CIT 406

  1. What are the 3 parts of the CIA Triangle?
    Confidentiality, Integrity, availability
  2. What makes up the Parkerian Hexad?
    CIA plus Utility, possession or control, and Authenticity
  3. What is confidentiality?
    Ensures that only those with sufficient privleges may access certain information.
  4. What is Integrity?
    The quality or state of being whole, complete, and uncorrupted.
  5. What is Identification?
    When you are able to recognize individual users
  6. What is Authentication?
    Occurs when a control provides proof that a user possesses the identity that he or she claims.
  7. What does it mean to authorize?
    When the user has been specifically and explicitly given authority to access, update, or delete contents of an information asset.
  8. What is accountability?
    When a control provides assurance that every activity undertaken can be attributed to a named person or automated process.
  9. What is a utility?
    Information systems that remain useful and provide capability.
  10. What is privacy?
    using information only for purposes known to the data owner.
  11. Who will always be the weakest link in secruity programs?
  12. What is a security policy?
    a formal, brief, high-level statement or plan that supports an organizations strategy objectives and acceptable procedures for specified subject area. 
  13. What is a standard?
    convey a mandatory action or rule designed to support and conform to a policy.
  14. What is a guideline?
    best practices for meeting strategy and policy requirements. 
  15. Security Program Governance Triangle
    • Strategy
    • Policy
    • Standards and Guidelines
    • Procedures and Processes
  16. What is impact assessment?
    Lists the major impacts of implementation, compliance, and enforcement.

    Identifies the impacted stakeholders

    identifies the dependencies for implementation of policy changes
Card Set
CIT 406
Security Policy & Governance