Defining InfoSec
Consists of the three underlying core security principles of data protection
What is CIA triad?
Data can be accessed when needed
What is availability?
The domain includes all employees of a business
Who is a user?
Actions, philosophies, and strategies for ensuring the security of an organization’s software, hardware, network, and data
What is security posture?
Protects electronic medical records and personal health information, including patient demographics, medical history, tests and labs, and the resulting diagnosis
What is The Health Insurance Portability and Accountability Act (HIPAA)?
Process of validating or verifying a user’s identity
What is authentication?
Condition of being private or secret
What is confidentiality?
The domain deals with issues surrounding endpoint devices
What is Workstation?
Non-regulatory industry framework used for all merchants who process credit card transactions
What is PCI DSS?
Defines and outlines unauthorized access of computers
What is The Computer Fraud and Abuse Act (CFAA)?
All the locations where an attacker can enter and cause a security risk
What is an attack surface?
Refers to an unchanged, unimpaired, or unaltered state
What is Integrity?
The domain covers a network infrastructure within small area
What is Local Area Network (LAN)?
Provide best-practice recommendations to assist international organizations in implementing and maintaining security controls within their business
What is ISO 27000 suite?
Protects wire and electronic transmissions of data
What is The Electronic Communication Privacy Act (ECPA)?
Process of protecting an information system, including identifying vulnerabilities and risks for using, storing, and transmitting data
What is information assurance (IA)?
Having multiple, redundant levels of protection in the event that one level fails
What is defense in depth?
also known as layered security
The domain covers a network infrastructure for more than one geographic location
What is Wide Area Network (WAN)?
Auditing standard that governs ways in which companies report on compliance with laws and regulations rather than financial information
Ensures that financial businesses are protecting a customer’s private data
What is The Gramm-Leach-Bliley Act (GLBA)?
Legal concept that refers to the inability to deny something
What is nonrepudiation?
Adhering to laws, regulations, and standards as set forth by a governing body
What is compliance?
The domain addresses challenges presented by _____, including securing data in transit over the Internet, verification of the authorized users and their locations, and the security of the _______
What is Remote Access?
The framework for improving critical infrastructure cybersecurity in the United States.
What is the NIST Cybersecurity Framework (CSF)?
Prevents company executives from hiding or destroying electronic records for a minimum of five years
What is The Sarbanes-Oxley Act (SOX)?