Chapter 2. Information Asset Security Flashcards Preview

(ISC)2 Official Flashcards > Chapter 2. Information Asset Security > Flashcards

Flashcards in Chapter 2. Information Asset Security Deck (17)
Loading flashcards...
1

Accountability ensures that account management has assurance that only authorized users are accessing the system and using it properly.

Accountability

2

Anything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.

Asset

3

The phases that an asset goes through from creation (collection) to destruction.

Asset Lifecycle

4

A documented, lowest level of security configuration allowed by a standard or organization.

Baseline

5

The process of grouping sets of data, information, or knowledge that have comparable sensitivities (impact or loss ratings), and have similar security needs mandated by law, contracts, or other compliance regimes.

Categorization

6

The process of recognizing the impacts to the organization if its information suffers any security compromise - to its confidentiality-, integrity-, availability-, non-repudiation-, authenticity-, privacy-, or safety-related characteristics. Classifications are derived from the compliance mandates the organization must operate within, whether these be law, regulation, contract-specified standards, or other business expectations.

Classification

7

The removal of sensitive data from storage devices in such a way that there is assurance the data may not be reconstructed using normal system functions or software recovery utilities.

Clearing

8

Responsible for protecting an asset that has value, while in the custodian's possession.

Custodian, Data Custodian

9

Eliminating data using a controlled, legally defensible, and regulatory compliant way.

Defensible Destruction

10

Complete list of items.

Inventory

11

The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.

Purging

12

Measuring something without using numbers, using adjectives, scales, and grades, etc.

Qualitative

13

Using numbers to measure something, usually monetary values.

Quantitative

14

The process of jointly addressing business resiliency and restoration of critical infrastructure and functionality after a disruption.

Recovery

15

Obligation for doing something. Can be delegated.

Responsibility

16

Limiting the general baseline recommendations by removing those that do not apply.

Scoping

17

The process by which a security control baseline is modified based on (i) the application of scoping guidance, (ii) the specification of compensating security controls, if needed, and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. Source: NIST SP 800-37 Rev 1

Tailoring