Recent

  • Show all results for ""
Risk Management Chapter 5 Flashcards
28 Questions
100 Views

Risk Management Chapter 5 Flashcards

Created by
@MatchlessAltoSaxophone

Questions and Answers

Which of the following terms best describes a definable piece of information, stored in any manner, that is recognized as having value to the organization?

  • Information Resource
  • Information Asset (correct)
  • Knowledge Base
  • Data Point

    • Information systems __________, __________, and __________ information.

    store, process, and transmit

    What are information owners responsible for?

    Classifying information

    Which role is responsible for implementing and maintaining security controls and reporting suspected incidents?

    <p>Information custodian</p> Signup and view all the answers

    FIPS-199 requires that federal government information and information systems be classified as ____________.

    <p>low, moderate, high security</p> Signup and view all the answers

    Information classification systems are used in which of the following organizations?

    <p>Government, Military, and Financial institutions</p> Signup and view all the answers

    FIPS requires that information be evaluated for _____________ requirements with respect to the impact of unauthorized disclosure as well as the use of the information.

    <p>secrecy</p> Signup and view all the answers

    Which of the following National Security classifications requires the most protection?

    <p>Top Secret</p> Signup and view all the answers

    Which of the following National Security classifications requires the least protection?

    <p>Sensitive But Unclassified (SBU)</p> Signup and view all the answers

    What does the Freedom of Information Act (FOIA) allow anyone access to?

    <p>Access to any records from federal agencies unless the documents can be officially declared exempt</p> Signup and view all the answers

    Which term best describes the CIA attribute associated with the modification of information?

    <p>Integrity</p> Signup and view all the answers

    Is it mandatory for all private businesses to classify information?

    <p>False</p> Signup and view all the answers

    Which of the following is not a criterion for classifying information?

    <p>The information has no value to the organization.</p> Signup and view all the answers

    What is data that is personal in nature and, if disclosed, is an invasion of privacy called?

    <p>Nonpublic personal information</p> Signup and view all the answers

    Who do organizations restrict access to protected, confidential, and internal-use data?

    <p>Users who have a 'need to know'</p> Signup and view all the answers

    Labeling communicates classification levels to which roles within the organization?

    <p>Employees, Information custodians, and Contractors</p> Signup and view all the answers

    Which term best describes rules for how to store, retain, and destroy data based on classification?

    <p>Handling standards</p> Signup and view all the answers

    Which term best describes the process of removing restricted classification levels?

    <p>Declassification</p> Signup and view all the answers

    Which term best describes the process of upgrading or changing classification levels?

    <p>Reclassification</p> Signup and view all the answers

    The impact of destruction and/or permanent loss of information is used to determine which of the following safeguards?

    <p>Accounting</p> Signup and view all the answers

    Which term best describes an example of a hardware asset?

    <p>Server</p> Signup and view all the answers

    Which statement best describes a MAC address?

    <p>A MAC address is a unique hardware identifier.</p> Signup and view all the answers

    10.1.45.245 is an example of which of the following?

    <p>An IP address</p> Signup and view all the answers

    Source code and design documents are examples of which of the following?

    <p>Intellectual property (IP)</p> Signup and view all the answers

    Which term best describes the act of classifying information based on an original classification decision already made by an authorized original classification authority?

    <p>Derivative classification</p> Signup and view all the answers

    Which type of information would not be considered NPPI?

    <p>Car manufacturer's name</p> Signup and view all the answers

    Legally protected data that is stored on mobile devices should be _____..

    <p>encrypted</p> Signup and view all the answers

    Which statement best describes how written documents that contain NPPI should be handled?

    <p>All of the above. Written documents that contain NPPI should be stored...</p> Signup and view all the answers

    Study Notes

    Information Assets

    • Information assets are definable pieces of information recognized as valuable to an organization.

    Information Systems Functions

    • Information systems are designed to store, process, and transmit information.

    Roles and Responsibilities

    • Information owners are responsible for classifying information.
    • Information custodians implement and maintain security controls and report suspected incidents.

    Classification Standards

    • FIPS-199 classifies federal government information and systems as low, moderate, or high security.
    • Information classification systems are commonly used by government, military, and financial institutions.

    Secrecy and Classification

    • FIPS evaluates information for secrecy requirements, assessing the impact of unauthorized disclosure.
    • Top Secret is the classification requiring the most protection; Sensitive But Unclassified (SBU) requires the least.

    Access to Information

    • The Freedom of Information Act (FOIA) grants access to federal records unless exempt by law.

    CIA Triad

    • Integrity refers to the CIA attribute associated with the modification of information.

    Classification Mandates

    • Classification is mandatory for private businesses only if they engage with government entities.
    • An information criterion for classification excludes those with no value to the organization.

    Personal Information

    • Nonpublic personal information is considered personal and its disclosure can invade privacy and compromise security.

    Access Control

    • Access to protected data is restricted to users with a "need to know" basis.

    Classification Communication

    • Labeling communicates classification levels to employees, information custodians, and contractors.

    Data Handling and Classification Changes

    • Handling standards govern the storage, retention, and destruction of data based on classification.
    • Declassification is the process of removing restricted classification levels.
    • Reclassification involves upgrading or changing classification levels.

    Information Safeguards

    • The impact of information destruction or loss determines appropriate accounting safeguards.

    Hardware and IP Address

    • Servers are examples of hardware assets.
    • A MAC address serves as a unique hardware identifier.
    • An IP address is identified by number sequences like 10.1.45.245.

    Intellectual Property

    • Source code and design documents are classified as intellectual property (IP).

    Classification Processes

    • Derivative classification is based on existing classification decisions by authorized authorities.

    NPPI Considerations

    • Car manufacturer's name is not considered nonpublic personal information (NPPI).
    • Legally protected data on mobile devices should be encrypted for security.

    Handling NPPI

    • Written documents containing NPPI must be carefully stored, embracing comprehensive handling protocols.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge on Risk Management with these flashcards from Chapter 5. Each card focuses on key terms and definitions essential for understanding information assets and information systems. Perfect for students looking to reinforce their learning.

    More Quizzes Like This

    IS383 Information Systems Security Quiz
    10 questions

    IS383 Information Systems Security Quiz

    CuteLife avatar
    CuteLife
    Threats and Vulnerabilities in Information Technology Systems
    10 questions

    Threats and Vulnerabilities in Information Technology Systems

    BestPerformingPeninsula avatar
    BestPerformingPeninsula
    Information Systems Security Policy Frameworks
    10 questions

    Information Systems Security Policy Frameworks

    JovialEmpowerment avatar
    JovialEmpowerment
    IT Risk & Audit: Risk Analysis, Mitigation & Assessment
    13 questions

    IT Risk & Audit: Risk Analysis, Mitigation & Assessment

    DextrousRadium avatar
    DextrousRadium
    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser