Computer Fundamentals Final

Card Set Information

Computer Fundamentals Final
2012-12-17 10:21:52
Fundamentals Final Exam

Notes for the final exam.
Show Answers:

  1. Regarding Disaster Recovery Planning
    Define MAD
    • Maximum Allowable Downtime (MAD): The longest period of time for which a service [or company] can be unavailable.
  2. Regarding Disaster Recovery Planning
    Define RTO
    • Recovery Time Objective (RTO): The dead line at which pre-defined critical functions or processes must be restored
  3. Regarding Disaster Recovery Planning
    Define RPO
    • Recovery Point Objective (RPO): The point in time to which systems and data must be recovered after an outage.
  4. Principles for Security Practitioners
    • Support The Business.
    • Defend The Business.
    • Promote Responsible Behaviour.
  5. Return On Investement (ROI)
    • -generally not weel done.
    • -Practitioners must make a business case for funding security.
  6. Classified Information
    If compromised could cause injury to...
    • Relates to National Interest Issues
    • Examples: International Affairs / Economic Interests /Federal - Provincial Issues.
  7. Protected Information
    If compromised could cause injury to...
    Information relating to the injury of persons, companies or the like.
  8. Objective of Training (Education, Awareness and Training )
    • Instills needed skills and knowledge in employees
    • Stabdardizes methods and procedures in a company.
    • -Provides Solutions
    • -Solves Business Issues.
    • -Analysis of the skills.
  9. Training Plan Components
    • Requirement
    • Learning Objective
    • Delivery Method
    • ¬†- Target Audience/length/frequency/equipm't
    • Results
    • Measurements
    • Costs
    • ROI
  10. Training Plan Success
    • Senior Management Support
    • Implemented into Sec Policy Frameworks
    • Acceptance that company Assets are protected.
    • Limited Issues are highlighted.
    • Problems are presented as local concerns.
    • Involves senior people.
    • Examples are local.
    • Don't overstate the case.
    • Reoetition of a theme throughout. (class example)
  11. Training plan tool and controls.
    • Posters
    • Wallet cards
    • Mouse pads
    • Company Web site.
    • Lunch time seminars,
  12. SDLC Life Cycle Stages
    • 1. Planning
    • 2.¬†Analysis & Design
    • 3. Implementation
    • 4. Operation
    • 5. Disposal
  13. SDLC Modes of Operation
    • 1. Dedicated
    • - All users have need to know and are cleared to access all system info.

    • 2. Systems High
    • Same as above but also some users have a need to know on some of the info.

    • 3. Multi-Level
    • Some users have a need to know and some users are not cleared.
  14. Define: Certification
    • An examination by qualified personnel of the implementation of safeguards compared to the system security requirements (GSP).
    • Certification reports are evidence of compliance to specifications
  15. Define: Accreditation
    Is approval by a responsible manager for an IT system to operate using a specific set of safeguards and under specified conditions.
  16. 2 requirements for Access Conrol
    Authentication and Authorization.