Chapter 6 Security Operations and Admin

Ace your homework & exams now with Quizwiz!

security event log

...are records of data that your operating system or application software automatically create. records which user or system accessed data or a resource and when

Change control committee

It oversees all proposed changes to systems and networks. The committee approves changes and the schedule for implementing the changes. In this manner, you cannot make changes to a system, application, or network without the proper review, funding, and documentation.

Agile development

Smaller development cycles. smaller deliverables more frequently.

Certifier

The individual or team that is responsible for performing the security test and evaluation (ST+E) for the system... also prepares the report for the AO on the system's operating risk.

System Owner

The person responsible for the daily operations of the system and ensuring that the system continues to operate in compliance with the conditions set out by the AO

Authorizing official

The senior manager who must review the certification report and make the decision to approve the system for implementation. officially acknowledges and accepts the risk that the system may pose to agency mission, assets, or individuals.

Guidline

They outline recommendations for the purchase and use of acceptable products and systems. ... are simply actions that you recommend.

Standard

are mandated requirements for hardware and software solutions used to address security risk throughout an organization

Procedure

are systematic actions to accomplish a security requirement, process, or objective. They are one of the most powerful tools available to you. They can provide documentation of the way you do business and ensure no one's critical knowledge remains only in their heads

Baseline

are the benchmarks that help make sure a minimum level of security exists across multiple applications of systems and across different products. ... are helpful when configuring new computers or devices as well as for comparing with existing systems to see if they still meet the minimums

Functional policy

declares an organization's management direction for security in such specific functional areas as e-mail, remote access, and Internet surfing. should use strong language, such as will and must

remediation

involves fixing something that is broken or defective. With computer systems, ...refers to fixing security vulnerabilities.

emergency operations group

is responsible for protecting sensitive data in the event of natural disasters and equipment failure, among other potential emergencies.

WaterFall model

is that no phase begins until the previous phase is complete. The phases are as follows: 1. Requirements specification 2. Design 3. Construction 4. Integration 5. Testing and debugging 6. Installation 7. Maintenance

Accreditation

is the formal acceptance by the authorizing official to accept the risk of implementing the system.

Certification

is the process of reviewing a system throughout its life cycle to ensure that it meets its specified security requirements

Sprint

small project iterations are generally one to four weeks in duration

Clean desk/ clear screen policy

which states that users must never leave sensitive information in plain view on an unattended desk or workstation.

security administration

is the group of individuals responsible for planning, designing, implementing, and monitoring an organization's security plan

Change Control

is the management of changes to the configuration. Unmanaged changes introduce risk, because they might affect security operations or controls. ensures that any changes to a production system are tested, documented, and approved

Configuration control

is the management of the baseline settings for a system device. The baseline settings meet security requirements. They require that you implement them carefully and only with prior approval.

Compliance liaison

makes sure all personnel are aware of—and comply with—the organization's policies. Different departments within an organization might have different security ideas or needs. A ... works with each department to ensure it understands, implements, and monitors compliance.

Proactive change management

management initiates the change to achieve a desired goal. In this case, the source of the change is internal, such as the adoption of new technology.

Reactive change management

management responds to changes in the business environment. The source of the change is external. Some examples are changes in regulations, customer expectations, and the supply chain

Job rotation

minimizes risk by rotating employees among various systems or duties. This prevents collusion, where several employees conspire to commit fraud


Related study sets

Corporations: Formation and Organization

View Set

A&P I Chapter 12 Review Sheet -1 (12.1-12.3)

View Set

US History - Westward Expansion Vocab & Key Terms

View Set