Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

D430: Fundamentals of Information Security – PASSED(GRADED A+)

Rating
-
Sold
-
Pages
32
Grade
A+
Uploaded on
09-12-2023
Written in
2023/2024

information security - ANSWER"protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction." - US law protection of digital assets. secure - ANSWERit's difficult to define when you're truly secure. when you can spot insecurities, you can take steps to mitigate these issues. although you'll never get to a truly secure state, you can take steps in the right direction. m; as you increase the level of security, you decrease the level of productivity. the cost of security should never outstrip the value of what it's protecting. data at rest and in motion (and in use) - ANSWERdata at rest is stored data not in the process of being moved; usually protected with encryption at the level of the file or the entire storage device. data in motion is data that is in the process of being moved; usually protected with encryption, but in this case the encryption protects the network protocol or the path of the data. data in use is the data that is actively being accessed at the moment. protection includes permissions and authentication of users. could be conflated with data in motion. defense by layer - ANSWERthe layers of your defense-in-depth strategy will vary depending on situation and environment. logical (nonphysical) layers: external network, network perimeter, internal network, host, application, and data layers as areas to place your defenses. m; defenses for layers can appear in more than one area. penetration testing, for example, can and should be used in all layers. payment card industry data security standard (PCI DSS) - ANSWERa widely accepted set of policies and procedures intended to optimize the security of credit, debit and cash card transactions and protect cardholders against misuse of their personal information. health insurance portability and accountability act of 1996 (HIPAA) - ANSWERa federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. federal information security management act (FISMA) - ANSWERrequires each federal agency to develop, document, and implement an information security program to protect its information and information systems. m; applies to US federal government agencies, all state agencies that administer federal programs, and private companies that support, sell to, or receive grant money from the federal government. federal risk and authorization management program (FedRAMP) - ANSWERdefines rules for government agencies contracting with cloud providers; applies to both cloud platform providers and companies providing software as a service (SaaS) tools that are based in the cloud. sarbanes-oxley act (SOX) - ANSWERregulates the financial practice and governance for publicly held companies. m; designed to protect investors and the general public by establishing requirements regarding reporting and disclosure practices. places specific requirements on an organization's electronic recordkeeping, including the integrity of records, retention periods for certain kinds of information, and methods of storing electronic communications. gramm-leach-bliley act (GLBA) - ANSWERrequires financial institutions to safeguard their customers financial data and identifiable information. m; mandates the disclosure of an institution's information collection and information sharing practices and establishes requirements for providing privacy notices and opt-outs to consumers. children's internet protection act (CIPA) - ANSWERrequires schools and libraries to prevent children from accessing obscene or harmful content over the internet. children's online privacy protection act (COPPA) - ANSWERprotects the privacy of minors younger than 13 by restricting organizations from collecting their PII (personally identifiable information), requiring the organizations to post a privacy policy online, make reasonable efforts to obtain parental consent, and notify parents that information is being collected. family educational rights and privacy act (FERPA) - ANSWERdefines how institutions must handle student records to protect their privacy and how people can view or share them. international organization for standardization (ISO) - ANSWERa body first created in 1926 to set standards between nations. the 27000/27k series of THIS covers information security; 27000, 27001, 27002. these documents lay out best practices for managing risk, controls, privacy, technical issues, and a wide array of other specifics. national institute of standards and technology (NIST) - ANSWERprovides guidelines for many topics in computing and technology, including risk management. m; two commonly referenced publications on risk management are SP 800-37 and SP 800-53. SP 800-37 lays out the risk management framework in six steps: categorize, select, implement, assess, authorize, and monitor. confidentiality (CIA triad) - ANSWERrefers to our ability to protect data from those who are not authorized to view it. m; can be compromised in a number of ways; losing laptop with data, someone looking over your shoulder while entering password, email attachments sent to wrong people, attackers could penetrate your system. integrity (CIA triad) - ANSWERthe ability to prevent people from changing your data in an unauthorized or undesirable manner. m; must have the means to prevent unauthorized changes to data and the ability to reverse unauthorized changes. is particularly important when it concerns data that provides the foundation for other decisions; an attacker could alter data from medical tests which can harm the patient. availability (CIA triad) - ANSWERthe ability to access our data when we need it. m; THIS can be be lost due to power outages, operating system or application problems, network attacks, or compromising of a system. when the issues are caused by an attacker it is called a denial-of-service (DoS) attack. integrity (parkerian hexad) - ANSWERTHIS is the same as from the CIA triad, however this version doesn't account for authorized, but incorrect, modification of data; the data must be whole and completely unchanged. possession/control (parkerian hexad) - ANSWERin the parkerian hexad, THIS refers to the physical disposition of the media on which the data is stored; enabling you to discuss the loss of data in the physical sense. ex; an encrypted hard-drive is stolen, it is considered a loss of THIS because you no longer physically have the hard-drive. authenticity (parkerian hexad) - ANSWERin the parkerian hexad, THIS allows you to say whether you've attributed the data in question to the proper owner or creator. ex; if something is altered to appear to have come from someone other than the proper owner or creator, then it violates THIS. utility (parkerian hexad) - ANSWERin the parkerian hexad, THIS refers to how useful the data is to you. ex; for an attacker, encrypted data would be of very little use as it's unreadable, unencrypted data would be useful because it's readable. m; is not necessarily binary and can have varying degrees of usefulness, depending on the data and format. types of attacks - ANSWERTHIS has four categories: interception, interruption, modification, and fabrication. each category can affect one or more principles of the CIA triad. interception (types of attacks) - ANSWERan attack allowing unauthorized users access to data, applications, or environments and are primarily attacks against confidentiality. ex; unauthorized file viewing or copying, eavesdropping on phone conversations, or reading someone else's email.

Show more Read less
Institution
D430
Course
D430











Whoops! We can’t load your doc right now. Try again or contact support.

Written for

Institution
D430
Course
D430

Document information

Uploaded on
December 9, 2023
Number of pages
32
Written in
2023/2024
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$13.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
papersbyjol West Virginia
View profile
Follow You need to be logged in order to follow users or courses
Sold
447
Member since
3 year
Number of followers
254
Documents
14151
Last sold
6 days ago

3.7

78 reviews

5
29
4
20
3
18
2
2
1
9

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions