Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

Fundamentals of Information Security (D430) Certification Successfully Completed

Rating
-
Sold
-
Pages
42
Grade
A+
Uploaded on
20-11-2025
Written in
2025/2026

Completed the Fundamentals of Information Security assessment, which covered the core concepts needed to understand and protect modern digital systems. Gained practical knowledge in identifying risks, applying security controls, and safeguarding data in different environments. Worked with the principles behind access management, authentication, and authorization, and learned how to evaluate vulnerabilities and respond to threats in a structured way. Built a solid base in network security, including how firewalls, encryption, and monitoring tools help reduce exposure. Strengthened awareness of policies, standards, and best practices that guide secure operations in real organizations. This achievement shows the ability to apply security thinking, support safe system design, and contribute to the protection of information assets in both technical and non-technical settings.

Show more Read less
Institution
D430
Course
D430

Content preview

D430: Fundamentals of Information Security - PASSED
Study online at https://quizlet.com/_dcg8k6

1. information se- "protecting information and information systems from unauthorized access, use,
curity disclosure, disruption, modification, or destruction." - US law

protection of digital assets.

2. secure it's difficult to define when you're truly secure. when you can spot insecurities, you
can take steps to mitigate these issues. although you'll never get to a truly secure
state, you can take steps in the right direction.

m; as you increase the level of security, you decrease the level of productivity. the
cost of security should never outstrip the value of what it's protecting.

3. data at rest and data at rest is stored data not in the process of being moved; usually protected
in motion (and in with encryption at the level of the file or the entire storage device.
use)
data in motion is data that is in the process of being moved; usually protected
with encryption, but in this case the encryption protects the network protocol or
the path of the data.

data in use is the data that is actively being accessed at the moment. protection
includes permissions and authentication of users. could be conflated with data in
motion.

4. defense by layer the layers of your defense-in-depth strategy will vary depending on situation and
environment.

logical (nonphysical) layers: external network, network perimeter, internal net-
work, host, application, and data layers as areas to place your defenses.

m; defenses for layers can appear in more than one area. penetration testing, for
example, can and should be used in all layers.

5. payment card in-
dustry data secu-


, D430: Fundamentals of Information Security - PASSED
Study online at https://quizlet.com/_dcg8k6

rity standard (PCI a widely accepted set of policies and procedures intended to optimize the security
DSS) of credit, debit and cash card transactions and protect cardholders against misuse
of their personal information.

6. health insur- a federal law that required the creation of national standards to protect sensitive
ance portability patient health information from being disclosed without the patient's consent or
and accountabil- knowledge.
ity act of 1996
(HIPAA)

7. federal infor- requires each federal agency to develop, document, and implement an informa-
mation security tion security program to protect its information and information systems.
management act
(FISMA) m; applies to US federal government agencies, all state agencies that administer
federal programs, and private companies that support, sell to, or receive grant
money from the federal government.

8. federal risk defines rules for government agencies contracting with cloud providers; applies
and authoriza- to both cloud platform providers and companies providing software as a service
tion manage- (SaaS) tools that are based in the cloud.
ment program
(FedRAMP)

9. sarbanes-oxley regulates the financial practice and governance for publicly held companies.
act (SOX)
m; designed to protect investors and the general public by establishing require-
ments regarding reporting and disclosure practices.

places specific requirements on an organization's electronic recordkeeping, in-
cluding the integrity of records, retention periods for certain kinds of information,
and methods of storing electronic communications.

10.



, D430: Fundamentals of Information Security - PASSED
Study online at https://quizlet.com/_dcg8k6

gramm-leach-blileyrequires financial institutions to safeguard their customers financial data and
act (GLBA) identifiable information.

m; mandates the disclosure of an institution's information collection and informa-
tion sharing practices and establishes requirements for providing privacy notices
and opt-outs to consumers.

11. children's inter- requires schools and libraries to prevent children from accessing obscene or
net protection harmful content over the internet.
act (CIPA)

12. children's online protects the privacy of minors younger than 13 by restricting organizations from
privacy protec- collecting their PII (personally identifiable information), requiring the organiza-
tion act (COPPA) tions to post a privacy policy online, make reasonable efforts to obtain parental
consent, and notify parents that information is being collected.

13. family education- defines how institutions must handle student records to protect their privacy and
al rights and pri- how people can view or share them.
vacy act (FERPA)

14. international a body first created in 1926 to set standards between nations.
organization for
standardization the 27000/27k series of THIS covers information security; 27000, 27001, 27002.
(ISO) these documents lay out best practices for managing risk, controls, privacy, tech-
nical issues, and a wide array of other specifics.

15. national insti- provides guidelines for many topics in computing and technology, including risk
tute of standards management.
and technology
(NIST) m; two commonly referenced publications on risk management are SP 800-37
and SP 800-53.

SP 800-37 lays out the risk management framework in six steps: categorize, select,
implement, assess, authorize, and monitor.


, D430: Fundamentals of Information Security - PASSED
Study online at https://quizlet.com/_dcg8k6


16. confidentiality refers to our ability to protect data from those who are not authorized to view it.
(CIA triad)
m; can be compromised in a number of ways; losing laptop with data, someone
looking over your shoulder while entering password, email attachments sent to
wrong people, attackers could penetrate your system.

17. integrity (CIA tri- the ability to prevent people from changing your data in an unauthorized or
ad) undesirable manner.

m; must have the means to prevent unauthorized changes to data and the ability
to reverse unauthorized changes.

is particularly important when it concerns data that provides the foundation for
other decisions; an attacker could alter data from medical tests which can harm
the patient.

18. availability (CIA the ability to access our data when we need it.
triad)
m; THIS can be be lost due to power outages, operating system or application
problems, network attacks, or compromising of a system.

when the issues are caused by an attacker it is called a denial-of-service (DoS)
attack.

19. integrity (parker- THIS is the same as from the CIA triad, however this version doesn't account
ian hexad) for authorized, but incorrect, modification of data; the data must be whole and
completely unchanged.

20. possession/con- in the parkerian hexad, THIS refers to the physical disposition of the media on
trol (parkerian which the data is stored; enabling you to discuss the loss of data in the physical
hexad) sense.

Written for

Institution
D430
Course
D430

Document information

Uploaded on
November 20, 2025
Number of pages
42
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers
$14.49
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
walterkariuki Western Governors University
View profile
Follow You need to be logged in order to follow users or courses
Sold
41
Member since
10 months
Number of followers
1
Documents
350
Last sold
1 month ago

4.0

3 reviews

5
1
4
1
3
1
2
0
1
0

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions