NIST SP 800-12 - Answer A Handbook for Computer Security
NIST SP 800-88 - Answer Media Sanitization
NIST SP 800-60 - Answer Guide to Mapping Types of Information and Information
Systems to Security Categories
NIST SP 800-18 - Answer: "system owner shall update the system security plan when the
system undergoes a significant change
NIST SP 800-53 - Answer Its primary function and objective are to provide an adequate
security requirement and application of security controls to all U.S. Federal Government
information and information management systems.
NIST Risk Management Framework (RMF) - Answer Step 1 Categorize Systems & Data
(Data Owner)
Step 2 Select Controls (System Owner)
Step 3 Implement Controls (Custodians)
Step 4 Assess Controls
Step 5 Authorize Information System
Step 5 Monitor
Clark-Wilson Model - Integrity model that enforces integrity by having subjects access
objects through programs.
Biba Model - Integrity access control model. Integrity model utilizing the two basic rules:
, no read down and no write up. Compare to BellLaPadula model.
BellLaPadula model - Answer An access control model for ensuring confidentiality. The
model employs two main rules: no read up and no write down. Compare with Biba
model.
Brewer and Nash Model - Answer Designed to prevent conflict of interest; typically
employed in industries that handle highly sensitive information. The model takes into
account three main types of resource classes: objects, company groups, and conflict
classes
Government Data Security Classifications - Answer Top Secret
Secret
Classified
Non-Govt Data Security Classifications - Answer Confidential/ Proprietary
Private
Sensitive
AES Encryption - Answer Specifically, AES is an iterative, symmetric-key block cipher
that can use keys of 128, 192, and 256 bits, and encrypts and decrypts data in blocks of
128 bits (16 bytes). DATA at REST
TLS - Transport Layer Security Answer A security protocol that employs certificates
along with public-key cryptography to enable two agents to mutually authenticate with
each other and to exchange a symmetric-key to maintain confidentiality/ encryption over
an TCP/IP link. DATA in MOTION
Data Remanence - Answer The residual physical representation of data which has been
erased in some way. Either Data Removed or Destroyed (Sanitization /No Garbage left)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.