Vocabulary Flashcards

1
Q

Redundancy

A

Redundancy is the intentional duplication of critical components or functions of a system with the goal of increasing reliability of the systems usually in the form of backup or fai-safe, or to improve actual system performance such as in the case of GNSS receivers, or multi-threaded computer processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Defense in Depth

A

Defense in Depth is the overlap, mutually reinforced layers of security (controls) that serve to provide protection to an organisation and its assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Due Diligence

A

How we prepare

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Due care

A

How we act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Accountability

A

The acknowledge and assumption of responsibility for actions, decisions, and policies including administration, governance, and implementation within the scope of the role or employment position and encompassing the obligation to report, explain and be answerable for resulting consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Responsibility

A

The duty to respond t and complete tasks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Privacy

A

Freedom from intrusion by others.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Non-repudiaiton

A

General: Assurance that someone cannot deny the vaility of something.
Security specific: Assurance that the sender of the information i provided with proof of delivery and the recipient is provided with proof of the sender’s idedntity, so neither can later eny having processed the information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Need-to-Know

A

Focuses on permissions & ability to access information.
Reember:
1. Permissions allow access to objects (access rights)
2. Rights refer to ability to take action
3. Privileges = rights + permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Entitlement

A

Amount of privileges granted to a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Aggregation

A

Amount of privileges that a user “collects” over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Least privilege

A

Permissions + Rights = privilege / Minimum amount of privilege requied to perform a task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Separation of duties & responsibilities

A

Ensures that no single person has “total control”.
1. Separation of Privileges - applies concept of least privilege to applications & processes.
2. Segregation of Duties - separation of duties + least privilege; designed to guard against excessive access to prevent conflicts of interest.
3. Two-Person Control (rule) - actvity requires the approval of 2 people to be carried out.
4. Split-knowldge - separation of duties + 2 person rule

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Privilege account management

A

Ensures that people do not have more privileges than needed & that they do not misuse privileges that they have.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Job Rotation (rotation of duties)

A

Move people through various jobs/tasks to spread knowledge & responsibility.
1. Mandatory vacations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The 6 phases of information Lifecycle

A
  1. Create or capture information
  2. Classification
  3. Storage
  4. Usage
  5. Archive
  6. Destruction or Purging
17
Q

Service Level Agreements (SLA)

A

A document describing the level of service expected by a customer from a suppllier, laying out the metrics by whichthat service is measured, andthe remedies or penalties, if any, should the agreed-upon levels not be archieved. Usually, SLAs are between companies and external suppliers, but they may also be between two departments within a company (these are referred to as Operationl Level Agreements or OLA’s).

  1. Memorandum of understanding (MOU) - Document the intention to work together
  2. Internconnection Security Agreement (ISA) - used when multiple partis plan totransmit classified data and must agree on the technical requirements to do so.
18
Q

What does NIST stand for?

A

National Institute of Standards and Technology

19
Q

What’s the NIST SP800-47?

A

It is a security guide for interconnetion information technology systems and also define MOU and ISA.