Professional Documents
Culture Documents
CIA Triad
Intellectual Property
Definition Provides legal Identifies the brand Protects a wide Protects information
protection for owner of a particular range of that derives
rights over product or service creative, independent
inventions intellectual, or economic value from
artistic works not being publicly
known
Risk Terminology
Asset value (AV) The value of the asset that might be affected or lost
Exposure factor (EF) The percentage of the asset value that would be lost
SLE = AV x EF
Annualized rate of occurrence (ARO) The number of times per year a given threat is expected
Annualized loss expectancy (ALE) The amount that would be lost over the course of a year
Corrective control
Regulatory
Physical control
Compensating control
Industry
Recovery control
Domain 2 – Asset Security
Privacy Terms
Clearing A level of sanitization that renders media unreadable through normal means
A method of destruction that generates heavy magnetic fields which realign the
Degaussing
magnetic fields in magnetic media
Data Owner Holds legal rights and complete control over data elements.
Responsible for the safe custody, transport, and storage of the data and
Data Custodian
implementation of business rules.
Data Steward Responsible for data content, context, and associated business rules.
Determines the purposes for which and the means by which personal data is
Data Custodian
processed.
A design feature that, in the event of a failure, should fail to a state that
Fail securely
prevents further operations
Security Models
State Multileve Noninterfer Information Bell-LaPadula BIBA Clark– Brewer and Graham- Take-grant
machine l lattice ence flow Wilson Nash Denning
integrity
Block Ciphers
Classes of Fires
Class A: Ordinary
Paper and wood Water and foam
combustibles
Class B: Flammable
Petroleum products Dry chemical and foam
liquids
Class D: Flammable
Magnesium lithium Dry powders
metals
Class K: Commercial
Cooking oils and greases Wet chemical
kitchens
Cloud
Block Ciphers
• Provides services or
SMTP, FTP Application Data Application
protocols to applications
Connection-oriented Connectionless
Connection
protocol protocol
Registered 1024 - Assigned by IANA
ports 49151 for specific service
Takes
Neither takes upon application by
acknowledgment of
Acknowledg acknowledgment a requesting entity
data and can
ment nor retransmits the
retransmit if the
lost data
user requests
Multi-Factor Authentication
SOC Reports
Equipment
Yes Yes Not fully No
available
Connectivity
Yes Yes Yes No
available
Active before
Yes Yes Yes No
failover
Backups
Process is unpredictable,
Waterfall model
Level 1: Initial poorly controlled, and
reactive
Spiral model
Processes are more
Level 2: Repeatable organized and are often Rapid-application development
reactive
Operation or maintenance
Disposal