incident response
Click the card to flip 👆
1 / 42
Terms in this set (42)
risk assessment (BIA)1: ID assets and their value 2: ID vulnerabilities and threats 3: Quantify probability and impact 4: Provide appropriate countermeasureBCP impacts1. reputation and public confidence 2. competitive advantage 3. loss in revenue and productivity 4. increased in operational expensescyberlaws and policiescreated after something bad happened - lawmakers are behind and don't understandcybercrimenot understood and hard to detect and tracelawset the minimum standard - result when society realize that certain ethical standards should be applied - takes time to be created to apply to changing techethicprovide a higher level of valueslegal lagwhen the legal institution fail to keep up with changing societal conditionscomputer crimes categories1. computer-assisted crime (financial, IP, spying) 2. computer-targeted crime (malware, unauthorized access) 3. computer is incidental (drug dealing, child porno)trade secretproprietary to a company and important for its survival and profitabilitycopyrightprotects the right of an author to control the public distribution, reproduction, display and adaption of his/her original worktrademarkused to protect a word, name, symbol, sound, shape, color, etcpatentgrants legal ownership of, and enable them to exclude others from using or copying the invention covered by itexport controlslaws which control the export of certain products and techs for strategic reasons - violators face penalties - licenses are requiredPCI DSS2004; payment card industry data security standard - secures cardholder's data when it goes on through a secure network that undergoes tests, policies, control measuresSOX2002; sarbanes-oxley act - protects investors from fraudulent accounting activities by corporationsHIPPA2003; health insurance portability and accountability act - allows one to access one health records, not othersred flag rulehelp identify identity theft - written records - make sure documents belongs to customerFERPA1974; family education rights and privacy act - fed law that protects students' educational records - specific protected rights regarding release of records that institutions need to followGLBA2003; Gramm-Leach-Billey Act - develop, implement, and maintain documented data security programGDPRGeneral Data Protection Regulation - right to data correction - tighter consent requisition - right to be forgotten - notification on data endangerment and current state - privacy by defaultcompliance programsdocumenting and proving that the controls are effective - orgs need to require/support their efforts - compliance officer is responsible for thiscompliance officercoordinates checklist of things that need to occur to provide to auditors/regulators - provides guidance on tech and business practices to ensure compliantIS auditortests to make sure that systems and processes are being done in a secure manner - some are technical and others aren'tsecurityrefers to protection against the unauthorized access of data - limits who can access the informationprivacyharder to define, in part because user-specific details can also be secured dataCambridge Analyticacompany that combines data mining and data analysis with strategic communication for the electoral processNIST Framework1. identify 2. protect 3. detect 4. respond 5. recoveridentify1. asset management 2. business environment 3. governance 4. risk assessment 5. risk management strategyprotect1. processes and procedure 2. maintenance 3. protective techdetect1. anomalies and events 2. security continuous monitoring 3. detection processesrespond1. response planning 2. communications 3. analysis 4. mitigation 5. improvementrecover1. recovery planning 2. improvement 3. communications