Ch. 8

Question 1

List 5 IT-related controls

Answer 1

SCPPA

1. Security
2. Confidentiality
3. Privacy
4. Processing Integrity
5. Availability

Question 2

Define Security

Answer 2

Access (both physical and logical) to the system and its data is controlled and restricted to legitimate users

Question 3

Define Confidentiality

Answer 3

Sensitive organization information is protected from unauthorized disclosure

Question 4

Define Privacy

Answer 4

Personal information about customers, employees, suppliers, or business partners is collected, used, disclosed, and maintained only in compliance with internal policies and external regulatory requirements and is protected from unauthorized disclosure

Question 5

Define Processing Integrity

Answer 5

Data are processed accurately, completely, in a timely manner, and only with proper authorization

Question 6

Define Availability

Answer 6

The system and its information are available to meet operation and conctractual obligations

Question 7

Security Life Cycle

Answer 7

1. Assess threats & select risk response
2. Develop and communicate policy
3. Acquire & implement solutions
4. Monitor performance

Question 8

Define defense-in-depth

Answer 8

Employing multiple layers of controls to avoid a single point of failure

Question 9

Define time-based model of security

Answer 9

Implementing a combination of preventive, detective, and corrective controls that protect information assets long enough for the organization to respond before damage is done

Question 10

Time-based Formula

Answer 10

P > D + C

Question 11

Define Authentication

Answer 11

Verifying the identity of the person or device attempting to access the system

Question 12

Define Biometric identifier

Answer 12

A physical or behavioral characteristic that is used as an authentication credential

Question 13

Define multifactor authentication

Answer 13

The use of two or more types of authentication credentials in order to achieve greater security

Question 14

Define multimodal

Answer 14

Use of multiple authentication credentials of the same type to achieve greater security

Question 15

Define Authorization

Answer 15

The process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform

Question 16

Define Access Control Matrix

Answer 16

A table used to implement authorization controls

Question 17

Define compatibility test

Answer 17

Matching the user’s authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action

Question 18

Define Access Control List

Answer 18

A set of If-Then rules used to determine what to do with arriving packets