Security Standards Flashcards

Flashcards about Security Standards.

What is COBIT?

Control Objectives for Information and Related Technologies; A framework policy governance

What are the components of COBIT?

Framework, Process Descriptions, Control Objectives, Management Guidelines, and Maturity Models

What does the Maturity Models component of COBIT evaluate?

A process’s level of development, defined as how the control is performing against objectives

What is the approach of COBIT 2019 guidelines?

More prescriptive, supporting more integrations for governance and risk management

What should be considered when applying ISO standards?

IT department size, compliance issues, IT skill level, innovation, growth, IT role, corporate culture, political situations, hardware/software failures, and processes/procedures

What are some NIST standards important to network security?

NIST SP 800-14, NIST SP 800-35, NIST SP 800-30 Rev. 1

What is the Risk Management Framework (RMF)?

The unified information security framework for the entire federal government, replacing legacy DIACAP processes

What is the Orange Book?

Common name for books published by the DoD, officially titled 'Department of Defense Trusted Computer System Evaluation Criteria'; a cornerstone for computer security standards

What does DoD security category D represent?

Minimal Protection; the default rating for an OS not given any other rating

What does DoD security category C represent?

Discretionary Protection; some protection for file structure and devices with basic auditing capability

What does DoD security category B represent?

Mandatory Protection; providing a higher level of security with mandatory, not discretionary, protection systems

What does DoD security category A represent?

Verified Protection; the highest security standard with formal methods and proof of integrity of TCB

What are some books in the DoD Rainbow Series?

Tan Book, Bright Blue Book, Orange Book, Aqua Book, Burgundy Book, Lavender Book, Venice Blue Book, Red Book, Pink Book, Purple Book, Brown Book, Yellow-Green Book, Light Blue Book, Blue Book, Grey/Silver Book, Lavender/Purple Book, Yellow Book, Forest Green Book, Hot Peach Book, Turquoise Book, Violet Book, Light Pink Book

What standards originated the Common Criteria?

ITSEC (Information Technology Security Evaluation Criteria), DoD Orange Book, and CTCPEC (Canadian Trusted Computer Product Evaluation Criteria)

What is the purpose of security models?

To establish a defense strategy

What are the security levels in the Bell-LaPadula model?

Unclassified, Confidential, Secret, and Top Secret

What are the three parts of the Biba Integrity Model?

A subject cannot execute objects with lower integrity, cannot modify objects with higher integrity, and may not request service from objects with higher integrity

What are the two primary elements of the Clark-Wilson Model?

Well-formed transaction, and separation of duties

What is the main goal of the Chinese Wall Model?

To facilitate a complete separation of information in firms to prevent conflicts of interest

What are the main ways that State Machine Model is used to evaluate the state of the system?

Users, states, commands, output

Name some Federal Regulations, Guidelines, and Standards

HIPAA, HITECH, Sarbanes-Oxley (SOX), Computer Fraud and Abuse Act (CFAA), Fraud and Related Activity in Connection with Access Devices, General Data Protection Regulation, PCI DSS