Information Technology /Security+ (SY0-701): Lesson 14: Summarize Security Governance Part 3
Security+ (SY0-701): Lesson 14: Summarize Security Governance Part 3
This flashcard deck covers key concepts from Lesson 14 of the Security+ (SY0-701) course, focusing on security governance roles, change management, and automation in security management.
Define the role of a 'processor' in security/data governance
An entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector; Ensures that data is handled securely and in accordance with the rules established by the owner and controller roles.
Tap or swipe ↕ to flip
Swipe ←→Navigate
SSpeak
FFocus
1/20
Key Terms
Term
Definition
Define the role of a 'processor' in security/data governance
An entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector; Ensures that data is handled secure...
How do processors adhere to security/data governance?
By maintaining records of their processing activities, cooperate with supervisory authorities, and implement appropriate security measures to protect ...
Define the role of a 'custodian' in security/data governance
Data steward - implements and enforces the security controls established by the data owner and controller; Responsible for managing the system on whic...
What must be included when proposing a change request in change management?
Documentation, including details describing what will be changed, the reasons for the change, any potential impacts, and a rollback plan in case the c...
When assessing a change request, what must be considered?
Each change must be subject to risk assessment to identify potential security impacts.
What the role of an 'owner' in change management
Project managers/team leaders accountable for ensuring change is implemented as planned, risks are managed effectively, and there's a clear plan for c...
Related Flashcard Decks
Study Tips
- Press F to enter focus mode for distraction-free studying
- Review cards regularly to improve retention
- Try to recall the answer before flipping the card
- Share this deck with friends to study together
| Term | Definition |
|---|---|
Define the role of a 'processor' in security/data governance | An entity trusted with a copy of personal data to perform storage and/or analysis on behalf of the data collector; Ensures that data is handled securely and in accordance with the rules established by the owner and controller roles. |
How do processors adhere to security/data governance? | By maintaining records of their processing activities, cooperate with supervisory authorities, and implement appropriate security measures to protect the data they handle. |
Define the role of a 'custodian' in security/data governance | Data steward - implements and enforces the security controls established by the data owner and controller; Responsible for managing the system on which data assets are stored, including being responsible for enforcing access control, encryption, and backup/recovery measures. |
What must be included when proposing a change request in change management? | Documentation, including details describing what will be changed, the reasons for the change, any potential impacts, and a rollback plan in case the change does not work as planned. |
When assessing a change request, what must be considered? | Each change must be subject to risk assessment to identify potential security impacts. |
What the role of an 'owner' in change management | Project managers/team leaders accountable for ensuring change is implemented as planned, risks are managed effectively, and there's a clear plan for communication/training associated with the change. |
Define a 'stakeholder' | A person who has a business interest in the outcome of a project or is actively involved in its work. |
Define 'impact analysis' | Change management process of identifying and assessing the potential implications of a proposed change. |
How do test results affect change management? | Test results provide valuable insight into the likelihood of success and help identify potential issues without impacting business operations. |
How do 'back out plans' affect change management? | A well-defined back out plan helps to minimize downtime and reduces the risk of data loss or other severe impacts. |
What is the role of maintenance windows in change management? | A predefined, recurring time frame for implementing changes. |
How do 'Standard Operating Procedures (SOPs)' affect change management? | Written instructions that describe how to carry out routine operations or changes to ensure that changes are implemented consistently and effectively. |
Define an 'allow list' in regards to change management | A list of approved software, hardware, and specific change types that are not required to go through the entire change management process. |
Define a 'deny list' in regards to change management | Includes explicitly blocked software, hardware, and specific change types or high-impact changes that must always go through the full change management process, or individuals who are not authorized to implement or approve changes. |
Define 'Version control' | Tracking and controlling changes to documents, code, or other important data. |
How can automation be used for security management? | Monitoring for threats, applying patches, maintaining baselines, or responding to incidents. |
What is the role of orchestration in security management? | Enhances automation by coordinating and streamlining the interactions between automated processes and systems. |
Define a 'workforce multiplier' | A tool or automation that increases employee productivity, enabling them to perform more tasks to the same standard per unit of time. |
Define 'Operator fatigue' | The mental exhaustion experienced by cybersecurity professionals. |
Define 'technical debt' | Costs accrued by keeping an ineffective system or product in place, rather than replacing it with a better-engineered one. |