Study sets, textbooks, questions
Upgrade to remove ads
C725 - Unit 2 - CISSP-01
Security and Risk Management
Terms in this set (76)
quality of information, which could cause harm or damage if disclosed. Maintaining confidentiality of sensitive information helps to prevent harm or damage.
act of decision where an operator can influence or control disclosure in order to minimize harm or damage
The level to which information is mission critical is its measure of criticality.
hiding or preventing disclosure
The act of keeping something private
the right of people not to reveal information about themselves or have their information kept private
storing something in an out of the way location. Allows for strict access controls.
keeping something seperate from others. Provents comingling of information.
making sure only authorized users have access to data
being correct or precise
true reflection of reality
authentic or genuine
factual or logically sound
Not being able to deny that you did something. You have authoritative proof someone did something.
responsible for specific actions or results
being in charge of or having control over something.
having the necessary parts
complete in scope, full inclusion of all needed elements
the system is easy to learn and efficient and satisfying to use
widest range of subects can interact with a resource reguardless of weakness or limitations
Being prompt, on time
Claming to be an identity
Recording of activity logs related to systems or subjects
Reviewing log files to check for accountability
Defense in Depth
Putting simular elements into groups to assign security controls
positioning data in a logical compartment not accessible by subjects. A key element of security controls and programming.
Security through obscurity
An approach to security using the mechanism of hiding information to protect it.
the collection of practices related to supporting, defining, and directing the security efforts of an organization.
a document that ensures the creation, implementation, and enforcement of security. Incorporates business functions, strategies, goals, and missions.
documented argument or stated position in order to define a specific business need to alter an exsisting process or choose an approach to a business task
Upper/senior management defines policies for the organization.
identifies long-term directions for the organization
midterm plan, developed to provide more details on accomplishing . the goals set forth in the strategic plan. Useful for about a year.
short-term, highly detailed plan based on the strategic and tactical plans. Valid only for a short time. must be updated often.
ensuring that change does not lead to reduces or compromised security. Included in design, development, testing, and evaluation.
System of organizing data according to its sensitivity. Common classifications include public, highly confidential, and top secret.
The authorized change in the status of information goes from classified information to unclassified information, or a lower security level.
Highly sensitive internal documents that could seriously damage the organization if such information were lost or made public.
data of restricted data. Unauthorized disclosure will have significant effects and cause critical damage to national security.
used for sensitive, priopietary, and highly valuable data. unauthorized access will have notacable effects to national security.
Sensitive, But unclassified
Used for privacy information usually, not of national security.
data that is not sensitive or classifed. Access does not cause any noticable damage
the exercise of reasonable care in the evaluation of a business opportunity
Just, proper, and sufficient care, or the absence of negligence
A written document that states how an organization plans to protect the company's information technology assets.
Organizational Security Policy
High-level overview of the corporate security program. Focuses on all organiational security.
Issue-Specific Security Policy
Focuses on services, departments, functions and other non-tech policies
System-Specific Security Policy
A security policy that addresses security for a specific computer, network, technology, or application.
Government policies that limit what businesses can do; examples include minimum wages, workplace safety measures, and careful monitoring of stock sales.
A policy that discusses behaviors and activities that are acceptable and defines consequences of violations. An advisory policy discusses the senior management's desires for security and compliance within an organization. Most policies are advisory.
A policy that is designed to provide information or knowledge about a specific subject, such as company goals, mission statements, or how the organization interacts with partners and customers. An informative policy is not enforceable.
the minimum level of security that the organization must meet. Many times refer to a government or organization standard.
An official recommendation or advice that indicates policies, standards, or procedures for how something should be accomplished.
step-by-step document on how to complete a task.
A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Security Development Lifecycle
Microsoft's security framework for application development supports dynamic development processes. Supports Secure by design, Secure by Default, Secure in Deployment and Communication
Proactive Threat Modeling
Early stages of development, defensive appoach. Security built in to design
Reactive Threat Modeling
After product created and deployed. Patches fix issues. Adversarial approach.
Focused on Assets
asset valuation results to identify the valuable assets
Focused on Attackers
Identification of potential attackers and identifying their threats
Focused on Software
considering potential threats during software design
decomposing the application, dividing the process into smallest parts.
Any location where the level of trust or security changes. Part of decomposition.
Data Flow Paths
the movement of data between locations. Part of decomposition.
Locations where external input is received. Part of decomposition.
Any activity that requires greater privileges than of a standard user account or process. Typically required to make system changes or alter security. Part of decomposition.
Security Stance and Approach
declaration of security policy, foundations, and assumptions. Part of decomposition.
where the organization gets its devices, networks, and systems.
Visiting the organization, interviewing personnel, observing operating habits
Document Exchange and Review
Investigate the means of how data and documenttion are exchanged and the formal processes of assessments
Requesting copies of security policies and incident documentation for review
someone else comes out to look at product and give opinion--> not in competition
Acceptable Use Policy
A policy that defines a level of acceptable performance and expectation of behavior and activity for employees. Failure to comply with the policy may result in job action warnings, penalties, or termination.
A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it.
gain a greater understanding of logic behind a product as well as interactions within an external
Other sets by this creator
C725 - Unit 12 - CISSP 12 & TB
C725 - Unit 11 - TB
a) Can you draw a circle through all of the vertices of any rectangle? Justify your answer. b) Can you draw a circle through all of the vertices of any quadrilateral? Support your answer with a diagram.
Maya inherited $50 000. She invested part of it in a Guaranteed Investment Certificate (GIC) that paid 5%/year and the rest in a venture capital that returned 10%/year. The total simple interest after 1 year was$4000. How much did she invest at each rate?
Show that any integer of the form $6 k+5$ is also of the form $3 j+2,$ but not conversely.
Express each of the primes 7, 19, 37, 61, and 127 as the difference of two cubes.
Recommended textbook solutions
Elementary Number Theory
J. Douglas Faires, Richard L. Burden
A Concise Introduction to Logic
Patrick J. Hurley
Other Quizlet sets
Chapter 20: Cell Communities: Tissues, Stem Cells,…
Revisão de História
B004 omtenta njurar, magetarm, syra-bas, västebala…
Nutrition and Fitness