______
ensures
the
protection
of
information,
operations,
and
assets
in
federal
government.
A
SOX
B
PCI
DSS
C
FERP A
D
HIPAA
E
FISMA
-
ANSE
______
protects
the
customers
of
financial
institutions.
A
PCI
DSS
B
SOX
C
FISMA
D
FERP A
E
GLBA
-
ANSE
______
protects
the
privacy
of
students
and
their
parents.
A
PCI
DSS
B
FISMA
C
HIPAA
D
GLBA
E
FERP A
-
ANSE
______
regulates
the
financial
practice
and
governance
of
corporations.
A
FERP A
B
HIPAA
C
GLBA
D
FISMA
E
SOX
-
ANSE
______
sets
limits
on
the
use
and
disclosure
of
patient
information
and
grants
individuals
rights
over
their
own
health
records.
A
HIPAA
B
SOX
C
GLBA D
FERP A
E
PCI
DSS
-
ANSA
________
protects
the
privacy
of
students
and
their
parents.
Also
grants
certain
rights
to
students
and
parents
regarding
the
student's
own
records.
-
ANSThe
Family
Educational
Rights
and
Privacy
Act
(FERP A)
________
provides
a
framework
for
ensuring
the
effectiveness
of
information
security
controls
in
government.
This
legislation
is
intended
to
protect
government
information,
operations,
and
assets
from
any
natural
or
manmade
threat.
This
requires
each
federal
agency
to
develop,
document,
and
implement
an
information
security
program
to
protect
its
information
and
information
systems.
-
ANSThe
Federal
Information
Security
Modernization
Act
(FISMA)
__________
requires
privacy
protections
for
individually
identifiable
health
information,
also
known
as
protected
health
information,
or
PHI.
-
ANSHealth
Insurance
Portability
and
Accountability
Act
(HIP AA)
___________
attacks
cause
our
assets
to
become
unusable
or
unavailable
for
our
use,
on
a
temporary
or
permanent
basis.
These
attacks
affect
____________,
such
as
a
DDOS
attack,
but
can
be
an
attack
on
integrity
as
well.
-
ANSInterruption;
Availability
___________
protects
the
customers
of
financial
institutions,
essentially
any
company
offering
financial
products
or
services,
financial
or
investment
advice,
or
insurance.
Requires
financial
institutions
to
safeguard
a
consumer's
"nonpublic
personal
information,"
or
NPI
-
ANSThe
Gramm-Leach-Bliley
Act
(GLBA)
___________
provides
us
with
the
means
to
trace
activities
in
our
environment
back
to
their
source.
A
Accountability
B
Authentication
C
Access
D
Nonrepudiation
E
Authorization
-
ANSA
_____________
are
based
on
rules,
laws,
policies,
procedures,
guidelines,
and
other
items
that
are
"paper"
in
nature.
An
example
is
one
that
requires
us
to
change
our
password
every
90
days.
One
important
concept
when
we
discuss
this
type
of
control
is
the
ability
to
enforce
compliance
with
them.
If
we
do
not
have
the
authority
or
the
ability to
ensure
that
our
controls
are
being
complied
with,
they
are
worse
than
useless,
because
they
create
a
false
sense
of
security .
-
ANSAdministrative
Controls
_____________
is
a
popular ,
fully-featured
sniffer
capable
of
intercepting
traffic
from
a
wide
variety
of
wired
and
wireless
sources.
A
Hping3
B
NetStumbler
C
Wireshark
D
Kismet
-
ANSC
_____________
is
a
sniffer
that
specializes
in
detecting
wireless
devices.
A
Kismet
B
Wireshark
C
NetStumbler
D
Hping3
-
ANSA
_____________
is
the
next
step
taken
after
we
have
completed
identification
and
authentication.
-
ANSAuthorization
_____________
regulates
the
financial
practice
and
governance
of
corporations
and
is
designed
to
protect
investors
and
the
general
public
by
establishing
requirements
regarding
reporting
and
disclosure
practices.
-
ANSThe
Sarbanes-Oxley
Act
(SOX)
______________
attacks
allow
unauthorized
users
to
access
our
data,
applications,
or
environments,
and
are
primarily
an
attack
against
_______________
of
the
CIA
triad.
The
form
of
unauthorized
file
viewing
or
copying,
eavesdropping
on
phone
conversations,
or
reading
e-mail,
and
can
be
conducted
against
data
at
rest
or
in
motion.
-
ANSInterception;
Confidentiality
_______________
attacks
involve
tampering
with
our
asset.
Such
attacks
might
primarily
be
considered
an
______________
attack
but
could
also
represent
an
availability
attack.
If
we
access
a
file
in
an
unauthorized
manner
and
alter
the
data
it
contains,
we
have
affected
the
integrity
of
the
data
contained
in
the
file.
However ,
if
we
consider
the
case
where
the
file
in
question
is
a
configuration
file
that
manages
how
a
particular
service
behaves,
perhaps
one
that
is
acting
as
a
Web
server ,
we
might
affect
the
availability
of
that
service
by
changing
the
contents
of
the
file.
-
ANSModification;
Integrity ________________
is
a
web-related
technology
used
to
develop
web
pages
while
____________
refers
to
an
attack
where
malicious
code
is
embedded
into
the
web
page.
-
ANSCSS;
XSS
___________________
attacks
involve
generating
data,
processes,
communications,
or
other
similar
activities
with
a
system.
Primarily
affects
____________
but
could
be
considered
an
availability
attack
as
well.
-
ANSFabrication;
Integrity
_____________controls,
are
those
that
protect
the
systems,
networks,
and
environments
that
process,
transmit,
and
store
our
data.
Common
examples
are:
passwords,
encryption,
logical
access
controls,
firewalls,
and
intrusion
detection
systems.
-
ANSLogical
and
Technical
Controls
1
-
Identification
2
-
Authentication
3
-
Authorization
4
-
Access
-
ANSAccountability
1
-
Preparation
2
-
Detection
and
analysis
3
-
Containment
4
-
Eradication
5
-
Recovery
6
-
Post
incident
activity
-
ANSIncident
Handling
and
Response
(IH&R)
Process
1
-
Removing
unnecessary
software
2
-
Removing
or
turning
off
unessential
services
3
-
Making
alterations
to
common
accounts
4
-
Applying
the
principle
of
least
privilege
5
-
Applying
software
updates
in
a
timely
manner
6
-
Making
use
of
logging
and
auditing
functions
7
-
Remove
All
Unnecessary
Software
-
ANSOperating
System
Hardening
(Steps)
A
badge
or
token
is
considered
what
type
of
authentication?
A
Something
you
are
B
Something
you
have
C
Something
you
know
D
Where
you
are
E
Something
you
do
-
ANSB
ensures
the
protection
of
information,
operations,
and
assets
in
federal
government.
A
SOX
B
PCI
DSS
C
FERP A
D
HIPAA
E
FISMA
-
ANSE
______
protects
the
customers
of
financial
institutions.
A
PCI
DSS
B
SOX
C
FISMA
D
FERP A
E
GLBA
-
ANSE
______
protects
the
privacy
of
students
and
their
parents.
A
PCI
DSS
B
FISMA
C
HIPAA
D
GLBA
E
FERP A
-
ANSE
______
regulates
the
financial
practice
and
governance
of
corporations.
A
FERP A
B
HIPAA
C
GLBA
D
FISMA
E
SOX
-
ANSE
______
sets
limits
on
the
use
and
disclosure
of
patient
information
and
grants
individuals
rights
over
their
own
health
records.
A
HIPAA
B
SOX
C
GLBA D
FERP A
E
PCI
DSS
-
ANSA
________
protects
the
privacy
of
students
and
their
parents.
Also
grants
certain
rights
to
students
and
parents
regarding
the
student's
own
records.
-
ANSThe
Family
Educational
Rights
and
Privacy
Act
(FERP A)
________
provides
a
framework
for
ensuring
the
effectiveness
of
information
security
controls
in
government.
This
legislation
is
intended
to
protect
government
information,
operations,
and
assets
from
any
natural
or
manmade
threat.
This
requires
each
federal
agency
to
develop,
document,
and
implement
an
information
security
program
to
protect
its
information
and
information
systems.
-
ANSThe
Federal
Information
Security
Modernization
Act
(FISMA)
__________
requires
privacy
protections
for
individually
identifiable
health
information,
also
known
as
protected
health
information,
or
PHI.
-
ANSHealth
Insurance
Portability
and
Accountability
Act
(HIP AA)
___________
attacks
cause
our
assets
to
become
unusable
or
unavailable
for
our
use,
on
a
temporary
or
permanent
basis.
These
attacks
affect
____________,
such
as
a
DDOS
attack,
but
can
be
an
attack
on
integrity
as
well.
-
ANSInterruption;
Availability
___________
protects
the
customers
of
financial
institutions,
essentially
any
company
offering
financial
products
or
services,
financial
or
investment
advice,
or
insurance.
Requires
financial
institutions
to
safeguard
a
consumer's
"nonpublic
personal
information,"
or
NPI
-
ANSThe
Gramm-Leach-Bliley
Act
(GLBA)
___________
provides
us
with
the
means
to
trace
activities
in
our
environment
back
to
their
source.
A
Accountability
B
Authentication
C
Access
D
Nonrepudiation
E
Authorization
-
ANSA
_____________
are
based
on
rules,
laws,
policies,
procedures,
guidelines,
and
other
items
that
are
"paper"
in
nature.
An
example
is
one
that
requires
us
to
change
our
password
every
90
days.
One
important
concept
when
we
discuss
this
type
of
control
is
the
ability
to
enforce
compliance
with
them.
If
we
do
not
have
the
authority
or
the
ability to
ensure
that
our
controls
are
being
complied
with,
they
are
worse
than
useless,
because
they
create
a
false
sense
of
security .
-
ANSAdministrative
Controls
_____________
is
a
popular ,
fully-featured
sniffer
capable
of
intercepting
traffic
from
a
wide
variety
of
wired
and
wireless
sources.
A
Hping3
B
NetStumbler
C
Wireshark
D
Kismet
-
ANSC
_____________
is
a
sniffer
that
specializes
in
detecting
wireless
devices.
A
Kismet
B
Wireshark
C
NetStumbler
D
Hping3
-
ANSA
_____________
is
the
next
step
taken
after
we
have
completed
identification
and
authentication.
-
ANSAuthorization
_____________
regulates
the
financial
practice
and
governance
of
corporations
and
is
designed
to
protect
investors
and
the
general
public
by
establishing
requirements
regarding
reporting
and
disclosure
practices.
-
ANSThe
Sarbanes-Oxley
Act
(SOX)
______________
attacks
allow
unauthorized
users
to
access
our
data,
applications,
or
environments,
and
are
primarily
an
attack
against
_______________
of
the
CIA
triad.
The
form
of
unauthorized
file
viewing
or
copying,
eavesdropping
on
phone
conversations,
or
reading
e-mail,
and
can
be
conducted
against
data
at
rest
or
in
motion.
-
ANSInterception;
Confidentiality
_______________
attacks
involve
tampering
with
our
asset.
Such
attacks
might
primarily
be
considered
an
______________
attack
but
could
also
represent
an
availability
attack.
If
we
access
a
file
in
an
unauthorized
manner
and
alter
the
data
it
contains,
we
have
affected
the
integrity
of
the
data
contained
in
the
file.
However ,
if
we
consider
the
case
where
the
file
in
question
is
a
configuration
file
that
manages
how
a
particular
service
behaves,
perhaps
one
that
is
acting
as
a
Web
server ,
we
might
affect
the
availability
of
that
service
by
changing
the
contents
of
the
file.
-
ANSModification;
Integrity ________________
is
a
web-related
technology
used
to
develop
web
pages
while
____________
refers
to
an
attack
where
malicious
code
is
embedded
into
the
web
page.
-
ANSCSS;
XSS
___________________
attacks
involve
generating
data,
processes,
communications,
or
other
similar
activities
with
a
system.
Primarily
affects
____________
but
could
be
considered
an
availability
attack
as
well.
-
ANSFabrication;
Integrity
_____________controls,
are
those
that
protect
the
systems,
networks,
and
environments
that
process,
transmit,
and
store
our
data.
Common
examples
are:
passwords,
encryption,
logical
access
controls,
firewalls,
and
intrusion
detection
systems.
-
ANSLogical
and
Technical
Controls
1
-
Identification
2
-
Authentication
3
-
Authorization
4
-
Access
-
ANSAccountability
1
-
Preparation
2
-
Detection
and
analysis
3
-
Containment
4
-
Eradication
5
-
Recovery
6
-
Post
incident
activity
-
ANSIncident
Handling
and
Response
(IH&R)
Process
1
-
Removing
unnecessary
software
2
-
Removing
or
turning
off
unessential
services
3
-
Making
alterations
to
common
accounts
4
-
Applying
the
principle
of
least
privilege
5
-
Applying
software
updates
in
a
timely
manner
6
-
Making
use
of
logging
and
auditing
functions
7
-
Remove
All
Unnecessary
Software
-
ANSOperating
System
Hardening
(Steps)
A
badge
or
token
is
considered
what
type
of
authentication?
A
Something
you
are
B
Something
you
have
C
Something
you
know
D
Where
you
are
E
Something
you
do
-
ANSB
