Bash, the Crucial Exams Chat Bot
AI Bot
SSCP - Security Operations and Administration Flashcards
ISC2 Systems Security Certified Practitioner (SSCP) Flashcards
| Front | Back |
| Acceptable Use Policy (AUP) | Rules outlining the proper use of organization systems and data |
| Backup Strategies | Methods for creating copies of data, such as full, incremental, or differential backups |
| Business Continuity Plan (BCP) | A strategy for ensuring essential functions continue during disasters |
| Change Management Process | A standardized approach to handling changes in IT systems to minimize impact |
| CIA Triad | The core principles of security: Confidentiality, Integrity, Availability |
| Data Classification | Categorizing data based on its sensitivity and impact on the organization |
| Defense-in-Depth | Implementing multiple layers of security controls to protect assets |
| Disaster Recovery Plan | A documented process for restoring IT operations after a disruption |
| Encryption | Process of converting data into a secure format to prevent unauthorized access |
| Incident Response Plan (IRP) | A documented approach to identifying, managing, and mitigating incidents |
| Incident Response Steps | Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned |
| Log Monitoring | Ongoing review of system logs to identify and respond to anomalies |
| Multifactor Authentication (MFA) | Security mechanism combining two or more authentication factors |
| Password Policy Best Practices | Enforce strong passwords, set expiration dates, and prevent reuse |
| Patch Management | Regular updating of systems to fix vulnerabilities and improve performance |
| Personnel Security | Steps to minimize insider threats through background checks and training |
| Principle of Least Privilege | Limiting user access rights to only what is necessary for their job roles |
| Risk Assessment | Process of identifying, analyzing, and evaluating risks to assets |
| Role-Based Access Control (RBAC) | Access control model based on users’ roles and responsibilities |
| Security Awareness Training | Educating employees about security threats and best practices |
| Security Policy | A set of rules and practices that regulate how organizational assets are protected |
| Separation of Duties | Dividing tasks among multiple people to prevent fraud or errors |
| Vulnerability Assessment | The process of identifying, quantifying, and prioritizing system vulnerabilities |
| Zero Trust Model | Security principle of not automatically trusting anyone inside or outside the network |
Front
Separation of Duties
Click the card to flip
Back
Dividing tasks among multiple people to prevent fraud or errors
Front
Principle of Least Privilege
Back
Limiting user access rights to only what is necessary for their job roles
Front
Role-Based Access Control (RBAC)
Back
Access control model based on users’ roles and responsibilities
Front
Security Awareness Training
Back
Educating employees about security threats and best practices
Front
Personnel Security
Back
Steps to minimize insider threats through background checks and training
Front
Incident Response Steps
Back
Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned
Front
Backup Strategies
Back
Methods for creating copies of data, such as full, incremental, or differential backups
Front
Encryption
Back
Process of converting data into a secure format to prevent unauthorized access
Front
Security Policy
Back
A set of rules and practices that regulate how organizational assets are protected
Front
Multifactor Authentication (MFA)
Back
Security mechanism combining two or more authentication factors
Front
Disaster Recovery Plan
Back
A documented process for restoring IT operations after a disruption
Front
Vulnerability Assessment
Back
The process of identifying, quantifying, and prioritizing system vulnerabilities
Front
Risk Assessment
Back
Process of identifying, analyzing, and evaluating risks to assets
Front
Zero Trust Model
Back
Security principle of not automatically trusting anyone inside or outside the network
Front
Incident Response Plan (IRP)
Back
A documented approach to identifying, managing, and mitigating incidents
Front
Log Monitoring
Back
Ongoing review of system logs to identify and respond to anomalies
Front
CIA Triad
Back
The core principles of security: Confidentiality, Integrity, Availability
Front
Defense-in-Depth
Back
Implementing multiple layers of security controls to protect assets
Front
Business Continuity Plan (BCP)
Back
A strategy for ensuring essential functions continue during disasters
Front
Change Management Process
Back
A standardized approach to handling changes in IT systems to minimize impact
Front
Acceptable Use Policy (AUP)
Back
Rules outlining the proper use of organization systems and data
Front
Data Classification
Back
Categorizing data based on its sensitivity and impact on the organization
Front
Patch Management
Back
Regular updating of systems to fix vulnerabilities and improve performance
Front
Password Policy Best Practices
Back
Enforce strong passwords, set expiration dates, and prevent reuse
1/24
This deck focuses on day-to-day security operations, best practices for administrative tasks, and incident response protocols critical to SSCP knowledge.