• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/35

Click to flip

35 Cards in this Set

  • Front
  • Back
ACO
Authenticated ciphering offset
AES
Advanced Encryption Standard: A symmetric block cipher with a block size of 128 bits in which the key can be 128, 192, or 256 bits.
AIS
Automated Information System
Assurance
A measure of confidence that the features and architecture of an AIS accurately mediate and enforce the security policy. Grounds for confidence that an IT product or system meets it's security objectives.
Asymmetric Key Encryption
Cryptographic system that employs two keys, a public key and a private key. The public key is made available to anyone wishing to send an encryped message to an individual holding the corresponding private key of the public private key pair. Any message encrypted with one of these keys can be decrypted with the other. The private key is always kept private. It should not be possible to derive the private key from the public key.
Attack
The act of trying to bypass security controls on a system. An attack can be active, resulting in data modification, or passive, resulting in the release of data.
Blackbox test
Ethical hacking team has no knowledge of target network.
Block Cipher
A symmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext. A block cipher is obtained by segregating plaintext into blocks of n characters or bits and applying the same encryption algorithm and key to each block.
Blind signature
A form of digital signature where the signer is not privy to the content of the message.
BSI ISO/IEC 17799-2000,
BS 7799-I: 2000
Information technology -- Code of practice for information security management, British Standards Institution, London UK.
A standard intended to provide a comprehensive set of controls comprising best practices in information security." ISO refers to the International Organization for Standardization, and IEC is the International Electrotechnical Commission.
BSA
Business Software Alliance: An international organization representing leading software and e-commerce developers in 65 countries around the world. BSA efforts include educating users about software copyrights; advocating for public policy that fosters innovation and expands trade opportunities; and fighting software piracy.
CA
Certification Authority: the official responsible for performing the comprehensive evaluation of the technical and non-technical security feature of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meet a set of specified security requirements.
Carnivore
A device used by the U.S. FBI to monitor ISP traffic.
CBC
Cipher Block Chaining is an encryption mode of the Data Encryption Standard (DES) that operates on plaintext blocks 64 bits in length.
CERT Coordination Center
A unit of the Carnegie Mellon University Software Engineering Institute (SEI). SEI is a federally funded R&D center. CERT's mission is to alert the Internet community to vulnerabilities and attacks and to conduct research and training in the areas of computer security including incident response.
Cipher
A cryptographic transformation that operates on characters or bits.
Ciphertext
An unintelligible encrypted message.
Cryptogram
An unintelligible encrypted message.
Closed Security Environment
An environment in which both of the following conditions hold true:
1. Application developers have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic
2. Configuration control provides sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to and during the operation of system applications.
Clustering
Situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm but with different cryptovariables or keys.
Codes
Cryptographic transformations that operate at the level of words or phrases.
COM
Common Object Model
A model that allows two oftwar components to communicate with each other independent of their platforms' operating systems and languages of implementation.
COBRA
Common Object Request Broker Architecture:
CALEA
Communications Assistance for Law Enforcement Act of 1994:
An act that required all communications carriers to make wiretaps possible in ways approved by the FBI.
COMSEC
Communications Security
Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security and physical security of COMSEC material and information.
Compartment
A class of information that has need-to-know access controls beyond those normally provided for access to confidential, secret, or top-secret information.
Compensating Controls
A combination of controls, such as physical and technical or technical and administrative (or all three).
Composition model
An information security model that investigated the resulting security properties when subsystems are combined.
CSTVRP
Computer Security Technical Vulnerability Reporting Program.
A program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by the DoD, CSTVRP provides for the reporting, cataloging, and discrete dissemination of technical vulnerability and corrective measure information to DoD components on a need-to-know basis.
Contamination
The intermixing of data at different sensitivity and need-to-know levels. The lower-level data is said to be contaminated by the higher-level data; thus, the contaminating (higher-level) data might not receive the require level of protection.
COTS
Commercial off-the-shelf
Covert Channel
A communications channel that enables two cooperating processes to transfer information in a manner that violates the system's security policy.
CRL
Certificate Revocation List
Cryptanalysis
Refers to the ability to "break" the cipher so that the encrypted message can be read. Cryptanalysis can be accomplished by exploiting weaknesses in the cipher or in some fashion determining the key.
Crypto-Algorithm
A well-defined procedure, sequence of rules, or steps used to produce a key stream or cyphertext from plaintext, and visa versa. A step-by-step procedure that is used to encipher plaintext and decipher ciphertext.