Unit 5.20 - Security Flashcards
What is a vulnerability analysis?
AKA Risk Analysis
Vulnerability analysis involves identifying the company’s assets and then analyzing potential threats to these assets.
- Tangible assets include items such as equipment, inventory, and buildings.
- Intangible assets include items like intellectual property, information, or data.
What is Signal Detection Theory?
Systematic approach for studying human vigilance and categorizing the kinds of mistakes human monitors are likely to make.
Hit - detected threat and actual threat
False alarm - threat detected and no actual threat
Security Breach - no action taken and actual threat
True miss - no action taken and no actual threat
What are the Privacy Protection Laws?
- Federal Wiretapping Act
- Fair Credit Reporting Act
- Privacy Protection Act
- Polygraph Protection Act
- USA Patriot Act
What is the Federal Wiretapping Act?
Prohibits the deliberate interception of private telephone and oral communications.
Business-use exception - monitoring to assess employee performance
What is the Fair Credit Reporting Act?
Offers protection to individuals against negative credit reports containing false or misleading information.
Company must tell people beforehand
What is the Privacy Protection Act?
To protect privacy of individuals employed in government agencies or
government contractors.
Notice – Employees should be informed of the information kept about them by the employer.
Authorization – Employee should authorize the collection of the 3rd party information.
Access – Employees should have accessibility to the information.
Correction – Employee can challenge the accuracy of the information.
Confidentiality – Disclosure of information requires employee authorization.
What is the Employee Polygraph Protection Act?
Provides privacy protection for employees.
Exceptions:
- The test is part of an ongoing investigation of losses suffered by the
employer. - The tested employee had access to the property in question.
- The employer had reasonable suspicion of the employee’s
involvement. - The employer provided a statement explaining the basis for suspecting
the above conditions.
What is the Patriot Act (formerly Freedom Act)?
Expanded the authority of US law enforcement agencies (for fighting terrorism)
What is the Protection of Proprietary Information?
Companies try to ensure computer security by using firewalls to prevent viruses, spyware, and malicious attacks from entering their systems
What is Crisis Management and Contingency Planning?
Ensuring that the company has a plan for handling emergencies.
- Clarification of the chain of command;
- Employee accounting protocol to ensure all employees are safe;
- Establishment of a communications center;
- Employee training to ensure preparedness;
- Education for employees on where and how to provide, or receive medical assistance;
- and who is part of the company’s emergency team.
What is emergency preparedness?
Provide for well being of employees during a crisis.
- Develop an executive policy regarding emergency responses;
- Appoint a program coordinator to oversee the development and implementation of a plan and it should also create an advisory committee;
- Conduct a risk assessment and based on the information obtained, develop an appropriate plan;
- Continually evaluate and modify the plan in response to emerging risk factors;
- Communicate the plan to employees and train them how to respond.
What is the FSGO?
Federal Sentencing Guidelines for Organizations