Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
50 Cards in this Set
- Front
- Back
|
The ability to use, manipulate, modify, or affect an object
|
Access
|
|
|
The resource that is being protected. Can be logical such as a website, or physical such as a computer
|
Asset
|
|
|
An act that takes advantage of a vulnerability to compromise a controlled system
|
Attack
|
|
|
Security mechanism, policy, or procedure that can counter a system attack, reduce risks, and resolve vulnerabilities
|
Control (safeguard or countermeasure)
|
|
|
A technique used to compromise a system
|
Exploit
|
|
|
A single instance of a system being open to damage
|
Exposure
|
|
|
A passive entity in an information system that receives or contains information
|
Object
|
|
|
The probability that something can happen
|
Risk
|
|
|
The basis for the design, selection, and implementation of all security program elements including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of the security program
|
Security Blueprint
|
|
|
The implementation of an organizations security policies, procedures, and programs
|
Security Posture (Security Profile)
|
|
|
An active entity that interacts with an information system and causes information to move through the system for a specific purpose. examples include: individuals, technical components, and computer processes
|
Subject
|
|
|
An object, person, or other entity that represents a constant danger to an asset
|
Threat
|
|
|
A specific instancew or component that represents a danger to an organizations asset. threats can be accidental or purposeful, for example lightning strikes or hackers
|
Threat Agent
|
|
|
Weakness in a controlled system, where controls are not present or are no longer effective
|
Vulnerability
|
|
|
Security measures such as a badge reader that admits or prohibits people from entering sensitive areas
|
Access Control
|
|
|
The process of attracting attention to a system by placing tantalizing bits of information in key locations
|
Enticement
|
|
|
Security systems that use two or more authentication mechanisms
|
Strong authentication
|
|
|
A data-gathering process that discovers the assets that can be accessed from a network. Usually performed in advance of a planned attack. This is a systematic examination of the entire set of internet addresses of the organization
|
Fingerprinting
|
|
|
Decoy systems designed to lure potential attackers away from critical systems
|
Honey Pot
|
|
|
A type of attack on information assets in which the instigator attempts to gain entry into a system or disrupt the normal operations of a system with, almost always, the intent to do malicious harm
|
Intrusion
|
|
|
Devices that detect unauthorized activity within the inner network or on individual machines
|
Intrusion detection systems (IDS)
|
|
|
A network tool that collects copies of packets from the network and analyzes them
|
Packet sniffer
|
|
|
A honeypot that has been protected so that it cannot easily be compromised
|
Padded Cell
|
|
|
A private word or combination of characters that only the user knows
|
Password
|
|
|
The tool used to identify (or fingerprint) computers that are active on a network, as well as the ports and services active on those computers, the functions and roles the machines are fulfilling, and other useful information
|
Port Scanner
|
|
|
The act of luring an individual into committing a crime to get a conviction
|
Entrapment
|
|
|
The process of making and using codes to secure the transmission of information
|
Cryptography
|
|
|
Decrypting without knowing the keys
|
Cryptoanalysis
|
|
|
The information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext. This can be a series of bits used by a computer program, or it can be a passphrase used by humans
|
Key
|
|
|
Mathematical algorithms that generate a message summary or message digest that allows a hash algorithm to confirm that the content of a specific message has not been altered
|
Hash Function
|
|
|
A method of communicating on a network using a single key to both encrypt and decrypt a message
|
Symmetric encryption
|
|
|
A method of communicating on a network using one key to encrypt and another to decrypt a message
|
Asymmetric encryption
|
|
|
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely
|
Public Key Infrastructure(PKI)
|
|
|
Encrypted messages that can be mathematically proven authentic
|
Digital Signatures
|
|
|
Public-key container files that allow computer programs to validate the key and identify to whom it belongs
|
Digital certificates
|
|
|
A method of hiding the existence of a secret message
|
Steganography
|
|
|
Access-control devices that use a biometric detection device as a release mechanism
|
Biometric lock
|
|
|
Synonymous with application firewall and application-level firewall. A device that selectively discriminates against information flowing into or out of the organization. In the context of physical security, a firewall is a wall that limits the spread of damage should a fire break out in an office
|
Firewall
|
|
|
Offsite computing that uses internet connections, dial-up connections, connections over leased point-to-point links between offices, and other connection mechanisms
|
Telecommuting
|
|
|
An aspect of information security that addresses the design, implementation, and maintenance of countermeasures that protect the physical resources of an organization
|
Physical security
|
|
|
The spark that occurs when two materials are rubbed or touched and electrons are exchanged, resulting in one object becoming more positively charged and the other more negatively charged
|
Static Electricity
|
|
|
A small physical enclosure that is used in secure facilities that has an entry point and a different exit point
|
Mantrap
|
|
|
The protection of information and the systems and hardware that use, store, and transmit that information
|
Information Security
|
|
|
What are the phases of the Security Systems Development Life Cycle
|
Investigation
Analysis Logical Design Physical Design Implementation Maintenance Change |
|
|
What are some issues facing software developers?
|
Command Injection
Cross-Site Scripting Failure to Handle Errors Failure to Protect Network Traffic Failure to Store and Protect Data Securely Failure to use cryptographically strong numbers format string problems sql injection |
|
|
What is the difference between Laws and Ethics
|
Laws are rules that mandate or prohibit certain behavior. Ethics are socially acceptable behaviors
|
|
|
Computer Fraud and Abuse Act of 1986
National Information Infrastructure Protection Act of 1996 USA PATRIOT Act of 2001 Computer Security Act of 1987 |
Computer Security LAws
|
|
|
The process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all components in the organization's information system
|
Risk Management
|
|
|
The formal process of examining and documenting the security posture of an organizations information technology and the risks it faces
|
Risk Identification
|
|
|
The process of applying controls to reduce the risks to an organization's data and information systems
|
Risk Control
|
