ISC2 CC

studied byStudied by 10 people
5.0(1)
get a hint
hint

Define confidentiality

1 / 53

Tags and Description

54 Terms

1

Define confidentiality

Permitting authorised users access to info and protecting info from improper disclosure.

New cards
2

Define Integrity

Assurance that data has not been altered in an unauthorised manner.

New cards
3

Define availability

Assuring that systems and data are accessible when users need him

New cards
4

What are the 3 common methods of authorisation?

-Something you know -Something you have -Something you are

New cards
5

Define Non-repudiation

Ensures that a person or party cannot deny sending a message. Digitally signs the message which proves the origin of the message

New cards
6

What does HIPAA do?

protects confidentiality of a patients medical information

New cards
7

What does GDPR do?

Gives anyone within the EU control over what personal info companies can compile and retain about them.

New cards
8

Define vulnerability

Gap or weakness in an orgs protection of its valuable assets.

New cards
9

Define threats

Something/Someone that aims to exploit a vulnerability to gain unauthorised access

New cards
10

Define risk avoidance

To avoid doing something in order to eliminate the chance of risk

New cards
11

Define risk acceptance

Taking no action to reduce the likelihood of a risk occurring.

New cards
12

Define risk mitigation

Most common. Taking actions to prevent or reduce the possibility of a risk event.

Includes remediation, security controls, tighter policies and procedures.

New cards
13

Define risk transfer

Practice of passing the risk to another party, usually an insurance company.

New cards
14

Define qualitative data

data that consists of non-numerical categories

high, medium, low

New cards
15

Define quantitative data

numerical data

New cards
16

Define risk tolerance

The level of risk a company is willing to assume.

New cards
17

physical controls examples

Badge reader, stop sign, door lock, walls, fences, guards

New cards
18

Admin controls examples

AUP, emergency operation procedures, employee training

New cards
19

Technical control examples

Access control list

New cards
20

Define Regulations

Issued in the form of laws, usually carry a fine.

HIPAA, GDPR

New cards
21

Define standards

Used by governance to provide a framework to introduce policies and procedures in support of regs.

New cards
22

Define policies

guidelines used in making consistent decisions

New cards
23

Define procedures

Step by step detailed guide to complete a task

New cards
24

Define a breach

The loss of control, someone has accessed PII without authorisation.

New cards
25

Define an event

An occurence in a network or a system

New cards
26

Define an incident

An event that jeopardises the CIA of a system.

New cards
27

Incident response steps:

Preparation Identification Containment Eradication Recovery Lessons Learned

New cards
28

What will the incident response team consist of?

-Senior management -Info security professionals -Legal reps -Public affairs -Engineering reps

New cards
29

How often should you test your BCP?

Routinely

New cards
30

In terms of access control, define a subject?

A user, process, procedure, client, program

New cards
31

In terms of access control, define an object?

Building, computer, file, a database, printer

Basically, anything that provides a service to a user.

New cards
32

How does separation of duties work?

Ensures that a task is completed by multiple people.

Example: If Bob orders stock, Tod receives it.

New cards
33

Give examples of physical access controls:

Turnstiles, man traps, system controlled door locks, biometrics, cameras, logs, guards, alarms

New cards
34

Give examples of logical access controls:

MAC, DAC, RBAC

New cards
35

What is the upper layer of the OSI model responsible for?

Managing the integrity of a connection and controlling the session as well as establishing, maintaining and terminating comms between 2 computers.

New cards
36

What does layer 6 deal with?

Image files

New cards
37

What does layer 5 deal with?

Logical ports

New cards
38

What does layer 4 deal with?

TCP/UDP

New cards
39

What does layer 3 deal with?

Routers and sending packets

New cards
40

What does layer 2 deal with?

Switches, bridges, WAPS

New cards
41

What is a fragment attack?

Attacker fragments traffic in such a way that a system is unable to put data packets back together.

New cards
42

What are the 'Well known' ports?

0-1023

New cards
43

What are the 'Registered ports'

1024-49151

New cards
44

What are the dynamic ports?

49152-65535

New cards
45

Explain a side channel threat?

Passive, non invasive attack that observes the operation of a device using methods such as power monitoring.

New cards
46

3 threats directly linked with malware?

Ransomware, trojan, virus

New cards
47

HVAC optimum range?

64 to 81 F (18-27 C)

New cards
48

What does SaaS provide?

Provides access to software apps such as email of office products.

software, operating system, and the network

New cards
49

What does PaaS provide?

Provides an environment for users to build software.

the operating system and the network

New cards
50

Role Based Access Control

where the employee's job responsibilities dictate exactly which kinds of access the employee has.

New cards
51

DLP(Data Loss Prevention)

A tool that inspects outbound traffic to reduce potential threats.

New cards
52

asymmetric encryption

each party needs their own key pair (a public key and a private key) to engage in confidential communication, shows proof of origin

New cards
53

Hashing

to provide an integrity check

New cards
54

Symmetric encryption

offers confidentiality of data with the least amount of processing overhead, which makes it the preferred means of protecting streaming data.

New cards

Explore top notes

note Note
studied byStudied by 58 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 3 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 43 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 39 people
Updated ... ago
5.0 Stars(2)
note Note
studied byStudied by 72 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)
note Note
studied byStudied by 27 people
Updated ... ago
4.0 Stars(1)
note Note
studied byStudied by 726 people
Updated ... ago
5.0 Stars(4)

Explore top flashcards

flashcards Flashcard44 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard52 terms
studied byStudied by 2 people
Updated ... ago
4.0 Stars(1)
flashcards Flashcard102 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard60 terms
studied byStudied by 7 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard269 terms
studied byStudied by 39 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard70 terms
studied byStudied by 11 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard48 terms
studied byStudied by 25 people
Updated ... ago
5.0 Stars(1)
flashcards Flashcard20 terms
studied byStudied by 6 people
Updated ... ago
5.0 Stars(1)