Card Set Information
Advanced Network Security
Security Policy & Governance
What are the 3 parts of the CIA Triangle?
Confidentiality, Integrity, availability
What makes up the Parkerian Hexad?
CIA plus Utility, possession or control, and Authenticity
What is confidentiality?
Ensures that only those with sufficient privleges may access certain information.
What is Integrity?
The quality or state of being whole, complete, and uncorrupted.
What is Identification?
When you are able to recognize individual users
What is Authentication?
Occurs when a control provides proof that a user possesses the identity that he or she claims.
What does it mean to authorize?
When the user has been specifically and explicitly given authority to access, update, or delete contents of an information asset.
What is accountability?
When a control provides assurance that every activity undertaken can be attributed to a named person or automated process.
What is a utility?
Information systems that remain useful and provide capability.
What is privacy?
using information only for purposes known to the data owner.
Who will always be the weakest link in secruity programs?
What is a security policy?
a formal, brief, high-level statement or plan that supports an organizations strategy objectives and acceptable procedures for specified subject area.
What is a standard?
convey a mandatory action or rule designed to support and conform to a policy.
What is a guideline?
best practices for meeting strategy and policy requirements.
Security Program Governance Triangle
Standards and Guidelines
Procedures and Processes
What is impact assessment?
Lists the major impacts of implementation, compliance, and enforcement.
Identifies the impacted stakeholders
identifies the dependencies for implementation of policy changes