Standards

¡Supera tus tareas y exámenes ahora con Quizwiz!

Type I

A Service Organization Control (SOC) Type I report addresses internal controls over financial reporting.

Type II

A Service Organization Control (SOC) Type II report provides assurances about the effectiveness of controls in place in an organization within a given timeframe.

Type III

A Service Organization Control (SOC) Type III report is not as detailed of a report certifying compliance with SOC2.

Stratum 2

A stratum 2 server would obtain the time from a stratum 1 server, but not in reverse. Time must always be received from a higher-level server.

Stratum 3

A stratum 3 server would obtain the time from a stratum 2, but a stratum 1 server would not be able to obtain time from a stratum 3.

Stratum 1

Top level Network Time Protocol (NTP) servers (stratum 1) obtain the Coordinated Universal Time (UTC) from a highly accurate clock source, such as an atomic clock. The server obtaining the updated time is a stratum 1, and therefore, will be required to obtain the time from a higher-level source, such as an atomic clock.

TLS 1.2

Transport Layer Security (TLS) 1.2 added support for the strong Secure Hash Algorithm (SHA)-256 cipher. That is the primary difference between TLS 1.1 and TLS 1.2.

TLS 1.1

TLS 1.1 added the improvement to the cipher suite negotiation process and protection against known attacks but does not support the SHA-256 cipher.

27001

International Organization for Standardization (ISO) 27001 is a standard that sets out the best practice specification for an information system. The ISO guides information security by addressing people and processes as well as technology.

27002

International Organization for Standardization (ISO) 27002 is a supplementary standard that focuses on the information security controls that organizations might choose to implement.

27701

International Organization for Standardization (ISO) 27701 provides specific requirements and guidance for establishing, implementing, maintaining, and continually improving an information system with private data.

31000

International Organization for Standardization (ISO) 31000 is a risk management framework that assists an organization in integrating risk management into day to day functions.

RAID-0

RAID-0 offers striping only where data is split across the drives. It does not provide redundancy. RAID-0 has the worst data protection of all of the RAID concepts.

RAID-1

RAID-1 provides redundancy through mirroring only. Data is duplicated to two drives.

RAID-10

RAID-10 combines mirroring and striping in a single system. It provides better write performance than any other RAID level providing data protection. RAID 10 requires a minimum of four disks.

RAID-5

RAID-5 requires at least three drives and provides striping with parity. It is ideal for servers that have a limited number of data drives.

RAID-6

RAID-6 requires four disks and can survive a failure on two.

SSL 2.0

SSL 2.0 is deprecated and should only be deployed when subject to risk assessments. This version does not support the SHA-256 cipher.

SSL 3.0

Secure Sockets Layer (SSL) 3.0 is less secure than any of the TLS versions and does not support SHA-256 cipher.


Conjuntos de estudio relacionados

HIPAA and Privacy Act Training (1.5 hrs) (DHA-US001)

View Set

Chapter 25: PrepU - Acquired Conditions and Congenital Abnormalities in the Newborn

View Set

Chapt. 24: Management of Patients with Chronic Pulmonary Disease

View Set

Evolve - Health disparities and health equity

View Set