Show:
Chapter 1
Chapters 2 & 3
Chapter 4.1 & 4.2
Chapter 4.3
Chapter 5
100

Information regarding one's health status (1.1)

What is protected health information? (PHI)

100

The idea that the critical aspects of the organization to function, perhaps at a reduced capacity, during any sort of disruption (2.2)

What is business continuity?
100
The ports (on routers, switches, servers, computers, and other devices) to which wires can be connected in order to create a network (4.1)

What are physical ports?

100

A communication tunnel that provides point-to-point transmissioin of both authentication and data traffic over an untrusted network (4.3)

What is a virtual private network? (VPN)

100

The process and act of converting the message from its plaintext to ciphertext (5.1)

What is encryption (or enciphering)?

200

The idea that systems and data are accessible at the time users need them (1.1)

What is availability?
200

A process consisting of the activities necessary to restore IT and communications services to an organuzation during and after an outage, disruption, or disturbance (2.3)

What is disaster recovery?
200

The TCP/IP layer that makes a way for data to move through the network (4.1)

What is the network interface layer?

200

This can either be public or private, but is generally developed for a particular community (4.3)

What is a community cloud?

200

The study or applications of methods to secure or protect the meaning and content of info by disguise or obfuscation (5.1)

What is cryptography?

300

The magnitude of harm that could be caused by a threat's exercise of a vulnerability (1.2)

What is impact?

300

The procedures related to preparing for recovery & continuation of critical business functions & technology infrastructure/systems after a disaster (2.3)

What is a disaster recovery plan? (DRP)

300

Threats that arise from individuals who are trusted by the organization (4.2)

What are insider threats?

300

A network area designed to be accessed by outside visitors while still being isolated from the private network of the organization (4.3)

What is a demilitarized zone? (DMZ)

300

This is a digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different one of these to be generated (5.1)

What is a message digest?

400

The process of identifying, estimating, and prioritizing risks to an organization's operations, assets, individuals, other organizations, and the nation at large (1.2)

What is risk assessment?
400

Any entity that requests access to our assets (could be a user, client, process, or program) (3.1)

What is a subject?

400

A system that automates the inspection of logs and real-time system events to detect intrusion attempts and system failures (4.2)

What is an intrusion detection system? (IDS)

400

Any resources that an organizatioin accesses using cloud computing (4.3)

What are cloud-based assets?

400

A regression and validation process which may involve testing an analysis to verify that nothing in the system was broken by a newly applied set of changes (5.2)

What are verification and audit?

500

A risk analysis assessment where numerical values are assigned to both impact and likelihood based on statistical probabilities (1.2)

What is a quantitative risk analysis?

500

An access control system that sets up user permissions based on roles (3.3)

What is role-based access control? (RBAC)

500
The security standard that applies to merchants and service providers who process credit or debit card transactions (4.2)

What is the Payment Card Industry Data Security Standard? (PCI-DSS)

500
The concept of controlling access to an environment through strict adherence to and implementation of security policies (4.3)

What is network access control? (NAC)

500

A security policy that defines system and user expectations for password formulation and protection (5.3)

What is a password policy?