Exam (elaborations)
BADM 7401 - Exam 1 Terms Questions with Explanations of Answers | latest upate 2024
BADM 7401 - Exam 1 Terms Questions with Explanations of Answers | latest upate 2024
[Show more]
Content preview
BADM 7401 - Exam 1 TermsThreat - ANS-Any event or circumstance that has the potential to adversely affect operations
and assets
Attack - ANS-An intentional or unintentional act that can damage or otherwise compromise
information and the systems that support it
Vulnerability - ANS-A potential weakness in an asset or its defensive control system(s)
identification - ANS-The access control mechanism whereby unverified entities who seek
access to a resource provide a label by which they are known to the system.
Authorization - ANS-The access control mechanism that represents the matching of an
authenticated entity to a list of information assets and corresponding access levels.
Accountability - ANS-The access control mechanism that ensures all actions on a
system—authorized or unauthorized—can be attributed to an authenticated identity.
Authentication - ANS-the process by which a control establishes whether a user (or system) is
the entity it claims to be
Information Security - ANS-Protection of the confidentiality, integrity, and availability of
information assets, whether in storage, processing, or transmission, via the application of policy,
education, training and awareness, and technology.
Policy - ANS-function of information security management that seeks to dictate certain behavior
within the organization through a set of organizational guidelines
Privacy - ANS-In the context of information security, the right of individuals or groups to protect
themselves and their information from unauthorized access, providing confidentiality.
Digital Forensics - ANS-the preservation, identification, extraction, documentation, and
interpretation of digital media for evidentiary and/or root cause analysis
Deontological Ethics - ANS-the study of the rightness or wrongness of intentions and motives as
opposed to the rightness or wrongness of the consequences (also known as duty- or
obligation-based ethics)
Elements of the CIA triad - ANS-Confidentiality, Integrity, Availability
Most desirable characteristic for privacy - ANS-Confidentiality
, The function of InfoSec management that encompasses security personnel as well as aspects
of the SETA program - ANS-People
The primary functions of information security management - ANS-Planning, policy, programs,
protection, people, project management
The rationale for the breach law - ANS-They specify a requirement for organizations to notify
affected parties when they have experienced a specified type of loss of information and require
some form of after breach support from the organization.
The two key purposes for digital forensics - ANS-To investigate allegations of digital
malfeasance or to perform root cause analysis
The categories of unethical behavior that organizations and society should seek to eliminate -
ANS-Ignorance, Accident, Intent
How laws and policies deter illegal or unethical activity - ANS-Fear of penalty, probability of
being caught, probability of penalty being administered
Convergence - ANS-The process of integrating the governance of the physical security and
information security efforts
Policy Compliance - ANS-means the employee must agree to the policy
Standard - ANS-detailed statement of what must be done to comply with policy, sometimes
viewed as the rules governing policy compliance
Risk Assessment - ANS-A determination of the extent to which an organization's information
assets are exposed to risk.
Risk Treatment - ANS-the process of selecting and implementing of measures to modify risk
phases of the SecSDLC - ANS-Investigation, Analysis, Design (Logical and Physical),
Implementation, Maintenance
The activities of the Investigation phase of the SecSDLC - ANS-Process, outcomes, goals,
scope, costs and benefits, budget and constraints, development team specifications
The activities of the Analysis phase of the SecSDLC - ANS-Issues with the current
program/system, its environment, requirements of the new system
The activities of the Logical Design phase of the SecSDLC - ANS-§ General program/system
specifications (blueprint)
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller ACTUALSTUDY. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for £6.28. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
79064 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy revision notes and other study material for 14 years now
