Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
54 Cards in this Set
- Front
- Back
Physical security |
protect the physical items, objects, or areas of an organization from unauthorized access and misuse |
|
Personal security |
protect the individual or group of individuals who are authorized to access the organization and its operations |
|
operations security |
protect the details of a particular operation or series of activities |
|
communications security |
protect an organization's communications media, technology, and content |
|
network security |
protect networking components, connections, and contents |
|
information security |
protect information assets |
|
access |
ability to uyse, manipulate, modify, or affect an object |
|
asset |
the organizational resource that is being protected |
|
control, safeguard, countermeasure |
security mechanism, policy, or procedure that can counter system attack, reduce risks, and resolve vulnerabilities |
|
exploit |
technique used to compromise a system |
|
object |
a passive entity in an information system that receives or contains information |
|
subject |
causes information to move |
|
List 14 threats |
1. Acts of Human Error or Failure 2. Compromises to Intellectual Property 3.Deliberate Acts of Trespass 4. Deliberate Acts of Information Storage 5. Deliberate Acts of Sabotage or Vandalism 6. Deliberate Acts of Theft 7.Deliberate Software Attacks 8. Forces of Nature 9. Deviations in Quality of Service 10. Technical Hardware Failures or Errors 11.Technical Software Failures or Errors 12. Technological Obsolescence 13. Missing, Inadequate, or Incomplete policies 14. Missing, Inadequate, or Incomplete Controls |
|
Brownout |
a prolonged drop in voltage |
|
competitive intelligence |
information gained legally that gives an organization an advantage over its competition |
|
industrial espionage |
information gained illegally that gives organization an advantage over its competition |
|
macro virus |
a virus that is contained in a downloaded file attachment such as word processing documents, spread sheets, and database applications |
|
malware/malicious code |
software designed to damage, destroy, or deny service to the target system |
|
phreaker |
person who hacks the public telephone network to make free calls and disrupt services |
|
polymorphic threat |
threat that changes its apparent shape over time, to become a new threat not detectable by techniques looking for a preconfigured signature |
|
Sag |
a momentary incidence of low voltage |
|
Script Kiddies |
hackers of limited skill who use expertly written software to exploit a system |
|
SLAs(Service level agreements) |
contract of a web host provider covering responsibility for Internet services as well as for hardware and software used to operate the website |
|
shoulder surfing |
act of observing information without authorization by looking over a shoulder or spotting information from a distance |
|
spike |
momentary increase in voltage |
|
surge |
prolonged increase in voltage |
|
civil law |
represents a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities |
|
criminal law |
addresses violations harmful to society and is actively enforced by the state |
|
private law |
regulates the relationship between the individual and the organization, and encompasses family law |
|
public law |
regulates structure and administration of government agencies and their relationships with citizens, employees, and other governments |
|
USA Patriot Improvement and Reauthorization Act |
made permanent 14 of the 16 expanded powers of Department of Homeland Security, and the FBI in investigating terrorist activity |
|
Health Insurance Portability & Accountability Act of 1996 (HIPAA) |
1. Protects the confidentiality and security of health and by standardizing electronic data interchange 2. Consumer control of medical information 3. Boundaries on the use of medical information 4. Accountability for the privacy of private information 5. Balance of public responsibility for the use of medical information for the greater good measured against impact to the individual 6. Security of health care information |
|
Sarbanes-Oxley Act of 2002 |
Affects executive management of publicly traded corporations and public accounting firms |
|
European Council Cyber-Crime Convention |
an organization designed to create an international task force to oversee a range of security functions associated with internet activities to standardize technology laws across international boarders |
|
Agreement on Trade-Related Aspects of Intellectual Property Rights |
Created by the World Trade Organization to introduce intellectual property rules into the multilateral trade system. It is the first significant international effort to protect the intellectual property of both individuals and sovereign nations |
|
Digital Millennium Copyright Act |
An American version of an international effor to reduce the impact of copyright, trademark, and privacy infringement, especially through the removal of technological copyright protection measures |
|
United Nations Charter |
the mission statement of the U.N., which includes provisions for information security during information warfare |
|
Information Warfare |
an offensive organized and lawful operation conducted by a sovereign state that involves the use of information technology |
|
ISC |
a nonprofit organization that focuses on the development and implementation of information security certifications and credentials |
|
SANS |
professional organization with a large membership dedicated to the protection of information and systems. SANS offers a set of certifications called the Global Information Assurance Certification or GIAC. |
|
ISACA |
professional association with a focus on auditing, control, and security. Although it does not focus exclusively on information security, the Certified Information Systems Auditor certification does contain many information security components. |
|
ISSA |
nonprofit society of information security professionals. |
|
Key U.S. Federal Agencies |
Federal Bureau of Investigation's National Infrastructure Protection Center, National Security Administration, U.S. Secret Service, Department of Homeland Security, National Security Agency |
|
SANS |
System Administration, Networking, and Security Institute |
|
access control list |
consists of the user access lists, matrices,capabiliity |
|
access control |
prohibit people from entering sensitive areas |
|
annualized loss expecrancy |
overall loss an organization could incur from the specified threat over the course of an entire year |
|
annualized rate of occurence |
the anticipated rate of occurrence of a loss from the specified threat over one year |
|
baseline |
value or profile of a performance metric against which changes in the performance metric can be usefully compared |
|
baselining |
the analysis of measures against establish internal standards. In Information security, baselining is the comparison of current security activities and events against the organization's established expected levels of performance |
|
behavioral/operational feasibility |
examination of user acceptance and support, management acceptance and support, and overall requirements of the organization's stakeholders |
|
benchmarking |
process of seeking out and studying the practices used in other organizatons that produce results you would like to duplicate to your organization |
|
best business practices |
security education, security training, and security awareness |
|
continuity strategies |
incident response plans, disaster recovery plans, business continuity plans |