CYB 333 Q5
The Global Information Assurance Certification (GIAC)
certification organization began as an offshoot of the SANS Institute training programs.
CompTIA Security+
considered an entry-level security certification
The (ISC)2 Systems Security Certified Practitioner (SSCP)
credential covers the seven domains of best practices for information security.
FERPA
doesn't require that specific information security controls be implemented to protect student records.
Information systems security is about
ensuring the confidentiality, integrity, and availability of IT infrastructures and the systems they comprise
NIST
federal agency within the U.S. Department of Commerce. NIST's mission is to "promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life."
Compliance
includes the actual state of being compliant, but it also includes the steps and processes taken to become compliant
PII
information that you can use to uniquely identify an individual. PII includes names, addresses, Social Security and driver's license numbers, financial account information, health records, and credentials.
PCI DSS
international standard for handling transactions involving payment cards. The Payment Card Industry Security Standards Council (PCI SSC) developed, publishes, and maintains the standard. Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS). The PCI Council has two major priorities. The first priority is to assist merchants and financial institutions in understanding and implementing standards for security policies, technologies, and ongoing processes that protect their payment systems from breaches and theft of cardholder data. Its second priority is to help vendors understand and implement the PCI standards and requirements for ensuring secure payment solutions are properly implemented.
role-based access control
mechanisms in their applications to ensure the confidentiality of sensitive data. Masking is used to "X out" pertinent characters of sensitive data.
Hertz
represents frequency and is expressed as the number of cycles per second. Gauss is a measurement of a magnetic field, joule is a measure of energy, and weber is a measure of magnetic flux.
The IEEE 802.11 series
standards covers wireless LAN technology, including 802.11a, 802.11b, 802.11g, 802.11n, and 802.11ac.
The International Electrotechnical Commission (IEC)
the predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.
SOX
to protect investors from financial fraud. supplements other federal securities laws. It applies to publicly traded companies that must register with the Securities and Exchange Commission. Section 404 requires an organization's executive officers to establish, maintain, review, and report on the effectiveness of the company's internal controls over financial reporting (ICFR).
The seven layers of the OSI model,
, in order from the first through seventh layer, are: Physical, Data Link, Network, Transport, Session, Presentation, and Application.
The Federal Trade Commission (FTC)
Safeguards Rule requires a financial institution to create a written information security program that must state how the institution collects and uses customer data.
Privacy
a person's right to control the use and disclosure of his or her own personal information. This means that people have the opportunity to assess a situation and determine how their data are used. Information security is the process used to keep data private. Security is the process; privacy is a result
Federal Information Security Management Act (FISMA),
all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team (US-CERT).
HIPAA
applies specifically to health records. Under HIPAA, a breach is any impermissible use or disclosure of unsecured PHI that harms its security or privacy. Protected health information (PHI) is any individually identifiable information about a person's health.
The Gramm-Leach-Bliley Act (GLBA)
applies to the financial activities of consumers. addresses the privacy and security of consumer financial information.
