Chapter 11: Security Administration Flashcards Preview

CompTIA Security+ > Chapter 11: Security Administration > Flashcards

Flashcards in Chapter 11: Security Administration Deck (24)
Loading flashcards...
1

Transitioning

This is when you begin or terminate close business relations with a new partner.

2

What do you need to think about when transitioning?

Whether your policies work together, what your interoperability policies look like, and whether your security requirements mesh
-Who owns the data? How will it be backed up and managed?

3

Service Level Agreement (SLA)

Defines the level of service that's going to be provided. How long will response time be for an on site tech?
SLA will typically have a technical definition in terms of mean time between failures (MTBF), mean time to repair or mean time to recovery (MTTR)

4

Blanket Purchase Order (BPO)

An ongoing agreement between the government and a private company in which the government agrees to keep purchasing materials, equipment, or services from a company.

5

The Memorandum of Understanding (MOU)

Summarizes which party is responsible for what part of the work

6

Interconnection Security Agreement (ISA)

Documents the technical requirements for interconnected infrastructure

7

Clean Desk Policy
(Training Topics)

Make sure employees won't leave important information out in the open

8

Compliance with laws, best practices, and standards
(Training Topics)

Keep your users educated on which rules they must follow

9

Data Handling
(Training Topics)

Only let those who need data access it. Least Privilege.

10

Personally Owned Devices
(Training Topics)

Don't let employees use flash drives, DVDs, cell phones, laptops, whatever. Just don't.

11

Prevent tailgating
(Training Topics)

Tell people to be aware of what's going on around them

12

Safe Internet Habits
(Training Topics)

Training users to avoid malicious sites and only visit trusted web servers

13

Public Information

Information available to the public or certain external entities.
Limited Distribution
-Private information, but it is shared with outside entities like a bank or something
Full Distribution
-Available to everyone!

14

Private Information

Could embarrass the company, disclose trade secrets, or worse
Internal Information
-Personnel records, customer lists, medical records, etc.
Restricted Information
-could destroy the company. Proprietary protocols, trade secrets, strategic info, marketing plans, etc.

15

CIA

Confidentiality, Integrity, Availability

16

DAD

Disclosure, Alteration, Destruction

17

Health Insurance Portability and Accountability Act (HIPAA)

Standards for storage, use, and transmission of medical information. Passed in 1996.
-Covers confidentiality, privacy, and security
-Fines for HIPAA violations are as high as $250,000

18

Gramm-Leach-Bailey Act (Financial Modernization Act of 1999)

Banks can't release certain information. Custormers can opt out of information sharing. Account info can't be shared for marketing purposes. I hope it contained some hilarious clause about y2k.

19

Computer Fraud and Abuse Act (CFAA)

Hackers and spammers can be classified and tried as terrorists. Anyone who had any knowledge can be tried as an accessory. Not really relevant now that most anyone may be classified as a terrorist threat under the PATRIOT Act.

20

Family Educational Rights and Privacy Act (FERPA)

School can't share information without the student or parent knowledge and permission
-School must give student access to their own record if requested

21

Computer Security Act of 1987

Federal agencies must secure sensitive data

22

Cyberspace Electronic Security Act (CESA) 1999

Law enforcement has the right to gain access to cipher keys

23

Cyber Security Enhancement Act of 2002

Feds have easy access to ISPs and other data transmission to monitor your communications

24

PATRIOT Act of 2001

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT).
-Absolutely disgusting show of governmental overreach and betrayal of citizen privacy and humanity.