Exam (elaborations)
D430 Fundamentals of Information Security - PASSED
- Course
- Institution
D430 Fundamentals of Information Security - PASSED
[Show more]
Content preview
D430: Fundamentals of Information Security – PASSEDinformation security - (correct answer) -"protecting information and information systems from
io io io io io io io io io io
unauthorized access, use, disclosure, disruption, modification, or destruction." - US law
io io io io io io io io io io io
protection of digital assets. io io io
secure - (correct answer) -it's difficult to define when you're truly secure. when you can spot
io io io io io io io io io io io io io io io
insecurities, you can take steps to mitigate these issues. although you'll never get to a truly secure
io io io io io io io io io io io io io io io io io
state, you can take steps in the right direction.
io io io io io io io io io
m; as you increase the level of security, you decrease the level of productivity. the cost of security
io io io io io io io io io io io io io io io io io
should never outstrip the value of what it's protecting.
io io io io io io io io io
data at rest and in motion (and in use) - (correct answer) -data at rest is stored data not in the process
io io io io io io io io io io io io io io io io io io io io io
of being moved; usually protected with encryption at the level of the file or the entire storage device.
io io io io io io io io io io io io io io io io io io
data in motion is data that is in the process of being moved; usually protected with encryption, but in
io io io io io io io io io io io io io io io io io io
this case the encryption protects the network protocol or the path of the data.
io io io io io io io io io io io io io io
data in use is the data that is actively being accessed at the moment. protection includes permissions
io io io io io io io io io io io io io io io io
and authentication of users. could be conflated with data in motion.
io io io io io io io io io io io
defense by layer - (correct answer) -the layers of your defense-in-depth strategy will vary depending
io io io io io io io io io io io io io io
on situation and environment.
io io io io
logical (nonphysical) layers: external network, network perimeter, internal network, host, application,
io io io io io io io io io io
and data layers as areas to place your defenses.
io io io io io io io io io
,m; defenses for layers can appear in more than one area. penetration testing, for example, can and
io io io io io io io io io io io io io io io io
should be used in all layers.
io io io io io io
payment card industry data security standard (PCI DSS) - (correct answer) -a widely accepted set of
io io io io io io io io io io io io io io io
policies and procedures intended to optimize the security of credit, debit and cash card transactions
io io io io io io io io io io io io io io io
and protect cardholders against misuse of their personal information.
io io io io io io io io io
health insurance portability and accountability act of 1996 (HIPAA) - (correct answer) -a federal law
io io io io io io io io io io io io io io
that required the creation of national standards to protect sensitive patient health information from
io io io io io io io io io io io io io io
being disclosed without the patient's consent or knowledge.
io io io io io io io io
federal information security management act (FISMA) - (correct answer) -requires each federal agency
io io io io io io io io io io io io
to develop, document, and implement an information security program to protect its information and
io io io io io io io io io io io io io io
information systems.
io io
m; applies to US federal government agencies, all state agencies that administer federal programs, and
io io io io io io io io io io io io io io
private companies that support, sell to, or receive grant money from the federal government.
io io io io io io io io io io io io io io
federal risk and authorization management program (FedRAMP) - (correct answer) -defines rules for
io io io io io io io io io io io io
government agencies contracting with cloud providers; applies to both cloud platform providers and
io io io io io io io io io io io io io
companies providing software as a service (SaaS) tools that are based in the cloud.
io io io io io io io io io io io io io io
sarbanes-oxley act (SOX) - (correct answer) -regulates the financial practice and governance for publicly
io io io io io io io io io io io io io
held companies.
io io
m; designed to protect investors and the general public by establishing requirements regarding
io io io io io io io io io io io io
reporting and disclosure practices.
io io io io
places specific requirements on an organization's electronic recordkeeping, including the integrity of
io io io io io io io io io io io
records, retention periods for certain kinds of information, and methods of storing electronic
io io io io io io io io io io io io io
communications.
io
gramm-leach-bliley act (GLBA) - (correct answer) -requires financial institutions to safeguard their io io io io io io io io io io io
customers financial data and identifiable information.
io io io io io io
m; mandates the disclosure of an institution's information collection and information sharing practices
io io io io io io io io io io io io
and establishes requirements for providing privacy notices and opt-outs to consumers.
io io io io io io io io io io io
,children's internet protection act (CIPA) - (correct answer) -requires schools and libraries to prevent
io io io io io io io io io io io io io
children from accessing obscene or harmful content over the internet.
io io io io io io io io io io
children's online privacy protection act (COPPA) - (correct answer) -protects the privacy of minors
io io io io io io io io io io io io io
younger than 13 by restricting organizations from collecting their PII (personally identifiable
io io io io io io io io io io io io
information), requiring the organizations to post a privacy policy online, make reasonable efforts to
io io io io io io io io io io io io io io
obtain parental consent, and notify parents that information is being collected.
io io io io io io io io io io io
family educational rights and privacy act (FERPA) - (correct answer) -defines how institutions must
io io io io io io io io io io io io io
handle student records to protect their privacy and how people can view or share them.
io io io io io io io io io io io io io io io
international organization for standardization (ISO) - (correct answer) -a body first created in 1926 to
io io io io io io io io io io io io io io
set standards between nations.
io io io io
the 27000/27k series of THIS covers information security; 27000, 27001, 27002. these documents lay
io io io io io io io io io io io io io
out best practices for managing risk, controls, privacy, technical issues, and a wide array of other
io io io io io io io io io io io io io io io io
specifics.
io
national institute of standards and technology (NIST) - (correct answer) -provides guidelines for many
io io io io io io io io io io io io io
topics in computing and technology, including risk management.
io io io io io io io io io
m; two commonly referenced publications on risk management are SP 800-37 and SP 800-53.
io io io io io io io io io io io io io
SP 800-37 lays out the risk management framework in six steps: categorize, select, implement, assess,
io io io io io io io io io io io io io io
authorize, and monitor.
io io io
confidentiality (CIA triad) - (correct answer) -refers to our ability to protect data from those who are
io io io io io io io io io io io io io io io io
not authorized to view it.
io io io io io io
m; can be compromised in a number of ways; losing laptop with data, someone looking over your
io io io io io io io io io io io io io io io io
shoulder while entering password, email attachments sent to wrong people, attackers could penetrate
io io io io io io io io io io io io io
your system.
io io
integrity (CIA triad) - (correct answer) -the ability to prevent people from changing your data in an
io io io io io io io io io io io io io io io io
unauthorized or undesirable manner.
io io io io io
, m; must have the means to prevent unauthorized changes to data and the ability to reverse
io io io io io io io io io io io io io io io
unauthorized changes.
io io io
is particularly important when it concerns data that provides the foundation for other decisions; an
io io io io io io io io io io io io io io
attacker could alter data from medical tests which can harm the patient.
io io io io io io io io io io io io
availability (CIA triad) - (correct answer) -the ability to access our data when we need it.
io io io io io io io io io io io io io io io
m; THIS can be be lost due to power outages, operating system or application problems, network
io io io io io io io io io io io io io io io
attacks, or compromising of a system.
io io io io io io
when the issues are caused by an attacker it is called a denial-of-service (DoS) attack.
io io io io io io io io io io io io io io
integrity (parkerian hexad) - (correct answer) -THIS is the same as from the CIA triad, however this
io io io io io io io io io io io io io io io io
version doesn't account for authorized, but incorrect, modification of data; the data must be whole
io io io io io io io io io io io io io io io
and completely unchanged.
io io io
possession/control (parkerian hexad) - (correct answer) -in the parkerian hexad, THIS refers to the io io io io io io io io io io io io io
physical disposition of the media on which the data is stored; enabling you to discuss the loss of data
io io io io io io io io io io io io io io io io io io io
in the physical sense.
io io io io
ex; an encrypted hard-drive is stolen, it is considered a loss of THIS because you no longer physically
io io io io io io io io io io io io io io io io io
have the hard-drive.
io io io
authenticity (parkerian hexad) - (correct answer) -in the parkerian hexad, THIS allows you to say
io io io io io io io io io io io io io io
whether you've attributed the data in question to the proper owner or creator.
io io io io io io io io io io io io io
ex; if something is altered to appear to have come from someone other than the proper owner or
io io io io io io io io io io io io io io io io io
creator, then it violates THIS.
io io io io io
utility (parkerian hexad) - (correct answer) -in the parkerian hexad, THIS refers to how useful the data
io io io io io io io io io io io io io io io io
is to you.
io io io io
ex; for an attacker, encrypted data would be of very little use as it's unreadable, unencrypted data
io io io io io io io io io io io io io io io io
would be useful because it's readable.
io io io io io io
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Wisdoms. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79373 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now