• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/43

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

43 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)

Network security

Subject of communications security the protection of voice and data Network component connections and content

Physical security

Protection of physical items objects or areas from unauthorised access

Security

State of being secure and free of danger or harm

Access

The ability to manipulate use modified or affect all the objects example authorized user have legal access to a system a hacker most gain illegal access to the system

Asset

Organizational resource that is being protected it can be logical as a website software information or data or physical as a person computer system Hardware

Attack

Intentional organitation of hackers thqt compromise information . passive Attack is equal to: read sensitive information not intended for her or his use. intentional attack: hacker attempting to break into an informational system

Control Safeguard or countermeasure

Security mechanisms policies or procedures that can be successfully counter-attacks reduce risk and improve security with an organization

Exploit

Technique used to compromise a system it can be a document process to take advantage of our vulnerability or exposure usually in a software that is either intended in this software or created by the attacker

Exposure

Condition of State of Being exposed

Loss

Single instance of an information acid suffering damage or Destruction unintended or unauthorized modification or disclosure

Threat

Object people or or identity that represent a damage to an asset

Thread agent

A specific instance or a component of a thread

Vulnerability

A weakness or fault in a system Orr protection mechanism that open into attack or damage

Accuracy

An attribute of information that describes how data is free of error and has the value that the user expect

Critical characteristic of information

Authenticity

Describes how data is genuine or original rather than reproduce or fabricated

Critical characteristic of information

Availability

Describes how data is accessible and correctly formated for use with out interfere or obstruction

Critical characteristic of information

confidentiality

Describes how data is protected from disclosure or exposure to unauthorized individuals or systems

Critical characteristic of information

Integrity

Describes how data is whole, complete an uncorrupted

Critical characteristic of information

Posession

Describes how the ownership or control is legitimate or authorized

Critical characteristic of information

Utility

Describes how data has value or usefulness for an end purpose

Critical characteristic of information

SECSDL

Security System Development Life Cycle ... assist in establishing an IT security policy and ensure the security Tackett throughout the duration of a project

EISP

Enterprise information security policy... investigation, identity process, outcomes, goals (blue print)

Critical characteristic of information

Availability, accuracy, authenticity, confidentiality, integrity ,utility, possession

Investigation

Outline project scope & goals.


Estimate costs


Evaluate existing resources


Analyze feasibility

Common steps SDLC & SECSDLC

Investigation

Management defines projects processes and goals and documents these in the program security policy

Steps unique to the SECSDLC

Analysis

Assessment current systems against plan development in phase 1 (investigation)


Develop preliminary system requirements


Study integration of new systems with existing systems


Document finding and update feasibility analysis

Common steps to SDLC and SECSDLC

Analysis

Analysis existing policies and programs


Analysis current threats and control


Examine legal issues


Perform risk analysis


Steps unique to the SECSDLC

Logical design

Access current business needs against plan developed in phase 2 (analysis )


Select applications, data support, and structures


Generate multiple solutions for concideration


Document finding and update feasibility analysis

Steps common to SDLC AND SECSDLC

Logical design

Develop security blueprint


Plan business response to disaster


Determine feasibility of continuing and/or outsourcing the project


Steps unique to the SECSDLC

Physical design

Select technology to support solutions developed in phase 3 (logical design)


Select the best solution


Decide to make or buy components


Document findings and update feasibility analysis

Common steps to SDLC AND SECSDLC

Physical design

Select technologies needed to support security blueprints


Develop definitions of successful solutions


Design physical Security measures to support technology solutions


Review and a prove projects


Steps unique to the SECSDLC

Implementation

Develop or buy softwares


Order components


Documents the system


Train users


Update feasibility analysis


Present system to used


Test systems and review performance

Steps common to SDLC AND SECSDLC

Implementation

Buy or develop security solutions


At end of phase, present tested package to management for approval

Steps unique to the SECSDLC

Maintenance & change

Support and modify system during useful life


Test periodically for compliance with business needs


Up grated and path as necessary

Steps common to SDLC AND SECSDLC

Maintenance & change

Contante y monitor test modify, update and repair to meet changing threats

Steps unique to the SECSDLC

NIST

National Institute of standard and technology

Senior managements

CIO: Chief information officer


CISO: chief information security officer


Project team


Data responsability :


Data owner, data cuatomer, data users

CIO

Senior technology officer


Primarily responsible for advising the senior executive on strategic planning

CISO

Has primary responsability for assessmnt, management, and implementations of IS In the organization . Usually reports directly to the CIO

Project team

Be experience in one or multiple faces


.champion


.team leader


.security policy development


.risk assessment specialist


.security professionals


.systems administrators


.users

Data owners

Senior management responsible for the security and use of a particular set of information

Data cuatodian

Responsible for information and systems that transmit and store it

Data user

Individuals with an information security role