Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
31 Cards in this Set
- Front
- Back
FIPS 140 |
Cryptographic module |
|
FIPS - 197 |
AES/ Rijndael algorithm Cypher It provides the definition of the Advanced Encryption Standard (AES) |
|
FIPS - 199 |
Categorization of security FIPS 199 requires Federal agencies to assess their information systems in each of the categories of confidentiality, integrity and availability, rating each system as low, moderate or high impact in each category. The most severe rating from any category becomes the information system's overall security categorization. |
|
FIPS - 201 |
PIVs is a United States federal government standard that specifies Personal Identity Verification (PIV) requirements for Federal employees and contractors. |
|
FIPS - 200 |
Security controls FIPS200 defines following 17 security areas covered under confidentiality, integrity, and availability (CIA) of federal information systems and the information processed, stored, and transmitted by those systems. |
|
DoD 8570 |
Training, certification, guidance |
|
ISO 27000 |
Information security management |
|
ISO- 9126 |
Software quality |
|
NIST 800 |
Secure SDLC .The NIST 800 Series is a set of documents that describe US federal government computer security policies, procedures and guidelines. |
|
COSO |
Crime- Risk management |
|
CVSS |
The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities. CVSS attempts to assign severity scores to vulnerabilities, allowing responders to prioritize responses and resources according to threat. |
|
OCTAVE |
OCTAVE- risk assessment OCTAVE is an acronym for Operationally Critical Threat, Asset and Vulnerability Evaluation and it includes a suite of tools, techniques |
|
OSSTMM |
The Open Source Security Testing Methodology Manual, or OSSTMM, is a peer-reviewed methodology for security testing, maintained by the Institute for Security and Open Methodologies (ISECOM). The manual is updated every six months or so, to remain relevant to the current state of security testing. |
|
COBIT |
COBIT is used globally by all IT business process managers to equip them with a model to deliver value to the organization, and practice better risk management practices associated with the IT processes. The COBIT control model guarantees the integrity of the information system |
|
ITIL |
ITIL, formerly an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. |
|
The Gramm-Leach-Bliley Act |
The Gramm-Leach-Bliley Act (GLB Act or GLBA) is also known as the Financial Modernization Act of 1999. It is a United States federal law that requires financial institutions to explain how they share and protect their customers' private information. |
|
CVE |
Common Vulnerability Enumeration language |
|
Single Loss Expectancy |
SLE = Asset Value x Exposure Factor |
|
Annual Loss Expactancy |
ALE = Annual Rate of Occurrence x SLE ALE= ARO x SLE |
|
High Cohesion |
High cohesion is a software engineering concept that refers to how closely all the routines in a class, or all the code in a routine, support a central purpose. the heuristic goal is to make cohesion as high as possible. |
|
Low Coupeling |
Low coupling refers to a relationship in which one module interacts with another module through a simple and stable interface and does not need to be concerned with the other module's internal implementation |
|
Symmetric Algorithms |
Skipjack, Rijndael=AES, Blowish, RC4,DES,ARS -128,192,256 |
|
Asymmetric algorithms |
Diffi-Helmans, RSA,ECC,DSA, Gamal |
|
Declarative coding |
"All or nothing" SQL |
|
Imperative Coding |
More granularity and control in classes |
|
Network Layer |
7. Application - Buffer overflow, XSS,DDos,Botnets 6. Presentation - DRM,DLP, SSL strip, Unicode Vulnerability 5. Session - MMAttack, session hijacking, DNS poisoning 4. Transport - SSL, SYN flood,session hijacking. SSL strip 3. Network - IPSec, ACL ,IP spoofing, packet sniffing, wormhole, TCMP attack 2. Data Link - MAC address , mac attack, DHCP attack 1. Physical |
|
FIPS - 180 |
FIPS 180 - SHS secure hash standard |
|
FIPS - 186 |
FIPS - 186 Digital Signature Standard (DSS) |
|
FIPS - 202 |
FIPS 202 - specifies the Secure Hash Algorithm-3 (SHA- 3) |
|
DAC |
DAC. Stands for "Digital-to-Analog Converter" |
|
Parity Check |
A parity check is the process that ensures accurate data transmission between nodes during communication. A parity bit is appended to the original data bits to create an even or odd bit number; |