4680final

Ace your homework & exams now with Quizwiz!

IIA core priciples

Integrity, Objectivity, Confidentiality, and Competency

Hot Site

Allows an organization to stay as current as possible with replicated data so switching from your original environment to the alternate environment can occur with a minimum of downtime.

Basic standard of system configurations and the management of configuration items.

Baseline Configuration Management

The IIA provides audit-related certifications, including _____________.

C.I.A.

COSO stands for this.

Committee of Sponsoring Organizations

Document that communicates your organization's security policy clearly when hiring new employees.

Confidential Agreement

Internal codes of ethics.

Employer Driven codes of Ethics

IPSec, L2F, and GRE are types of

Encapsulating protocols

BCP/DRP does not ensure that the data is available to authorized users on demand in the Sys/App Domain.

False

FCAPS stands for this.

Fault-Management (F), the configuration level (C), the accounting level (A), the performance level (P) and the security level (S).

Financial Privacy Rule is found in this act

GLBA

The criteria, circumstance, cause, and impact are all included in me!

Gap Analysis

GIAC stands for this.

Global Information Assurance Certification

Protects a network from all types of attacks unlike a firewall whose rules are based on static attributes

IDS/IPS

Obtain certifications like SSCP, CAP, CSSLP, and CISSP from this organization.

ISC2

Ensuring compliance in the Workstation Domain

Increases information security and reduces liability

Three IT security controls covered by the National Institute of Standards and Technology (NIST)

Management, Technical, and Operational.

Applying controls is a direct result of the risk assessment process combined with an analysis of the tradeoffs and is a tradeoff of this.

Operational Impact

The PCI DSS standard is used for

Payment Card

Controls fall into these three functional types.

Preventive, Detective, and Corrective.

Each user has the permission to carry out assigned tasks and nothing else.

Principle of Least Privilege

Firewall that makes requests for remote services on the behalf of the local clients.

Proxy Server

RADIUS stands for this.

Remote Authentication Dial In User Service

When using remote access and VPN tunnels, these activities should be monitored.

Remote computer login

RACI stands for

Responsible, Accountable, Consulted, and Informed

Connects two or more separate networks in the LAN-to-WAN domain.

Router

The configuration items that are directly related to controls or settings representing significant risk, if not managed properly.

Security Control Management

Regulatory compliance benefits organizations, consumers, and this group of people.

Shareholders

SSO stands for this.

Single Sign On

Formal method to control the software development life cycle

Software Configuration Management

Details about the infrastructure systems

System Characterization

TACACS stands for this.

Terminal Access Controller Access-Control System

An AUP is used primarily in

User Domain

The three authentication types include these

What you know, What you have, and What you are

end user's operating environment.

Workstation Domain

Application data encryption is

a strategy used for encrypting data to send to remote users.

Difference between an Assessment and an Audit

assessment finds blame where an Audit does not.

Net Neutrality

proposed rule change by the FCC governing Internet traffic

NOS

provides the interface between the hardware and the application layer software.

Analyzing the potential threats requires the identification of all possible threats first

Threat Identification

COBIT

framework used to stay in compliance with SOX 404.

Organizations perform this to identify anything that is missing.

gap analysis

Main types of attacks that may originate from within your organization.

internal attacks on your organization and internal to external attacks on another organization

Reasons to expand the scope from the initial interviews

lack of controls, the override of controls, and Fraudulent Activity

Two types of patch management.

OS and application

Controls are classified as

Preventive, Detective, and Corrective

COBIT stands for

Control Objectives for Information and Related Technology.

These are the two types of object access control.

discretionary access control and mandatory access control

Under the two components, People and Documentation, you find people fall into three types:

employees, guests/third parties, and Contractors

Federal Information Security Management Act (FISMA)

ensures that organizations have sound information security practices and framework for effective information security resources that support federal operations, data, and infrastructure.

Confidentiality

ensuring that information is not disclosed to unauthorized sources


Related study sets

MATERIAL MANAGNMENT EXAM 3 CH 9-13 terms

View Set

Solving Absolute Value Equations

View Set

Chapter 2: The Chemical Context of Life

View Set