SSCP Domain 1
Studied by 0 people
View linked note
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/25
Earn XP
Description and Tags
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
26 Terms
What is the purpose of security policies in an organization?
To define expectations, rules, and responsibilities for securing assets and data.
What are the three main types of security controls?
Administrative, technical (logical), and physical controls.
What does 'least privilege' mean in security operations?
Giving users only the access needed to perform their job duties — no more, no less.
What is Separation of Duties (SoD)?
No one person should control all critical aspects of a function to reduce fraud and error risk.
What does the principle of Need to Know entail?
Access should be granted only if information is required to perform a specific task.
What is Mandatory vacation in security controls?
Forcing employees to take time off to detect fraudulent activity that may require their presence.
What is a Policy in the context of security?
High-level direction.
What is a Standard in the context of security?
Mandatory rules.
What is a Guideline in the context of security?
Optional recommendations.
What is a Procedure?
Step-by-step instructions.
What is Configuration management?
A structured approach to controlling changes to IT systems to maintain integrity and security.
What is patch management?
The process of identifying, acquiring, installing, and verifying software updates to address vulnerabilities.
Why are security awareness programs important?
They educate users about security risks and their role in preventing breaches.
What does personnel security entail?
Hiring practices, background checks, onboarding/offboarding, and role-based training.
What are administrative controls?
Policies, procedures, and guidelines implemented by management to manage personnel and data.
What does auditing and accountability involve in operations?
Tracking user activity and ensuring actions can be linked to individuals.
What is Due Care?
Acting responsibly to protect assets.
What is Due Diligence?
Ongoing activities to assess and mitigate risks.
What is job rotation?
Regularly changing job roles to prevent collusion and identify suspicious activity.
What does 'clean desk' policy refer to?
No sensitive papers visible when unattended.
What does 'clear screen' policy refer to?
Lock or log off when leaving the computer.
What is privilege creep?
The accumulation of unnecessary access rights over time.
What is change management?
A formal process to request, review, approve, and implement system modifications.
What is onboarding in the context of security?
Granting access when someone joins the organization.
What is offboarding in the context of security?
Revoking access when someone leaves the organization.
What is background screening?
Verifying a person's history and suitability for a position of trust.