Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
65 Cards in this Set
- Front
- Back
- 3rd side (hint)
The fundamentals of cyber security is built on |
CIA TRIAD |
A three letter organization😂 |
|
Confidentiality |
Data available to authorized users only. |
C |
|
Data integrity |
Data can be trusted |
I |
|
System Integrity |
The system will work as intended |
It works!! |
|
Availability |
Operating and accessible when needed |
It’s ready! |
|
Assurance |
A level of confidence that a control works |
Are you sure? Of course I am sure! |
|
The priority of CIA is based on |
Organizational objectives |
|
|
True or False: Security should be an enabler not a disruptive force |
True |
|
|
Governance |
Set strategic direction and provide leadership |
|
|
Due care |
Standard care (or stewardship) |
|
|
Due diligence |
Continued effort |
|
|
Strategic alignment |
Supporting the business objectives |
|
|
Corporate culture |
Shared attitude, vision, and goal |
|
|
The foundation of the information security program is |
Governance |
|
|
An information security program must be_____with business objectives |
Strategically aligned |
|
|
True or False: Information security is not an IT function |
True |
|
|
Owner |
Management responsible for a subset of data |
1.3 Security and Risk Management |
|
Custodian |
Responsible for protection mechanisms |
1.3 Security and Risk Management |
|
User |
Expected to follow operating procedures. |
1.3 Security and Risk Management |
|
CISO |
Chief Information Security Officer |
1.3 Security and Risk Management |
|
ISM |
Information Security Management |
1.3 Security and Risk Management |
|
Privacy officer |
Subject matter expert for disclosure of data |
1.3 Security and Risk Management |
|
Physical security officer |
Areas included surveillance and guards |
1.3 Security and Risk Management |
|
Policy |
High-level statement |
1.4 Security and Risk Management |
|
Standard |
Mandatory specification |
1.4 Security and Risk Management |
|
Accountability |
process of tracing actions to a source |
1.1 Security and Risk Management |
|
Authentication |
Positive ID of a person or system |
1.1 Security and Risk Management |
|
Authorization |
Granting users or systems access to resources |
1.1 Security and Risk Management |
|
Accounting |
Logging of access and resources utilization |
1.1 Security and Risk Management |
|
Assurance |
Confidence that the controls work to protect system |
1.1 Security and Risk Management |
|
Symmetric Key crypto system |
Use a shared key available to all users |
|
|
Asymmetric key crypto system |
Uses individual combinations of private and public key for each user |
|
|
Data at rest or data stored |
Resides in a permanent location (hard drive, usb, cloud storage, backup tapes) |
|
|
Data in motion or “on the wire” |
Data being transferred on a network between two systems |
|
|
Data in motion confidentiality risk example |
Eavesdropping attacks |
|
|
Data at rest confidentiality risk |
Theft of physical devices |
|
|
Before a message is put into coded form it is known as |
Plaintext |
|
|
Message integrity is enforced through |
Encrypted message digest known as digital signatures |
|
|
Integrity can be enforced by |
Public and secret key |
|
|
Cryptographic algorithm to encrypt the plaintext message and produce a |
Cyphertext message |
|
|
Cryptographic algorithms rely on what to maintain their security |
Keys |
|
|
Kerchoff’s Principle |
is that a cryptographic system should be secure even if everything about the system, except the key is known |
|
|
Algorithm |
A set of mathematical rules that dictates enciphering and deciphering processes |
|
|
Cryptographic keys are referred to as |
Cryptovariables |
|
|
Creating and implementing secret codes and ciphers |
Cryptography |
|
|
The study to defeat codes and ciphers |
Cryptanalysis |
|
|
Together, cryptography and cryptanalysis are commonly referred to as |
Cryptology |
|
|
Specific implementations of a code or cipher in hardware and software are known as |
Cryptosystems |
|
|
defines the hardware and software requirements for cryptographic modules that the federal government uses. |
FIPS 140-2 (Federal Information Processing Standard) |
|
|
One-way function |
a mathematical operation that easily produces output values for each possible combination of inputs but makes it impossible to retrieve the input values. |
|
|
Initialization Vectors |
are used to create unique ciphertext every time the same message is encrypted using the same key. |
|
|
Zero-knowledge proof |
to prove your knowledge of a fact to a third party without revealing the fact itself to that third party. |
|
|
Split knowledge |
separation of duties and two-person control contained in a single solution is called |
|
|
You can measure the strength of a cryptography system by measuring the effort in terms of cost and/or time using a |
Work function/work factor |
|
|
cryptographic systems of symbols that represent words or phrases, are sometimes secret |
Codes |
|
|
are always meant to hide the true meaning of a message |
Ciphers |
|
|
Transposition ciphers |
an encryption algorithm to rearrange the letters of a plaintext message, forming the ciphertext message. |
|
|
Substitution ciphers |
use the encryption algorithm to replace each character or bit of the plaintext message with a different character. The Caesar cipher |
|
|
Vigenère ciphers |
uses a single encryption/decryption chart |
|
|
Similar ciphers |
The only difference is the key length. The Caesar shift cipher uses a key of length one, the Vigenère cipher uses a longer key (usually a word or sentence), and the one-time pad uses a key that is as long as the message itself. |
|
|
Running key cipher or book cipher |
the encryption key is as long as the message itself and is often chosen from a common book. |
|
|
Confusion |
occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting ciphertext to determine the key. |
|
|
Confusion |
occurs when the relationship between the plain text and the key is so complicated that an attacker can’t merely continue altering the plain text and analyzing the resulting ciphertext to determine the key. |
|
|
Diffusion |
occurs when a change in the plain text results in multiple changes spread throughout the ciphertext. |
|
|
Data Encryption Standard (DES) |
56-bit key |
Modern day keys use @ least 128-not keys |