BA 2010 1002 Flashcards

Cards
 Quiz

Matching

UPDATED
Bingo

Print Print
Set Details Share
created 8 months ago by JimmyJeanShorts
3 views
updated 8 months ago by JimmyJeanShorts
show moreless
Page to share:
Embed this setcancel
COPY
code changes based on your size selection
Size:
X
Show:

1

Defense in Depth

Avoid, Prevent, Detect, Respond

2

CIA

Confidentiality, Integrity, and Availability

3

Principle of Least Privilege

given only those privileges needed for it to complete its task

4

5 steps of NIST

1. Identify
2. Protect
3. Detect
4. Respond
5. Recover

5

Risk Management Steps

1. identify risk
2. analyze the risk
3. Risk assessment
4. Treat the risk
5. Monitor the risk

6

“known” asset

sometimes there are laws that tell us how to protect the asset

7

Risk response

  • Avoid
  • Transfer
  • Mitigate
  • Accept

8

Risk management

  • Frame risks
  • Assess risks
  • Respond
  • Monitor

9

Quantitative risk assessment

a process for assigning a value to an asset, the likelihood of it being compromised, and the impact of a compromise

10

Qualitative risk assessment

often more subjective. Risks, Likelihood, and impact are often ranked as High, Medium, or Low

11

Technical mechanisms to mitigate risk

• PLP
• Data Loss Prevention DLP
• Firewall
• Encryption
• Multi-Factor Authentication MFA
• Virus scan

12

Processes

a set of activities that complete a specific goal

13

Procedure

the set of instructions for completing a process

14

Policies

the guidelines that dictate how processes and procedures should be carried out

15

Policy

highest over arching – a form set of requirements or rules – written out

16

Process

detailed list of steps needed to complete something

17

Procedure

the instructions on how to complete a specific task

18

acceptable usage policy

outlines what actions and behaviors are acceptable on an organizations systems, network, and within their environment

19

Password policies

a set of rules that passwords must meet in order to be acceptable

20

MFA

Multi factor authentication

21

data policy

a policy that describes how a business handles personal data

22

Data governance policy

a document that defines how an organization uses and manages its data

23

DLP

Data Loss Prevention

24

Data owner

responsible for the big picture

25

Data stewards

responsible for what is stored

26

Data custodians

responsible for the technical environment

27

Access control

high-level requirements that specify how access is
managed and who may access information under what circumstances

28

Access control policy

data security technique that prevents unauthorized physical or remote access to company data

29

Discretionary

owners and admins set the policies on access rights

30

Role based

access is controlled based on your role within the
organization

31

4 main types of access control

  • Discretionary
  • Mandatory
  • Role based
  • Attribute based

32

Remote access policy

a policy that sets the standards for off-prem connections

33

VPN

an encrypted connection over the internet from a device to a network

34

IDS

intrusion detection systems

35

IPS

Intrusion prevention system

36

Data encryption

a method where information is encoded and can
only be accessed or decrypted by a user with the correct encryption key

37

Synchronous Encryption

uses 1 key

38

Asynchronous Encryption

uses 2 keys