Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/50

Click to flip

50 Cards in this Set

  • Front
  • Back
The ability to use, manipulate, modify, or affect an object
Access
The resource that is being protected. Can be logical such as a website, or physical such as a computer
Asset
An act that takes advantage of a vulnerability to compromise a controlled system
Attack
Security mechanism, policy, or procedure that can counter a system attack, reduce risks, and resolve vulnerabilities
Control (safeguard or countermeasure)
A technique used to compromise a system
Exploit
A single instance of a system being open to damage
Exposure
A passive entity in an information system that receives or contains information
Object
The probability that something can happen
Risk
The basis for the design, selection, and implementation of all security program elements including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program
Security Blueprint
The implementation of an organizations security policies, procedures, and programs
Security Posture (Security Profile)
An active entity that interacts with an information system and causes information to move through the system for a specific purpose. examples include: individuals, technical components, and computer processes
Subject
An object, person, or other entity that represents a constant danger to an asset
Threat
A specific instancew or component that represents a danger to an organizations asset. threats can be accidental or purposeful, for example lightning strikes or hackers
Threat Agent
Weakness in a controlled system, where controls are not present or are no longer effective
Vulnerability
Security measures such as a badge reader that admits or prohibits people from entering sensitive areas
Access Control
The process of attracting attention to a system by placing tantalizing bits of information in key locations
Enticement
Security systems that use two or more authentication mechanisms
Strong authentication
A data-gathering process that discovers the assets that can be accessed from a network. Usually performed in advance of a planned attack. This is a systematic examination of the entire set of internet addresses of the organization
Fingerprinting
Decoy systems designed to lure potential attackers away from critical systems
Honey Pot
A type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operations of a system with, almost always, the intent to do malicious harm
Intrusion
Devices that detect unauthorized activity within the inner network or on individual machines
Intrusion detection systems (IDS)
A network tool that collects copies of packets from the network and analyzes them
Packet sniffer
A honeypot that has been protected so that it cannot easily be compromised
Padded Cell
A private word or combination of characters that only the user knows
Password
The tool used to identify (or fingerprint) computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information
Port Scanner
The act of luring an individual into committing a crime to get a conviction
Entrapment
The process of making and using codes to secure the transmission of information
Cryptography
Decrypting without knowing the keys
Cryptoanalysis
The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. This can be a series of bits used by a computer program, or it can be a passphrase used by humans
Key
Mathematical algorithms that generate a message summary or message digest that allows a hash algorithm to confirm that the content of a specific message has not been altered
Hash Function
A method of communicating on a network using a single key to both encrypt and decrypt a message
Symmetric encryption
A method of communicating on a network using one key to encrypt and another to decrypt a message
Asymmetric encryption
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely
Public Key Infrastructure(PKI)
Encrypted messages that can be mathematically proven authentic
Digital Signatures
Public-key container files that allow computer programs to validate the key and identify to whom it belongs
Digital certificates
A method of hiding the existence of a secret message
Steganography
Access-control devices that use a biometric detection device as a release mechanism
Biometric lock
Synonymous with application firewall and application-level firewall. A device that selectively discriminates against information flowing into or out of the organization. In the context of physical security, a firewall is a wall that limits the spread of damage should a fire break out in an office
Firewall
Offsite computing that uses internet connections, dial-up connections, connections over leased point-to-point links between offices, and other connection mechanisms
Telecommuting
An aspect of information security that addresses the design, implementation, and maintenance of countermeasures that protect the physical resources of an organization
Physical security
The spark that occurs when two materials are rubbed or touched and electrons are exchanged, resulting in one object becoming more positively charged and the other more negatively charged
Static Electricity
A small physical enclosure that is used in secure facilities that has an entry point and a different exit point
Mantrap
The protection of information and the systems and hardware that use, store, and transmit that information
Information Security
What are the phases of the Security Systems Development Life Cycle
Investigation
Analysis
Logical Design
Physical Design
Implementation
Maintenance
Change
What are some issues facing software developers?
Command Injection
Cross-Site Scripting
Failure to Handle Errors
Failure to Protect Network Traffic
Failure to Store and Protect Data Securely
Failure to use cryptographically strong numbers
format string problems
sql injection
What is the difference between Laws and Ethics
Laws are rules that mandate or prohibit certain behavior. Ethics are socially acceptable behaviors
Computer Fraud and Abuse Act of 1986
National Information Infrastructure Protection Act of 1996
USA PATRIOT Act of 2001
Computer Security Act of 1987
Computer Security LAws
The process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all components in the organization's information system
Risk Management
The formal process of examining and documenting the security posture of an organizations information technology and the risks it faces
Risk Identification
The process of applying controls to reduce the risks to an organization's data and information systems
Risk Control