Integrity, Ensures data is not modified by unauthorized users, Separation of Duties, No single person controls all steps of a critical process, NAT, Translates private IP addresses to public IP addresses, Non-repudiation, Sender cannot deny having sent a message, Due Diligence, Researching and understanding risks before acting, Hot Site, Fully operational recovery site within minutes, Due Care, Implementing reasonable security measures, Cold Site, Empty facility that takes days or weeks to activate, Least Privilege, Granting minimum access needed to perform a job, Accountability, Logging and tracking user actions, RPO, Maximum acceptable amount of data loss, Confidentiality, Prevents unauthorized disclosure of information, RTO, Maximum acceptable downtime for a system, IDS, Detects and alerts on threats but does not block them, Authorization, Determining what a user is allowed to do, Defense in Depth, Multiple overlapping layers of security controls, Authentication, Verifying that a user is who they claim to be, IPS, Sits inline and automatically blocks malicious traffic, Availability, Ensures systems are accessible when needed, VPN, Creates an encrypted tunnel for secure remote access.

ISC2 CC Practice

oleh
Cetak
Menyematkan

Papan peringkat

Lihat pemain top

Papan Peringkat

Gaya visual

Pilihan

Berganti templat

Papan peringkat

Lihat pemain top
)
Pulihkan simpan otomatis: ?