Information Security Governance Flashcards Preview

CISSP CBK > Information Security Governance > Flashcards

Flashcards in Information Security Governance Deck (39)
Loading flashcards...
1

Core Goals of Security

CIA

Availability
Integrity
Confidentiality

2

Vulnerability

Weakness or lack of countermeasure

3

Threat agent

Entity that can exploit a vulnerability

4

Threat

The danger of a threat agent exploiting a vulnerability

5

Risk

The probability of a threat agent exploiting a vulnerability and the associated impact

6

Control

Safeguard that is put in place to reduce risk, also called a countermeasure

7

Exposure

Presence of a vulnerability, which exposes the organization to a threat

8

Availability

Reliable and timely data access to authorized individuals

9

Integrity

Accuracy and reliability of the information

10

Confidentiality

Necessary level of secrecy is enforced

11

Deterrent Control Function

Intended to discourage a potential attacker

12

Preventative Control Function

Intended to avoid an incident from occurring

13

Corrective Control Function

Fixes components or systems after an incident has occurred

14

Recovery Control Function

Intended to bring the environment back to regular operations

15

Detective Control Function

Helps identify an incident's activities and potentially an intruder

16

Compenstating Control Function

Controls that provide an alternate measure of control

17

Control Types

Administrative, Technical, Physical

18

Defense-In-Depth

Implementation of multiple controls so that successful penetration and compromise is more difficult to attain

19

Security through obscurity

Assuming that your enemies are not as smart as you are and they cannot figure out something that you feel is very tricky

20

Zachman Architecture Framework

One of the first enterprise architecture frameworks that is a 2d mode consisting of what, how, where, who, when, why.

21

The Open Group Architecture Framework (TOGAF)

DOD enterprise architecture framework consisting of business, data, applications, and technology descending levels of possible architecture frameworks

22

Department of Defense Architecture Framework (DoDAF)

Military framework consisting of command, control, communications, computers, intelligence, surveillance, and reconnaissance categories

23

British Ministry of Defense Architecture Framework (MODAF)

A military framework based on DoDAD that focuses on compatible data formats and expedited delivery to those who need it

24

British Ministry of Defense Architecture Framework (MODAF)

A military framework based on DoDAD that focuses on compatible data formats and expedited delivery to those who need it

25

Enterprise security architecture

Subset of an enterprise architecture and defines the information security strategy that consists of layers of solutions, processes, and procedures and the way they are linked across an enterprise strategically, tactically, and operationally

26

Enterprise security architecture

Subset of an enterprise architecture and defines the information security strategy that consists of layers of solutions, processes, and procedures and the way they are linked across an enterprise strategically, tactically, and operationally

27

ISMS

Information Security Management System

28

Strategic alignment

Business drivers and regulatory and legal requirements are being met by the security enterprise architecture

29

Business enablement

The core business processes are integrated into the security operating model

30

Process enhancement

We can do stuff better