BADM 7401 - Cybersecurity - Exam 1
Threat - ANS-A potential risk to an asset, specifically a potential loss in value.
Attack - ANS-An ongoing act against an asset that could result in a loss of its value.
Vulnerability - ANS-A potential weakness in an asset or its defensive control system(s).
Identification - ANS-The access control mechanism whereby unverified entities who seek
access to a resource provide a label by which they are known to the system.
Authorization - ANS-The access control mechanism that represents the matching of an
authenticated entity to a list of information assets and corresponding access levels.
Accountability - ANS-AKA "Auditability"
The access control mechanism that ensures all actions on a system -- authorized or
unauthorized -- can be attributed to an authenticated identity.
Authentication - ANS-The access control mechanism that requires the validation and verification
of an unauthenticated entity's purported identity.
Information Security - ANS-Protection of the confidentiality, integrity, and availability of
information assets, whether in storage, processing, or transmission, via the application of policy,
education, training, awareness, and technology.
Policy - ANS-Organizational guidelines that dictate certain behavior within the organization.
Privacy - ANS-In the context of information security, the right of individuals or groups to protect
themselves and their information from unauthorized access, providing confidentiality.
Digital Forensics - ANS-Investigation involving the preservation, identification, extraction,
documentation, and interpretation of computer media for evidentiary and root cause analysis.
Like the traditional variation, this follows clear, well defined methodologies but still tends to be
as much art as science.
Deontological Ethics - ANS-The study of the rightness or wrongness of intentions and motives
as opposed to the rightness or wrongness of the consequences. Also known as duty-based or
obligation-based ethics, this approach seeks to define a person's ethical duty.
Confidentiality - ANS-The most desirable characteristic for privacy.
, An attribute of information that describes how data is protected from disclosure or exposure to
unauthorized individuals or systems.
Integrity - ANS-An attribute of information that describes how data is whole, complete, and
uncorrupted.
Availability - ANS-An attribute of information that describes how data is accessible and correctly
formatted for use without interference or obstruction.
People - ANS-The function of InfoSec management that encompasses security personnel as
well as aspects of the SETA program.
The 6 P's (Primary Functions of InfoSec Management) - ANS-Planning
Policy
Programs
Protection
People
Project Management
Rationale for a Breach Law - ANS-A breach law specifies a requirement for organizations to
notify affected parties when they have experienced a specified type of loss of information. This
often includes specific forms of PII from various stakeholders. Most of these laws also require
some form of after-breach support from the organization, such as free or discounted credit
monitoring, progress reports, and a description of actions taken to rectify the incident and
prevent reoccurrence.
Key Purposes for Digital Forensics - ANS-To investigate allegations of digital malfeasance && to
perform root cause analysis.
Categories of Unethical Behavior - ANS-Ignorance, accident, and intent.
How Laws & Policies Deter Illegal or Unethical Activity - ANS-Fear of penalty, probability of
being caught, and probability of penalties being administered.
Convergence - ANS-Merging of management accountability in the areas of corporate (physical)
security, corporate risk management, computer security, network security, and InfoSec.
Policy Compliance - ANS-The employee must explicitly acknowledge that they have received,
read, and agree to the policy.
Standard - ANS-A detailed statement of what must be done to comply with policy, sometimes
viewed as the rules governing policy compliance.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ACTUALSTUDY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.