Chapter 11: Security Administration

Question 1

Service Level Agreement (SLA)

Answer 1

Defines the level of service to be provided, e.g. tech support availability

Question 2

Blanket Purchase Order (BPO)

Answer 2

An agreement between a government agency and a private company for ongoing purchases of goods or services.

Question 3

Memorandum of Understanding (MOU)

Answer 3

Brief summary of which party is responsible for what portion of the work

Question 4

Interconnection Security Agreement (ISA)

Answer 4

Documents the technical requirements of two organizations that have connected systems.

Question 5

Risk Awareness

Answer 5

Both organizations communicating with each other to share info regarding risks

Question 6

Areas that should be covered when training the entire organization on security issues

Answer 6

• Importance of security
• Responsibilities of people in the organization
• Policies and procedures
• Usage policies
• Account and password-selection criteria
• Social engineering prevention

Question 7

Clean Desk Policy

Answer 7

Maintain clean desks and leave out only papers that are relevant to the project that they are working on at the moment

Question 8

Personally Identifiable Information (PII)

Answer 8

Any data that can be used to uniquely identify an individual.

Question 9

Piggybacking

Answer 9

Same as tailgating, but with the permission of the first person

Question 10

Scareware

Answer 10

Software that tries to convince users that a threat exists

Question 11

Rogueware

Answer 11

Scareware that convinces users to pay money

Question 12

What percentage of info in an organization is typically public? private?

Answer 12

20%

80%

Question 13

Nondisclosure Agreement (NDA)

Answer 13

Privacy requirements that exist for a product

Question 14

Working Documents

Answer 14

Another name for private information

Question 15

Internal vs. Restricted Information

Answer 15

Internal info is virtually any info that is needed to run a business and is private, and restricted info differs in that it could actually seriously damage the organization if it is released.

Question 16

CIA Triad

Answer 16

Confidentiality, Integrity, Availability

Question 17

Health Insurance Portability and Accountability Act (HIPAA)

Answer 17

A regulation that mandates national standards and procedures for the storage, use, and transmission of personal medical information.

Question 18

Gramm-Leach-Bliley Act AKA Financial Modernization Act of 1999

Answer 18

Requires financial institutions to develop privacy notices and to notify customers of the privacy they are entitled to. Prohibits banks from sharing your information with third parties

Question 19

Computer Fraud and Abuse Act (CFAA)

Answer 19

Gives federal authorities the ability to prosecute hackers, spammers, and others as terrorists

Question 20

Family Educational Rights and Privacy Act (FERPA)

Answer 20

• Educational institutions may not release info to unauthorized parties without express permission.
• Also must give records to student on request

Question 21

Computer Security Act

Answer 21

Requires federal agencies to identify and protect computer systems that contain sensitive info

Question 22

Cyberspace Electronic Security Act (CESA)

Answer 22

Gives law enforcement the right to gain access to encryption keys and methods

Question 23

Cyber Security Enhancement Act

Answer 23

Allows federal agencies relatively easy access to ISPs and other data transmission facilities to monitor communications of individuals suspected of committing computer crimes.

Question 24

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act (USA PATRIOT)

Answer 24

Allows the U.S. Government to conduct virtually any type of surveillance on suspected terrorists