2.1 Flashcards
Explain the importance of security concepts in an enterprise environment. (30 cards)
Refers to the process of systematically managing and controlling the settings, configurations, and changes to hardware, software, and network components within an IT environment.
Configuration management
Are commonly used in architectural specifications to communicate how the enterprise is configured.
Diagrams
A predetermined set of secure and standardized settings for hardware, software, and network components within an IT system.
Baseline configuration
Are established, consistent rules for naming files, devices, accounts, or other elements within an IT system.
Standard naming conventions
32-bit numbers divided into 4 sets of 8 bits. xxx.xxx.xxx.xxx, where x is between 0 and 255.
Internet protocol (IP) schema
Is the concept that data is subject to the laws and regulations of the country in which it is located.
Data sovereignty
The set of policies, procedures, tools, and architectures used to ensure proper control over the date in an enterprise.
Data protection
Serve to prevent sensitive data from leaving the network without notice.
Data loss prevention (DLP)
Involves the hiding of data by substituting altered values.
Masking
Is the use of sophisticated mathematical techniques to prevent persons with unauthorized access to data from actually reading the data.
Encryption
Data that is stored.
Data At rest
Data being moved from one system to another.
Data In transit/motion
Data that is actively being used, either in a processor or other computational element.
Data In processing
Is the use of a random value to take the place of a data element that has traceable meaning. A good example of this is the credit card approval process.
Tokenization
The systematic establishment of rules and order to the various rights that users can invoke over digital object. For example, at the file level, here is read, write, etc.
Rights management
The impact of physical location, jurisdictional boundaries, and regional factors on the security and privacy of digital information.
Geographical considerations
The measures and strategies implemented to address and recover from security incidents.
Response and recovery controls
Is a cybersecurity practice that involves inspecting and monitoring encrypted SSL/TLS traffic to ensure security and compliance.
Secure Sockets Layer (SSL)/Transport
Layer Security (TLS) inspection
Is a technology whereby the uniqueness of a data element can be represented in a fixed-length string.
Hashing
____________ play a crucial role in enabling communication and data exchange between different software applications. Securing ___________ involves a comprehensive approach that includes strong authentication, encryption, input validation, monitoring, and adherence to security best practices throughout the _________ development and usage lifecycle. Regular assessments and staying informed about evolving security threats are essential in maintaining the security of _________ in dynamic technology environments.
Application Programming Interfaces (APIs)
An organization’s ability to maintain critical business functions and cybersecurity capabilities in the face of disruptive events that could potentially impact the availability and integrity of its systems and data.
Site resiliency
Is a fully configured environment, similar to the normal operating environment that can be operational immediately or within a few hours.
Hot site
An environment that has the basic environmental controls necessary to operate but few of the computing components necessary for processing.
Cold site
Is a partially configured environment, usually having the peripherals and software but perhaps not the more expensive main processing computer.
Warm site
