Information Protection Principles

¡Supera tus tareas y exámenes ahora con Quizwiz!

Risk Mitigation: ____________________________________________________________________

Mitigation means taking steps to reduce the probability of occurrence of a particular risk.

USA Patriot Act: ______________________________________________________________________ ___________________________________________________________________________________

The US Patriot Act mandates reduced restrictions in law enforcement agencies to gather intelligence within the United States to detect and suppress terrorism.

Policy and Procedure Establishment: ____________________________________________________

The overarching principle to help establish proper security levels is known as the Principle of Least Privilege (PoLP). The PoLP, according to NIST SP 800-179 is "The principle that users and programs should only have the necessary privileges to complete their tasks."

Risk Transference: ___________________________________________________________________

Risk transference means you share the risk with another entity since you can never fully remove risk from the picture.

User Awareness: ________________________________________________________________

"Awareness is not training. The purpose of awareness presentations is simply to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond accordingly."

Electronic Communication Privacy Act (ECPA): ______________________________________________

"Provides for reduced criminal penalties where the unauthorized access to the electronic communication is not for a tortious or illegal purpose or private commercial gain. States that the interception of certain satellite transmissions is not an offense unless it is for the purposes of direct or indirect commercial advantage or private financial gain."

Sarbanes Oxley Act (SOX): _______________________________________________________________ _____________________________________________________________________________________

"The Act contains provisions affecting corporate governance, risk management, auditing, and financial reporting of public companies, including provisions intended to deter and punish corporate accounting fraud and corruption."

Policies: _____________________________________________________________________________

"a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body." AFIs, proper network use agreements, and cell phone usage doctrines are examples of policies.

Procedures: ________________________________________________________________________

"a series of actions that are done in a certain way or order." Steps outlined by a unit commander for violations of network resources or computer misuse are examples of procedures.

Event vs. Incident: ___________________________________________________________________

An event is "Any observable occurrence in a network or system" while an incident is "An occurrence that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the information the 11 system processes, stores, or transmits or that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies"

The AAA model ______________________________, _______________________________, ______________________________, and _____________________________.

Authentication, Authorization, and Accounting (The Triple A model) focuses on controlling access to the information and data, which is a model to protect access to data.

The CIA Triad ___________________________, __________________________, and ________________________.

Confidentiality, Integrity, and Availability (The CIA triad) focus(es) on data protection from an IT Security (ITSec) standpoint.

Health Insurance Portability and Accountability Act (HIPPA): ___________________________________

HIPAA encompasses a federal law that requires the creation of national standards to protect personal health information (PHI) from being disclosed without their consent or knowledge.

User Accountability: ________________________________________________________________

Individual accountability should be one of your organization's prime security objectives and derived from a fully informed, well-trained, and aware workforce. Users who can be held accountable are less likely to disrupt or compromise the installation, base, squadron, or other responsible groups.

Risk Avoidance: ____________________________________________________________________

Risk avoidance is the idea that whatever the activity is that puts you at risk, you decide not to perform that activity anymore in order to avoid the risk. Risk avoidance is typically taken when a highrisk action is found and not worth involving the unit, device, etc.

Risk Acceptance: __________________________________________________________________

Risk acceptance means that you understand and accept the risk as-is. Furthermore, when accepting risk, a solution to protect against the threat is not implemented because the chances of the threat occurring and the impact of the threat do not warrant the cost of implementing a security control.

Risk Assessment: ________________________________________________________________

Risk assessment is the process of testing security controls to discover a system's strengths and weaknesses/vulnerabilities.

User Agreement: ________________________________________________________________

Users on U.S. Government information systems must agree to certain conditions before they may have access. User agreements can contain an acceptable use policy (AUP) of an information system, classification of information, and Personally Identifiable Information (PII). It may also contain the user's consent to monitor their use of the information system and any other consents that the MAJCOM deems necessary.


Conjuntos de estudio relacionados

Trach Care - Care of Patients with Chronic Conditions (NMNC 4335)

View Set

Chapter 4 - Netflix and Technology

View Set

Does Business Ethics Make economic Sense - Amartya Sen, Alexander Sager: The Rana Plaza Collapse, Earl W. Spurgin: Occupational Safety and Paternalism, Machan Revisited, Tibor R. Machan: Human Rights, Workers rights, and the Right to Occupational Saf...

View Set

Chapter 26 Children and Adolescents Mental Health

View Set

Chapter 31: Skin Integrity and Wound Care

View Set

Chapter 2 Working with Java Datatypes

View Set

Macro - 21.1 Defining and Computing Unemployment Rate and Patterns in Unemployment

View Set

Physical and Political Features of Europe

View Set