Chapter 11

Question 1

Transitioning

Answer 1

with a business partner occurs either during the on-boarding or off boarding of a business partner
397

Question 2

SLA

Answer 2

Service Level Agreement

Determines response time

Question 3

BPO

Answer 3

Blanket Purchase Order

Agreement between a gov agency and private company for ongoing purchases of goods and services

Question 4

Risk Awareness

Answer 4

Organizations both communicating with each other to share information regarding risks

Question 5

MOU

Answer 5

Memorandum of Understanding

Document is used in many settings in the information industry. It is a brief summary of which party is responsible

Question 6

ISA

Answer 6

Interconnection Security Agreement

Agreement between two organizations that have connected systems in regards to technical security

Question 7

Organization training

Answer 7

Importance of Security
Responsibilities of people in the organization
Policies and proceedures
Usage policies
Account and password selection criteria
Social engineering prevention

Question 8

Management training

Answer 8

global issues in the organization including enforcing security policies and proceedures

Question 9

Technical staff training

Answer 9

needs special knowledge about the methods implimentations and capabilities of the systems used to manage security

Question 10

Safety concerns

Answer 10

Fencing
Lighting
Locks
CCTV
Escape Plans
Drills
Escape rooms
Testing controls

Question 11

Clean desk policy

Answer 11

Information on the desk: printouts, pads of paper, sticky notes can be seen by prying eyes

Question 12

Compliance with laws, best practices and standards

Answer 12

Users need to realize that working with data is the same as driving a car: there are best practices and standards of which you must adhere

Question 13

Data Handling

Answer 13

Only users needing to work with it should have access to data

Question 14

Policy on Personal Devices

Answer 14

Don’t let people bring their personal devices into secure places because they’re dumbasses

Question 15

Tailgating

Answer 15

Following someone into a secure environment after they open it up

Question 16

Safe internet habits

Answer 16

Users need to be familiar enough with phishing to not give away information or download malware

Question 17

Types of Information that your organization keeps

Answer 17

Public use
internal use
restricted use

Question 18

Public information

Answer 18

information available to the larger public including financial statements

Question 19

Limited distribution

Answer 19

Information that isn’t intended for release to the public. This isn’t secret but it’s private. Line of credit. If disclosed to competitors it would suck

Question 20

Full Distribution

Answer 20

Marketing materials and the such that is available for general public

Question 21

Private Information

Answer 21

Intended only for internal use in the company. Could potential embarrass the company. Work documents and work products

Question 22

Internal Information

Answer 22

includes personnel records, financial working documents, ledgers, customer lists, and virtually any other information that is needed to run a business

Question 23

Restricted information

Answer 23

can seriously damage an organization: trade secrets, strategic information, marketing plans. Need to know basis

Question 24

Government classifications for information

Answer 24

Unclassified
Sensitive but unclassified
Confidential
Secret
Top Secret

Question 25

Integrity

Answer 25

ensuring that data has not been altered. Hashing message authentication codes are the most common methods to accomplish this

Question 26

Availability

Answer 26

Simply making sure that the data and systems are available for authorized users. Data backups, redundant systems, and disaster recovery plans.

Question 27

HIPAA

Answer 27

Health Insurance Portability and Accountability Regulation that mandates national standards and proceedures for storage, use, and transmission of personal medical information

Question 28

Gramm-Leach-Bliley Act

Answer 28

Financial Modernization Act of 1999 Requires financial institutions to develop privacy notices and to notify customers that they are entitled to privacy

Question 29

CFAA

Answer 29

Computer Fraud and Abuse Act Gives feds the ability to prosecute hackers spammers and others as terrorists

Question 30

FERPA

Answer 30

Family Education Rights and Privacy Act Educational institutions may not release info to unauthorized parties without express permission of the student/parents

Question 31

Computer Security Act

Answer 31

Requires federal agencies to identify and protect computer systems that contain sensitive information

Question 32

CESA

Answer 32

Cyberspace Electronic Security Act Gives law enforcement the right to gain access to encryption keys and cryptography methods

Question 33

Remote Wipe

Answer 33

Sending a signal to a mobile device to clear information

Question 34

Device Access Control

Answer 34

Controlling who in the organization has access to a mobile device

Question 35

NDA

Answer 35

Something beta testers are required to sign. Hint Willy Wonka