Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
45 Cards in this Set
- Front
- Back
What are the 3 risk management control types? |
Management, Operational, Technical |
|
2 ways to do risk analysis |
Quantitative Qualitative |
|
What risk analysis method includes intangible factors? |
Qualitative
|
|
ALE |
Annual Loss Expectancy |
|
ARO |
Annual Rate of Occurrence |
|
SLE |
Single Loss Expectancy |
|
How is ALE calculated? |
SLE x ARO |
|
What are the common access control policies that can prevent fraud and corruption? |
Least privilege Separation of duties Job rotation Mandatory vacations |
|
What is the act of taking the necessary steps to protect the company and employees? |
Due care |
|
What is the act of ensuring that security policies are properly implemented? |
Due diligence |
|
What ensures a fair and impartial inquiry into violations of company policy? |
Due process |
|
What is the security concept concerning protecting data and it's confidentiality both in storage and in transit? |
DLP Data Loss Prevention |
|
HIPAA |
Health Insurance Portability and Accountability Act. Medical Industry standard fro protection of patient data` |
|
SOX |
Sarbanes Oxley Standards for financial firms for storage, access, communications & auditing of data |
|
PCI |
Payment Card Industry Standards defined for credit card companies. |
|
EUDPD |
European Data Protection Initiative A European Union standard for provacy protection of user data |
|
MTBF |
Mean Time Between Failures |
|
SLA |
Service Level Agreement An understanding between a supplier of services and the user regarding availability. This details the policies and procedures to preserve uptime as well as contingency plans. |
|
ISA |
Interconnection Security Agreement Describes technical details by which two interconnected systems will securely share information. |
|
What is SPIM?
|
Instant message spam |
|
What is Vishing ? |
VOIP phishing, which can spoof origins and make a bogus call hard to detect |
|
What ensures that evidence has been handled with care and lists the persons who have had acess to it? |
A Chain of Custody |
|
What is a detailed document that provides an analysis of risks, a recovery plan and a continuity of operations plan? |
A BCP Business Continuity Plan |
|
What are the steps in creating a BCP? |
Create a disaster recovery team, Perform a risk analysis, Perform a business impact analysis, Create a disaster recovery plan, Prepare documentation, Test the plan |
|
Who should be included on the disaster recovery team? |
Members from all departments, including management. |
|
|
|
|
What should be included in a disaster recovery plan? |
Notification lists, Contact information, Network and facilities diagrams, System configurations, Backup restoration procedures, Backup and licensing media. |
|
How should a disaster recovery plan be stored? |
In both hardcopy and software form, as well as both onsite and in an offsite facility. |
|
MTTR |
Mean Time To Restore |
|
|
Mean Time To Failure Assumes a device will NOT be repaired |
|
RTO |
Recovery Time Objective |
|
MTBF |
Mean Time Between Failures, Assumes a device will be repaired. |
|
RPO |
Recovery Point Objective, The maximum acceptable loss for an outage, Defined in terms of time. |
|
Difference between High availability vs redundancy? |
High availability means a service is always available, redundancy of equipment is a means of delivering on this. |
|
what are the two types of clustering for servers? |
Active/Active (both are responding) |
|
Whatt are the types of alternate sites? |
Warm Cold |
|
Raid 0 |
Striping, no fault tolerance, 2 drives minimum |
|
|
Disk mirroring, 2 drives minimum |
|
Raid 5 |
Striping with distributed parity 3 drives minimum |
|
Raid 6 |
Striping, double distributed parity |
|
When planning a backup strategy, what points should be included? |
Type of data to be backed up Frequency of backups The amount of data to backup Retention period of those backups |
|
What is recommended humidity for computer equipment? |
40-50% |
|
What is the difference between a voltage spike and a surge? |
A spike is momentary, while a surge is a prolonged period of high coltage |
|
What is the difference between and voltage sag and a brownout? |
A sag is momentary, and a brownout is a prolonged period of low voltage. |
|
What are 3 common types of problems that affect network signals? |
EMI (Electro Magnetic Interference) Crosstalk Attenuation |