Chapter 11 - Security Administration Flashcards Preview

Security + > Chapter 11 - Security Administration > Flashcards

Flashcards in Chapter 11 - Security Administration Deck (38)
Loading flashcards...
1
Q

what is transitioning?

11 - 397

A

this occurs when you have an on-boarding or an off-boarding of a business partner

2
Q

what is a SLA?

11 - 398

A

Service Level Agreement - defines the level of service to be provided

3
Q

what is BPO?

11 - 398

A

Blanket Purchase Order - agreement between government agency and private company for ongoing purchases of goods or services

4
Q

what is MOU?

11 - 398

A

Memorandum of Understanding - tells what portion of the work that each party is responsible for

5
Q

what is ISA?

11 - 398

A

Interconnection Security Agreement - this documents the technical requirements of the connected systems between two organizations

6
Q

what is risk awareness?

11 - 398

A

2 organizations communicate with each other to share information regarding risks

7
Q

when you are providing security educations programs for people, you need to consider 3 audience types. what are they?

11 - 399

A

organization as a whole
management
technical staff

8
Q

there are 6 areas that organization-wide security training should cover. what are they?

11 - 400

A
R - responsibilities
I - importance of security
P - policies and procedures
U - usage
S - social engineering
A - account and password-selection
9
Q

management security training is concerned with what?

11 - 400

A

more global stuff, the hows and whys of a security program

10
Q
Here are the Safety topics.  Give me the definitions for each one.
fencing
lighting
locks
CCTV
escape plans
drills
escape routes
testing controls (3 types)

11 - 401,402

A
to increase physical security
need areas well lit
increased strength means increased cost
surveillance
how to get out of the building
run the escape plan to know that it works
use this in your escape plan
technical, management, operational
11
Q

clean desk policy

11 - 402

A

keep your work area clean

12
Q

compliance with laws

11 - 403

A

do not neglect them

13
Q

data handling

11 - 404

A

if there’s some data that someone needs to work with, they are the only people who should access it

14
Q

policy on personally owned devices

11 - 404

A

keep them at home

15
Q

personally identifiable information

11 - 404

A

self-explanatory, info that can identify an individual

16
Q

prevent tailgating

11 - 405

A

when someone comes in right behind you through an open door

17
Q

safe internet habits

11 - 406

A

we’ve been over this a billion times

18
Q

smart computing habits

11 - 406

A

encourage reading of the EULA

19
Q

social networking dangers

11 - 406

A

facebook, twitter, phishing crap

20
Q

the need for all computing to be safe

11 - 406

A

at a MINIMUM, the home systems need to be running firewalls and updated virus scanners

21
Q

value of strong passwords

11 - 407

A

keep them strong

22
Q

understanding data labeling and handling

11 - 407

A

different types of data have different values and need to be labeled accordingly

23
Q

disposing of old media

11 - 408

A

hammer, drill, or fire

24
Q

responding to hoaxes

11 - 408

A

refuse to panic and contact IT

25
Q

tell me the 3 types of information your organization keeps and their percentages

11 - 409

A

public - 20%
internal, private - 80%
restricted - ??

26
Q

tell me the 5 gov’t & military classifications

11 - 412

A
unclassified
sensitive but unclassified
confidential
secret
top secret
27
Q

the CIA triad

11 - 414

A

confidentiality
integrity
availability

28
Q

what is HIPAA for?

11 - 415

A

Health Insurance Portability and Accountability Act

mandates national standards and procedures for the storage, use, and transmission of personal medical information

29
Q

what is Gramm-Leach-Bliley Act?

11 - 415

A

to develop privacy notices

also known as

30
Q

what is the CFAA?

11 - 416

A

Computer Fraud and Abuse Act

to address issues of fraud and abuse, gives the FBI the ability to prosecute hackers and spammers as terrorists

31
Q

FERPA?

11 - 416

A

Family Educational Rights and Privacy Act

educational institutions may not release information to unauthorized parties

32
Q

Computer Security Act

11 - 416

A

requires federal agencies to identify and protect computer systems that contain sensitive information

33
Q

what is CESA?

11 - 417

A

Cyberspace Electronic Security Act

gives law enforcement the right to gain access to encryption keys and cryptography methods

34
Q

Cyber Security Enhancement Act

11 - 417

A

allows the feds relatively easy access to ISPs and data transmission facilities to monitor communications of individuals

35
Q

PATRIOT ACT

11 - 417

A

gives the government extreme latitude in pursuing criminals who commit terrorist acts

36
Q

limited vs full distribution?

A

limited - not intended for public release, goes to law enforcement, medical facilities

full - public

37
Q

what does SOX stand for?

A

sarbanes-oxley - if you’re a publically traded company, you will have more visibility to traders

implicit DENY

38
Q

what is SCADA?

11 - 421

A

supervisory control and data acquisition