• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

50 Cards in this Set

  • Front
  • Back
The ability to use, manipulate, modify, or affect an object
The resource that is being protected. Can be logical such as a website, or physical such as a computer
An act that takes advantage of a vulnerability to compromise a controlled system
Security mechanism, policy, or procedure that can counter a system attack, reduce risks, and resolve vulnerabilities
Control (safeguard or countermeasure)
A technique used to compromise a system
A single instance of a system being open to damage
A passive entity in an information system that receives or contains information
The probability that something can happen
The basis for the design, selection, and implementation of all security program elements including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program
Security Blueprint
The implementation of an organizations security policies, procedures, and programs
Security Posture (Security Profile)
An active entity that interacts with an information system and causes information to move through the system for a specific purpose. examples include: individuals, technical components, and computer processes
An object, person, or other entity that represents a constant danger to an asset
A specific instancew or component that represents a danger to an organizations asset. threats can be accidental or purposeful, for example lightning strikes or hackers
Threat Agent
Weakness in a controlled system, where controls are not present or are no longer effective
Security measures such as a badge reader that admits or prohibits people from entering sensitive areas
Access Control
The process of attracting attention to a system by placing tantalizing bits of information in key locations
Security systems that use two or more authentication mechanisms
Strong authentication
A data-gathering process that discovers the assets that can be accessed from a network. Usually performed in advance of a planned attack. This is a systematic examination of the entire set of internet addresses of the organization
Decoy systems designed to lure potential attackers away from critical systems
Honey Pot
A type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operations of a system with, almost always, the intent to do malicious harm
Devices that detect unauthorized activity within the inner network or on individual machines
Intrusion detection systems (IDS)
A network tool that collects copies of packets from the network and analyzes them
Packet sniffer
A honeypot that has been protected so that it cannot easily be compromised
Padded Cell
A private word or combination of characters that only the user knows
The tool used to identify (or fingerprint) computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information
Port Scanner
The act of luring an individual into committing a crime to get a conviction
The process of making and using codes to secure the transmission of information
Decrypting without knowing the keys
The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. This can be a series of bits used by a computer program, or it can be a passphrase used by humans
Mathematical algorithms that generate a message summary or message digest that allows a hash algorithm to confirm that the content of a specific message has not been altered
Hash Function
A method of communicating on a network using a single key to both encrypt and decrypt a message
Symmetric encryption
A method of communicating on a network using one key to encrypt and another to decrypt a message
Asymmetric encryption
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely
Public Key Infrastructure(PKI)
Encrypted messages that can be mathematically proven authentic
Digital Signatures
Public-key container files that allow computer programs to validate the key and identify to whom it belongs
Digital certificates
A method of hiding the existence of a secret message
Access-control devices that use a biometric detection device as a release mechanism
Biometric lock
Synonymous with application firewall and application-level firewall. A device that selectively discriminates against information flowing into or out of the organization. In the context of physical security, a firewall is a wall that limits the spread of damage should a fire break out in an office
Offsite computing that uses internet connections, dial-up connections, connections over leased point-to-point links between offices, and other connection mechanisms
An aspect of information security that addresses the design, implementation, and maintenance of countermeasures that protect the physical resources of an organization
Physical security
The spark that occurs when two materials are rubbed or touched and electrons are exchanged, resulting in one object becoming more positively charged and the other more negatively charged
Static Electricity
A small physical enclosure that is used in secure facilities that has an entry point and a different exit point
The protection of information and the systems and hardware that use, store, and transmit that information
Information Security
What are the phases of the Security Systems Development Life Cycle
Logical Design
Physical Design
What are some issues facing software developers?
Command Injection
Cross-Site Scripting
Failure to Handle Errors
Failure to Protect Network Traffic
Failure to Store and Protect Data Securely
Failure to use cryptographically strong numbers
format string problems
sql injection
What is the difference between Laws and Ethics
Laws are rules that mandate or prohibit certain behavior. Ethics are socially acceptable behaviors
Computer Fraud and Abuse Act of 1986
National Information Infrastructure Protection Act of 1996
USA PATRIOT Act of 2001
Computer Security Act of 1987
Computer Security LAws
The process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all components in the organization's information system
Risk Management
The formal process of examining and documenting the security posture of an organizations information technology and the risks it faces
Risk Identification
The process of applying controls to reduce the risks to an organization's data and information systems
Risk Control