Save
Busy. Please wait.
Log in with Clever
or

show password
Forgot Password?

Don't have an account?  Sign up 
Sign up using Clever
or

Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

CISSP 2018 CAT

TermDefinition
Confidentiality Supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis
Integrity Comes in two forms: making sure that information is processed correctly and not modified by unauthorized persons, and protect information as it transits a network
Availability The principle that ensures that information is available and accessible to users when needed
Least Privilege Granting users only the accesses that are required to perform their job function
Due Care The care a reasonable person would exercise under given circumstances.
Due Diligence Similar to due care with the exception that is a pre-emptive measure made to avoid harm to other persons or property
Wassenaar Arrangement Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, (Cryptography)
Governance Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated
Risk Management A systematic process for identifying, analyzing, evaluating, remediating, and monitoring risk, as well as transferring to another party, avoiding the risk altogether, or assuming the risk with its potential consequences
Compliance Actions that ensure behavior that complies with established rules
Breach Incident that results in the disclosure or potential exposure of data
Incident A security event that compromises the confidentiality, integrity, or availability of an information asset
Data Disclosure A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party
Copyright Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, database, and computer programs
Patent Protects novel, useful, and nonobvious inventions for 20 years in the US and Europe.
Trademark Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others. Associated with marketing.
Trade Secret Proprietary business or technical information, process, designs, practices, etc., that are confidential and critical to the business (Example- Coke Formula)
Single Point of Failure (SPOF) Any single input to a process that, if missing, would cause the process or several processes to be unable to function
Security Policy Communicate management’s expectation, which are fulfilled through the execution of procedures and adherence to standards, baselines, and guidelines
Business Impact Analysis Determine what impact a disruptive event would have on an organization
Maximum Tolerable Downtime (MTD) Longest period of time that a critical process can be disrupted before recovery becomes impossible
Recovery Time Objective (RTO) How quickly you need to have that application’s information after downtime has occurred
Recovery Point Objective(RPO) Point in time to which data must be restored in order to successfully resume processing
MTBF Mean Time Between Failure
MTTR Mean Time To Repair
SLE Single Loss Expectancy
ALE Annual Loss Expectancy ALE=SLE X ARO
ARO Annual Rate of Occurrence
MAD Maximum Allowable Downtime
Risk The possibility of loss
residual risk The amount of risk that is left over when appropriate controls are properly applied to lessen or remove the vulnerability
Vulnerability Assessment Determines the potential impact of disruptive events on the organization’s business processes
Quantitative Risk Assessment measurable in numeric value
Qualitative Risk Assessment descriptive versus mearsurable
Vulnerability An inherent weakness in an information system, security procedures, internal controls, or implementation that could be exploited by a threat source
Risk Avoidance Discontinuing the activity because you do not want to accept it’s risk
Risk Transfer Practice of passing on the risk in question to another entity, such as an insurance company
Risk Mitigation Practice of the elimination of or the significant decrease in the level of risk presented
Risk Acceptance Practice of accepting certain risks based on a business decision that weighs the cost versus the benefit of dealing with the risk
Directive Controls designed to specify acceptable rules of behavior within an organization
Deterrent Controls designed to discourage people from violating security directives
Preventative Controls implemented to prevent a security incident or information breach
Compensating Controls implemented to substitute for the loss of primary controls and mitigate risk down to an acceptable level
Detective Controls designed to signal a warning when a security control has been breached
Corrective Controls implemented to remedy circumstance, mitigate damage, or restore controls
Recovery Controls implemented to restore conditions to normal after a security incident
Physical Controls Controls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards, also called operational controls
Administrative Controls Procedures implemented to define roles, responsibilities, policies, and administrative functions needed to manage the control environment, also called management controls
Technical Controls Electronic hardware and software solutions implemented to control access to information and information networks, also called logical controls
Penetration Testing Simulate an attack on a system or network to evaluate the risk profile of an environment
External Testing Attacks on the organization’s network perimeter using procedures performed from outside the organization’s systems, from the Internet
Internal Testing Attacks from within the organization’s technology environment
Blind Testing Testing team is only provided with limited information concerning the organization’s information system configuration and the IT staff knows about the attack
Double-Blind Testing Testing team is only provided with limited information of the organization’s information system configuration and the IT staff does NOT know about the attack
Zero knowledge testing Tester is provided no information about the target’s network or environment. Also called, black box or closed testing. Red Team
Partial knowledge testing Tester is provided with some knowledge about the environment. Also called grey box testing. Purple Team
Full knowledge testing Tester is provided with full knowledge about the environment. Also called white box testing. Blue Team
Continuous Improvement Plan Do Check Act cycle, also known as Deming Cycle
SLA Service Level Agreement. Describes the IT service, documents service level targets, and specifies the responsibilities of the IT service provider and the customer
Data Classification Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category. Examples include, Confidential, Secret, and Top Secret.
Categorization The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization
CMDB Configuration Management Data Base
Data Custodian Ensure important datasets are developed, maintained, and accessible within their defined specifications
Data Modeling The methodology that identifies the path to meet user requirement
Data Standards Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations
Quality Control (QC) Assessment of quality based on internal standards, processes, and procedures established to control and monitor quality
Quality Assurance (QA) Assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality
Data Remanence The residual physical representation of data that has been in some way erased
Clearing The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities
Purging (Sanitizing) The removal sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique
Destruction The storage media is made unusable for conventional equipment
Processors perform four main tasks Fetching, Decoding, Executing, and Storing
Primary Storage Stores data that has a high probability of being requested by the CPU
Secondary Storage Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage
Memory Protection Prevent a process from accessing memory that has not been allocated to it
Segmentation Dividing a computer’s memory into segments
Paging Divides the memory address space into equal-sized blocks called pages
Protection keying Divides physical memory up into blocks of a particular size, each of which has an associated numeric value called a protection key
Address Space Layout Randomization (ASLR) Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process’s memory address space.
System Kernel The core of an OS, and one of its main functions is to provide access to system resources, which includes system’s hardware and processes
Zachman Framework A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them
Sherwood Applied Business Security Architecture (SABSA) Framework A holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics
The Open Group Architecture Framework (TOGAF) An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models
State Machine Model Describes the behavior of a system as it moves between one state and another
Multilevel Lattice Model Describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in
Noninterference Model May be considered a type of multilevel model with a high degree of strictness, severely limiting any higher-classified information from being shared with lower-privileged subjects even when higher-privileged subjects are using the system at the same time
Matrix-based Model A two-dimensional table that allows for individual subjects and objects to be related to each other
Information Flow Model Focus on how information is allowed or not allowed between individual objects. Used to determine if information is being properly protected throughout a given process
Bell-LaPadula Confidentiality Model Multilevel Lattice based model that only deals with Confidentiality. Simple property states no read up. * Property states no write down.
Biba Integrity Model Multilevel Lattice based model that only deals with Integrity. Simple property states no read down. * Property states no write up.
Clark-Wilson Integrity Model Focuses on Integrity at the transaction level, strict definition of well-formed transactions. Establishes a system of subject-program-object bindings such that the subject no longer has direct access to the object.
Brewer-Nash (The Chinese Wall) Model This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties
Graham-Denning Access Control Model This model is primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed
Lipner Model Combines elements of Bell-LaPadula and Biba together with the idea of job functions or roles in a novel way to protect both confidentiality and integrity
Harrison-Ruzzo-Ullman Model Very similar to the Graham-Denning Model, and it is composed of a set of generic rights and finite set of commands
Certification The product or system is tested for meeting the documented security requirements
Accreditation Management evaluates the Certification testing and will formally accept the evaluated system
Trusted Computer System Evaluation Criteria (TCSEC) Also known as the Orange Book, DOD standard that sets basic standards for the implementation of security protections in computing systems
Information Technology Security Evaluation Criteria (ITSEC) Consumer or vendor can define requirements from a menu of possible requirements into a Security Target(ST) and vendors developed products (the Target of Evaluation or ToE) and have them evaluated against that target
Common Criteria Published as the ISO/IEC 15408 standard provided the first international product evaluation criteria. The common criteria introduced protection profiles (PP). EAL1 (highest) to EAL7 (lowest)
ISO/IEC 27001 Security Standard Focused on the standardization and certification of an organization’s information security management system (ISMS), the governance structure supporting an information security program.
ISO/IEC 27002 More of a guideline, it provides a Code of Practice for Information Security Management, which lists security control objectives and recommends a range of specific security controls according to industry best practice
Control Objectives for Information and Related Technology (COBIT) Provides a set of generally accepted processes to maximize the benefits of IT. Describes security controls as recommended by the IT auditing community.
Payment Card Industry Data Security Standard (PCI-DSS) Developed by the PCI Security Standards Council to enhance payment card data security. Provides a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.
Kernel mode Also known as supervisor state, the processor is operating at the highest privilege level on the system and allows the process running to access any system resource and execute privileged and non-privileged instructions
User mode Also known as problem state, the processor limits the access to system data and hardware granted to the running process
Layering Use of discrete layers that control interactions between more privileged and less privileged processes on the system
Ring 0 Most privileged ring and associated with core system functions, such as the OS kernel
Ring 3 Lowest privileged ring and associated to end-user applications
Process Isolation Used to prevent individual processes from interacting with each other. Can be done by providing distinct memory address spaces for each process and preventing other processes from accessing that area of memory
Data Hiding Maintains activities at different security levels to separate these levels from each other
Abstraction Involves the removal of characteristics from an entity in order to easily represent its essential properties
Trusted Platform Module (TPM) Specialized cryptoprocessor that provides for the secure generation, use, and storage of cryptographic keys.
Emanations Unintentional electrical, mechanical, optical, or acoustical energy signals that contain information or metadata about the information being processed, stored, or transmitted in a system
TEMPEST A set of standards designed to shield buildings and equipment to protect them against eavesdropping and passive emanations gathering attempts
State attacks Also known as race conditions, attempt to take advantage of how a system handles multiple requests.
Covert Channels Communications mechanisms hidden from the access control and standard monitoring systems of an information system
Data Warehouse A repository for information collected from a variety of data sources
Inference The ability to deduce sensitive or restricted information from observing available information
Aggregation Combining non-sensitive data from separate sources to create sensitive information
Data Mining A process of discovering information in data warehouses by running queries on data
Software as a Service (SaaS) The capability provided to the consumer to use the provider’s applications running on a cloud infrastructure
Platform as a Service (PaaS) The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages
Infrastructure as a Service (IaaS) The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run software, which can include operating systems and applications
Key clustering When different encryption keys generate the same ciphertext from the same plaintext message
Synchronous Each encryption or decryption is performed immediately (in real time).
Asynchronous Encrypt/Decrypt requests are processed in queues
Hash function One-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value
Digital Signatures Provide authentication of a sender and integrity of a sender’s message. A message is input into a hash function, then the hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature.
Asymmetric Term used in cryptography in which two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. Commonly used in PKI.
Digital certificate Electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date
Certificate authority (CA) This is an entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates
Registration authority (RA) This performs certificate registration services on behalf of a CA. Responsible for the accuracy of the information contained in the certificate request and performs user validation before issuing a certificate request
Plaintext or cleartext This is the message in its natural format. Plaintext is human readable and is extremely vulnerable from a confidentiality perspective
Ciphertext or cryptogram This is the altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients
Cryptosystem This represents the entire cryptographic operation. Includes the algorithm, key, and key management functions
Encryption This is the process of converting the message from its plaintext to ciphertext. Also called enciphering.
Decryption This is the reverse process from encryption. It is the process of converting a ciphertext message into plaintext through the use of the cryptographic algorithm and key that was used to do the original encryption. Also called decipher.
Key or Cryptovariable The input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message.
Non-repudiation A Security service by which evidence is maintained so that the sender and the recipient of data cannot deny having participated in the communication.
Algorithm Mathematical function that is used in the encryption and decryption processes. It may be quite simple or extremely complex.
Cryptanalysis The study of techniques for attempting to defeat cryptographic techniques and information security services.
Cryptogology The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence. The study of hidden writing.
Collision This occurs when a hash function generates the same output for different inputs.
Key space This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Work factor This represents the time and effort required to break a protective measure
Initialization vector (IV) A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.
Encoding The action of changing a message into another format through the use of code. Examples would be Morse code or brevity codes used by the military (Alpha, Bravo, etc.).
Decoding The reverse process from encoding – converting the encoded message back into its plaintext format.
Transposition or permutation The process of reordering the plaintext to hide the message
Substitution The process of exchanging one letter or byte for another
SP-network Used in most block ciphers to increase their strength. SP stands for substitution and permutation (transposition), and most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process.
Confusion Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.
Diffusion Provided by mixing up the location of the plaintext throughout the ciphertext.
Avalanche Effect An important consideration in all cryptography used to design algorithms where a minor change in either the key or the plaintext will have a significant change in the resulting ciphertext.
Stream-based Ciphers When a cryptosystem performs its encryption on a bit-by-bit basis. Relies primarily on substitution. Most commonly associated with streaming application, such as voice or video transmission
Substitution The process of exchanging one character or bit for another
Block Ciphers Operates on blocks or chunks of text. Use a combination of substitution and transposition to perform their operations
Key Length The size of the key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.
Null cipher May be used in cases where the use of encryption is not necessary, but yet the fact that no encryption is needed must be configured in order for the system to work.
Caesar cipher Simple substitution algorithm that merely shifted the plaintext over three places to create the ciphertext. Example of a monoalphabetic cipher.
Polyalphabetic Cipher The use of several alphabets for substituting the plaintext
Running Key Cipher The key is repeated (or runs) for the same length as the plaintext input
One-time Pads The only cipher system asserted as unbreakable, as long as it is implemented properly. Also called the Vernam cipher. Use the key only once and must be as long as the plaintext, never repeats.
Symmetric algorithms Operate with a single cryptographic key that is used for both encryption and decryption of the message. For this reason, often called single, same, or shared key encryption.
Data Encryption Standard (DES) Based on the work of Harst Feistal, DES operates on a 64-bit input blocks and outputs ciphertext into 64-bit blocks. There are 16 identical stages of processing, called rounds.
Triple DES (3DES) The defeat of double DES (Meet in the Middle attacks) resulted in the adoption of triple DES. Applies single DES encryption three times per block.
Electronic Code Book (ECB) Mode Each block is encrypted independently, allowing randomly accessed files to be encrypted and still accessed without having to process the file in a linear encryption fashion. Very short messages, less than 64 bits in length
Cipher Block Chaining (CBC) Mode The result of encrypting one block of data is fed back into the process to encrypt the next block of data
Cipher Feedback (CFB) Mode Each bit produced in the keystream is the result of a predetermined number of fixed ciphertext bits
Output Feedback (OFB) Mode The keystream is generated independently of the message
Counter (CTR) Mode A counter – a 64-bit random data block – is used as the first initialization vector. For each subsequent block, the counter is incremented by 1.
Advanced Encryption Standard (AES) The AES algorithm (a block cipher) uses cipher keys with 128 bit length (10 rounds of encryption), 192 bit length (12 rounds of encryption), and 256 bit length (14 rounds of encryption) to encrypt 128-bit blocks of data. Current US standard.
There were five finalists for AES MARS, RC6, Serpent, Twofish, and Rijndael
Blowfish A Symmetric algorithm that is extremely fast and can be implemented in as little as 5K of memory. Operates with variable key sizes , from 32 up to 448 bits (default 128 bit) on 64 bit block sizes.
Twofish One of the finalists for AES. Operates with keys of 128, 192, or 256 bits on blocks of 128 bits. It performs 16 rounds during the encryption/decryption process
RC4 Stream-based cipher developed in 1987 by Ron Rivest for RSA Data Security and was the most widely used stream cipher. Uses a variable length key ranging from 8 to 2,048 bits.
RC5 Block-based cipher developed by Ron Rivest for RSA. The key can vary from 0 to 2,040 bits, the number of rounds it executes can be adjusted from 0 to 255, and the length of the input words can also be chosen from 16, 32, and 64 bit lengths.
RC6 One of the finalists for AES. Based on RC5 and altered to meet the AES requirements. It also stronger than RC5, encrypting 128 bit blocks using 128, 192, or 256 bit keys.
International Data Encryption Algorithm (IDEA) Developed as a replacement for DES and is a symmetric block cipher. It uses a 128-bit key and 64-bit block sizes.
Asymmetric Algorithms are one-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineering).
Secure Mail Format (SMF) To send a confidential message, the sender would encrypt the message with the public key of the receiver. Only the receiver with the private key would be able to open or read the message, providing confidentiality.
Open Message Format (OMF) To send an open message and provide proof of origin (non-repudiation), the sender encrypts the message with their private key and anyone can open or read the message with the public key of the sender.
Confidential Message with Proof of Origin Encrypt a message with the private key of the sender and the public key of the receiver. The receiver of the message will decrypt with their private key and the public key of the sender.
RSA Based on the challenge of factoring the product of two large prime numbers. A prime number can only be divided by one and itself. Factoring is defined as taking a number and finding the numbers that can be multiplied together to calculate that number.
Diffie-Hellmann Algorithm : Enables two users to exchange symmetric keys that will be used for message encryption. Is a Key exchange algorithm based on discrete logarithms and used in PKI.
El Gamal Based on the work of Diffie-Hellmann, but it included the ability to provide message confidentiality and digital signature services, not just session key exchange. Also based on discrete logarithms.
Elliptic Curve Cryptography (ECC) Has the highest strength per bit of key length of any of the asymmetric algorithms. The ability to use much shorter keys provides savings on computational power and bandwidth.
Message Digest A small representation of a larger message. Used to ensure the authentication and integrity of information, not the confidentiality.
Message Authentication Code (MAC) A small block of data that is generated using a secret key and then appended to the message. Also known as a cryptographic checksum.
Security Assertion Markup Language (SAML) XML-based standard used to exchange authentication and authorization information. Allows federated systems with different Identity management systems to interact through simplified sign-on and single-sign-on exchanges.
OpenID Connect An interoperable authentication protocol based on the OAugh 2.0 family of specifications
Open Web Application Security Project (OWASP) A nonprofit organization focused on improving the security of software. Publishes several products including a Top 10 web-based application security flaws and how to mitigate them.
Cyber-Physical Systems (CPS) ): Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.
Supervisory Control and Data Acquisition (SCADA) Assembly of interconnected equipment used to monitor and control physical equipment in industrial environments.
Public Key Infrastructure PKI
Quantum Cryptography Uses physics to secure data and also known as quantum key distribution, or QKD. Used to generate and distribute secret keys, which can then be used together with traditional crypto algorithms and protocols to encrypt and transfer data.
Kerchhoff’s law A cryptosystem should be secure even if everything about the system, except the key, is public knowledge.
Digital Rights Management (DRM) Defined as a broad range of technologies that grant control and protection to content providers over their own digital media.
Hash function or message digest Accepts an input message of any length and generates, through a one-way operation, a fixed-length output that provides integrity. Uses a hashing algorithm to generate the hash but does not use a secret key.
MD5 Message Digest Algorithm Generates a 128-bit digest from a message of any length. Processes the message in 512-bit blocks and does four rounds of processing. One common use of MD5 is to verify the integrity of digital evidence used in forensic investigations
Secure Hash Algorithm (SHA) and SHA-1 SHA based on MD4 algorithm. SHA-1 based on MD5 algorithm and generates 160 bit hash with four rounds of operations
Ciphertext-only Attack One of the most difficult because the attacker has so little information with which to start. With more ciphertext the attacker could apply cryptanalysis techniques, such as frequency analysis.
Known Plaintext The attacker has access to both the ciphertext and the plaintext versions of the same message. The goal of this type of attack is to find the cryptographic key used to encrypt the message.
Chosen Plaintext : The attacker knows the algorithm used for the encrypting and may have access to the machine used to do the encryption. Attacker runs chosen plaintext through the algorithm.
Adaptive chosen plaintext Attacker can modify the chosen input files to see what effect that would have on the resulting ciphertext.
Chosen Ciphertext Similar to the chosen plaintext attack in that the attacker has access to the decryption device or software and is attempting to decrypt chosen pieces of ciphertext to discover the key.
Adaptive chosen ciphertext Would be the same, except the attacker can modify the ciphertext prior to putting it through the algorithm.
Differential Cryptanalysis Seeks to find differences between related plaintexts that are encrypted. It launches as an adaptive chosen plaintext attack and then encrypts related plaintexts.
Linear Cryptanalysis A known plaintext attack and uses a linear approximation to describe the behavior of the block cipher. Given sufficient pairs of plaintext and corresponding ciphertexts, to determine the key.
Side Channel Attacks Rely on a physical attribute of the implementation such as power consumption/emanation. These attributes are studied to determine the secret key and the algorithm function.
Rainbow Table A look-up table of sorted hash outputs that could be used in a brute force attack on a hashed password file.
Class A Fire involving ordinary combustible materials such as paper, wood, cardboard, and most plastics.
Class B Fire involves flammable or combustible liquids such as gasoline, kerosene, grease, and oil.
Class C Fire involves electrical equipment, such as appliances, wiring, circuit breakers, and outlets
Class D Extinguishers are commonly found in a chemical laboratory. Fires that involve combustible metals, such as magnesium, titanium, potassium, and sodium.
Class K Extinguishers are commonly found in environments such as kitchens where the possibility of an oil or fat based fire is greatest.
Cable Plant Management The design, documentation, and management of the lowest layer of the OSI network model – the Physical Layer.
Internet Protocol (IP) A connectionless protocol that does not guarantee delivery. IP has two functions, Addressing that uses the destination IP address to transmit packets through networks and Fragmentation that will subdivide a packet when needed.
Open Shortest Path First (OSPF)versions 1 and 2 An interior gateway routing protocol developed for IP networks based on the shortest path first or link-state algorithm
Internet Group Management Protocol (IGMP) Used to manage multicasting groups, which are a set of host s anywhere on a network that are interested in a particular transmission
Internet Protocol version 4 (IPv4) responsible for addressing packets, so that they can be transmitted from the source to the destination host.
IPv6 A modernization of IPv4 and includes 128 bit addresses, improved security using IPSec, and improved quality of service
User Datagram Protocol (UDP) Provides a lightweight service for connectionless data transfer without error detection and correction. Best effort protocol, you get what you get. Used in video streaming.
Transmission Control Protocol (TCP) Provides connection-oriented data management and reliable data transfer.
Remote Procedure Call (RPC) Protocol Represent the ability to allow for the executing of objects across hosts, with a client sending a set of instructions to an application residing on a different host on the network.
Dynamic Host Configuration Protocol (DHCP) Dynamically assigns hosts an IP address and manages leases.
Domain Name System (DNS) Resolves names Fully Qualified Domain Names (FQDN) to IP Addresses.
Internet Control Message Protocol (ICMP) Used for the exchange of control messages between hosts and gateways and is used for diagnostic tools such as ping and traceroute. ICMP can be leveraged for malicious behavior, including man-in-the-middle and DOS attacks
Ping (Packet Internet Groper) Ping is a diagnostic program used to determine if a specified host is on the network and can be reached by the pinging host. It sends an ICMP echo packet to the target host and waits for the target to return an ICMP echo.
Traceroute A diagnostic tool that displays the path a packet traverses between a source and destination host. Traceroute can be used maliciously to map a victim network and learn about its routing.
Lightweight Directory Access Protocol (LDAP) Client/Server based directory query protocol based upon X.500. Back ends to LDAP can be directory services such as NIS (Microsoft Active Directory). LDAP provides only weak authentication based on host name resolution
Network Information Service (NIS/NIS+) Directory services developed by Sun Microsystems, which are mostly used in UNIX environments. Commonly used for managing user credentials across a group of machines.
Simple Mail Transfer Protocol (SMTP) Client/server protocol utilized to route email on the Internet. Using port 25/TCP, information on mail servers is managed through DNS, using mail exchange (MX) records.
File Transfer Protocol (FTP) A state protocol allows files to be transmitted between a host and a server.
Trivial File Transfer Protocol (TFTP) A simplified version of FTP, for moving small files. It has no authentication, encryption, or directory services.
Hypertext Transfer Protocol (HTTP) Designed to transfer HTML webpages between a server and a client. Traffic is sent between a server and a client. Traffic is sent in the clear, but can be encrypted with SSL or TLS.
Distributed Networking Protocol 3 (DNP3) Commonly used in SCADA systems and is a primary protocol to communicate between SCADA devices. This protocol does not offer security features.
Fibre Channel over Ethernet (FCoE) A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer. Therefore, FCoE must operate on DCB-enabled Ethernet and use lossless traffic classes to prevent Ethernet frame loss under congested network conditions
Data Center Bridging DCB) Standards Priority-based Flow control (PFC), allows the network to pause different traffic classes. Enhanced Transmission Selection (ETS) defines the scheduling behavior of multiple traffic classes.
Internet Small Computer Systems Interface (iSCSI) An Internet Protocol (IP)-based storage networking standard for linking data storage facilities. Used to facilitate data transfers over intranets and to manage storage over long distance.
Multi-Protocol Label Switching (MPLS) A Wide area networking protocol and does performs “label switching” instead of IP routing. The first device does a routing lookup and finds the final destination router, applies the label. Future routers use this label to route the traffic.
Voice over Internet Protocol (VoIP) The transmission of voice traffic over IP-based networks and is the foundation for more advanced unified communications applications such as web and video conferencing.
Session Initiation Protocol (SIP) Designed to manage multimedia connections and support digest authentication structured by realms. Provides integrity protection through the MD5 has functions.
Open System Authentication Default authentication protocol for the 802.11 standard. It consists of a simple authentication request containing the station ID and an authentication response containing success or failure data.
Shared Key Authentication A standard challenge and response mechanism that makes use of WEP and a shared secret key to provide authentication
Ad-Hoc Mode A network topology provided in the 802.11 standard and consists of at least two wireless endpoints where there is no access point involved in their communication.
Infrastructure Mode A network topology provided in the 802.11 standard and consists of a number of wireless stations and access points. The access points usually connect to a larger wired network.
Wired Equivalent Privacy Protocol (WEP) A basic security feature in the 802.11 standard, intended to provide confidentiality over a wireless network by encrypting information sent over the network.
Wi-Fi Protected Access (WPA) Provides users with a higher level of assurance that their data will remain protected by using the Temporal Key Integrity Protocol (TKIP) for data encryption, which uses RC4
Wi-Fi Protected Access 2 (WPA2) Based on 802.11i, a wireless security protocol that allows only authorized users to access a wireless device, with features supporting stronger encryption with AES
S/MIME Certificates Used for signed and encrypted emails.
Certificate Authority (CA) certificates Used to identify CAs. Client and server software use the CA certificate to determine what other certificates can be trusted.
Deterministic routing Traffic only travels by predetermined routes that are known to be either secure or less susceptible to compromise.
Boundary routers Primarily advertise routes that external hosts can use to reach internal ones. This is a router on the edge and therefore requires hardening
Non-Blind Hijacking IP Spoofing attack that takes place when the attacker is on the same subnet as the victim and are only monitoring data, and not intercepting the data.
Blind Hijacking IP Spoofing attack that is a more sophisticated attack. Several packets are sent to the target machine in order to sample sequence numbers and to eventually detect the correct sequence.
Man-in-the-Middle Attack When an attacker routes information between two users through their own machine without the knowledge of the two individuals communicating
Security Perimeter The first line of protection between trusted and untrusted networks. Includes a firewall and router that help filter traffic and may also include proxies, IDS, or IPS.
Network Partitioning Segmenting networks into domains of trust is an effective way to help enforce security policies.
Dual-Homed Host Has two network interface cards (NICs), each on a separate network. Can be an effective measure to isolate a network.
Bastion Host A fortified device usually located in the DMZ. It has been hardened, meaning it has been patched, had unnecessary services disabled, default passwords changed, etc.
Demilitarized Zone (DMZ) Also known as a screened subnet, allows an organization to give external hosts limited access to public resources, such as a company web site, without granting them access to the internal network.
Concentrators Multiplex connected devices into one signal to be transmitted on a network
Multiplexer Combines multiple signals into one signal for transmission
Hubs Retransmit signals from each port to all other ports
Repeater Used to extend the distance a wire can transmit a signal
Bridge Layer 2 device that filter traffic between segments based on MAC addresses. Layer 2 device that filter traffic between segments based on MAC addresses. Layer 2 device that filter traffic between segments based on MAC addresses
Switch Layer 2 device that establishes a collision domain per port, enabling more efficient transmissions with CSMA/CD logic with Ethernet. Security features include port blocking, port authentication, MAC filtering, and VLANs.
Router : Layer 3 device that route packets to other networks and are commonly referred to as the Gateway. They read the IP destination in received packets and determine the next device on the network to send the packet.
Firewall Device that enforce administrative security policies by filtering incoming traffic based on a set of rules. Each rule instructs the firewall to block or forward a packet based on one or more conditions.
Static Packet Filtering Firewall examines each packet without regard to the context in a session. Packets are examined against static criteria such as port or protocol
Stateful Inspection or Dynamic Packet Filtering Firewall examines each packet in the context of a session, which allows it to make dynamic adjustment to the rules.
Throughput The rate that data will be transmitted
Attenuation The degradation or loss of a signal in long runs of cable
Propagation Delay Time required for a signal to travel
Twisted Pair Pairs of copper wires are twisted together to reduce electromagnetic interference and cross talk
Unshielded Twisted Pair (UTP) Inexpensive, but susceptible to interference from EMI, RFI, and cross talk.
Coaxial Cable Uses one thick conductor, can support long cable runs and has protection from EMI and RFI.
Fiber Optic Use light pulses to transmit information instead of electronic pulses. Expensive, but is more secure.
Network Address Translation (NAT) Routers and firewalls can change the source address of each outgoing packet (from trusted to untrusted network) to a different address.
Port Address Translation (PAT) Translate all addresses to one routable IP address and translate the source port number in the packet to a unique value. The port translation allows the firewall to keep track of multiple sessions that are using PAT.
Proxy Firewall Mediates communications between untrusted end-points (servers/hosts/clients) and trusted end-points (servers/hosts/clients). Hides the trusted internal client from potential attackers.
Circuit-level proxy Creates a conduit through which a trusted host can communicate with an untrusted one. This type of proxy does not inspect the data field that it forwards and will not analyze for malicious content.
Application-level proxy Relays traffic from a trusted end-point running a specific application to an untrusted end-point. This type of proxy does analyze the data field that they forward, but does add processing overhead.
Internet Relay Chat (IRC) A client/server based network that is a common method of communicating today. It is unencrypted and an easy target for sniffing attacks. Used by hackers for their own communication.
Virtual Private Network (VPN) A point-to-point connection that extends a private network across a public network. Most common security definition is an encrypted tunnel between two hosts.
Point-to-Point Tunneling Protocol (PPTP): A tunneling protocol that runs over other protocols. Relies on Generic Routing encapsulation (GRE) to build the tunnel between end points.
Password Access Protocol (PAP) Transmits passwords in clear text
Layer 2 Tunneling Protocol (L2TP) A hybrid of Layer 2 Forwarding (L2F) and PPTP. Allows callers over a serial line using PPP to connect over the Internet to a remote network. Relies on IPSec to provide encryption
IP Security (IP Sec) A suite of protocols for communicating securely with IP by providing mechanisms authenticating and encryption. Endpoints communicate using either transport or tunnel mode.
Transport mode The IP payload is protected. This mode is mostly used for end-to-end protection, for example between client and server.
Tunnel mode The IP payload and its IP header are protected. The entire protected IP packet becomes a payload of a new IP packet and header. Used between networks, such as with firewall-to-firewall VPNs.
Authentication Header (AH) Used to prove the identity of the sender and ensure that the transmitted data has not been tampered with.
Encapsulating Security Payload (ESP) Encrypts IP packets and ensures their integrity. Contains four sections: header, payload, trailer, and authentication.
Security Associations (SAs) Defines the mechanisms that an endpoint will use to communicate with its partner.
Internet Key Exchange (IKE) Allows two devices to exchange symmetric keys for the use of encrypting in AH or ESP. Two ways to exchange keys are a Diffie-Hellman (DH) style negotiation or use public key certificates.
High Assurance Internet Protocol Encryptor (HAIPE) Based on IPSec and has additional restrictions and enhancements. Used for highly-secure communications such as those employed by military applications.
Remote Authentication Dial-In User Service (RADIUS) An authentication protocol used in network environments. Centralized authentication mechanism that provides Authentication, Authorization, and Accounting. Transmits user ID in cleartext.
DIAMETER DIAMETER improves on RADIUS and to address the security issues of RADIUS. Runs over TCP and uses security of IPSec and TLS.
Simple Network Management Protocol (SNMP) Designed to manage network infrastructure. Architecture consists of a management server (manager) and a client, usually installed on network devices such as routers and switches, called an agent.
TELNET A command line protocol designed to give command line access to another host
rlogin Protocol used for granting remote access to a machine
Remote Copy (RCP) Copies data from or to a remote machine
Remote Shell (RSH) Grants direct remote command execution
Screen Scraper A program that can extract data from output on a display intended for a human. Used in a legitimate fashion when older technologies are unable to interface with modern ones.
Virtual Terminal Service A tool frequently used for remote access to server resources. Allows the desktop environment for a server to be exported to a remote workstation.
Unicast A transmission with one receiving host
Multicast Designed to deliver a stream to only interested hosts (Radio broadcast)
Circuit-Switched Networks Establish a dedicated circuit between endpoints. Examples include POTS, ISDN, and PPP.
Packet-Switched Networks Do not use a dedicated connection between endpoints. Instead data is divided into packets and transmitted on a shared network.
Virtual Circuits Provide a connection between endpoints over high-bandwidth, multiuser cable or fiber that behaves as if the circuit were a dedicated physical circuit
Permanent Virtual Circuit The carrier configures the circuit’s routes when the circuit is purchased. Routes do not change.
Switched Virtual Circuit Circuits are configured dynamically by the routers each time a circuit is used
Carrier Sense Multiple Access (CSMA) Access protocol that uses the absence/presence of a signal on the medium that it wants to transmit on as a permission to speak. Only one device may transmit at a time.
Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) Require devices to announce their intention to transmit by broadcasting a jamming signal. Used in the 802.11 wireless standard.
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) Require devices to listen for a carrier before transmitting data. Used in Ethernet networks.
Fiber Distributed Data Interface (FDDI) Token-passing architecture that uses two rings. Designed to be a 100-Mbps network backbone with one ring as primary and one ring as a backup. Replaced with ATM and MPLS.
Secure Shell (SSH) Services include remote logon, file transfer, and command execution. It also supports port forwarding, which redirects other protocols, such as Telnet, through an encrypted SSH tunnel.
Virtual Local Area Networks (VLANs) Allow the creation of software-based LAN segments. Devices that share a VLAN communicate through switches, without being routed to other sub-networks.
MAC Flooding Attack When the learning table becomes full, the traffic is directed to addresses that cannot be learned anymore and will be permanently flooded. Can be mitigated by port security, one MAC to one port.
VLAN Leaking Switch port becomes compromised to allow traffic from other VLA Ns.
ARP attacks Could be subject to ARP poising or ARP spoofing attacks
Multicast Brute Force Attack Could cause frames to be leaked to other VLANs
Spanning-Tree Attack Tries to get the ID of the port STP is transmitting on, then the attacker sends out STP configuration/topology change acknowledgement BPDUs announcing that he is the new root bridge.
Random Frame Stress Attack Brute force attack that randomly varies several fields of a packet while keeping only the source and destination address constant
T1 Channel 1.54Mbps that is a dedicated circuit
T3 channel 28 bundled T1s, forming a 44.736Mbps circuit
E1 channel 2.048Mbps circuit used in North America and Europe
OC-1 is 51.84Mbps dedicated circuit
OC-3 a 155-52Mbps dedicated circuit
Asymmetric Digital Subscriber Lines (ADSL) Downstream transmission rates are much greater than upstream ones, typically 256 to 512 kbps downstream and 64kbps upstream.
Rate-Adaptive DSL (RADSL) ): The upstream transmission rate is automatically tuned based on the quality of the line.
Symmetric Digital Subscriber Line (SDSL) Uses the same rates for upstream and downstream transmissions. Very High Bit Rate DSL (VDSL): Supports much higher transmission rates than other DSL technologies, such as 13Mbps downstream and 2Mbps upstream.
Frame Relay Consists of service provider switches. Relies on protocols such as TCP to resolve integrity issues.
Asynchronous Transfer Mode (ATM): A connection-oriented protocol designed to transmit data, voice, and video over the same network at very high speeds, such as 155 Mbps. This is facilitated by using small, fixed-length 53-byte cells for all traffic.
Port scanning The act of probing for TCP services on a machine. It is performed by establishing the initial handshake for a connection. Can be used for fingerprinting an operating system.
FIN scanning A stealth scanning method, a request to close a connection is sent to the target machine. If no application is listening on the port, a TCP RST or an ICMP packet will be sent.
NULL scanning No flags are set on the initiating TCP packet
XMAS Scanning All TCP flags are set (or lit, as in a Christmas tree).
TCP Sequence Number Attacks To detect and correct loss of data packets, TCP attaches a sequenced number to each data packet that is transmitted. If a transmission is not reported back as successful, it will be retransmitted.
Very High Bit Rate DSL (VDSL) Supports much higher transmission rates than other DSL technologies, such as 13Mbps downstream and 2Mbps upstream.
Target Acquisition (Discovery) An attack usually starts with intelligence gathering and surveillance to obtain a collection of possible of targets, for instance, through evaluating directory services and network scanning.
Target Analysis (Enumeration) The identified target is analyzed for security weaknesses that would allow the attacker to obtain access.
Target Access (Vulnerability Mapping) The attacker will obtain some form of access to the system
Target Appropriation (Exploitation) The attacker can escalate their privileges on the system to gain system-level access.
Intrusion Detection System IDS
Intrusion Protection System IPS
Host-based IDS/IPS Monitor activity on servers and workstations
Network-based IDS/IPS Monitor network activity, typically stand-alone devices and network IDS logs would be accessed through a separate management console that will also generate alarms and alerts.
Discover Scanning Discover devices and services on the network, to establish whether new or unauthorized devices have been connected.
Compliance Scanning Test of compliance with a given policy, for instance, to ensure certain configurations (deactivation of services) have been applied.
Vulnerability Scanning Test for vulnerabilities, for instance, as part of a penetration test, but also in preparation for an attack.
Teardrop Attack : IP packet fragments are constructed so that the length indicator does not correspond to the true length of the packet, causing confusion resulting in an overlapped fragment that results in a crash.
Overlapping Fragment Attack Used to subvert filters that only inspect the first fragment of a fragmented packet. Will send a harmless first fragment, which will satisfy the packet filter.
Source Routing Exploitation : IP allows the sender to explicitly specify the path. An attacker can abuse source routing so that the packet will be forwarded between network interfaces on a multi-homed computer that is configured to not to forward packets.
Smurf Attack Misuses the ICMP echo requests to create a DOS by sending a spoofed source address to the victim.
Fraggle Attack Uses UDP instead of ICMP to create a DOS by sending a UDP packet with a spoofed source address of the victim.
SYN Flooding A DOS attack using the initial handshake in a TCP connection. Many new connections from faked, random IP addresses are opened in short order, overloading the target’s connection table
Identification The assertion of a unique identity for a person or system and is the starting point for all access control.
Authentication The process of verifying the identity of the user
Authorization The process of defining the specific resources a user needs and determining the type of access to those resources the user may have
X.500 Set of communications protocols and information in the directory is organized as a hierarchical database of information. Key field is called the Distinguished Name (DN) that provides a full path
Lightweight Directory Access Protocol (LDAP) imilar to X.500 and uses a hierarchical tree structure for directory entries. Common attributes include Distinguished Name (DN), Common Name (CN), Domain Component (DC), and Organizational Unit (OU).
Active Directory Domain Services (ADDS) ): Is an implementation of LDAP protocol for Microsoft-based environments, commonly referred to as the AD or ADDS. Domains are identified by their DNS name. Objects are grouped by OU.
Kerberos Developing standard for authenticating network users. Offers two key benefits allowed to function in a multi-vendor network and it does not transmit passwords over the network.
Multi-Factor Authentication Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity. Must be from different categories.
Trusted Platform Module (TPM) A local hardware encryption engine and secured storage for encryption keys.
False Rejection This is a failure to recognize an authorized user. Also known as a Type I error.
False Acceptance This is erroneous recognition, either by confusing one user with another, or by accepting an imposter as a legitimate user. Also known as a Type II error.
Security Assertion Markup Language (SAML) 2.0 A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. It is an XML-based protocol
SAML 2.0 enables web-based authentication and authorization scenarios including SSO. The SAML specification defines three roles: The principle (typically a user), the identity provider, and the service provider (SP)
Identity as a Service (IDaaS) Cloud-based services that broker identity access management functions. A combination of administration and account provisioning, authentication, and authorization and reporting functions.
Federated Identity Is where identity and authorization settings are collected from multiple identity management systems, enabling different systems to define user capabilities and access.
Role-Based Access Control (RBAC) An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization.
Rule-Based Access Control An access control model that is based on a list of predefined rules that determine what accesses should be granted.
Mandatory Access Control (MAC) ): Access control that requires the system itself to manage access control in accordance with the organization’s security policies. Used for systems and data that is highly sensitive.
Discretionary Access Control (DAC) Access control is controlled by the data owner. The owner determines who has access to the data and what privileges they have.
Software Verification Provides objective evidence that the design outputs of a particular phase of the software development life cycle meet all of the specified requirements for that phase
Validation : A matter of developing a “level of confidence” that the software or system meets all requirements and user expectations as documented
Vulnerability Management Software Logs the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.
System Events Operational actions performed by OS components, such as shutting down the system or starting a service.
Audit Records Contain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges
Black box testing The tested system is used as a black box; no internal details of the system implementation are used. Also called definition-based or specification-based, or functional testing.
White box testing Takes the internal system details, such as the source code, into account. Also known as code-based testing or structural testing.
Static Testing Analyze a system without executing the system under the test
Dynamic Testing The system under test is executed and its behavior is observed
Manual Testing Test scenario is guided by a human
Automated Testing Test scenario is executed by specialized application
Architecture Security Reviews A manual review of the product architecture to ensure that it fulfills the necessary security requirements.
Threat Modeling A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Static Source Code Analysis (SAST) Analysis of the application source code for finding vulnerabilities without executing the application.
Automated vulnerability Scanner Tests an application for the use of system components or configurations that are known to be insecure.
Fuzz Testing Tools Will send random data, usually in larger chunks than expected by the application, to the input channels of an application to provoke a crashing of the application.
Statement Coverage This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.
Decision (Branch) Coverage : This criteria requires sufficient test cases for each program decision or branch to be executed so that each possible outcome occurs at least once. Considered to be a minimum level of coverage for most software products.
Condition Coverage This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once.
Multi-Condition Coverage This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.
Loop Coverage This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.
Path Coverage This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a program segment, to be executed at least once.
Data Flow Coverage This criteria requires sufficient test cases for each feasible data flow to be executed at least once.
Normal Case Testing with usual inputs is necessary
Output Forcing Choosing test inputs to ensure that selected (or all) software outputs are generated by testing.
Robustness Software testing should demonstrate that a software product behaves correctly when given unexpected, invalid inputs
Combinations of Inputs The functional testing methods identified above all emphasize individual or single-test inputs. Error guessing can be extended to identify combinations of inputs, but it is an ad-hoc technique.
Regression Analysis The determination of the impact of a change based on review of the relevant documentation (e.g. software requirement specifications, source code, test plans, test cases, test scripts, etc.).
Regression Testing The rerunning of test cases that a program has previously executed correctly and comparing the current result to the previous result in order to detect unintended effects of a software change
Unit (module or component) level testing Focuses on the early examination of sub-program functionality and ensures that functionality not visible at the system level is examined by testing.
Integration level testing Focuses on the transfer of data and control across a program’s internal and external interfaces.
System level testing Demonstrates that all specified functionality exists and that the software product is trustworthy.
Positive testing Determines that your application works as expected. If an error is encountered, then the test fails.
Negative testing Ensures that your application can gracefully handle invalid input or unexpected user behavior.
Use Cases Are abstract episodes of interaction between a system and its environment.
Misuse Case A Use Case from the point of view of an Actor hostile to the system under design.
Interface Testing Involves the testing of the different components of an application, software and hardware, in combination. Conducted to evaluate whether systems or components pass data and control correctly to one another.
Moderator Often tasked to undertake this quality assurance test and document the reaction of the user toward the application. Interviews the end user and endorses their feedback to the software developer
Information Security Continuous Monitoring (ISCM) Maintaining ongoing awareness of information security vulnerabilities, and threats to support organizational risk management decisions.
Live Evidence Data that are dynamic and exist in running processes or other volatile locations (e.g. system/device RAM) that disappear in a relatively short time once the system is powered down
Locard’s Exchange Principle States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange
Chain of Custody The who, what, when, where, and how the evidence was handled – from its identification through its entire life cycle, which ends with destruction or permanent archiving.
Intrusion Detection System (IDS) A technology that alerts organizations to adverse or unwanted activity
Intrusion Prevention System (IPS) A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity.
Security Information and Event Management (SIEM) A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation.
Continuous Monitoring A risk management approach that allows for the continuous accurate picture of an organizations risk posture.
Egress filtering The practice of monitoring and potentially restricting the flow of information outbound from one network to another.
Information Life Cycle An approach for managing and storing data with an understanding that information changes over time and must be managed.
Data Remanence The measure of the existing magnetic field on the media; it is the residue that remains after an object is degaussed or written over.
Incident Response Any event that has the potential to negatively affect the business or its assets
1. Detection Also called identification, IDS and IPS are used to identify and respond to suspected security-related events in real-time or near-real time and can also be detected by a user, service desk technician, or other third-party.
2. Response Also called containment, used to reduce the potential impact of the incident by reducing the number of other systems, devices, or network systems that can become infected.
3. Mitigation Also called eradication, Begin to examine and analyze what has occurred, with a focus on determining the root cause. Root cause goes deeper than identifying only symptoms. It looks at what is the initial event in the cause – effect chain.
4. Reporting Some organizations are required to report incidents which meet certain conditions. For example, US agencies are required to report any breach of PII to US CERT.
5. Recovery Restoring or repairing a system back to a known good state. Can range from restoring an image to a machine to patching a system.
6. Remediation Begins in the mitigation phase and continues after the root cause analysis to determine if broader actions need to occur across the enterprise.
7. Lessons Learned The final report is completed and submitted to management. Feedback from this phase should be used to improving Incident Response for any future incidents. Root cause analysis is finalized.
Firewalls Devices that are designed to examine and filter traffic based on a set of rules designed to indicate what will or will not be allowed.
Network layer firewalls (layer 3) Make their decision to allow or deny traffic based on any/all of the following: IP address, destination IP address and ports.
Application layer firewalls Use an inspection engine that analyzes protocols at the application layer to examine observed protocol activity against defined profiles and allow or deny traffic based on deviations from the profile.
Signature or pattern-matching Systems examine the available information (logs or network traffic) to determine if it matches a known attack.
Stateful Matching Systems examine for attack signatures in the context of a stream of traffic or overall system behavior rather than the individual packets or discrete system activities.
Protocol-anomaly based Systems examine network traffic to determine if what it sees conforms to the defined standard for that protocol.
Statistical-anomaly based Systems establish a baseline of normal traffic patterns over time and detect any deviations from that baseline. Some also use heuristics to evaluate the intended behavior of network traffic to determine if it intended to be malicious or not.
Traffic anomaly based Systems identifies any unacceptable deviation from expected behavior based on actual traffic structure.
Incremental Backup Copies only the files that have changed since the last full or incremental backup was taken and then set the archive bit to “0”.
Differential Backup Copies only the files that have changed since the last full backup and does not change the archive bit.
RAID 0 Writes files in stripes across multiple disks without the use of parity information. This technique allows for fast reading and writing to disk since all of the disks can be accessed in parallel.
RAID 1 Duplicates all disk writes from one disk to another to create two identical drives. Also known as data mirroring and redundancy provided with the duplicate disk.
RAID 5 Requires 3 or more drives to implement. Data and parity information is striped together across all drives. If one drive fails, the parity information on the other drive can be used to reconstruct the lost one.
Desk Check : Uncomplicated and low cost. Participants review plan contents and check information such as phone numbers, equipment, and locations.
Tabletop Exercise or Structured Walkthrough Test Uncomplicated and low cost. Team members meet and discuss each plan element and procedure across several meetings.
Simulation Test Also known as functional tests or war games. Cost and complexity are increased. Typically include a pretend disaster, and all teams exercise their training and judgement and simulate their actions.
Parallel Test Higher cost and more complex. Basically an operations test to show that critical systems can be run at the alternate site. Should not impact operations.
Full-Interruption or Full-Scale Test Highest cost and most complex test. Primary operations are shut down and continuity relies solely on recovery procedure accuracy, completeness, and personnel ability. Should have senior management authorization.
Software Development Life Cycle (SDLC) Simply provides a framework for the phases of a software development project.
1. Requirements gathering Determine the why create this software, the what the software will do, and the for whom the software will be created.
2. Design Deals with how the software will accomplish the goals identified, which are encapsulated into a functional design.
3. Development Programming software code to meet specifications laid out in the design phase
4. Testing/Validation Validating software to ensure that goals are met and the software works as planned
5. Release/Maintenance Deploying the software and then ensuring that it is properly configured, patched, and monitored.
Systems Development Life Cycle (SDLC) Deals with each phase of a system’s life – cradle to grave
1. Initiation Need for a new system is defined
2. Acquisition/development New system is either created or purchased
3. Implementation New system is installed into production environment
4. Operation/maintenance System is used and cared for
5. Disposal System is removed from production environment
Capability Maturity Model Integration (CMMI) A comprehensive integrated set of guidelines for developing products and software. Consists of 5 levels:
1. Initial Development process is ad hoc or even chaotic. Company does not use effective management procedures and plans. No assurance of consistency and quality is unpredictable.
2. Repeatable A formal management structure, change control, and quality assurances are in place. The company can properly repeat processes throughout each project. The company does not have formal process models defined.
3. Defined Formal procedures are in place that outline and define processes carried out in each project. The organization has a way to allow for quantitative process improvement
4. Managed The company has formal processes in place to collect and analyze quantitative data, and metrics are defined and fed into the process improvement plan
5. Optimizing The company has budgeted and integrated plans for continuous process improvement
Waterfall Each phase – concept, requirements definition, design, etc. – contains a list of activities that must be performed and documented before the next phase begins. Very structured. Non-iterative models
Iterative Development Allow for successive refinements of requirements, design, and coding. Iterative models also make it very difficult to ensure that security provisions are still valid in a changing environment
Computer-Aided Software Engineering (CASE) The technique of using computer and computer utilities to help with the systematic analysis, design, development, implementation, and maintenance of software.
Component-Based Development The process of using standardized building blocks to assemble, rather than develop, an application.
Reuse Model An application is built from existing components
Extreme Programming This discipline of software development is based on values of simplicity, communication, and feedback. Programmers work in pairs.
Hierarchical Database Management Model Oldest of the database models. Stores data in a series of records that have field values attached. It collects all the instances of a specific record together as a record type.
Attributes Correspond to a column in a table
Tuple Correspond to a row in the table
Primary key An attribute that uniquely identifies a specific instance of an entity
Foreign key When the primary key of one relation is used as an attribute in another relation
Data Definition Language (DDL) Used to create databases, tables, views, and indices (keys) specifying the links between tables.
Data Manipulation Language (DML) Used to query and extract data, insert new records, delete old records, and update existing records.
Data Control Language (DCL) Used by system and database administrators to control access to data.
Atomicity All or none.
Consistency Changes maintain consistency
Isolation Pending transactions are invisible to others
Durability Once done, stays done
Encapsulation or Data Hiding : A class defines only the data it needs to be concerned with. When an instance of that class is run, the code will not be able to accidentally access other data.
Inheritance The concept of a data class makes it possible to define subclasses of data objects that share some or all of the main class characteristics
Polymorphism Objects may be processed differently depending on their data type
Common Object Request Broker Architecture (CORBA) A set of standards that addresses the need for interoperability between hardware and software products.
Certification The technical evaluation or assessment of security compliance of the information system within its operation environment.
Accreditation (or authorization) Reviews the certification or assessment information and grants the official authorization to place the information system into operational use.
NIST 800-37 Guide for Applying Risk Management Framework to Federal Information Systems
Threat Any potential danger that is associated with the exploitation of a vulnerability
Threat agent The entity that takes advantage of a vulnerability
Risk Likelihood of a threat agent exploiting a vulnerability and the corresponding business impact
Exposure Instance of being exposed to losses
Control or countermeasure Put into place to mitigate (reduce) the potential risk
ISO/IEC 27000 Series Based on British Standard 7799 (BS7700) and outlines how an information security management system (ISMS) (security program) should be built and maintained.
ISO/IEC 27001 ISMS requirements
Zachman Framework Two-dimensional model that uses six basic communication interrogatives (What, How, Where, When, and Why) intersecting with different viewpoints (Planner, Owner, Designer, Builder, Implementer, and Worker) to give a holistic understanding of the enterprise
The Open Group Architecture Framework (TOGAF) From DoD and provides an approach to design, implement, and govern an enterprise information architecture.
Sherwood Applied Business Security Architecture (SABSA) Similar to the Zachman framework and provides a chain of traceability through the strategic, conceptual, design, implementation, and metric and auditing levels
Risk assessment Method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls.
Facilitated Risk Analysis Process (FRAP) Qualitative methodology that focuses only on the systems that really need assessing to reduce cost and time obligations.
Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Created by Carnegie Mellow University ‘s Software Engineering Institute. Intended to be used in situations where people manage and direct the risk evaluation for information security within their company.
Standards Refers to mandatory activities, actions or rules
Baseline Refers to a point in time that is used as a comparison for future changes
Guidelines Recommend actions and operational guides to users, IT staff, operations staff, and others when a specific standard does not apply.
Procedures Detailed step-by-step tasks that should be performed to achieve a certain goal
Data Owner Individual responsible for the protection and classification of a specific data set. Information owner.
Access The flow of information between a subject and an object.
Subject An active entity that requests access to an object or the data within an object.
Object A passive entity that contains information or needed functionality
Simple Object Access Protocol (SOAP) Specification that outlines how information pertaining to web services is exchanged in a structured manner.
Organization for the Advancement of Structured Information Standards (OASIS) Develops and maintains the standards for how various aspects of web-based communication are built and maintained.
Kerberos Authentication protocol that uses a KDC and tickets, and is based on symmetric cryptography.
Secure European System for Application in a Multi-vendor Environment (SESAME) Single sign-on technology developed to extend Kerberos functionality and improve upon its weaknesses. Authentication protocol that uses a PAS and PACs, and is based on symmetric and asymmetric cryptography.
Rule-Based Use of IF/THEN rule-based programming within expert system. The more complex the rules, the more demands on software and hardware processing requirements
Multitasking Simultaneous execution of more than one program (process) or task by a single operating system.
Cooperative Multitasking Multitasking scheduling scheme used by older operating systems to allow for computer resource time slicing. Processes had too much control over resources and would hang.
Preemptive multitasking Multitasking scheduling scheme used by operating systems to allow computer resources time slicing. Used in newer, more stable operating systems
Interrupts Values assigned to computer components (hardware and software) to allow for efficient computer resource time slicing
Thread Instruction set generated by a process when it has a specific activity that needs to be carried out by an OS. When the activity is finished, the thread is destroyed.
Multithreading Applications that can carry out multiple activities simultaneously by generating different instruction sets (threads).
Software deadlock Two processes cannot complete their activities because they are both waiting for system resources to be released.
Buffer Overflow Takes place when too much data are accepted as input to a specific process. Common attack vector used by hackers to run malicious code on a target system.
Bounds checking Ensure the inputted data are of an acceptable length
Swap space The reserved hard drive space used to extend RAM capabilities
Trusted path A communication channel between the user, or program, and the TCB.
Virtual Machine Virtual instance of an operating system
Hypervisor Central program used to manage virtual machines (guests) within a simulated environment (host).
Covert timing channel One process relays information to another by modulating its use of system resources
Dedicated Security Mode All users have a clearance for and a formal need-to-know about all data processed within the system.
System High-Security Mode All users have a security clearance to access the information but not necessarily a need –to-know for all the information processed on the system
Compartmented Security Mode All users have the clearance to access all the information processed by the system in a system high-security configuration, but might not have the need-to-know and formal access approval.
Multilevel Security Mode Permits two or more classification levels of information to be processed at the same time when not all of the users have the clearance or formal approval to access all the information being processed by the system.
Spike Momentary high voltage
Surge Prolonged high voltage
Fault Momentary power outage
Blackout Prolonged power outage
Sag/dip Momentary low voltage condition, from one cycle to a few seconds
Brownout Prolonged low voltage
Best Evidence Primary evidence used in a trail because it provides the most reliability
Secondary Evidence Not viewed as reliable and strong in proving innocence or guilt (or liability in civil cases).
Direct Evidence Can prove a fact all by itself and does not need backup information to refer to
Conclusive Evidence Is irrefutable and cannot be contradicted
Circumstantial Evidence Can prove an intermediate fact that can then be used to deduce or assume the existence of another fact.
Corroborative Evidence Supporting evidence used to help prove an idea or point
Clipping Level The threshold is a baseline for violation activities that may be normal for a user to commit before alarms are raised.
Created by: caterry39
Popular Computers sets

 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards