Official (ISC)² CISSP - Domain 2: Asset Security
Terms in this set (21)
The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization.
The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.
The critical point where a material's intrinsic magnetic alignment changes direction.
Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.
Ensure important datasets are developed, maintained, and accessible within their defined specifications.
The methodology that identifies the path to meet user requirements.
The residual physical representation of data that has been in some way erased.
Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations.
Federal Information Processing Standards (FIPS)
The official series of publications relating to standards and guidelines adopted.
File Encryption Software
Allows greater flexibility in applying encryption to specific file(s).
A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.
Framework Implementation Tiers
Provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.
Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.
IT Asset Management (ITAM)
ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders.
Media Encryption Software
Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB drives, or laptop hard drives.
The National Checklist Program (NCP)
The U.S. Government repository of publicly available security checklists (or benchmarks) that provide detailed low-level guidance on setting the security configuration of operating systems and applications.
NIST Computer Security Division (CSD)
Focuses on providing measurements and standards to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence in Information Technology systems.
The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.
Quality Assurance (QA)
An assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality.
Quality Control (QC)
An assessment of quality based on internal standards, processes, and procedures established to control and monitor quality.
Self-Encrypting USB Drives
Portable USB drives that embed encryption algorithms within the hard drive, thus eliminating the need to install any encryption software.