WGU D430 / C836 Fundamentals of Information Security-
Complete Security Models & Risk Management step-by-Step
Concept Breakdown & Revision Notes
DDOS - correct answer a type of cyber attack where an attacker floods a website or
network with so much traffic that it becomes unavailable to legitimate users .
Protecting data in use - correct answer data is in use when a user is accessing the
data
-Hardest to protect , encryption is limited
Protecting data in motion - correct answer data is in motion when it is on a actively
transporting over a network
-SSL VPN and TLS are often used to protect information sent over networks and over
the Internet
Protecting data at rest - correct answer data is at rest when it is on a storage device
-Data protection is done by encryption
HITECH (Health Information Technology for Economic and Clinical Health) - correct
answer to promote and expand the adoption of health information technology ,
especially the ues of electronic health records by healthcare providers
Sarbanes-Oxley Act ( SOX ) - correct answer for trade companies to maintain accurate
financial records and disclose financial information in a timely manner
Gramm-Leach-Biley Act (GLBA) - correct answer protects the privacy of their
customers ' non - public personal information
Payment Card Industry Data Security Standard (PCI DSS) - correct answer companies
that process credit card payments must protect its information
, Payment Card Industry Data Security Standard (PCI DSS) - correct answer companies
that process credit card payments must protect its information
Childrens ' Online Privacy Protection Act (COPPA) - correct answer sets rules on data
collection for children under 13 to protect their online privacy
Compliance - correct answer conforming to a rule , such as specification , policy ,
standard or law
Regulatory compliance - correct answer organizational goal to comply with relevant
laws and regulations
Industry compliance - correct answer regulations or standards usually not mandated
by law , it is designed for specific industries ( e.g. PCI DSS )
Pretexting - correct answer when we assume the guise of a manager , customer
reporter , or even a co - worker's family member
Phishing - correct answer an attack by convincing the potential victim to click on a link
in an e - mail , which steals the victim's personal information and installs viruses
Tailgating - correct answer an unauthorized person attempts to enter a secure area by
following someone who is authorized
Brute Force - correct answer an attack by submitting password attempts until
eventually guessed correctly
Physical Threats - correct answer Extreme temperature, Gases Liquids, Living
organism, Projectiles, Movement Energy anomalies, People, Toxins, Smoke, and fire
Complete Security Models & Risk Management step-by-Step
Concept Breakdown & Revision Notes
DDOS - correct answer a type of cyber attack where an attacker floods a website or
network with so much traffic that it becomes unavailable to legitimate users .
Protecting data in use - correct answer data is in use when a user is accessing the
data
-Hardest to protect , encryption is limited
Protecting data in motion - correct answer data is in motion when it is on a actively
transporting over a network
-SSL VPN and TLS are often used to protect information sent over networks and over
the Internet
Protecting data at rest - correct answer data is at rest when it is on a storage device
-Data protection is done by encryption
HITECH (Health Information Technology for Economic and Clinical Health) - correct
answer to promote and expand the adoption of health information technology ,
especially the ues of electronic health records by healthcare providers
Sarbanes-Oxley Act ( SOX ) - correct answer for trade companies to maintain accurate
financial records and disclose financial information in a timely manner
Gramm-Leach-Biley Act (GLBA) - correct answer protects the privacy of their
customers ' non - public personal information
Payment Card Industry Data Security Standard (PCI DSS) - correct answer companies
that process credit card payments must protect its information
, Payment Card Industry Data Security Standard (PCI DSS) - correct answer companies
that process credit card payments must protect its information
Childrens ' Online Privacy Protection Act (COPPA) - correct answer sets rules on data
collection for children under 13 to protect their online privacy
Compliance - correct answer conforming to a rule , such as specification , policy ,
standard or law
Regulatory compliance - correct answer organizational goal to comply with relevant
laws and regulations
Industry compliance - correct answer regulations or standards usually not mandated
by law , it is designed for specific industries ( e.g. PCI DSS )
Pretexting - correct answer when we assume the guise of a manager , customer
reporter , or even a co - worker's family member
Phishing - correct answer an attack by convincing the potential victim to click on a link
in an e - mail , which steals the victim's personal information and installs viruses
Tailgating - correct answer an unauthorized person attempts to enter a secure area by
following someone who is authorized
Brute Force - correct answer an attack by submitting password attempts until
eventually guessed correctly
Physical Threats - correct answer Extreme temperature, Gases Liquids, Living
organism, Projectiles, Movement Energy anomalies, People, Toxins, Smoke, and fire
