4680final
IIA core priciples
Integrity, Objectivity, Confidentiality, and Competency
Hot Site
Allows an organization to stay as current as possible with replicated data so switching from your original environment to the alternate environment can occur with a minimum of downtime.
Basic standard of system configurations and the management of configuration items.
Baseline Configuration Management
The IIA provides audit-related certifications, including _____________.
C.I.A.
COSO stands for this.
Committee of Sponsoring Organizations
Document that communicates your organization's security policy clearly when hiring new employees.
Confidential Agreement
Internal codes of ethics.
Employer Driven codes of Ethics
IPSec, L2F, and GRE are types of
Encapsulating protocols
BCP/DRP does not ensure that the data is available to authorized users on demand in the Sys/App Domain.
False
FCAPS stands for this.
Fault-Management (F), the configuration level (C), the accounting level (A), the performance level (P) and the security level (S).
Financial Privacy Rule is found in this act
GLBA
The criteria, circumstance, cause, and impact are all included in me!
Gap Analysis
GIAC stands for this.
Global Information Assurance Certification
Protects a network from all types of attacks unlike a firewall whose rules are based on static attributes
IDS/IPS
Obtain certifications like SSCP, CAP, CSSLP, and CISSP from this organization.
ISC2
Ensuring compliance in the Workstation Domain
Increases information security and reduces liability
Three IT security controls covered by the National Institute of Standards and Technology (NIST)
Management, Technical, and Operational.
Applying controls is a direct result of the risk assessment process combined with an analysis of the tradeoffs and is a tradeoff of this.
Operational Impact
The PCI DSS standard is used for
Payment Card
Controls fall into these three functional types.
Preventive, Detective, and Corrective.
Each user has the permission to carry out assigned tasks and nothing else.
Principle of Least Privilege
Firewall that makes requests for remote services on the behalf of the local clients.
Proxy Server
RADIUS stands for this.
Remote Authentication Dial In User Service
When using remote access and VPN tunnels, these activities should be monitored.
Remote computer login
RACI stands for
Responsible, Accountable, Consulted, and Informed
Connects two or more separate networks in the LAN-to-WAN domain.
Router
The configuration items that are directly related to controls or settings representing significant risk, if not managed properly.
Security Control Management
Regulatory compliance benefits organizations, consumers, and this group of people.
Shareholders
SSO stands for this.
Single Sign On
Formal method to control the software development life cycle
Software Configuration Management
Details about the infrastructure systems
System Characterization
TACACS stands for this.
Terminal Access Controller Access-Control System
An AUP is used primarily in
User Domain
The three authentication types include these
What you know, What you have, and What you are
end user's operating environment.
Workstation Domain
Application data encryption is
a strategy used for encrypting data to send to remote users.
Difference between an Assessment and an Audit
assessment finds blame where an Audit does not.
Net Neutrality
proposed rule change by the FCC governing Internet traffic
NOS
provides the interface between the hardware and the application layer software.
Analyzing the potential threats requires the identification of all possible threats first
Threat Identification
COBIT
framework used to stay in compliance with SOX 404.
Organizations perform this to identify anything that is missing.
gap analysis
Main types of attacks that may originate from within your organization.
internal attacks on your organization and internal to external attacks on another organization
Reasons to expand the scope from the initial interviews
lack of controls, the override of controls, and Fraudulent Activity
Two types of patch management.
OS and application
Controls are classified as
Preventive, Detective, and Corrective
COBIT stands for
Control Objectives for Information and Related Technology.
These are the two types of object access control.
discretionary access control and mandatory access control
Under the two components, People and Documentation, you find people fall into three types:
employees, guests/third parties, and Contractors
Federal Information Security Management Act (FISMA)
ensures that organizations have sound information security practices and framework for effective information security resources that support federal operations, data, and infrastructure.
Confidentiality
ensuring that information is not disclosed to unauthorized sources
