Data Governance and Cyber Ethics Terms
IT security __________________ determines who is authorized to make decisions about cybersecurity risks within an organization.
governance
The __________ is a person who ensures compliance with policies and procedures, assigns the proper classification to information assets, and determines the criteria for accessing information assets.
Data Owner
This is the first step in the risk management process, which determines the quantitative and qualitative value of risk related to a specific situation or threat.
risk assessment
___________________is a simulated cyberattack performed on a computer system, network, or web application to identify and exploit vulnerabilities before malicious actors can. It’s an essential part of a comprehensive cybersecurity strategy.
Penetration Testing (Pen Testing)
True or false. Laws are in place to prohibit undesired behaviors. In the U.S, there are three primary sources of laws and regulations, all of which involve aspects of computer security.
True
_________________is the little voice in your head that tells you what is right and what is wrong, guiding you to make the right decisions.
Ethics
Think Legal and Processing Authority. The ___________ is a person who determines the purposes for which, and the way in which, personal data is processed.
Data Controller
This is an inventory of and classification scheme for information assets within an organization.
asset management
Types of pen testing such as _______________ targets web apps for flaws like SQL injection or XSS.
Web Application Testing
This law, the U.S. Congress has established federal administrative agencies and a regulatory framework that includes both civil and criminal penalties for failing to follow the rules.
Statutory law
The _____________ approach is guided by the principle which states that an individual has the right to make their own choices, which cannot be violated by another person’s decision.
rights
Think Outsourced Processing under contract. The ____________ is a person or organization who processes personal data on behalf of the data controller.
Data Processor
This describes how an organization restricts access rights to networks, systems, applications functions and data in order to prevent unauthorized user access.
access control
When pen testing is conducted, there are different phases in which it is conducted. In this phase, the establishment of the rules of engagement for conducting the test is done, and boundaries and objectives are set.
Phase 1: Planning
True or false. Criminal laws enforce a commonly accepted moral code backed by the authority of the government.
True
The ______________approach proposes that ethical actions are those that benefit the entire community.
common good
Think of Technical Safeguards. The _______________ is a person who implements the classification and security controls for the data in accordance with the rules set out by the data owner.
Data Custodian
This describes the process of ensuring conformance with information security policies, standards and regulations.
Compliance
Which phase attempts to gain access using gathered information. May include privilege escalation and lateral movement.
Phase 3: Attack
This law is a legal framework that governs the activities of administrative agencies of government, administrative law ensures that public bodies act in accordance with the law.
Administrative law
A _______________ is a high-level document that outlines an organization’s vision for cybersecurity, including its goals, needs, scope and responsibilities.
cybersecurity policy
Think of Quality and Monitoring. A ____________ is a person who ensures that data supports an organization’s business needs and meets regulatory requirements.
Data Steward
This describes an organization’s approach to the anticipation of and response to information security breaches.
Information security incident management
This specific team in pen testing is a collaborative team where red and blue members work together to improve security.
The Purple Team
_____________ cases work their way through the judicial system providing precedents and constitutional bases for lawmaking.
Common law