front 1 Defense in Depth | back 1 Avoid, Prevent, Detect, Respond |
front 2 CIA | back 2 Confidentiality, Integrity, and Availability |
front 3 Principle of Least Privilege | back 3 given only those privileges needed for it to complete its task |
front 4 5 steps of NIST | back 4 1. Identify |
front 5 Risk Management Steps | back 5 1. identify risk |
front 6 “known” asset | back 6 sometimes there are laws that tell us how to protect the asset |
front 7 Risk response | back 7
|
front 8 Risk management | back 8
|
front 9 Quantitative risk assessment | back 9 a process for assigning a value to an asset, the likelihood of it being compromised, and the impact of a compromise |
front 10 Qualitative risk assessment | back 10 often more subjective. Risks, Likelihood, and impact are often ranked as High, Medium, or Low |
front 11 Technical mechanisms to mitigate risk | back 11 • PLP |
front 12 Processes | back 12 a set of activities that complete a specific goal |
front 13 Procedure | back 13 the set of instructions for completing a process |
front 14 Policies | back 14 the guidelines that dictate how processes and procedures should be carried out |
front 15 Policy | back 15 highest over arching – a form set of requirements or rules – written out |
front 16 Process | back 16 detailed list of steps needed to complete something |
front 17 Procedure | back 17 the instructions on how to complete a specific task |
front 18 acceptable usage policy | back 18 outlines what actions and behaviors are acceptable on an organizations systems, network, and within their environment |
front 19 Password policies | back 19 a set of rules that passwords must meet in order to be acceptable |
front 20 MFA | back 20 Multi factor authentication |
front 21 data policy | back 21 a policy that describes how a business handles personal data |
front 22 Data governance policy | back 22 a document that defines how an organization uses and manages its data |
front 23 DLP | back 23 Data Loss Prevention |
front 24 Data owner | back 24 responsible for the big picture |
front 25 Data stewards | back 25 responsible for what is stored |
front 26 Data custodians | back 26 responsible for the technical environment |
front 27 Access control | back 27 high-level requirements that specify how access is |
front 28 Access control policy | back 28 data security technique that prevents unauthorized physical or remote access to company data |
front 29 Discretionary | back 29 owners and admins set the policies on access rights |
front 30 Role based | back 30 access is controlled based on your role within the |
front 31 4 main types of access control | back 31
|
front 32 Remote access policy | back 32 a policy that sets the standards for off-prem connections |
front 33 VPN | back 33 an encrypted connection over the internet from a device to a network |
front 34 IDS | back 34 intrusion detection systems |
front 35 IPS | back 35 Intrusion prevention system |
front 36 Data encryption | back 36 a method where information is encoded and can |
front 37 Synchronous Encryption | back 37 uses 1 key |
front 38 Asynchronous Encryption | back 38 uses 2 keys |