Integrity, Ensures data is not modified by unauthorized users, Separation of Duties, No single person controls all steps of a critical process, NAT, Translates private IP addresses to public IP addresses, Non-repudiation, Sender cannot deny having sent a message, Due Diligence, Researching and understanding risks before acting, Hot Site, Fully operational recovery site within minutes, Due Care, Implementing reasonable security measures, Cold Site, Empty facility that takes days or weeks to activate, Least Privilege, Granting minimum access needed to perform a job, Accountability, Logging and tracking user actions, RPO, Maximum acceptable amount of data loss, Confidentiality, Prevents unauthorized disclosure of information, RTO, Maximum acceptable downtime for a system, IDS, Detects and alerts on threats but does not block them, Authorization, Determining what a user is allowed to do, Defense in Depth, Multiple overlapping layers of security controls, Authentication, Verifying that a user is who they claim to be, IPS, Sits inline and automatically blocks malicious traffic, Availability, Ensures systems are accessible when needed, VPN, Creates an encrypted tunnel for secure remote access.

ISC2 CC Practice

打印
嵌入

排行榜

查看顶级球员

排行榜

视觉风格

选项

切换模板

排行榜

查看顶级球员
)
恢复自动保存: