WGU D430- Fundamentals of Information Security
1. FOIA (Freedom of Infor- grants citizens the right to access certain information and records of
mation Act) the federal government upon request except for those by exemptions
or exclusions.
2. SOX (Sarbanes-Oxley Act) mandates certain practices for financial record keeping
3. FISMA (Federal Informa- Mandates govt agencies to protect information systems
tion Security Management
Act)
4. FERPA (Family Educational protects the privacy of student education records
Rights and Privacy Act)
5. HITECH protects electronic health records
6. HIPAA protects medical privacy
7. GDPR (General Data Pro- developed by the EU for data privacy
tection Regulation)
8. GLBA requires financial institutions to explain information sharing prac-
tices
regulates customer privacy in the finance industry
9. 3 States of data Data at rest, data in motion, data in use
10. RSA Asymmetric algorithm developed by Rivest, Shamir, and Adleman, the
facto standard for Digital signatures
11. ECC Asymmetric algorithm, public key cryptography based on elliptic
curves over infinite fields.
12. DES block cipher symmetric algorithm
13. PGP (Pretty Good Privacy) an email program that supports encryption
1/8
, WGU D430- Fundamentals of Information Security
14. Competitive Intelligence process of intelligence gathering and analysis to support business
decisions
15. Operations Security 1. Identification of critical information
Process 2. Analysis of threats
3. Analysis of vulnerabilities
4. Assessment of risks - match threats and vulnerabilities
5. Application of countermeasures
16. Operational Security If you don't know the threat, how do you know what to protect?
17. Vulnerability Analysis identification of weaknesses that can be used to cause harm
18. Social Engineering technique that uses deception to manipulate people into divulging
confidential or personal information that may be used for fraudulent
purposes
19. Human Intelligence data gathered by means of interpersonal contact as opposed to more
(HUMINT) technical intelligence gathering process
20. Phishing social engineering technique use electronic communications to carry
out an attack that is broad in nature
21. The second law of opera- If you don't know what to protect, how do you know you are protecting
tions security it?
22. The first law of operations If you don't know the threat, how do you know what to protect?
security
23. The third law of operation If you are not protecting it, the adversary wins
security
24.
2/8
1. FOIA (Freedom of Infor- grants citizens the right to access certain information and records of
mation Act) the federal government upon request except for those by exemptions
or exclusions.
2. SOX (Sarbanes-Oxley Act) mandates certain practices for financial record keeping
3. FISMA (Federal Informa- Mandates govt agencies to protect information systems
tion Security Management
Act)
4. FERPA (Family Educational protects the privacy of student education records
Rights and Privacy Act)
5. HITECH protects electronic health records
6. HIPAA protects medical privacy
7. GDPR (General Data Pro- developed by the EU for data privacy
tection Regulation)
8. GLBA requires financial institutions to explain information sharing prac-
tices
regulates customer privacy in the finance industry
9. 3 States of data Data at rest, data in motion, data in use
10. RSA Asymmetric algorithm developed by Rivest, Shamir, and Adleman, the
facto standard for Digital signatures
11. ECC Asymmetric algorithm, public key cryptography based on elliptic
curves over infinite fields.
12. DES block cipher symmetric algorithm
13. PGP (Pretty Good Privacy) an email program that supports encryption
1/8
, WGU D430- Fundamentals of Information Security
14. Competitive Intelligence process of intelligence gathering and analysis to support business
decisions
15. Operations Security 1. Identification of critical information
Process 2. Analysis of threats
3. Analysis of vulnerabilities
4. Assessment of risks - match threats and vulnerabilities
5. Application of countermeasures
16. Operational Security If you don't know the threat, how do you know what to protect?
17. Vulnerability Analysis identification of weaknesses that can be used to cause harm
18. Social Engineering technique that uses deception to manipulate people into divulging
confidential or personal information that may be used for fraudulent
purposes
19. Human Intelligence data gathered by means of interpersonal contact as opposed to more
(HUMINT) technical intelligence gathering process
20. Phishing social engineering technique use electronic communications to carry
out an attack that is broad in nature
21. The second law of opera- If you don't know what to protect, how do you know you are protecting
tions security it?
22. The first law of operations If you don't know the threat, how do you know what to protect?
security
23. The third law of operation If you are not protecting it, the adversary wins
security
24.
2/8
