Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
|
NITO
|
National Information Technology Office
|
|
|
DMZ
|
De-Militarized Zone
|
|
|
NIRT
|
National Incidence Response Team
|
|
|
SAFR RA-5
|
Security Assurance for the Federal Reserve Risk Assessment 5
|
|
|
Vulnerability Assessment FRISS
|
Vulnerability Assessment Federal Reserve Information Security Standards
|
|
|
Information Security Remediation Management FRISS
|
Information Security Remediation Management Federal Reserve Information Security Standards
|
|
|
IP360
|
A vulnerability scanning tool that is managed by NIRT, and is administered by local information security groups. The tool is used to scan the entire network is servers as a comprehensive “fail safe” to ensure all IP ranges are scanned. IP360 is part of the recurring scanning program
|
|
|
AppDetective
|
A scanning tool that logs into a database and pulls certain tables and the associated configurations and copies them to a local source to scan for issues based on certain signatures (e.g. default username). AppDetective is part of the recurring or ad hoc scanning program
|
|
|
AppScan
|
A scanning tool that is designed to scan at the web-based application layer and searches for items such as hidden directories or any other items that can be exploitable through the web-browser. AppScan is part of the ad hoc scanning program.
|
|
|
Nessus
|
A tool that serves as an augmentation to IP360 and is primarily used during an upgrade or to validate certain findings that may have been brought forth by a NIRT pen test. Nessus is part of the ad hoc scanning program
|
|
|
Ad Hoc Scripts
|
Certain ad hoc scripts exist that search for vulnerabilities across the network. One example is a script that searches data files on the bank Intranet searching for the world “Restricted” in hopes to locate Restricted FR documents. Another script pulls USB data via BigFix looking for storage devices that are not encrypted. The results of these scripts are then imported into RISC
|
|
|
RISC
|
Real-Time Information Security Console
|
|
|
JIRA
|
A proprietary issue tracking product, commonly used for bug tracking, issue tracking, and project management
|
|
|
RDC
|
Remote Deposit Capture
|
|
|
CMDB
|
Configuration Management Database
|
|
|
RAN
|
Research Accessible Network
|
|
|
FRIT
|
Federal Reserve Information Technology
|
|
|
LIRT
|
Local Incidence Reporting Team
|
|
|
COBIT
|
Control Objectives for Information and Related Technology
|
|
|
GEIT
|
Governance of Enterprise Information Technology
|
|
|
ITGI
|
Information Technology Governance Institute
|
|
|
ERM
|
Enterprise Risk Management
|
|
|
ISACA
|
Information Systems Audit and Control Association
|
|
|
CISO
|
Chief Information Security Officer
|
|
|
Corporate Governance
|
The set of processes, customs, policies, laws, management practices, and institutions affecting the way an entity is controlled and managed
|
|
|
Information Technology Governance
|
A subset discipline of Corporate Governance
|
|
|
PMO
|
Program Management Office
|
|
|
TECS
|
Technology Engineering and Computer Services
|
|
|
ESS
|
Enterprise Search Services
|
|
|
NRAS
|
National Response Services
|
|
|
EID
|
Enterprise Identity Management Services
|
|
|
COE
|
Common Operating Environment
|
|
|
SAM
|
Software Asset Management
|
|
|
CMS
|
Collateral Management System
|
|
|
ARC
|
Accounts, Risk, and Credit
|
|
|
CBAF
|
Central Business Administration Function
|
