Chapter 11 - Security Administration Flashcards Preview

Security + > Chapter 11 - Security Administration > Flashcards

Flashcards in Chapter 11 - Security Administration Deck (38)
Loading flashcards...
1

what is transitioning?

11 - 397

this occurs when you have an on-boarding or an off-boarding of a business partner

2

what is a SLA?

11 - 398

Service Level Agreement - defines the level of service to be provided

3

what is BPO?

11 - 398

Blanket Purchase Order - agreement between government agency and private company for ongoing purchases of goods or services

4

what is MOU?

11 - 398

Memorandum of Understanding - tells what portion of the work that each party is responsible for

5

what is ISA?

11 - 398

Interconnection Security Agreement - this documents the technical requirements of the connected systems between two organizations

6

what is risk awareness?

11 - 398

2 organizations communicate with each other to share information regarding risks

7

when you are providing security educations programs for people, you need to consider 3 audience types. what are they?

11 - 399

organization as a whole
management
technical staff

8

there are 6 areas that organization-wide security training should cover. what are they?

11 - 400

R - responsibilities
I - importance of security
P - policies and procedures
U - usage
S - social engineering
A - account and password-selection

9

management security training is concerned with what?

11 - 400

more global stuff, the hows and whys of a security program

10

Here are the Safety topics. Give me the definitions for each one.
fencing
lighting
locks
CCTV
escape plans
drills
escape routes
testing controls (3 types)

11 - 401,402



to increase physical security
need areas well lit
increased strength means increased cost
surveillance
how to get out of the building
run the escape plan to know that it works
use this in your escape plan
technical, management, operational

11

clean desk policy

11 - 402

keep your work area clean

12

compliance with laws

11 - 403

do not neglect them

13

data handling

11 - 404

if there's some data that someone needs to work with, they are the only people who should access it

14

policy on personally owned devices

11 - 404

keep them at home

15

personally identifiable information

11 - 404

self-explanatory, info that can identify an individual

16

prevent tailgating

11 - 405

when someone comes in right behind you through an open door

17

safe internet habits

11 - 406

we've been over this a billion times

18

smart computing habits

11 - 406

encourage reading of the EULA

19

social networking dangers

11 - 406

facebook, twitter, phishing crap

20

the need for all computing to be safe

11 - 406

at a MINIMUM, the home systems need to be running firewalls and updated virus scanners

21

value of strong passwords

11 - 407

keep them strong

22

understanding data labeling and handling

11 - 407

different types of data have different values and need to be labeled accordingly

23

disposing of old media

11 - 408

hammer, drill, or fire

24

responding to hoaxes

11 - 408

refuse to panic and contact IT

25

tell me the 3 types of information your organization keeps and their percentages

11 - 409

public - 20%
internal, private - 80%
restricted - ??

26

tell me the 5 gov't & military classifications

11 - 412

unclassified
sensitive but unclassified
confidential
secret
top secret

27

the CIA triad

11 - 414

confidentiality
integrity
availability

28

what is HIPAA for?

11 - 415

Health Insurance Portability and Accountability Act

mandates national standards and procedures for the storage, use, and transmission of personal medical information

29

what is Gramm-Leach-Bliley Act?

11 - 415

to develop privacy notices

also known as

30

what is the CFAA?

11 - 416

Computer Fraud and Abuse Act

to address issues of fraud and abuse, gives the FBI the ability to prosecute hackers and spammers as terrorists