Exam (elaborations)
GIAC GISF exam with complete solutions
- Course
- Institution
GIAC GISF exam with complete solutions
[Show more]
Content preview
GIAC GISF exam withcomplete solutions
Principle of least privilege - answer Everyone can do everything they
need to do and nothing more
CIA Triad - answer Confidentiality, Integrity, Availability
Confidentiality - answer Only those who require access have that access
Integrity - answer Data is edited correctly and by the right people
Availability - answer If we can't use it, why do we have it?
Policy, procedure, training - answer Guidance for success of a security
program
Security policy - answer The broad, general statement of management's
intent to secure the environment
Security procedure - answer Explains, in detail, how to implement the
security policy
Security training - answer Process of informing people of the rules that
must be followed
Confirmed backup recovery - answer Provide assurance of continued
operations. The goals is not just to make backups, but to ensure backups
can be recovered when necessary.
Patch management - answer Ensures stability of operations
,Prevent, detect, respond (PDR) - answer Prevent as much as we can;
detect everything else; respond to what is detected.
Senior manager - answer Has legal responsibility to protect the
organization's assets (often CEO, Commander, Secretary); the person who
decides an organization's level of acceptable risk
Data owner - answer Has primary responsibility for -- and most
knowledge of -- the data. Determines who has access to what.
Data custodian - answer Executes the decisions of the data owner, often
a sys or database admin
Data user - answer Uses data and is a data custodian
Chief information security officer (CISO) - answer Advises, recommends,
teaches, monitors re: data
Threat - answer Anything that can do anything bad to our stuff/people
Vulnerability - answer Anything that allows a threat to happen
Likelihood - answer How likely something is to happen and how often it
will happen
Impact - answer How bad something will be
Gap analysis - answer Identifying and closing the gap between risk and
existing countermeasures in a cost-effective way
Countermeasure - answer Anything that lessens or mitigates a
vulnerability
,Safeguard - answer Anything that lessens or mitigates a vulnerability
Administrative countermeasure - answer Policy, procedure, awareness
training
Technical countermeasure - answer Authentication systems, encryption,
firewalls, etc.
Physical countermeasure - answer Guards, lighting, fencing, other
physical protections
Prevent - answer Keep negative incidents from happening
Detect - answer Learn that something negative has happened
Respond - answer Take measures to stop future threats and repair
damage
Asset identification - answer Figuring out what needs to be protected --
both tangible and intangible
Asset valuation - answer Determining how important the assets are.
Input by senior management is critical because every dollar spent to
protect an asset reduces the value of the asset by a dollar.
Threat identification - answer Figuring out what dangers should concern
us.
Vulnerability analysis - answer Figuring out which of the identified
threats can hurt us.
, Countermeasure identification - answer Figuring out what temporary and
permanent measures we can take (or continue to take or take again) to
mitigate identified threats.
Risk management process - answer Asset identification > asset valuation
> threat identification > vulnerability analysis > likelihood estimate >
impact estimate > gap analysis > countermeasures
Prudent person rule - answer Requires an organization to do the things a
prudent person would to protect its assets
Due care - answer A legal standard that assesses the degree to which an
organization took actions that a reasonable person would to protect its
assets
Risk mitigation - answer Identify and implement countermeasures
Risk avoidance - answer A risk response strategy whereby the
organization acts to eliminate threats to assets
Risk deterrence - answer Implement detection and reaction capabilities
Risk acceptance - answer What can't be mitigated, avoided or deterred
must be accepted
Risk transference/sharing - answer Using insurance or some other
mechanism to pass risk (or part of the risk) to another entity
Risk ignorance - answer An organization assumes it is not a target; must
not be allowed
Bit - answer A single 1 or 0
Byte - answer 8 1s and 0s; also called an octet or an 8-bit word
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller BRAINBOOSTERS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79373 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now