Chapter 11: Security Administration Flashcards Preview

CompTIA Security+ > Chapter 11: Security Administration > Flashcards

Flashcards in Chapter 11: Security Administration Deck (24)
Loading flashcards...


This is when you begin or terminate close business relations with a new partner.


What do you need to think about when transitioning?

Whether your policies work together, what your interoperability policies look like, and whether your security requirements mesh
-Who owns the data? How will it be backed up and managed?


Service Level Agreement (SLA)

Defines the level of service that's going to be provided. How long will response time be for an on site tech?
SLA will typically have a technical definition in terms of mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR)


Blanket Purchase Order (BPO)

An ongoing agreement between the government and a private company in which the government agrees to keep purchasing materials, equipment, or services from a company.


The Memorandum of Understanding (MOU)

Summarizes which party is responsible for what part of the work


Interconnection Security Agreement (ISA)

Documents the technical requirements for interconnected infrastructure


Clean Desk Policy
(Training Topics)

Make sure employees won't leave important information out in the open


Compliance with laws, best practices, and standards
(Training Topics)

Keep your users educated on which rules they must follow


Data Handling
(Training Topics)

Only let those who need data access it. Least Privilege.


Personally Owned Devices
(Training Topics)

Don't let employees use flash drives, DVDs, cell phones, laptops, whatever. Just don't.


Prevent tailgating
(Training Topics)

Tell people to be aware of what's going on around them


Safe Internet Habits
(Training Topics)

Training users to avoid malicious sites and only visit trusted web servers


Public Information

Information available to the public or certain external entities.
Limited Distribution
-Private information, but it is shared with outside entities like a bank or something
Full Distribution
-Available to everyone!


Private Information

Could embarrass the company, disclose trade secrets, or worse
Internal Information
-Personnel records, customer lists, medical records, etc.
Restricted Information
-could destroy the company. Proprietary protocols, trade secrets, strategic info, marketing plans, etc.



Confidentiality, Integrity, Availability



Disclosure, Alteration, Destruction


Health Insurance Portability and Accountability Act (HIPAA)

Standards for storage, use, and transmission of medical information. Passed in 1996.
-Covers confidentiality, privacy, and security
-Fines for HIPAA violations are as high as $250,000


Gramm-Leach-Bailey Act (Financial Modernization Act of 1999)

Banks can't release certain information. Custormers can opt out of information sharing. Account info can't be shared for marketing purposes. I hope it contained some hilarious clause about y2k.


Computer Fraud and Abuse Act (CFAA)

Hackers and spammers can be classified and tried as terrorists. Anyone who had any knowledge can be tried as an accessory. Not really relevant now that most anyone may be classified as a terrorist threat under the PATRIOT Act.


Family Educational Rights and Privacy Act (FERPA)

School can't share information without the student or parent knowledge and permission
-School must give student access to their own record if requested


Computer Security Act of 1987

Federal agencies must secure sensitive data


Cyberspace Electronic Security Act (CESA) 1999

Law enforcement has the right to gain access to cipher keys


Cyber Security Enhancement Act of 2002

Feds have easy access to ISPs and other data transmission to monitor your communications


PATRIOT Act of 2001

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT).
-Absolutely disgusting show of governmental overreach and betrayal of citizen privacy and humanity.