Exam Essentials Chapter 1 Flashcards
(32 cards)
Confidentiality is the principle that objects are not disclosed to unauthorized subjects.
Integrity is the principle that objects retain their veracity and are intentionally modified only by authorized subjects.
Availability is the principle that authorized subjects are granted timely and uninterrupted access to objects.
As a group what is this commonly known as?
CIA Triad
__________ is composed of identification, authentication, authorization, auditing, and accountability?
AAA Services
_________ is the process by which a subject professes an identity and accountability is initiated.
Identification
__________ must provide an identity to a system to start the process of authentication, authorization, and accountability.
A subject
___________ is the process of verifying or testing that a claimed identity is valid. Authentication requires information from the subject that must exactly correspond to the identity indicated.
Authentication
__________ is the programmatic means by which subjects are held accountable for their actions while authenticated on a system through the documentation or recording of subject activities.
Auditing
Security can be maintained only if subjects are held accountable for their actions.
What is the term used for this?
Accountability
______________ ensures that the subject of an activity or event cannot deny that the event occurred. It prevents a subject from claiming not to have sent a message, not to have performed an action, or not to have been the cause of an event.
Nonrepudiation
___________ is used to collect similar elements into groups, classes, or roles that are assigned security controls, restrictions, or permissions as a collective. It adds efficiency to carrying out a security plan.
Abstraction
Preventing data from being discovered or accessed by a subject. It is often a key element in security controls as well as in programming.
What does this define?
data hiding
_____________ is the line of intersection between any two areas, subnets, or environments that have different security requirements or needs.
security boundary
_____________ is the collection of practices related to supporting, defining, and directing the security efforts of an organization.
Security governance
______________ is the system of external entity oversight that may be mandated by law, regulation, industry standards, contractual obligation, or licensing requirements. The actual method of governance may vary, but it generally involves an outside investigator or auditor.
Third-party governance
_________________ is the process of reading the exchanged materials and verifying them against standards and expectations. In many situations, especially related to government or military agencies or contractors, failing to provide sufficient documentation to meet requirements of third-party governance can result in a loss of or a voiding of authorization to operate (ATO).
Documentation review
_____________ is planning ensures proper creation, implementation, and enforcement of a security policy.
________________ aligns the security functions to the strategy, goals, mission, and objectives of the organization. This includes designing and implementing security based on business cases, budget restrictions, or scarcity of resources.
Security management
Security management planning
___________ is usually a documented argument or stated position in order to define a need to make a decision or take some form of action.
A business case
____________ demonstrates a business-specific need to alter an existing process or choose an approach to a business task.
A business case
_________________ is based on three types of plans: strategic, tactical, and operational.
Security management
____________ is a long-term plan that is fairly stable. It defines the organization’s goals, mission, and objectives.
strategic plan
__________ is a midterm plan developed to provide more details on accomplishing the goals set forth in the strategic plan. Operational plans are short-term and highly detailed plans based on the strategic and tactical plans.
The tactical plan
List the elements of a security policy that is formalized. (there are 5)
security policy
standards,
baselines,
guidelines,
procedures.
Security governance needs to address every aspect of an organization.
What are those areas? (there are 3)
organizational processes of acquisitions, divestitures,
governance committees.
List the Key Security Roles (there are 5)
senior manager,
security professional,
asset owner, custodian,
user, and
auditor.
______________ is a security concept infrastructure used to organize the complex security solutions of companies.
Control Objectives for Information and Related Technology (COBIT)
