensures that people do not have more privileges than needed & that they do not misuse privileges that they have.

Question 15

Job Rotation (rotation of duties)

Answer 15

Move people through various jobs/tasks to spread knowledge & responsibility.
1. Mandatory vacations

Question 16

The 6 phases of information Lifecycle

Answer 16

1. Create or capture information
2. Classification
3. Storage
4. Usage
5. Archive
6. Destruction or Purging

Question 17

Service Level Agreements (SLA)

Answer 17

A document describing the level of service expected by a customer from a suppllier, laying out the metrics by whichthat service is measured, andthe remedies or penalties, if any, should the agreed-upon levels not be archieved. Usually, SLAs are between companies and external suppliers, but they may also be between two departments within a company (these are referred to as Operationl Level Agreements or OLA’s).

1. Memorandum of understanding (MOU) - Document the intention to work together
2. Internconnection Security Agreement (ISA) - used when multiple partis plan totransmit classified data and must agree on the technical requirements to do so.

Question 18

What does NIST stand for?

Answer 18

National Institute of Standards and Technology

Question 19

What’s the NIST SP800-47?

Answer 19

It is a security guide for interconnetion information technology systems and also define MOU and ISA.