Flashcards in Asset Security Deck (21):
The residual physical representation of data that has been in some way erased.
Official series of publications relating to standards & guidelines adopted
Federal Information Processing Standards (FIPS)
Allows greater flexibility in applying encryption to specific file(s).
File Encryption Software
Broader discipline, adding several dimensions of management & involving a much broader base of stakeholders
IT Asset Management (ITAM)
Methodology that identifies the path to meet user requirements.
Software that is used to encrypt otherwise unprotected storage media such as CD's, DVDs, USB drives, or laptop hard drives.
Media Encryption Software
Portable USB drives that embed encryption algorithms within the hard drive, thus eliminating the need to install any encryption software.
Self-Encrypting USB Drives
An assessment of quality based on internal standards, processes, & procedures established to control & monitor quality.
Quality Control (QC)
Assessment of quality based on standards external to the process involves reviewing of the activities & quality control processes to ensure final products meet predetermined standards of quality.
Quality Assurance (QA)
Removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.
The U.S. Gov repository of publicly known available security checklists (or benchmarks) that provide detailed low level guidance on setting the security configuration of operating systems & applications.
National Checklist Program
Process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization.
Entails analyzing the data that the organization retains, determining its importance & value, & then assigning it to a category.
Ensures the important datasets are developed, maintained, & accessible within their defined specifications.
Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations.
Set of CyberSecurity activities, desired outcomes, & applicable references that are common across critical infrastructure sectors.
Provide context on how an organization views cybersecurity risk & the processes in place to manage that risk.
Framework Implementation Tiers
Represents the outcomes based on business needs that an organization has selected from the Framework Categories & Sub-Categories.
Focuses on providing measurements & standards to protect information systems against threats to the confidentiality of information, integrity of information and processes, & availability of information & services in order to build trust & confidence
NIST Computer Security Division
The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.