Security (WGU) Exam with Verified
Solutions
If you don't know the threat, how do you know what to protect? ✔️✔️The 1st Law of Haas'
Laws of Operations Security
If you don't know what to protect, how do you know you are protecting it? ✔️✔️The 2nd Law
of Haas' Laws of Operations Security
If you are not protecting it, the dragon wins! ✔️✔️The 3rd Law of Haas' Laws of Operations
Security
cloud computing ✔️✔️services that are hosted, often over the Internet, for the purposes of
delivering easily scaled computing services or resources
identification of critical information ✔️✔️1st step in the OPSEC process, arguably the most
important: to identify the assets that most need protection and will cause us the most harm if
exposed
analysis of threats ✔️✔️2nd step in the OPSEC process: to look at the potential harm or
financial impact that might be caused by critical information being exposed, and who might
exploit that exposure
,analysis of vulnerabilities ✔️✔️3rd step in the OPSEC process: to look at the weaknesses that
can be used to harm us
assessment of risks ✔️✔️4th step in the OPSEC process: to determine what issues we really
need to be concerned about (areas with matching threats and vulnerabilities)
appliance of countermeasures ✔️✔️5th step in the OPSEC process: to put measures in place to
mitigate risks
FISMA (Federal Information Security Modernization Act) ✔️✔️this law provides a framework
for ensuring the effectiveness of information security controls in federal government
- changed from Management (2002) to Modernization in 2014
HIPAA (Health Insurance Portability and Accountability Act) ✔️✔️this law improves the
efficiency and effectiveness of the health care system and protects patient privacy
FERPA (Family Educational Rights and Privacy Act) ✔️✔️this law protects the privacy of
students and their parents
SOX (Sarbanes-Oxley Act) ✔️✔️this law regulates the financial practice and governance of
corporations
,GLBA (Gramm-Leach-Bliley Act) ✔️✔️this law protects the customers of financial
institutions
compliance ✔️✔️relating to an organization's adherence to laws, regulations, and standards
regulatory compliance ✔️✔️Regulations mandated by law usually requiring regular audits and
assessments
industry compliance ✔️✔️Regulations or standards designed for specific industries that may
impact ability to conduct business (e.g. PCI DSS)
privacy ✔️✔️the state or condition of being free from being observed or disturbed by other
people
The Federal Privacy Act of 1974 ✔️✔️This act safeguards privacy through the establishment
of procedural and substantive rights in personal data
privacy rights ✔️✔️Rights relating to the protection of an individual's personal information
PII (Personally Identifiable Information) ✔️✔️Information that can be used to identify an
individual, and should be protected as sensitive data and monitored for compliance
, cryptography ✔️✔️the science of keeping information secure
Cryptanalysis ✔️✔️The science of breaking through the encryption used to create ciphertext
cryptology ✔️✔️The overarching field of study that covers cryptography and cryptanalysis
cryptographic algorithm (cipher) ✔️✔️The specifics of the process used to encrypt plaintext or
decrypt ciphertext
plaintext (cleartext) ✔️✔️unencrypted data
ciphertext ✔️✔️encrypted data
Caesar cipher ✔️✔️an ancient cryptographic technique based on transposition; involves
shifting each letter of a plaintext message by a certain number of letters (historically 3)
ROT13 cipher ✔️✔️a more recent cipher that uses the same mechanism as the Caesar cipher
but moves each letter 13 places forward
symmetric key cryptography (private key cryptography) ✔️✔️uses a single key for both
encryption of the plaintext and decryption of the ciphertext