-
What are the 3 parts of the CIA Triangle?
Confidentiality, Integrity, availability
-
What makes up the Parkerian Hexad?
CIA plus Utility, possession or control, and Authenticity
-
What is confidentiality?
Ensures that only those with sufficient privleges may access certain information.
-
What is Integrity?
The quality or state of being whole, complete, and uncorrupted.
-
What is Identification?
When you are able to recognize individual users
-
What is Authentication?
Occurs when a control provides proof that a user possesses the identity that he or she claims.
-
What does it mean to authorize?
When the user has been specifically and explicitly given authority to access, update, or delete contents of an information asset.
-
What is accountability?
When a control provides assurance that every activity undertaken can be attributed to a named person or automated process.
-
What is a utility?
Information systems that remain useful and provide capability.
-
What is privacy?
using information only for purposes known to the data owner.
-
Who will always be the weakest link in secruity programs?
People
-
What is a security policy?
a formal, brief, high-level statement or plan that supports an organizations strategy objectives and acceptable procedures for specified subject area.
-
What is a standard?
convey a mandatory action or rule designed to support and conform to a policy.
-
What is a guideline?
best practices for meeting strategy and policy requirements.
-
Security Program Governance Triangle
- Strategy
- Policy
- Standards and Guidelines
- Procedures and Processes
-
What is impact assessment?
Lists the major impacts of implementation, compliance, and enforcement.
Identifies the impacted stakeholders
identifies the dependencies for implementation of policy changes
|
|