Sec+ | Important Notes

Software that Aggregates log data and acts as workforce multiplier

Software that detects and STOPS an attack in real-time

Security technologies that work together to screen devices for health conditions before accessing a network

Stops sensitive data exfiltration

Software that automates a response when set up

Best way to control company data on a laptop or cellular phone.

Best tool to use to capture data packets going between computers.

Best way to test your Incident Response Plan (IRP)

Best way to store credit card data in a database is to replace it with a placeholder.

Best way to see internal to external conversations between computers

Best way to transfer risk involved with a security incident.

Step by step guide to responding to a security incident

A policy that outlines how long we must store and maintain data

A report provided by a vendor stating that we meet certain regulatory requirements

Report that shows how things are affected when a security incident happens.

Law that governs how an organization handles credit/debit card data.

Supporting document that provides security controls to orgs that are required to have ISMS.

Requires companies handle PII in a manner that keeps it private.

Privacy law that applies to European Citizens regarding their privacy rights.

Requires an organization to set up an ISMS if they deal with sensitive info.

This is the maximum amount of data that can be lost.

The number of times something happens in a given year.

This is the maximum amount of time equipment can be down.

The amount of money we can expect to lose if something occurs.

The amount of money we can expect to lose in a given year due to events occurring.

Mandy needs to create a way to rollback to a previous point if something goes wrong.

Terry wants to enforce security policies on the cloud.

Dameon needs to determine everything that needs to be done to get into compliance.

Sierra wants to prevent employees from sending sensitive info in email.

Jon needs a tool that will help him identify if anything in a file system has changed.

A formal document that an employee signs to ensure they understand what they are allowed to use an asset for.

A plan that we put into place to maintain continuity in the event of a disaster or attack.

A complete analysis on how a situation or event would impact the organization.

Legal agreement between two parties that outlines service requirements. Often denotes 99.9% uptime.

A plan that outlines scope of a job, the completion timeline and the cost.

A third party that holds cryptographic keys for you for safety and ease of access

A 2-step process of turning plain text data into cipher, then back into plain text for data privacy

Defeats a rainbow table by adding random characters to a data structure before its hashed

A set of instructions for turning plain text data into cipher text data

A cryptographic technology that assigns a unique code to a data structure "fingerprinting" it

A preservation order issued by a law enforcement agency

A report on how effective a companies security controls are

A company who does not follow the required laws is this

A document that outlines who was been in contact with digital evidence

The process of collecting digital evidence for preservation

Using an unauthorized software program in a company that the IT's don't know about

Attacks because they want to gain money by selling data

Attacks based on their personal beliefs

Revenge/retaliation on a company they work at

An advanced threat that works for a government