Related Essays

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/17

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

17 Cards in this Set

  • Front
  • Back

Goals of Information Security can be expressed as CIA. What does CIA stand for?
  1. Confidentiality (controling access to data)
  2. Integrity (data integrity) uses hashing Digital signatures, Certificate, Non repudiation
  3. Availability ensuring information is there when user wants it.

Methods of ensuring Confidentiality

  1. Access Control/Permissions
  2. Encryption (storage or in transit)
  3. Steganography (hiding info in a file)

What is Due Care, and Due Diligence
  1. Due Care is doing the right thing
  2. Due Diligence is identifying risk to know security controls controls to put in place (due care)

Identification is happens before?

Authentication and is the process of having users identify themselves to the system.

The step after the user inputs the identifying information for the account is?
Authentication which where the identifying information is verified

The step after Authentication is?

Authorization is being given access examples:


Permissions, Router ACLs, Proxy servers, Facility access.

The difference between Due Care and Due diligence.

Due care is the performance of actions that ensure the security and are the result of Due diligence. Note: Audits and log files are part of Due diligence.

Digital signature are created with the?

Sender's private key and verified with the sender's mathematically related public key.

The Private Key pair within a digital certificate can be used to ___________ and _____________ sensitive files.

Encrypt and Decrypt

Digital certificates can also be used to __________ a computer to a _____________ ___________ or ____________ , such as a VPN server.

Authenticate, secure server, appliance

Methods of ensuring Data Integrity.
  1. Hashing (algorithm and values)
  2. Digital Signature
  3. Certificate
  4. Non repudiation

Methods of ensuring Availability.
  1. Permissions
  2. Backups
  3. Fault tolerance (redundancy)
  4. Clustering (multiple servers for fallover)
  5. Patching

What is Accountability?

Ensuring that employees are accountable for their actions.

What are four methods of implementing accountability?
  1. Log Files
  2. Audit files (security)
  3. Firewalls and proxy servers
  4. Application logging

What is Authorization?

Configuring what assets the person can access after they have identified themselves to the system and have been authenticated.

Three steps involved in network access are?
  1. Identify
  2. Authenticate
  3. Authorize

What is the difference between the Owner and the Custodian?
  1. The Owner decides on the value of teh asset and what level of protection is needed.
  2. The Custodian is responsible for implementing the controls to protect the asset and is your IT staff.