Defining InfoSec
Key Terms
Security Domains
Frameworks
Regulatory Compliance
100

Consists of the three underlying core security principles of data protection 

What is CIA triad?

100

Data can be accessed when needed 

What is availability?

100

The domain includes all employees of a business

Who is a user?

100

Actions, philosophies, and strategies for ensuring the security of an organization’s software, hardware, network, and data 

What is security posture?

100

Protects electronic medical records and personal health information, including patient demographics, medical history, tests and labs, and the resulting diagnosis 

What is The Health Insurance Portability and Accountability Act (HIPAA)?

200

Process of validating or verifying a user’s identity 

What is authentication?

200

Condition of being private or secret 

What is confidentiality?

200

The domain deals with issues surrounding endpoint devices

What is Workstation?

200

Non-regulatory industry framework used for all merchants who process credit card transactions 

What is PCI DSS?

200

Defines and outlines unauthorized access of computers 

What is The Computer Fraud and Abuse Act (CFAA)?

300

All the locations where an attacker can enter and cause a security risk 

What is an attack surface?

300

Refers to an unchanged, unimpaired, or unaltered state 

What is Integrity?

300

The domain covers a network infrastructure within small area

What is Local Area Network (LAN)?

300

Provide best-practice recommendations to assist international organizations in implementing and maintaining security controls within their business 

What is ISO 27000 suite?

300

Protects wire and electronic transmissions of data 

What is The Electronic Communication Privacy Act (ECPA)?

400

Process of protecting an information system, including identifying vulnerabilities and risks for using, storing, and transmitting data 

What is information assurance (IA)?

400

Having multiple, redundant levels of protection in the event that one level fails

What is defense in depth?

also known as layered security

400

The domain covers a network infrastructure for more than one geographic location

What is Wide Area Network (WAN)?

400

Auditing standard that governs ways in which companies report on compliance with laws and regulations rather than financial information

What is SSAE SOC (I, II, III)?
400

Ensures that financial businesses are protecting a customer’s private data 

What is The Gramm-Leach-Bliley Act (GLBA)?

500

Legal concept that refers to the inability to deny something 

What is nonrepudiation?

500

Adhering to laws, regulations, and standards as set forth by a governing body 

What is compliance?

500

The domain addresses challenges presented by _____, including securing data in transit over the Internet, verification of the authorized users and their locations, and the security of the _______

What is Remote Access?

500

The framework for improving critical infrastructure cybersecurity in the United States.

What is the NIST Cybersecurity Framework (CSF)?

500

Prevents company executives from hiding or destroying electronic records for a minimum of five years 

What is The Sarbanes-Oxley Act (SOX)?