Security and Risk Management Flashcards Preview

CISSP CBK > Security and Risk Management > Flashcards

Flashcards in Security and Risk Management Deck (20)
Loading flashcards...
1

APT (Advanced Persistent Threat)

Tactical, low and slow attack, human as opposed to bot

2

Council of Europe (CoE) Convention on Cybercrime

Attempt to create a standardized international response to cybercrime - establish jurisdiction and extradition

3

OECD

Organization for Economic Cooperation and Development - Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

4

European Union Principles on Privacy

Principles governing transmitting information considered private

5

EU Data Protection Directive

Rules pertaining to meeting requirements for European Union Principles on Privacy

6

Safe Harbor Privacy Principles

Framework for transporting private information to and from European countries

7

Wassenaar Arrangement

International agreement dealing with restrictions on import / export

8

Civil (Code) Law System

System of law used in European countries, France, Spain that is rule-based and NOT precedent based

9

Common Law System

System of law developed in England based on precedent, having multiple levels of courts. Broken down into criminal, civil / tort, and administrative

10

Customary Law System

System of law based on customs of the region

11

Religious Law System

System of law based on religious beliefs of the region

12

Mixed Law System

Two or more legal systems are used together

13

Civil / Tort Law

Law that deals with wrongs against individuals or companies that result in damages or loss

14

Administrative / Regulatory Law

Regulatory standards that regulate performance and conduct

15

Trade secret

Something that is proprietary to a company and important for its survival and profitability

16

Copyright Law

Protects right of creator of an original work to control the public distribution, reproduction, display, and adaptation of that original work

17

Nonpracticing Entity (NPE)

Patent troll

18

Personally identifiable information (PII)

Data that can be used to uniquely identify, contact, or locate a single person

19

Pretexting

Social engineering

20

data breach

a security event that results in the actual or potential compromise of the confidentiality or integrity of protected information by unauthorized actors