SBOLC SECURITY FUNDAMENTALS (VOCABULARY)
STUDY GUIDE WITH COMPLETE SOLUTION 2024 -2025
BASED
NIST
answers: National Institute of Standards and Technology
What is the NIST Risk Management Framework (RMF)?
answers: -Overall framework for the U.S. federal government to manage
organizational risk throughout the system development life cycle
-Focuses on security control selection, deployment, and auditing
using a seven-step model
-Includes certification and accreditation
Clean Desk Policy
answers: Secure sensitive items when not in use
Principle of least privilege management
answers: Just what you need to do your job
Mandatory vacations
answers: -best way to uncover fraud
-part of onboarding procedures
Job Rotation (rotation of duties)
answers: -Identify or uncover fraud
,-Cross training / Experience for employees
Separation of Duties
answers: Partitions responsibilities to minimize abuse or fraud
Hiring and Termination Policy Elements
answers: -Background checks
-Social media analysis
-Onboarding procedures (NDA/AUP/Sign for equipment)
-Offboarding procedures (NDA/Return of equipment)
-Exit interview
-Non-disclosure Agreement (NDA)
AUP
answers: Acceptable Use Policy
EOL
answers: End of Life
EOS
answers: End of Service
MOA
answers: Memorandum of Agreement
,-A legally binding written document between multiple parties on a
project detailing how they will work together to achieve
agreed-upon goals and objectives.
MOU
answers: Memorandum of Understanding
-A less formal agreement of mutual goals between two or more
organizations with a focus on partitioning of responsibilities
BPA
answers: Business Partners Agreement
-A written agreement defining the general relationship between
business partners with a focus on financial matters
Information Lifecycle Model
answers: -Creation
-Processing
-Dissemination
-Usage
-Storage
-Disposal
Generic Information Classifications
, answers: -Low
-Medium
-High
Military Information Classifications
answers: -Unclassified
-Confidential
-Secret
-Top Secret
Business Information Classifications
answers: -Public
-Private
-Proprietary
-Confidential
Types of Protected Information
answers: -Personally Identifiable Information (PII)
-Personal/Protected Health Information (PHI)
-Financial Information
-Government Data
-Customer Data
Risk Management
answers: The process of identifying, monitoring, and reducing risk to an
acceptable level.
STUDY GUIDE WITH COMPLETE SOLUTION 2024 -2025
BASED
NIST
answers: National Institute of Standards and Technology
What is the NIST Risk Management Framework (RMF)?
answers: -Overall framework for the U.S. federal government to manage
organizational risk throughout the system development life cycle
-Focuses on security control selection, deployment, and auditing
using a seven-step model
-Includes certification and accreditation
Clean Desk Policy
answers: Secure sensitive items when not in use
Principle of least privilege management
answers: Just what you need to do your job
Mandatory vacations
answers: -best way to uncover fraud
-part of onboarding procedures
Job Rotation (rotation of duties)
answers: -Identify or uncover fraud
,-Cross training / Experience for employees
Separation of Duties
answers: Partitions responsibilities to minimize abuse or fraud
Hiring and Termination Policy Elements
answers: -Background checks
-Social media analysis
-Onboarding procedures (NDA/AUP/Sign for equipment)
-Offboarding procedures (NDA/Return of equipment)
-Exit interview
-Non-disclosure Agreement (NDA)
AUP
answers: Acceptable Use Policy
EOL
answers: End of Life
EOS
answers: End of Service
MOA
answers: Memorandum of Agreement
,-A legally binding written document between multiple parties on a
project detailing how they will work together to achieve
agreed-upon goals and objectives.
MOU
answers: Memorandum of Understanding
-A less formal agreement of mutual goals between two or more
organizations with a focus on partitioning of responsibilities
BPA
answers: Business Partners Agreement
-A written agreement defining the general relationship between
business partners with a focus on financial matters
Information Lifecycle Model
answers: -Creation
-Processing
-Dissemination
-Usage
-Storage
-Disposal
Generic Information Classifications
, answers: -Low
-Medium
-High
Military Information Classifications
answers: -Unclassified
-Confidential
-Secret
-Top Secret
Business Information Classifications
answers: -Public
-Private
-Proprietary
-Confidential
Types of Protected Information
answers: -Personally Identifiable Information (PII)
-Personal/Protected Health Information (PHI)
-Financial Information
-Government Data
-Customer Data
Risk Management
answers: The process of identifying, monitoring, and reducing risk to an
acceptable level.
