Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
Disgruntled employee |
Assuming of working ideas is in place this group is best capable of stealing sensitive information due to the absence of system auditing. |
|
|
Trusted paths |
Provides controlled and un-intercepted interfaces into privileged user functions. Intended to provide a way to ensure that any communications over that path cannot be intercepted or corrupted. |
|
|
Ring protection |
Can be used to enforce boundary control between kernel functions and end user controls. |
|
|
Anti-Malware |
Used to protect against malicious software. |
|
|
Maintenance hooks |
Coding constructs written by software developers for troubleshooting an impersonation purposes but can be potential back door for malicious software. |
|
|
An example of fail safe |
The doors of the datacenter spring open in the event of a fire. Focuses on failing with a minimum of harm to personnel. |
|
|
An example of fail secure |
Doors of the marketing closets lock in the event of a fire. Focuses on failing in a controlled manner to block access while the system is in an inconsistent state. |
|
|
RAID |
Redundant array of independent disks. A data mirroring technique. |
|
|
RAID 0 |
Write files in stripes across multiple disks without the use of parity information. Allows for fast reading and writing to disk because all the disks can be accessed in parallel. Does not provide redundancy and should not be used for systems with high availability requirements. Suitable in scenarios where resilience is not required. For example to store temporary data that will only be required for a short period of time. |
|
|
RAID 1 |
Duplicates all disk writes from one disk to another to create two identical drives. Also known as data mirroring. Redundancy is provided at this level when one hard drive fails the other is still available. Is very costly from a drive space perspective because half of the available disk is given to the mirroring and is typically only used between pairs of drives. Commonly used to provide redundancy for system disks where the core operating system files are found. |
|
|
RAID 2 |
Theoretical and not used in practice. Data is spread across multiple discs at the bit level using this technique. Redundancy information is computed using a Hammering error correction code, which is the same technique used within hard drive and error-correcting memory modules. Due to the complexity involved with this technique it is not used. |
|
|
RAID 3&4 |
Requires three or more drives to implement. Parity information is written to a dedicated disk if one of the data disk fails, then the information on the parity disk may be used to reconstruct the drive. Data is striped across multiple disks at the byte level for RAID 3 and at the block level for RAID 4. 3 is more efficient but 4 is faster. |
|
|
RAID 5 |
Requires 3 or more drives. Data and parity information are striped across all drives. Most common for general data storage. |
|
|
RAID 6 |
Requires three or more drives to implement and computes two sets of parity information. The dual parity distribution accommodates the failure of two drives. Performance is slightly less than RAID 5. Not as frequently used in commercial environments. |
|
|
RAID 0+1 and RAID 1+0 |
Nested RAID levels, combining two different RAID types together to try to get the advantages of both. In RAID 0+1 two different arays of disks are at play. One set stripes all of the data across the available drives and the drives are mirrored to a second set of disks. RAID 1+0 each drive in the first set is mirrored to a matching drive in the second set. When data is striped to one drive, it is immediately striped to another.RAID 1+0 is considered to be superior to RAID 0+1 in all respects, both in terms of speed and redundancy. |
|
|
Shadowing |
Updating records in multiple locations or copying an entire database on to a remote location as a means to ensure the appropriate levels of fault tolerance and redundancy. |
|
|
Archiving |
The storage of data that is not in continual use for historic purposes. |
|
|
Backup method used when the window is not long enough to backup all of the data and restoration of backup must be as fast as possible. |
Differential - full backup is not available as window is not long enough. Banker mental backup only gets files that changed since the last incremental backup. And differential backup or leg its files that changed since the last full backup. To restore from incremental backups the last bowl back of the end all of the incremental backups performed are combined. In contrast, restoring from a differential backup requires only the last full backup and the latest differential. |
|
|
Is an example of least privilege in physical security |
A guard verifying identification cards against a list of authorized visitors. |
|
|
Background investigations |
Provides the best determination of access and suitability of an individual. |
|
|
Clipping level |
Used to ensure the only needed logs are collected. |
|
|
Difference between security event information system SEIM and log management system |
SEIM are useful for log collection, collation, and analysis in real time. Log management is similar but more for historic purposes. |
|
|
Best way to ensure no data remanence of sensitive information stored on DVD - R |
Destruction - optical media such as CDs and DVDs must be physically destroyed to make sure that there is no residual data that can be disclosed. |
|
|
Problem management |
Concerned with tracking that event back to a root cause and addressing the underlying problem |
|
|
Ensure production systems are backed up |
Before applying a software update to production systems it is most important |
|
|
Computer forensics |
The marriage between computer science, information technology, and engineering with law. |
|
|
Locard's principle of exchange |
States that when a crime is committed the perpetrators leave something behind and take something with them, hence the exchange. Works even with a purely digital crime scene. |
|
|
5 rules of evidence |
Must be authentic, be accurate, be complete, be convincing, be admissible. |
|
|
Incident response phases |
Triage Investigation Containment Analysis and tracking Documentation |
|
|
Civil law |
Emphasizes the abstract concepts of law and is influenced by writings of legal scholars and academics, more so than common law systems. |
|
|
MOM |
Means, opportunity and motive |
|
|
Various computer forensic guidelines |
IOCE- international organization of computer evidence SWEDGE- scientific Working Group on digital evidence ACPO- Association of Chief Police Officers |
|
|
Sub-phases of the incident response triage phase |
Detection, identification, notification |
|
|
Integrity of forensic bit stream image is determined by |
Comparing hash totals to the original source |
|
|
When dealing with digital evidence, the crime scene |
Must have the least amount of contamination that is possible. |
|
|
When outsourcing IT systems |
All regulatory and compliance requirements must be passed on to the provider. |
|
|
With digital evidence, the chain of custody must |
Followe formal documented process |
|
|
An incident response program must |
Treat every incident as though it may be a crime |
|
|
For heavily damaged media |
Professional data recovery services are the best chance for recovery |
|
|
To fully complete of vulnerability assessment it is critical that protection systems are well understood through, |
Threat identification, threat definition and facility characterization |
|
|
Defense in depth |
Forming layers of protection around an asset or facility |
|
|
Successful physical protection systems integrate |
People, procedures, and equipment |
|
|
5 fc |
Advised lighting for parking lots or garages for safety considerations in perimeter areas |
|
|
Acoustic / shock glass break sensors |
Most appropriate interior sensor used for a building that has windows along the ground floor. The dual alarm system requires both acoustic and shock sensors to be activated before an alarm is triggered, reducing false alarms. |
|
|
Three separate functions of CCTV |
Surveillance, deterrence, and evidentiary archives |
|
|
Tamper protection |
Best method of protecting the physical devices associated with the alarm system |
|
|
Direct evidence |
Proves or disproves a specific act through oral testimony based on information gathered through the witnesses five senses. |
|
|
Circumstantial evidence |
Evidence that relies on inference to connect it to a conclusion of fact - like fingerprint at the scene of a crime. |
|
|
Conclusive evidence |
Evidence that is either unquestionable because it is so clear and convincing or because the law precludes it's contradiction. |
|
|
Corroborating evidence |
Evidence that tends to support a proposition that is already supported by some initial evidence, therefore confirming the proposition. |
