Any action that could damage an asset.
Gramm-Leach Bliley Act(GLBA
Passed in 1999, requires that all types of financial institutions to protect private financial information.
Protecting Private Data
The process of ensuring data confidentiality.
A detailed written definition for hardware and software and how it is to be used.
Data Classification Standards
Four Major Categories:
• Private data
• Internal use only
• Public domain data
Ethical hacking...Intending to be helpful.
Vulnerabilities and Threats
any weakness in a system that makes ...view middle of the document...
Data classification standards
Helps to determine the appropriate access to classify data.
The management of the baseline settings for a system device.
Design is a primary step
to process to verify policy compliance.
In order to recognize something as abnormal, you first must know what normal looks like (when monitoring systems for anomalies.
many organizations turn off logs because they produce too much information.
Verifying Security Controls
Controls that monitor activity include intrusion detection systems (IDS), intrusion prevention systems (IPSs), and firewalls.
Black-box testing, White-box testing, Grey-box testing
Directly affects security controls
Is not part of quantitative risk assessment
Primary components of Risk Management
Reduction, Avoidance, Mitigation
Planning for Disasters
part of business continuity management (BCM), which includes both: BCP and DRP
Business Impact Analysis (BIA)
determines the extent of the impact that a particular incident would have on a business operations over time.
Accomplishes Four Security Goals: Confidentiality, Integrity, Authentication, Nonrepudiation
Adds value to a business.