Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
16 Cards in this Set
- Front
- Back
|
Asset identification
|
A thorough asset inventory must be performed to identify mission-critical systems as well as everyday items that your org needs to perform its services and produce its products.
|
|
|
Risk assessment
|
The goal of risk assessment is to minimize the impact of risks on an org. This is done through mitigation, assignment or acceptance.
|
|
|
Risk assessment formulas
|
The difference risk assessment formulas are exposure factor (EF), single loss expectancy (SLE), annualized rate of occurrence (ARO), and annual loss expectancy (ALE).
|
|
|
Threats
|
A thread is any person or tool that can take advantage of a vulnerability. Threat identifications is a formal process of outlining the potential threats to a system.
|
|
|
Vulnerabilities
|
A vulnerability is a weakness, error or hole in the security protection of a system, network, computer, software, and so on.
|
|
|
Port scanner
|
A port scanner is a vulnerability assessment tool that sends probe or test packets to a target system's port in order to learn about the status of those ports.
|
|
|
Vulnerability scanner
|
A vulnerability scanner is a tool used to scan a target system for known holes, weaknesses or vulnerabilities.
|
|
|
Protocol analyzer
|
A protocol analyzer is a tool used to examine the contents of network traffic
|
|
|
OVAL
|
OVAL (open Vulnerability and assessment language) is an international security community standard designed to promote the exchange of standardized scurity content across all platorms and for all tools sets and services.
|
|
|
Password crackers
|
A password cracker is a tool used to reverse-engineer the secured storage of passwords.
|
|
|
Penetration testing
|
A penetration test is a form of vulnerability scan that is performed by a special team of trained white hat security specialists
|
|
|
Performance monitor
|
A performance monitor is used to watch the relative activity of system metrics and compare them to known baselines, problem trends or malicious anomalies
|
|
|
Systems monitor
|
A system monitor is used to watch over system metrics such as CPU usage, active processes, memory consumption, free drive space, etc.
|
|
|
Performance baseline
|
A performance baseline is an expected level of system performance as measured through a performance monitoring tool.
|
|
|
Behavior-based detection
|
A behavior-based monitoring or detection method relies upon the establisment of a baseline or a definition of normal and benign. Once this baseline is established, the monitoring tool is able to detect activities that vary from that standard of normal.
|
|
|
Anomaly-based detection
|
An anomaly-based monitoring or detection method relies on definitions of all valid forms of activity. This database of known valid activity allows the tool to detect any and all anomalies.
|
