Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
43 Cards in this Set
- Front
- Back
- 3rd side (hint)
Network security |
Subject of communications security the protection of voice and data Network component connections and content |
|
|
Physical security |
Protection of physical items objects or areas from unauthorised access |
|
|
Security |
State of being secure and free of danger or harm |
|
|
Access |
The ability to manipulate use modified or affect all the objects example authorized user have legal access to a system a hacker most gain illegal access to the system |
|
|
Asset |
Organizational resource that is being protected it can be logical as a website software information or data or physical as a person computer system Hardware |
|
|
Attack |
Intentional organitation of hackers thqt compromise information . passive Attack is equal to: read sensitive information not intended for her or his use. intentional attack: hacker attempting to break into an informational system |
|
|
Control Safeguard or countermeasure |
Security mechanisms policies or procedures that can be successfully counter-attacks reduce risk and improve security with an organization |
|
|
Exploit |
Technique used to compromise a system it can be a document process to take advantage of our vulnerability or exposure usually in a software that is either intended in this software or created by the attacker |
|
|
Exposure |
Condition of State of Being exposed |
|
|
Loss |
Single instance of an information acid suffering damage or Destruction unintended or unauthorized modification or disclosure |
|
|
Threat |
Object people or or identity that represent a damage to an asset |
|
|
Thread agent |
A specific instance or a component of a thread |
|
|
Vulnerability |
A weakness or fault in a system Orr protection mechanism that open into attack or damage |
|
|
Accuracy |
An attribute of information that describes how data is free of error and has the value that the user expect |
Critical characteristic of information |
|
Authenticity |
Describes how data is genuine or original rather than reproduce or fabricated |
Critical characteristic of information |
|
Availability |
Describes how data is accessible and correctly formated for use with out interfere or obstruction |
Critical characteristic of information |
|
confidentiality |
Describes how data is protected from disclosure or exposure to unauthorized individuals or systems |
Critical characteristic of information |
|
Integrity |
Describes how data is whole, complete an uncorrupted |
Critical characteristic of information |
|
Posession |
Describes how the ownership or control is legitimate or authorized |
Critical characteristic of information |
|
Utility |
Describes how data has value or usefulness for an end purpose |
Critical characteristic of information |
|
SECSDL |
Security System Development Life Cycle ... assist in establishing an IT security policy and ensure the security Tackett throughout the duration of a project |
|
|
EISP |
Enterprise information security policy... investigation, identity process, outcomes, goals (blue print) |
|
|
Critical characteristic of information |
Availability, accuracy, authenticity, confidentiality, integrity ,utility, possession |
|
|
Investigation |
Outline project scope & goals. Estimate costs Evaluate existing resources Analyze feasibility |
Common steps SDLC & SECSDLC |
|
Investigation |
Management defines projects processes and goals and documents these in the program security policy |
Steps unique to the SECSDLC |
|
Analysis |
Assessment current systems against plan development in phase 1 (investigation) Develop preliminary system requirements Study integration of new systems with existing systems Document finding and update feasibility analysis |
Common steps to SDLC and SECSDLC |
|
Analysis |
Analysis existing policies and programs Analysis current threats and control Examine legal issues Perform risk analysis |
Steps unique to the SECSDLC |
|
Logical design |
Access current business needs against plan developed in phase 2 (analysis ) Select applications, data support, and structures Generate multiple solutions for concideration Document finding and update feasibility analysis |
Steps common to SDLC AND SECSDLC |
|
Logical design |
Develop security blueprint Plan business response to disaster Determine feasibility of continuing and/or outsourcing the project |
Steps unique to the SECSDLC |
|
Physical design |
Select technology to support solutions developed in phase 3 (logical design) Select the best solution Decide to make or buy components Document findings and update feasibility analysis |
Common steps to SDLC AND SECSDLC |
|
Physical design |
Select technologies needed to support security blueprints Develop definitions of successful solutions Design physical Security measures to support technology solutions Review and a prove projects |
Steps unique to the SECSDLC |
|
Implementation |
Develop or buy softwares Order components Documents the system Train users Update feasibility analysis Present system to used Test systems and review performance |
Steps common to SDLC AND SECSDLC |
|
Implementation |
Buy or develop security solutions At end of phase, present tested package to management for approval |
Steps unique to the SECSDLC |
|
Maintenance & change |
Support and modify system during useful life Test periodically for compliance with business needs Up grated and path as necessary |
Steps common to SDLC AND SECSDLC |
|
Maintenance & change |
Contante y monitor test modify, update and repair to meet changing threats |
Steps unique to the SECSDLC |
|
NIST |
National Institute of standard and technology |
|
|
Senior managements |
CIO: Chief information officer CISO: chief information security officer Project team Data responsability : Data owner, data cuatomer, data users |
|
|
CIO |
Senior technology officer Primarily responsible for advising the senior executive on strategic planning |
|
|
CISO |
Has primary responsability for assessmnt, management, and implementations of IS In the organization . Usually reports directly to the CIO |
|
|
Project team |
Be experience in one or multiple faces .champion .team leader .security policy development .risk assessment specialist .security professionals .systems administrators .users |
|
|
Data owners |
Senior management responsible for the security and use of a particular set of information |
|
|
Data cuatodian |
Responsible for information and systems that transmit and store it |
|
|
Data user |
Individuals with an information security role |
|