11172415
Description
Flashcards by DJ Perrone, updated more than 1 year ago
|
|
Created by DJ Perrone
about 7 years ago
|
|
| Question | Answer |
| What is a top-down business approach? | Where the management initiates, supports and directs the security program. |
| What is a bottom-up business approach? | Where staff members develop a security program prior to receiving direction and support from management. |
| What is legal advocacy? | The process carried out by or for an org that aims to influence public policy, economic and social systems and institutions. |
| What does the Sarbanes-Oxley (SOX) act affect? | - Any organization that is publicly traded. - Regulates accounting and financial reporting. |
| What does the Health Insurance Portability and Accountability (HIPPA) act affect? | - Health care facilities, health insurance companies and healthcare clearing houses. - Provides standards for storing medical information and healthcare data. |
| What is an RA? | Risk Assessment |
| What does an RA provide? | Tool used in risk mangement to identify vulnerabilities and threats and assess their impact. |
| How many steps are part of an RA and what are they? | - 4 steps - Identify assets and asset value - Identify vulnerabilities and threats - Calculate threat probability and business impact - Balance threat impact with countermeasure cost. |
| What is an SOA? | Statement of Applicability |
| What does an SOA provide? | Identifies the controls chosen by an organization and explains how and why the controls are appropriate. |
| What is BIA? | Business Impact Analysis |
| What does a BIA provide? | A functional analysis that occurs as part of business continuity and disaster recovery. |
| How many steps are part of a BIA and what are they? | - 4 Steps - Identify critical processes and resources - Identify outages impacts and estimate downtime - Identify resource requirements - Identify recovery priorities |
| What terms define how critical an asset is? | -MTD - MTTR - MTBF - RTO - WRT - RPO |
| What does MTD(MPTD) stand for? | - Maximum Tolerable Downtime - Maximum Period Time of Disruption |
| What is MTD? | The maximum amount of time that an org can tolerate a single resource being down. |
| What does MTTR stand for? | - Mean Time To Repair |
| What is MTTR? | The average time required to repair a single resource or function when a disaster occurs. |
| What does MTBF stand for? | - Mean Time Between Failures |
| What is MTBF? | The estimated amount of time a device will operate before failure occurs. - Calculated by device vendor. |
| What does RTO stand for? | Recovery Time Objective |
| What is RTO? | The shortest time period after a disaster which a resource or function must be restored to avoid unacceptable consequences. - Should be smaller than MTD |
| What does WRT stand for? | Work Time Recovery |
| What is WRT? | The difference between RTO and MTD. |
| What does RPO stand for? | Recovery Point Objective |
| What is RPO? | The point in time to which the disrupted resource must be returned. |
| What are the organizational resource importance levels? | - Critical - Urgent - Normal - Non essential |
| What is an Interoperability Agreement (IA)? | An agreement to allow information exchange between two or more organizations. |
| What is an Interconnection Security Agreement (ISA)? | An agreement between two organizations laying out the detail for connecting IT systems. |
| What is split knowledge? | When two or more people are required to complete a certain task. |
| What is DAC? | Discretionary Access Control - Lets people control access to content they own. |
| What is RBAC? | Role Based Access Control - Separates responsibilities based on assigned roles. |
| What are 6 steps on the Incident Response plan? | - Detect - Respond - Report - Recover - Remediate - Review |
Want to create your own Flashcards for free with GoConqr? Learn more.