Flashcards in Chapter 11 - Security Administration Deck (25):
What is a SLA?
Service Level Agreement
Defines the level of service to be provided.
What is BPO?
Blanket Purchase Order
An Agreement between a government agency and a private company for ongoing purchases of goods or services.
What is MOU?
Memorandum of Understanding
Brief summary of which party is responsibility for what portion of the work.
What is ISA?
Interconnection Security Agreement
What kind of training involves everyone understanding policies, procedures and resources available to deal with security problems?
Ideally what security awareness should Organization training cover?
- Importance of security
- Responsibilities of people in the organization
- Policies and procedures
- Usage policies
- Account and password-selection criteria
- Social engineering prevention
Who receives additional training or exposure that explains the issues, threats and methods of dealing with threats and will want want to know the hows and whys of security training?
Who receives special knowledge training about methods. implementation and capabilities of the systems used to manage security?
What are some of the topics relate to the safety of the data or physical environment?
- Fencing - CCTV
- Lighting - Escape Plans
- Locks - Drills
- Escape Routes - Testing Controls
Why is it important to have a clean desk policy?
Information on the desk can easily be seen by prying eyes and taken by thieving hands.
What is P2P?
What is PII?
Personally Identifiable Information
Is a catchall for any data that can be used to uniquely identify an individual.
How does NIST define PII?
Any information about an individual maintained by an agency, including
1. Any information that can be used to distinguish or trace an individual's identity, such as name, social security number, date and place of birth, mother's maiden name or biometrics records.
2. Any other information that is linked to an individual, such as medical, education, financial and employment information.
What is piggybacking?
Where the individual knowingly allows another person to tailgate behind hime.
What are one safe internet habit?
Never download or install from unknown sites.
What is one smart computing habit?
read the EULA
What is zero day?
The very day that the attack was discovered.
Why is a strong password valuable?
The stronger the password the harder it is to be compromised
How do you dispose of Old Media?
Hammer, drill, fire
What is the definition of hoax?
A deliberately fabricated falsehood.
What are the three classifications of information?
What is public information?
Is primarily that which is made available either to the larger public or to specific individuals who need it.
What is Limited distribution?
Information isn't intended for release to the public.
What are the bare minimum security measures be in place for mobile devices?
Screen Lock Voice Encryption
Strong Password GPS Tracking
Device Encryption Application Control
Remote Wipe/Sanitation Storage Segmentation
Asset Tracking Device Access Control