Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
111 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
CISSP
|
Certified Information Systems Security Professional
|
|
|
|
Types of policy
|
regulatory, advisory, or informative.
|
|
|
|
Associate Job rotation with Mandatory vacations
|
Also known as rotation of duties, Builds skill redundancy, Can mitigate fraud/relieve worker burnout, Implemented through mandatory vacations
|
|
|
|
How do you calculate SLE? |
single loss expectancy = Exposure Factor (EF) X Asset Value (AV)
|
|
|
|
annualized rate of occurrence (ARO) changes as?
|
Historical records change
|
|
|
|
Quantitative Risk Analysis (know the 6 types)
|
1. Asset Valuation, 2. Threat Identification, 3. Threat Analysis, 4. Derive Overall Loss Potential, 5. Research Countermeasures, 6. Perform cost/benefit analysis
|
|
|
|
XOR (Exclusive-OR Operation)
|
if the values are the same, result is 0; if values are different, result is 1(1/1 or 0/0, the output is 0; 1/0, the output is 1)
|
|
|
|
MD5
|
512-bit blocks (class); Digest size(s) - 128 bits, Rounds - 4; 32 character output
|
|
|
|
Types of Asymmetric Systems/Algorithms |
(think DEER) Diffie-Hellman, ElGamal, Elliptical Curve Cryptosystem (ECC), RSA **Digital Signature Algorithm is also listed in the slides** |
|
|
|
Online Certificate Status Protocol (OCSP)
|
responds to a query with a status of Valid, Suspended, or Revoked. It’s used to query the CA as to the status of a certificate issued by that CA
|
|
|
|
Threat Identification
|
Single Loss Expectancy (SLE) = Exposure Factor (EF) * Asset Value (AV)
|
|
|
|
Threat Analysis
|
calculate likelihood of each threat taking place in a single year. Annual Rate of Occurrence (ARO)
|
|
|
|
Derive Overall Loss Potential
|
Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) * Annual Rate of Occurrence (ARO)
|
|
|
|
Research Countermeasures
|
calculate changes to Annualized Loss Expectancy (ALE)
|
|
|
|
Web of Trust (aka Mesh Model)
|
all parties involved trust each other equally; there is no CA to certify certificate owners. What protocol is associated with Web of Trust? Pretty Good Privacy (PGP)
|
hybrid cryptographic system; performs data encryption, digital signatures, and key distribution; provides confidentiality, authentication, integrity, compression. It’s weakness is peer-to-peer trust (not x.509)
|
|
|
IGMP (proto 2)
|
the “multicast control protocol”; allow one signal to be sent to multiple addresses. It’s more controlled than broadcast.
|
|
|
|
Fiber Modes
|
(2 modes) Singlemode used in carrier backbones (for long distances / difficult to work with) Multimode (used in LAN) higher attenuation (best for short distances / easy to work with)
|
|
|
|
Frequency Hopping (FHSS) |
goes from frequency to another (rapidly changes frequencies) used by Bluetooth |
|
|
|
MPPE
|
associate it with PPTP. MPPE is encryption for PPTP (Point-to-Point Tunneling Protocol)
|
|
|
|
IPSEC
|
basically uses tunneling and transport mode
|
|
|
|
AH (Authentication Header) |
provides authentication and integrity; IPSEC protocol; no encryption |
|
|
|
SOCKS (SocketSecure)
|
is a circuit-level gateway firewall; layer 5 of OSI model; port 1080
|
|
|
|
Beacon Frame
|
SSID is passed in beacon frame, even after disabling
|
|
|
|
Primary Rate Interface (PRI)
|
23 64 Kpbs B channels (carry network payload); 1 64 Kbps D channel (call setup/maintenance)
|
|
|
|
Data Over Cable Service Interface (DOCSIS)
|
is the standard for cable modems; provides 56-bit DES and 128-bitAES
|
|
|
|
What level of system access to Java Applets have?
|
if it’s unsigned, it runs in the sandbox; if it’s signed, it has access to system resources
|
|
|
|
What are the levels of the Capability Maturity Model (CMM)
|
1. Initial 2. Repeatable 3. Defined 4. Managed 5. Optimizing
|
|
|
|
Exploratory Model
|
is least (not) cost-effective; results in less-than-optimal systems
|
|
|
|
Method
|
functionality an object can carry out
|
|
|
|
Cohesion |
degree to which an object depends on other objects / highly independent objects have high cohesion; high cohesion is easy to troubleshoot |
|
|
|
Coupling
|
level of interaction between objects / less interaction; low coupling is easy to troubleshoot
|
|
|
|
Polymorphism
|
how different objects respond to the same command, i.e., you can give one command and two objects react differently
|
|
|
|
Polyinstantiation
|
two versions of the same object (i.e., Secret and Top Secret)
|
|
|
|
Polymorphic Virus
|
mutates by modifying its own code as it travels from system to system, while still keeping the original algorithm intact; makes pattern recognition hard
|
|
|
|
Primary Key/Foreign Key |
Used in a relational database. Primary points to foreign; foreign keys reference primary keys |
|
|
|
Deadlocking
|
two people try to access the same file/record (at same time) and the database locks them both out
|
|
|
|
ACID (lock controls)
|
Atomicity, Consistency, Isolation, Durability
|
|
|
|
Two-Phase Commit
|
dealing with a DB, able to apply all transactions, then it’s committed
|
|
|
|
Asynchronous token
|
uses CHAP; token device (something you have)
|
|
|
|
Mandatory Access Control
|
based on security/sensitivity labels and your clearance
|
|
|
|
Discretionary Access Control
|
based on owners discretion
|
|
|
|
IDS in passive mode
|
logs suspicious activity / generates alerts if the attack is deemed to be severe
|
|
|
|
(IDS) True positive
|
there was an attack and IDS alerted you / malicious activity identified as malicious activity
|
|
|
|
Pre-emptive multi-tasking
|
operating system controls the resource
|
|
|
|
Cooperative multi-tasking
|
application controls the resource
|
|
|
|
Dedicated (security mode)
|
security clearance for all data; approved to access all data; need-to-know for all information access
|
|
|
|
System High (security mode)
|
security clearance for all data; approved to access all data; need-to-know for some information access
|
|
|
|
Bell La-Padula * Security Property
|
no write down.
|
|
|
|
Bell La-Padula Simple Security Property
|
there is no read up
|
|
|
|
Biba Simple Integrity Axiom
|
no read down
|
|
|
|
Biba * Integrity Axiom
|
the * means no write up
|
|
|
|
Clark Wilson
|
focuses on integrity (by having subjects access objects via programs).
|
|
|
|
Brewer and Nash
|
also know as Chinese Wall/goal is to prevent conflicts of interest
|
|
|
|
Graham Denning model (description and commands or primitive rights)
|
made up of subjects, objects, and rights, dealing with 8 commands or primitive rights (create/delete object; create/delete subject; read/grant/delete/transfer access rights)
|
|
|
|
Target of Evaluation (TOE)
|
vendor’s product that they are trying to get evaluated
|
|
|
|
Security Targets
|
vendor’s claim of security…what they’re planning to implement into product (“I will provide”)
|
|
|
|
Crime Prevention through Environmental Design (CPTED)
|
outlines how the proper design of a physical environment can reduce crime by affecting human behavior. Basically, you design your site in a manner to prevent crime.
|
|
|
|
Brownout
|
prolonged low voltage
|
|
|
|
Static electricity
|
what creates static? Low humidity (below 40%)
|
|
|
|
Different classes of fire extinguishers
|
A, B, C, D, K
|
|
|
|
Drill frequency
|
when you’re doing it (annually)
|
|
|
|
Recovery Time Objective (RTO) |
maximum allowable time you can be down (any time outside RTO is considered disaster recovery) |
|
|
|
Recovery Point Objective (RPO)
|
point at which you want to backup/restore back to (known point)
|
|
|
|
Maximum Tolerable Downtime
|
how much time I can do without this service
|
|
|
|
Nonessential MTD
|
30 days
|
|
|
|
Normal MTD
|
7 days
|
|
|
|
Important MTD
|
72 hours
|
|
|
|
Urgent MTD
|
24 hours
|
|
|
|
Critical MTD
|
minutes to hours
|
|
|
|
Cold sites (recovery time-frame)
|
1-2 weeks
|
|
|
|
Recovery Mgmt Team (also known as Emergency Mgmt Team)
|
leads recovery operations
|
|
|
|
Common Law (Types)
|
you have criminal (protect people), civil (wrongs inflicted on people or business), and administrative (standards of conduct). It’s based on precedent.
|
|
|
|
Patents (Duration)
|
they are good for 20 years (invention must be new, useful, and not be obvious)
|
|
|
|
Trade Secret
|
lasts forever unless it becomes public knowledge / are good for as long as you can keep it a secret
|
|
|
|
PCI DSS (Payment Card Industry Data Security Standards)
|
sets security standards for credit card companies
|
|
|
|
Safe Harbor (what location does it apply)
|
if you’re doing business in Europe (protection against prosecution)
|
|
|
|
Prudent Man Rule
|
do what a reasonable/common person would do
|
|
|
|
What are the requirements for Evidence to be admissible?
|
must be relevant (fact related to crime), material (related to the case), competent (obtained legally)
|
|
|
|
Real Evidence (or physical)
|
something discovered at the crime scene
|
|
|
|
Chain of Custody
|
document that follows the evidence
|
|
|
|
Deterrent
|
anything that prevents or discourages a potential attacker
|
|
|
|
Redundant Array of Independent Disks RAID Levels |
1 through 5 (know them!!) |
|
|
|
RAID 0
|
Striping: highest performance/no redundancy; if 1 fail, they all fail
|
|
|
|
RAID 1
|
Mirroring: duplicates data on other disks/expensive; double cost of storage
|
|
|
|
RAID 0 + 1
|
Striping and Mirroring: highest performance/highest data protection (can tolerate multiple drive failures) ; double cost of storage
|
|
|
|
RAID 3/4
|
Striped w/ dedicated parity (3 byte/4-block): excellent performance/fault tolerance; write requests suffer from same single parity-drive
|
|
|
|
RAID 5
|
Block-level striping with distributed parity: best cost/performance for networks; high performance/high data protection; write performance is slower than RAID 0 or RAID 1
|
|
|
|
Archive bit
|
Incremental and Full (for Full, archive bit it is cleared (set to 0 after backup)
|
|
|
|
Due Diligence
|
doing your checks and risk analysis; also “active” good business practice
|
|
|
|
Due Care
|
taking care of the problem / “duty of care”/informal (“passive”)
|
|
|
|
Locard’s Principle
|
if you enter a crime scene, you brought something there and left it behind, and then take something else entirely different away with you. It is part of computer forensic investigative process (identification)
|
|
|
|
What Covert Channel is more difficult to troubleshoot Timing or Storage?
|
timing is more difficult to troubleshoot.
|
|
|
|
Storage Covert Channels
|
one process writes data to a storage location and another process directly or indirectly reads it
|
|
|
|
Timing Covert Channels
|
one process relays information to another by modulating its use of system resources
|
|
|
|
Change Control Process
|
you should be able to reverse the changes. It is typically overseen and coordinated by the Configuration (Change) Control Board (CCB)
|
|
|
|
Depth of Field
|
dealing with a camera…area in focus (Closed Circuit Television (CCTV). Good light allows for a larger depth of field (small aperture) / low light reduces depth of field (wide aperture)
|
|
|
|
Change Management components
|
three components: request control, change control, and release control. Must be authorized, tested, and recorded
|
|
|
|
EDE2 (two key) what is the effective strength?
|
112
|
|
|
|
EDE3 (three key) what is the effective strength?
|
168
|
|
|
|
(ISC)2 Code of Ethics
|
Code of Ethics Canons: Protect society, the commonwealth, and the infrastructure, Act honorably, honestly, justly, responsibly, and legally, Provide diligent and competent service to principals, Advance and protect the profession
|
|
|
|
Maximum Tolerable Downtime
|
how much time I can do without this service
|
|
|
|
Work Recovery Time (WRT)
|
time required to recover a system
|
|
|
|
Mean Time Between Failure (MTBF)
|
the time you expect a computer to fail
|
|
|
|
Mean Time To Repair (MTTR)
|
Self explanatory
|
|
|
|
Minimum Operation Requirements (MOR)
|
Self explanatory
|
|
|
|
What Systems are moved back/restored first back at your primary site
|
least critical
|
|
|
|
Classes A Fire Extinguishers
|
Ash (paper/wood/cardboard turn to Ash) - common combustible (most plastics)
|
|
|
|
Classes B Fire Extinguishers
|
Boil - liquids boil (gasoline, kerosene, grease, oil),
|
|
|
|
Classes C Fire Extinguishers
|
Current - electrical fires (electrical appliances, wiring, circuit breakers),
|
|
|
|
Classes D Fire Extinguishers
|
Drum - metal,
|
|
|
|
Classes K Fire Extinguishers
|
Kitchen Fires
|
|
