Updated WGU C795 Study Guide - Passed first try. ProTip Read the CONTEXT of the test question and answers
3 views 0 purchase
Course
C795 Cybersecurity Management II Tactical
Institution
C795 Cybersecurity Management II Tactical
WGU C795 Study Guide - Passed first try. ProTip Read the CONTEXT of the test question and answers
OOM (Object-oriented modeling):
It is heavily used by both OOA and OOD activities in modern software engineering.
ISO/IEC 20000 Family
ISO27001 -
ISO27002 -
ISO27005 -
ISO270037 -
ISO270050...
WGU C795 Study Guide - Passed first try. ProTip Read the CONTEXT of the test question and answers
OOM (Object-oriented modeling):
It is heavily used by both OOA and OOD activities in modern software engineering.
ISO/IEC 20000 Family
ISO27001 -
ISO27002 -
ISO27005 -
ISO270037 -
ISO270050 -
ISO27001 - Requirements
ISO27002 - Code of Practice
ISO27005 - Risk Management
ISO270037 - Digital Evidence
ISO270050 - Electronic Delivery
CIA triad (Confidentiality, Integrity, Availability)
All Security functions Begin with Policy
Confidentiality - Protection of sensitive assets:
Intellectually property: Research or business plans
Information: Privacy or secrecy
Confidentiality - Breaches:
Intentional or accidental
Covert Channels - Timing(displayed or heard), Storage( on USB)
Protection of displayed data - displayed paperwork or monitor. Confidentiality - Effect of Breaches:
Legal Penalties Must demonstrate Due Care and Due Diligence
Financial Penalties - Lost revenue
Reputational Damage Confidentiality - Ensuring Confidentiality:
Policy
Access Controls: Need to know & Least Privilege. Confidentiality - Enforcing Confidentiality:
Encryption, Masking (dots on pw), Obfuscation (not readable/meaningful), Tokenization(Pay at pump, token given to gas station where no one sees card info, just token)
Require SSL certificate
Integrity - Authenticity Files, Evidence, logs
Reliability usefulness Unauthorized modifications
Intentional, Accidental, Transmission Errors, Integrity - Breaches:
Life Safety - Pharmaceutical
Damage to equipment and processes
Breach of contact - Penalties, Loss of customers
Reputational damage Integrity - Ensuring Integrity
Separation of duties - no one user controls entire transaction
Mutual Exclusivity (MutEx) - Same person can do both tasks but not at same time
Dual Control - Two people to complete a task Parity Bits(watched for missing packets), Checksums (checked a download), Check Digits( entry to form to check it before use), Header and Trailer records ( to make sure top and bottom are same ensuring integrity)
Hashing(creates a digest. on computer stores in "sam"(windows) or ETC(linux) ), Digital Signatures ( ensures source that creates a digest).
Digital Signature(asymmetric) (ensures source and integrity ) - Digest used Senders private key, then sent to user to decrypt with sender public key. Integrity - Enforcing integrity
Policy, Access control, Input validation, Audit,
Availability - Ensuring Resource is accessible when needed.
Availability - Breaches:
Intentional: Denial or service( DOS) or DDOS
Malware, ransomware or Sabotage
Accidental: Deletion of wrong file, misconfiguration, power off. Availability - Effect
Life Safety, interruption to business, Breach of contract
Availability - Ensuring Replication (backups), Redundancy (networks), Clustering, scalability, resiliency (failover or fault tolerant).
Availability - Enforcing
Policies, Architecture, Access Control(least privilege), Cross Training.
Power fluctuations can damage hardware, which can interrupt our availability and integrity, faulty power can corrupt data.
Non-repudiation
Repudiate - To deny
Effect of Repudiation - Loss of trust, lack of evidence, breach of contract
Non-Repudiation - to establish proof that links an action to a specific identity. - Electric Contracts
- Logs
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller StarScoreGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.