Security+ Chapter 1: Organizational Security Flashcards
Terms : Hide Images [1]
| 563748728 | Due diligence | a company identifies the risks to its business, develops and implements strategies for handling the risk, and informs its employees | |
| 563748729 | Due process | Everyone held to the same standard; impartial and fair inquiry into violations of organizational policy | |
| 563748730 | Security policy | policies concerning general organizational security including physical access, access control to data, and security through proper organizational structures and data security principles. | |
| 563748731 | Mandatory vacation | a policy that requires employees to use their vacations at specific times of year or all of their vacation days allotted for a single year to help detect security issues such as fraud and other internal hacking activities. | |
| 563748732 | Least privilege | a security best practice that provides users only access rights they need to perform their job functions. | |
| 563748733 | Job rotation | a policy that provides improved security by ensuring no employee retains the same amount of access control or a particular responsibility for a period of time. This prevents internal corruption from employees who would take advantage of their long-term position and security access. | |
| 563748734 | Separation of duties | Critical responsibilities are separated between several users to prevent corruption; a single individual isn't tasked with high security and high risk responsibilities. | |
| 563748735 | Service Level Agreement (SLA) | A contract or an understanding between a supplier of services and the users of those services that the service in question will be available for a certain percentage of time. | |
| 563748736 | Change management | official company procedures used to approve changes to the company's networks or communications services. | |
| 563748737 | Incident management | planned organizational response to incidents. used to quickly contain a problem and recover to normal operations. | |
| 563748738 | Audits | reviews/inspections that ensure your organization's policies are correctly defined, implemented properly, and communicated efficiently to all users. | |
| 563748739 | Data Loss Prevention (DLP) | a security concept focused on preventing the loss of data and protecting its confidentiality and privacy. | |
| 563748740 | False positive | A legitimate action that is perceived as a risk or threat. | |
| 563748741 | False negative | An illegitimate action that is not perceived as a risk or threat. |