D430: Fundamentals of Information Security
– PASSED Questions and Correct Answers |
Latest Update
information security
"protecting information and information systems from unauthorized access,
use, disclosure, disruption, modification, or destruction." - US law
protection of digital assets.
secure
it's difficult to define when you're truly secure. when you can spot
insecurities, you can take steps to mitigate these issues. although you'll
never get to a truly secure state, you can take steps in the right direction.
m; as you increase the level of security, you decrease the level of productivity. the cost of
security should never outstrip the value of what it's protecting.
data at rest and in motion (and in use)
data at rest is stored data not in the process of being moved; usually
protected with encryption at the level of the file or the entire storage
device.
~ 1 ~ for inquiry mail me @
, Best Grades | Must Pass | Latest Update | Correct Answers | 2024/ 2025
data in motion is data that is in the process of being moved; usually protected with encryption,
but in this case the encryption protects the network protocol or the path of the data.
data in use is the data that is actively being accessed at the moment. protection includes
permissions and authentication of users. could be conflated with data in motion.
defense by layer
the layers of your defense-in-depth strategy will vary depending on
situation and environment.
logical (nonphysical) layers: external network, network perimeter, internal network, host,
application, and data layers as areas to place your defenses.
m; defenses for layers can appear in more than one area. penetration testing, for example,
can and should be used in all layers.
payment card industry data security standard (PCI DSS)
a widely accepted set of policies and procedures intended to optimize the
security of credit, debit and cash card transactions and protect
cardholders against misuse of their personal information.
~ 1 ~ for inquiry mail me @
, Best Grades | Must Pass | Latest Update | Correct Answers | 2024/ 2025
health insurance portability and accountability act of 1996 (HIPAA)
a federal law that required the creation of national standards to protect
sensitive patient health information from being disclosed without the
patient's consent or knowledge.
federal information security management act (FISMA)
requires each federal agency to develop, document, and implement an
information security program to protect its information and information
systems.
m; applies to US federal government agencies, all state agencies that administer federal
programs, and private companies that support, sell to, or receive grant money from the
federal government.
federal risk and authorization management program (FedRAMP)
defines rules for government agencies contracting with cloud providers;
applies to both cloud platform providers and companies providing
software as a service (SaaS) tools that are based in the cloud.
sarbanes-oxley act (SOX)
~ 1 ~ for inquiry mail me @
, Best Grades | Must Pass | Latest Update | Correct Answers | 2024/ 2025
regulates the financial practice and governance for publicly held
companies.
m; designed to protect investors and the general public by establishing requirements
regarding reporting and disclosure practices.
places specific requirements on an organization's electronic recordkeeping, including the
integrity of records, retention periods for certain kinds of information, and methods of storing
electronic communications.
gramm-leach-bliley act (GLBA)
requires financial institutions to safeguard their customers financial data
and identifiable information.
m; mandates the disclosure of an institution's information collection and information sharing
practices and establishes requirements for providing privacy notices and opt-outs to
consumers.
children's internet protection act (CIPA)
requires schools and libraries to pr event children from accessing obscene
or harmful content over the internet.
~ 1 ~ for inquiry mail me @