Final Exam Study Guide

Freedom

Absence of restrictions or limitations

Effectiveness

Achieving desired results

Human Safeguards for Employees

Actions to protect employees

Human Safeguards for Nonemployee Personnel

Actions to protect nonemployees

Account Management

Activities related to managing user accounts

Risk

Chance of loss

Strong Passwords

Complex and unique passwords

Public Machines

Computers available for use by the general public

Firewalls

Computing devices that prevent unauthorized access to a network

Stability of Flow

Consistency of the process flow

Centralized Reporting

Consolidated reporting for better analysis

Security Monitoring

Continuous monitoring of security measures

Encrypt Data

Convert data into a coded form

Primary Activities

Core processes in an organization

Secure Design

Creating systems with security in mind

Operational

Day-to-day processes

Specify Data Rights and Responsibilities

Define who can access and modify data

Position Definitions

Descriptions of job roles

Partner Personnel

Employees of partner organizations

Logout

End a session or log out of an account

Termination

End of employment

Define Data Policies

Establish guidelines for handling data

Security Audits

Evaluations of security measures

Security Incidents

Events or situations involving security breaches

Scope

Extent or range of a process

Vendors

External suppliers or service providers

Dynamic

Flexible and adaptable process flow

Public

General public or customers

Objectives

Goals or desired outcomes

Help-Desk Policies

Guidelines for help-desk operations

Computer Crime

Illegal activities involving computers

Internal Employees

Individuals working within the organization

Determine Cause

Investigate the root cause of security incidents

Resources

Items necessary to accomplish an activity

Account Administration

Managing user accounts

Efficiency

Maximizing output with minimal input

Human Safeguards

Measures involving human actions

Safeguards

Measures taken to protect against threats

Malware Protection

Measures to prevent and detect malware

Data Safeguards

Measures to protect data

Mobile Device Security

Measures to protect mobile devices

Smartphone Security

Measures to protect mobile devices

Physical Security

Measures to protect physical assets

Human Error

Mistakes or failures caused by individuals

Defense in Layers

Multiple layers of security measures

Temporary Personnel

Nonpermanent employees

Target

Object or entity at risk of being harmed

Mobile Devices

Portable electronic devices such as smartphones or tablets

USB Drives

Portable storage devices

Location in Value Chain

Position of the process in the overall value chain

Potential Losses

Possible negative outcomes

Threat

Potential danger or harm

Security Threats

Potential dangers to information systems

Disaster and Incident Response Plans

Predefined strategies for addressing security incidents

Most Significant Threats

Primary dangers or risks

Risk Management

Process of identifying and mitigating risks

Information Systems Security

Process of preventing unauthorized access to an IS or modification of its data

Hiring and Screening

Process of selecting and evaluating candidates

Encryption

Process of transforming clear text into coded, unintelligible text

Backup and Recovery Procedures

Processes for creating backups and restoring data

Password Management

Processes for managing passwords

Strategic

Processes involving organizational strategy and long-term planning

Service

Processes related to customer assistance and support

Technology Development

Processes related to designing and developing technology

Outbound Logistics

Processes related to distribution of goods and services

Inbound Logistics

Processes related to procurement and inventory management

Sales and Marketing

Processes related to promoting and selling products

Managerial

Processes related to resource allocation and decision-making

Inbound Logistics Processes

Procurement, inventory management, and supplier sourcing

Antivirus Software

Programs designed to detect and remove malware

Security

Protection against threats

Hot Spots

Public Wi-Fi networks

Browser History

Record of websites visited

Activity Logs

Records of user actions

Access Only When Authenticated

Require authentication for data access

Actors

Resources that are either human or computers

HTTPS

Secure protocol for online communication

Valuable Data

Sensitive or important information

Business Process

Sequence of activities for accomplishing a function

Security Policy

Set of rules and guidelines for protecting information

Practice Response

Simulate and train for security incidents

Loss Scenario

Situation involving harm or damage

Cookies

Small text files stored on a user's computer

Dissemination and Enforcement

Spreading information and ensuring compliance

Hardening

Strengthening security measures

Role

Subset of activities in a business process performed by a particular actor

Infrastructure

Supporting processes for day-to-day operations

Respond to Security Threats

Take appropriate actions to address potential dangers

Activities

Tasks within a business process

Technical Safeguards

Technological measures to protect information

Temp Files

Temporary files created by computer programs

Operations Processes

Transformation of inputs into outputs

External Attacks

Unauthorized access or intrusion from outside sources

Multiple Passwords

Using different passwords for different accounts

Two-Factor Authentication

Verification process using two different methods

Identification and Authentication

Verifying the identity of users

VPN

Virtual Private Network

Vulnerability

Weakness or flaw that can be exploited

Structured

Well-defined and predictable process flow