Information Technology and Security Flashcards
(16 cards)
Reasonableness
Data validation that considers reliability, validity, and duplicates and identifies them for additional scrutiny.
False Reject Rate
Want a higher False Reject Rate to protect data centers.
Best way to prevent internal attacks
Security awareness training for all who have access to internal resources.
Employee Owned Devices
Greatest risk to business functions and enterprise.
Security Awareness Training
Prevent Internal Threats
Reduce social engineering attacks
Signs of effective incident response and security awareness
Increased reporting of security events.
Increase number of violation reports.
Configuration Management
Establishing baselines for hardware, software, and internally developed systems.
Images are managed here.
Change Management
Comprises of the overall governance framework and serves the configuration, release and management issues.
Incident Response Process
Detection-identify cause.
Response-limit impact.
Mitigation-remediation
Recovery-full repair of event
Indicates the readiness and preparedness of the enterprise to handle unexpected events
Incident Response Plan
SDLC
Plan (Initiation)-Begin security, implement internal controls.
Development-security is identified.
Implementation-security is configured and tested.
Operation-maintaining acceptable level security.
Test ensuring adequate quality, ensures system can be recovered and meets load requirements.
User Acceptance Testing
Unauthorized Disclosure of Sensitive Data
Data Leakage
System Accreditation
Risks associated with implementation has been identified and accepted by SENIOR MANAGER.
System Certification
Reviewing technical and non-technical controls and reducing risk an acceptable level.
Ways to reduce redundant data
Normalization Controls in the Database.
