Domain 1

avatar
Created by
EZPZ

Cards (29)

  • What does STRIDE stand for?
    STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.
  • What is stage 1 of the PASTA threat model?
    Stage 1: Definition of Objectives
  • What is stage 2 of the PASTA threat model?
    Definition of Technical Scope
  • What is stage 3 of the PASTA threat model?
    App Decomposition & Analysis
  • What is the stage 4 of the PASTA threat model?
    Threat Analysis
  • What is stage 5 of the PASTA threat model?
    Weakness and Vulnerability Management
  • What is stage 6 of the PASTA threat model?
    Attack Modeling & Simulation
  • What is stage 7 of the PASTA threat model?
    Risk Analysis & Management
  • What does VAST stand for in threat modeling?
    Visual, Agile, Simple, Threat
  • List the steps in order for the Cyber Kill Chain?
    Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command & Control, and Actions & Objetives
  • Where do all IT security directives originate from?
    Security policies established by the data owners.
  • What defines the percentage of loss that an organization would experience if a specific asset were violated by a realized risk?
    Exposure Factor
  • What was the first major piece of US cybercrime legislation that was passed?
    Computer Fraud and Abuse Act (CFAA)
  • Which security framwork was initially crafted by a government for domestic use but is now an international standard, which is a set of recommended best practices for optimization of IT services to support business growth, transformation, and change; which focuses on understanding how IT and security need to be integrated with and aligned to the objectives of an organization; and which is often used as a starting point for the crafting of a customized IT security solution within an established infrastructure?
    ITIL
  • What federal government agency has the authority to regulate the export of encryption software?

    Bureau of Industry and Security (BIS)
  • What law protects the right of citizens to privacy by placing restrictions on the authority granted to government agencies to search private residences and facilities?
    Fourth Amendment
  • The Children's Online Privacy Act (COPPA) was designed to protect the privacy of children using the internet. What is the minimum age a child must be before companies can collect personal identifying information from them without parental consent?

    13
  • What is the 1st principle of the OECD Privacy Guidelines?
    Collection Limitation
  • What is the 2nd principle of the OECD Privacy Guidelines?
    Data Limitation
  • What is the 3rd principle of the OECD Privacy Guidelines?

    Purpose Specification
  • What is the 4th principle of the OECD Privacy Guidelines?
    Use Limitation
  • What is the 6th principle of the OECD Privacy Guidelines?

    Openness
  • What is the 7th principle of the OECD Privacy Guidelines?
    Individual Participation
  • What is the 8th principle of the OECD Privacy Guidelines?

    Accountability
  • What is the 5th principle of the OECD Privacy Guidelines?

    Security Safeguards
  • What are the five rights associated with a copyright?
    (1) Reproduce the work in any form, language, or medium(2) Adapt or derive more works from it(3) Make and distribute its copies(4) Perform it in public(5) Display or exhibit it in public 
  • What term represents the monitoring of your controls to assess how well they are performing?
    Security Control Assessment
  • What is a a popular global supply chain risk management strategy and is used by retailers around the world?
    PPRR
  • In a court case, what are logs and documents from the systems considered?
    Secondary Evidence