HCISPP - DOMAIN 3: PRIVACY AND SECURITY
IN HEALTHCARE | 170 QUESTIONS | WITH
ACTUAL SOLUTIONS!!
Pillars of Information Security Answer - Confidentiality, Integrity, Availability
CIA Triad Answer - Confidentiality, Integrity, Availability
Confidentiality Answer - the act of holding information in confidence, not to be
released to unauthorized individuals
data integrity Answer - In a database or a collection of databases, the
condition that exists when data values are consistent and in agreement with
one another.
Availability Answer - Time frames when the system is operational
Continuity of Operations Plan (COOP) Answer - A business continuity
document that considers all aspects that are affected by a disaster, including
functions, systems, personnel, and facilities and that lists and prioritizes the
services that are needed, particularly the telecommunications and IT functions.
Redundant Array of Independent Disks (RAID) Answer - a collection of disk
drives used for fault tolerance and improved performance, and is typically
found in large network systems
,Access Control Answer - A security measure that defines who can access a
computer, device, or network, when they can access it, and what actions they
can take while accessing it.
Administrative Controls Answer - Policies and procedures that address the
management of computer resources
Technical Controls Answer - Security controls that are carried out or managed
by devices. Authentication Mechanisms
Physical Controls Answer - Card Readers, Biometric Scanners
Access Control Phases Answer - Identification, Authentication, Authorization,
Accountability
identification Answer - A unique identifier is checked against the system of
authorized entities.
Authentication Answer - verifying the identity of the person or device
attempting to access the system
Authentication Methods Answer - Something you know, something you have,
and something you are
Multi-factor authentication Answer - Use of several authentication techniques
together, such as passwords and security tokens. Most Secure
autorization Answer - What the subject is authorized to do in the system
, Accountability Answer - Actions taken on the system are logged to ensure they
can be attributed to a single authentication can the subject can be held
accountable
Mandatory Access Control (MAC) Answer - The most restrictive access control
model, typically found in military settings in which security is of supreme
importance. Centralized Authority
Discretionary Access Control (DAC) Answer - The least restrictive access control
model in which the owner of the object has total control over it. Decentralized
Authority
Role-Based Access Control (RBAC) Answer - An access control model that bases
the access control authorizations on the roles (or functions) that the user is
assigned within an organization Centralized Authority
Rule Based Access Control (RBAC) Answer - An access control model that is
based on a list of predefined rules that determine what accesses should be
granted. Centralized Authority
Encryption Answer - Process of converting readable data into
unreadable(Ciphertext) characters to prevent unauthorized access.
Ciphertext Answer - A string of text that has been converted to a secure form
using encryption.
Data Breach Encryption Answer - If a breach occurs the organization is
provided a safe harbor if data is encrypted appropriately
IN HEALTHCARE | 170 QUESTIONS | WITH
ACTUAL SOLUTIONS!!
Pillars of Information Security Answer - Confidentiality, Integrity, Availability
CIA Triad Answer - Confidentiality, Integrity, Availability
Confidentiality Answer - the act of holding information in confidence, not to be
released to unauthorized individuals
data integrity Answer - In a database or a collection of databases, the
condition that exists when data values are consistent and in agreement with
one another.
Availability Answer - Time frames when the system is operational
Continuity of Operations Plan (COOP) Answer - A business continuity
document that considers all aspects that are affected by a disaster, including
functions, systems, personnel, and facilities and that lists and prioritizes the
services that are needed, particularly the telecommunications and IT functions.
Redundant Array of Independent Disks (RAID) Answer - a collection of disk
drives used for fault tolerance and improved performance, and is typically
found in large network systems
,Access Control Answer - A security measure that defines who can access a
computer, device, or network, when they can access it, and what actions they
can take while accessing it.
Administrative Controls Answer - Policies and procedures that address the
management of computer resources
Technical Controls Answer - Security controls that are carried out or managed
by devices. Authentication Mechanisms
Physical Controls Answer - Card Readers, Biometric Scanners
Access Control Phases Answer - Identification, Authentication, Authorization,
Accountability
identification Answer - A unique identifier is checked against the system of
authorized entities.
Authentication Answer - verifying the identity of the person or device
attempting to access the system
Authentication Methods Answer - Something you know, something you have,
and something you are
Multi-factor authentication Answer - Use of several authentication techniques
together, such as passwords and security tokens. Most Secure
autorization Answer - What the subject is authorized to do in the system
, Accountability Answer - Actions taken on the system are logged to ensure they
can be attributed to a single authentication can the subject can be held
accountable
Mandatory Access Control (MAC) Answer - The most restrictive access control
model, typically found in military settings in which security is of supreme
importance. Centralized Authority
Discretionary Access Control (DAC) Answer - The least restrictive access control
model in which the owner of the object has total control over it. Decentralized
Authority
Role-Based Access Control (RBAC) Answer - An access control model that bases
the access control authorizations on the roles (or functions) that the user is
assigned within an organization Centralized Authority
Rule Based Access Control (RBAC) Answer - An access control model that is
based on a list of predefined rules that determine what accesses should be
granted. Centralized Authority
Encryption Answer - Process of converting readable data into
unreadable(Ciphertext) characters to prevent unauthorized access.
Ciphertext Answer - A string of text that has been converted to a secure form
using encryption.
Data Breach Encryption Answer - If a breach occurs the organization is
provided a safe harbor if data is encrypted appropriately
