Chapter 1 Flashcards
(33 cards)
Adequate Security
Security equivalent with the risk and magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information
Administrative Controls
Controls implemented through policy and procedures. Examples include: access control processes and requiring multiple personnel to conduct specific operation.
Artificial Intelligence
Ability of computers and robots to simulate human intelligence and behavior
Asset
Anything of value owned by an organization
Authentication
Access control process validating identity being claimed by a user/entity is known to the system by comparing one (single factor) or more (multifactor)
Authorization
Right or permission that is granted to a system entity to access a system resource
Availability
Ensuring timely and reliable access to and use of information by authorized users
Baseline
lowest level of security configuration allowed by a standard or organization
Biometric
biological characteristics of an individual, such as fingerprint, hand geometry, voice, iris patterns
Bot
malicious code acting like a remote controlled robot for an attacker with trojan/worm capabilities
Confidentiality
characteristic of data/information when not made availability or disclosed to unauthorized persons/processes
Criticality
measure of degree to which an organization depends on the information/system for success of mission/business function
Data Integrity
property that data has not been altered in an unauthorized manner- covers data in storage, during processing, and while in transit
Encryption
process and act of converting message from plaintext to ciphertex
General Data Protection Regulation (GDPR)
European Union passed this to address personal privacy, deeming it an individual human right
Institute of Electrical and Electronic Engineers
Professional organization that sets standards for telecommunications, computer engineering and similar disciplines
Health Insurance Portability and Accountability Act (HIPAA)
Most important healthcare information regulation in the US. Protects the privacy of individual health information and electronic healthcare transactions.
International Organization of Standards (ISO)
ISO develops voluntary international standards in collaboration with partners in international standardization, International Electro-technical Commission, and International Telecommunication Union
Internet Engineering Task Force (IETF)
Internet standards organization that defines protocol standards through a process of collaboration and consensus
Likelihood
Probability potential vulnerability may be exercised
Multi-factor Authentication
Using 2 or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification
National Institute of Standards and Technology
part of US Dept of Commerce, sets standards in several areas
Non-repudiation
Inability to deny taking an action such as creating information. approving information and sending or receiving a message, cannot deny the validity of the action taken because of their signature
Physical controls
Controls implemented through a tangible mechanism
