Domain 1 Flashcards Preview

Game Changer > Domain 1 > Flashcards

Flashcards in Domain 1 Deck (33):
1

Requires federal agencies to take extra security measures to prevent unauthorized access to computers that hold sensitive info.
Requires security awareness training to employees.
Assigns NIST for InfoSec and NSA for Crypto

U.S. Computer Security Act of 1987

2

Prevents unauthorized use or disclosure of information, ensuring that only those who are authorized to access information can do so.

Confidentiality

3

Includes names, addresses, Social Security numbers, contact information, and financial or medical data.

Personally Identifiable Information (PII)

4

Includes all information in PII but also includes a patient's medical records and healthcare payment history.

Personal Health Information (PHI)

5

Safeguards the accuracy and completeness of information and processing methods.

Integrity

6

Ensures that authorized users have reliable and timely access to information, and associated systems and assets when needed.

Availability

7

General purpose statement that says what the org is, what it does, and why it exists

Mission Statement

8

Conduct that a reasonable person exercises in a given situation, which provides a standard for determining negligence.

Due Care

9

If an organization fails to follow a standard of due care

Culpable Negligence

10

Prudent management and execution of Due Care

Due Diligence

11

Comprised of a set of activities undertaken by an organization in its attempts to abide by applicable laws, regulations, and standards.

Compliance

12

- Classified national defense or foreign relations information
- Records of financial institutions or credit reporting agencies
- Government computers

U.S. Computer Fraud and Abuse Act

13

- Prohibits eavesdropping, interception, or unauthorized monitoring of wire, oral, or electronic communications.
- Provides legal basis for network monitoring

U.S. Electronic Communications Privacy Act (ECPA)

14

- Establish written standards of conduct for organizations, provide relief in sentencing for organizations that have demonstrated due diligence, and place responsibility for due care on Sr. Mgmt.
- Fines up to $290 Million

U.S. Federal Sentencing Guidelines

15

- Combats industrial espionage, particularly when such activity benefits a foreign entity.
- Criminal offense to take, download, receive, or possess trade secret information that has been obtained w/o owner authorization

U.S. Economic Espionage Act

16

Enacted to combat the use of computer technology to produce and distribute pornography involving children, including adults portraying children

U.S. Child Pornography Prevention Act

17

- Authority to intercept wire, oral, & electronic communications relating to computer fraud and abuse offenses
- Authorizes access to Voicemail with search warrant
- Expands list and clarifies scope
- Allows ISP's to disclose customer information to law enforcement in emergency situations, w/o exposing provider to civil liability suits
- Clarifies LEO authority to trace communications on the Internet and other computer networks

U.S. Patriot Act

18

- Established the Public Company Accounting Oversight Board (PCAOB)
- Established new standards for entities including auditing, governance, and financial disclosures

Sarbanes-Oxley Act (SOX)

19

Extends the Computer Security Act by requiring regular audits of U.S. government information systems and organizations providing information services to the U.S. federal government

U.S. Federal Information Systems Management Act (FISMA)

20

Establishes standards for sending commercial e-mail, charges the U.S. Federal Trade Commission (FTC) with enforcement provisions, and provides penalties that include fines and imprisonment

U.S. Can-SPAM Act

21

Permits U.S.- based organizations to certify themselves as properly handling private data belonging to citizens

Safe Harbor

22

Defines 3 criminal offenses related to computer crime: unauthorized access, unauthorized modification, and hindering authorized access

The Computer Misuse Act

23

Attempts to protect intellectual property rights by using access control technologies to prevent unauthorized copying or distribution of protected digital media

Digital Rights Management (DRM)

24

NIST SP800-53 discusses a set of security controls as what type of security tool?

A baseline

25

How many physical disks are required for RAID 1?

3

26

What are communication systems that rely on start and stop flags or bits to manage data transmission?

Asynchronous

27

Motion detector that uses high microwave frequency signal transmissions to identify potential intruders

Wave Pattern

28

Analysis technique that only reports alerts after they exceed a certain threshold. Specific form of sampling.

Clipping

29

The____layer transmits data as bits.

Physical

30

Known as intelligent fuzzing

Generational Fuzzing

31

Variation in the latency for different packets

Jitter

32

Suite of specifications used to handle vulnerability and security configuration information

(SCAP) Security Content Automation Protocol

33

Types of structural coverage

Statement, branch or decision, loop, path, and data flow