1.p6 Need to know the 4 broad categories for technologies. a Networks b System c Processes d Applications
2.p5 Need to know access control systems consists of 3 elements a Policies b Procedures c Tools
3.p16 The purpose of access control is to regulate interactions between a subject and an object, such as data, a network or device
4.p8 Need to know the Confidence in any authentication system can be measured by two components : the type of correlation and the number of authentication factors
5.p21 Access control threats cannot be 100% eliminated because new ones are constantly being devised.
6.p26-27 Quantitative risk assessment relies on several calculations a Single Loss Expectancy (SLE) b Annual Rate of Occurrence (ARO) c Annualized Loss Expectancy (ALE)
7.p24 Social engineering is the single most common strategy attackers use and it’s also the most effective
8.p35 Under system application domain, patch management is what?
Can be used to address security threats
9.p30 Where are access controls needed most?
Unless there is an asset of special importance stored on the network, it is unnecessary to place separate access controls on each asset
10.p45 Significant lots of overlap in security layers
11.p45 A classification scheme is a method of organizing sensitive information into various access levels.
12.p46 Anyone can gain access to unclassified information through legal means via the Freedom of Information Act (FOIA)
-13.p48 The privacy act of 1974 is related to the federal government.
14.p52-53 Why would you need to classify data? – Risk avoidance
15.p58 Operational efficiency: * The right information * The right people * The right time
16.p71-72 What’s a key requirement for HIPAA? – Security and privacy of Health data
17.p77 FERPA * Computer media * Written documents stored in the student folder *
18.p89 IT security policy framework consists of: * Policy *