Accountability - Answer Holds individuals accountable for their actions
Accountability Principle - Answer OECD Privacy Guideline principle which states
individuals should have the right to challenge the content of any personal data being
held, and have a process for updating their personal data if found to be inaccurate or
incomplete
Act honorably, justly, responsibly, and legally - Answer Second canon of the (ISC)2
Code of ethics
Administrative Law - Answer Law enacted by government agencies, aka regulatory law
Advance and protect the profession - Answer Fourth canon of the (ISC)2 Code of Ethics
Agents of law enforcement - Answer Private citizens carrying out actions on the behalf
of law enforcement
AIC triad - Answer The three security principles: availability, intregrity, and
confidentiality.
ALE/Annualized Loss Expectancy - Answer The cost of loss due to a risk over a year
Annualized loss expectancy (ALE) - A dollar amount that estiamtes the loss potenial
from a risk in a span of a year. Single Loss Expectancy (SLE) x annualized rate of
occurrence (ARO) = ALE
,Annualized Rate of Occurrence (ARO) - Answer The value that represents the estimated
possibility of a specific threat taking place within a one-year timeframe.
Antivirus Software - Answer Software designed to prevent and detect malware
infections
ARO/Annual Rate of Occurrence - Answer The number of losses suffered per year
Attack - Answer An attempt to bypass security controls in a system with the mission of
using that system or compromising it. An attack is usually accomplished by exploiting a
current vulnerability.
Authentication - Answer Proof of an Identity claim
Authorization - Answer Actions an individual can perform on a system
AV/Asset Value - Answer The Value of a protected asset
Availability - Answer The reliability and accessibility of data and resources to authorized
identified individuals in a timely manner.
Availability - Answer Assures information is available when needed
Awareness - Answer Security Control designed to change user behavior
Background checks - Answer A Verification of a person's background and experience,
Also called pre-employment screening
,Baseline - Answer Standard ways to apply a countermeasure, administrative control
Baseline - Answer The least level of security necessary to support and enforce a
security policy.
Best evidence rule - Answer use of the best possible evidence
Best practice - Answer A collective wisdom of the best way to safeguard the
confidentiality, integrity and availability of assets
Bot - Answer A computer system infected with malware that is under the control of a
botnet
Botnet - A network of computer bots controlled by human operators organized in a
central bot command and control (C&C) system
Breach notification - Notification of persons whose personal data has been, or is likely to
have been, compromised
Business Impact Analysis-It is a functional analysis performed through a team that
collects data, documents business functions, and develops hierarchy of business
function with applying a classification scheme to indicate each individual function's
criticality level.
CIA triad - Answer Confidentiality, Integrity and Availability
Circumstantial evidence - Answer Evidence that servers to establish the circumstances
related to particular points or even other evidence
Civil law - Answer Law that resolves disputes between individuals or organizations
, Civil law (legal system) - Answer Legal system that leverages codified laws or statues to
determine what is considered within the bounds of law
Classification means answering: Grouping into categories objects based upon some
established criteria. Data and resources can be labeled with a sensitivity level while in
creation, amendment, enhancement, storage or in transmission. This classification level
shall further dictate the level of control and security required for the resource and also
provide an indication of the value of the information asset.
Collection Limitation Principle - Answer The OECD Privacy Guideline principle that
states personal data collection should be limited, obtained in a lawful manner, and with
the knowledge and approval of the persons, unless there is a compelling reason to the
contrary.
Collusion - Answer Two or more people working together to conduct some type of
fraudulent activity. More than one person would have to collaborate to cause some type
of destruction or fraud; this drastically reduces its probability.
Color of law - Answer Acting on the authority of law enforcement
Commandments of Computer Ethics - Answer The Computer Ethics institute code of
ethics
Common law - Answer Legal system that places great reliance on specific cases and
judicial precedent as a determinant of laws
Compensation controls - Answer Additional security controls implemented to
compensate for the weaknesses in other controls
Compensatory damages - Answer Damages as compensation
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.