BA 2010 1002 exam 2 Flashcards

Managing the flow of goods and services through digital technologies

the process of managing and controlling the digital identities of individuals or entities accessing information systems, applications, or other resources

the process of verifying the identity of a user or process

what assets you are approved to access

a specialty discipline within cybersecurity designed to ensure only the right people can access the appropriate data and resources

the practices and tools that monitor and manage network access

the act of using IT software and systems to manage user access and compliance

manages user accounts and ensures users have access to the right resources and are using them appropriately

the act of removing user access to applications, systems, and data within a network

the process of controlling access to assets / resources

Multi-Factor Authentication

is an authentication method that enables users to authenticate with multiple applications and websites by using 1 set of credentials

the process of ending all sessions that SSO authenticated

an event that negatively affects IT systems and impacts on the business

Any observable occurrence in the IT infrastructure

a catastrophic event that will have great negative effect on IT systems and impact on the business

This phase will be the workhorse of your incident response planning, and in the end, the most crucial phase to protect your business.

This is the process where you determine whether you’ve been breached. A breach, or incident, could originate from many different areas

Contain the breach so it doesn’t spread and cause further damage to your business

Fixing the problem

the process of restoring and returning affected systems and devices back into your business environment

A post-incident meeting with all stakeholders where you discuss everything that happened

s a group of IT professionals that provides an organization with services and support surrounding the assessment, management and
prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts

The documentation of a predetermined set of instructions or procedures to detect, respond to, and limit consequences of malicious cyber attacks against an organization's information systems

a formal document created by an organization that contains detailed instructions on how to respond to unplanned incidents & business disruptions to ensure critical IT support systems are resumed quickly with minimal loss of data

recovery time objective

recovery point objective

Mean time between failure

mean time to repair

verification activity of a process or system to ensure compliance to requirements

the assessment of data for quality throughout its lifecycle to ensure its accuracy and efficacy for specific usage

the process in which an organization’s information systems and processes are tested to validate effectiveness, efficiency, and security

discussing who has access to data

Team reads through the DRP and discusses validity

Group walks through a simulation DRP to identify any issues or needed modifications

Run a simulation disaster

Recovery systems are tested while primary systems continue to run full workload

Primary systems are cut over to recovery systems

an internal body that handles incident response for the entire organization

multiple incident response teams, with each one responsible for a physical location (e.g. branch office)

a central incident response team that works together with distributed incident response teams

Audits you hire an auditing business to do an audit for you.

Audits that are done by employees for that business

1) preparation

2) identification

3) containment

4) eradication

5) recovery

6) Lessons learned

1) preparation

2) identification

3) containment, eradication, recovery

4) Lessons learned