BEC 6 M4: Information Security and Availability Flashcards Preview

BEC 6: Process Management and Info Technology > BEC 6 M4: Information Security and Availability > Flashcards

Flashcards in BEC 6 M4: Information Security and Availability Deck (21)
Loading flashcards...
1
Q

symmetric encryption

A

both parties use the same, shared, private key to encrypt and decrypt the message

2
Q

asymmetric encryption

A

private key is not shared and the public key provides the other half necessary to encrypt/decrypt

3
Q

decryption/decipherment

A

where intended recipients converts cipher text into plain text

4
Q

public key infastructure

A

system and processes used to issue and manage asymmetric keys and digital certificate

5
Q

Program-level policy

A

describes info security and assigns responsibility for achievement of security objectives to the IT department

6
Q

Issue-specific policy

A

addresses specific issues of concern to the organization

7
Q

program-framework policy

A

adds detail to the IT program by describing the elements and organization of the program and department that will carry out the security mission

8
Q

System-specific polocy

A

focuses on policy issues that management has decided for a specific system

9
Q

administrative controls examples

A

separation of duties, business continuity planning, proper hiring practices

10
Q

logical controls

A

software safeguards for an entity’s computer systems identification and software access

11
Q

firewall

A

allows private intranet users to access the Internet without allowing Internet users access to private intranet

12
Q

general control

A

designed to ensure an organization’s control environment is stable and well managed:

  1. systems development standards
  2. security mgt controls
  3. change mgt controld
  4. software acquisition, development, operations and maintenance controls
13
Q

application control

A

prevent, detect and correct transaction error and fraud and are application-specific, providing reasonable assurance as to a system accuracy, completeness and validity

14
Q

processing controls

A

reconciliation of batch totals and similar procedures

15
Q

What do factors are key in a disaster recovery plan?

A

Downtown (or complete lack thereof) and backup

16
Q

cold site

A

off-site location that has all the electircal connections and other physical requirements for data processing, but does not have the actual equipment

17
Q

hot site

A

off-site location that is equipped to take over a company’s data processing

18
Q

Differential backup

A

copies all changes made since last full backup

19
Q

incremental backup

A

involves copying only the data items that have been changed since last backup

20
Q

closed loop verification

A

involves one party verifying the identity of another party

21
Q

primary purpose of a disaster recovery plan

A

specify the steps required to resume operations