WGU C836 OA Study Guide correct answers and questions (100%verified)
graded a+ \\pass!!!
Digital Signatures -answer-Ensure that the message was legitimately sent by the
expected party, and to prevent the sender from denying that he or she sent the
message, known as nonrepudiation
Certificates -answer-Link a public key to a particular individual and are often used as a
form of electronic identification for that particular person.
Protecting Data at Rest -answer-An area in which security is often lax and is a
particularly bad area in which we choose not to emphasize security.
Data is at rest when it is on a storage device.
Protecting Data In Motion -answer-Over a closed WAN or LAN, over a wireless
network, over the Internet, or in other ways
SSL and TLS are often used to protect information sent over networks and over the
Internet
Data is in motion when it is on a actively transporting over a network.
Protecting Data In Use -answer-Hardest to protect. Data is in use when a user is
accessing the data.
Cipher -answer-An algorithm used for cryptographic purposes.
Cryptanalysis -answer-The science of breaking through encryption
Federal Information Security Management Act or Federal Information Security
Modernization Act (FISMA) -answer-Ensures the protection of information, operations,
and assets in the federal government.
Requires each federal agency to develop, document, and implement an information
security program to protect its information and information systems. Annual reviews of
these programs are required to maintain compliance and keep security risks to an
acceptable level.
, Health Insurance Portability and Accountability Act (HIPAA) -answer-Sets limits on the
use and disclosure of patient information without authorization, and grants individuals
rights over their own health records
Family Educational Rights and Privacy Act (FERPA) -answer-Protects the privacy of
students and their parents. It also regulate the disclosure and maintenance of
educational records, including educational information, personally identifiable
information, and directory information.
FERPA also grants certain rights to students and parents regarding the student's own
records.
Sarbanes-Oxley Act (SOX) -answer-Regulates the financial practice and governance
of corporations.
Protect investors and the general public by establishing requirements regarding
reporting and disclosure practices. The act mandates standards in regards to areas
such as corporate board responsibility, auditor independence, fraud accountability,
internal controls assessment, and enhanced financial disclosures
Gramm-Leach-Bliley Act (GLBA) -answer-Protects the customers of financial
institutions, essentially any company offering financial products or services, financial or
investment advice, or insurance. The GLBA Privacy Rule requires financial institutions
to safeguard a consumer's "nonpublic personal information," or NPI. GLBA also
mandates the disclosure of an institution's information collection and information sharing
practices, and establishes requirements for providing privacy notices and opt-outs to
consumers
European Union's Data Protection Directive (Directive 95/46/EC) -answer-
Requirements to protect individual's personally identifiable information (PII)
Regulatory Compliance -answer-Organizational goal to comply with relevant laws and
regulations. It is specific to the industry.
In many cases, regulatory compliance comes packaged with cyclical audits and
assessments to ensure that everything is being carried out according to specification.
Industry Compliance -answer-Regulations or standards usually not mandated by law, it
is designed for specific industries (e.g. PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) -answer-Companies that
process credit card payments must comply with this set of standards
graded a+ \\pass!!!
Digital Signatures -answer-Ensure that the message was legitimately sent by the
expected party, and to prevent the sender from denying that he or she sent the
message, known as nonrepudiation
Certificates -answer-Link a public key to a particular individual and are often used as a
form of electronic identification for that particular person.
Protecting Data at Rest -answer-An area in which security is often lax and is a
particularly bad area in which we choose not to emphasize security.
Data is at rest when it is on a storage device.
Protecting Data In Motion -answer-Over a closed WAN or LAN, over a wireless
network, over the Internet, or in other ways
SSL and TLS are often used to protect information sent over networks and over the
Internet
Data is in motion when it is on a actively transporting over a network.
Protecting Data In Use -answer-Hardest to protect. Data is in use when a user is
accessing the data.
Cipher -answer-An algorithm used for cryptographic purposes.
Cryptanalysis -answer-The science of breaking through encryption
Federal Information Security Management Act or Federal Information Security
Modernization Act (FISMA) -answer-Ensures the protection of information, operations,
and assets in the federal government.
Requires each federal agency to develop, document, and implement an information
security program to protect its information and information systems. Annual reviews of
these programs are required to maintain compliance and keep security risks to an
acceptable level.
, Health Insurance Portability and Accountability Act (HIPAA) -answer-Sets limits on the
use and disclosure of patient information without authorization, and grants individuals
rights over their own health records
Family Educational Rights and Privacy Act (FERPA) -answer-Protects the privacy of
students and their parents. It also regulate the disclosure and maintenance of
educational records, including educational information, personally identifiable
information, and directory information.
FERPA also grants certain rights to students and parents regarding the student's own
records.
Sarbanes-Oxley Act (SOX) -answer-Regulates the financial practice and governance
of corporations.
Protect investors and the general public by establishing requirements regarding
reporting and disclosure practices. The act mandates standards in regards to areas
such as corporate board responsibility, auditor independence, fraud accountability,
internal controls assessment, and enhanced financial disclosures
Gramm-Leach-Bliley Act (GLBA) -answer-Protects the customers of financial
institutions, essentially any company offering financial products or services, financial or
investment advice, or insurance. The GLBA Privacy Rule requires financial institutions
to safeguard a consumer's "nonpublic personal information," or NPI. GLBA also
mandates the disclosure of an institution's information collection and information sharing
practices, and establishes requirements for providing privacy notices and opt-outs to
consumers
European Union's Data Protection Directive (Directive 95/46/EC) -answer-
Requirements to protect individual's personally identifiable information (PII)
Regulatory Compliance -answer-Organizational goal to comply with relevant laws and
regulations. It is specific to the industry.
In many cases, regulatory compliance comes packaged with cyclical audits and
assessments to ensure that everything is being carried out according to specification.
Industry Compliance -answer-Regulations or standards usually not mandated by law, it
is designed for specific industries (e.g. PCI DSS)
Payment Card Industry Data Security Standard (PCI DSS) -answer-Companies that
process credit card payments must comply with this set of standards
