• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

21 Cards in this Set

  • Front
  • Back
Operatoins Security (OPSEC)
Three key elements: protecting resources, controling privileged entry, and controlling hardware.
Name 6 OPSEC Controls
1. Preventive - AV software, fiel encryption, & user registration.
2. Detective - To identify and react(firewalls, IDS, audit logs)
3. Corrective - to restore after attack(security awareness, badge access)
4. Deterrent
5. Application - to monitor installatoin and updates.
6. Transaction - to protect input, processing, and output.
Name 3 OPSEC Control Categories
1. Administrative - personnel screening, separation of duties, record retention. derived from policies and procedures, legal.
2. Operational - resource protection, hardware, software, access. Includes implementation of procedures.
3. Media - dating media, identify creator, retention date, media name, change control record, data backups.
Security Auditing
Practice of checking current activity against policy.
Security Audit Trail
A Chronological electronic record of a system's performance or activity.
Information Systems Audit and Control Association(ISACA)
Governing body for auditing and control professionals.
Security Monitoring
The practice of monitoring operations controls to identify abnormal computer activity. Uses IDS, penetration testing, and violation processing.
Problem Management
Method of controlling problem isolation and resolution. Goal is to reduce failures and prevent reoccurrence.
Violation Analysis
A security monitoring technique that tracks anomalies in user activity. Uses clippling levels. A/K/A - Violation Processing or tracking.
Clipping Levels
A baseline of routine user activity. Typically used by HIDS.
Accidental Loss Security Threat
Occurs unintentionally through inadequate training or competence. Or malfunction of an application or O/S.
Inappropriate Activities Security Threat
Occurs through computer behavior that violates organizational policy.
Illegal Computer Operations Security Threat
Occurs through computer activity used for personal gain.
Intentional Attacks Security Threat
Occurs with malicious intent to interrupt or shut down a system. (DoS, external attacks)
Unauthorized Entry Security Threat
Unauthorized modification, destruction, manipulation, or denial of access.
Security Violation
A breach of security regulations or policies that may or may not result in a compromise. May be intentional or unintentional. Must be reported.
Employee-related Security Countermeasure
Separation of duties, rotating staff, security training, maintaining standards.
Human Resource-related Security Countermeasure
Mandatory reference and background checks, drug testing, conflict of interest disclosures
Internet-related Security Countermeasures
Penetration testing, port scanning, OS enumeration
Facility-related Security Countermeasure
Proper storage and handling of media.
Trusted Recovery
A protection mechanism that ensures the security of a computer system that crashes or fails. 2 key activities - preparing for a system failure and recovering from a system failure. boots up into a single user mode with security protection enabled, restores damaged files.