Save
ERROR: domain sstk.biz is blocked. Contact your network admin
Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password

Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.
focusNode
Didn't know it?
click below
 
Knew it?
click below
Don't Know
Remaining cards (0)
Know
0:00
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

SSCP Exam

QuestionAnswer
DMZ stands for demilitarized zone
Internet large publicly accessible network
Intranet small internal network, requires authentication
Extranet secure externally accessible network, allows remote access, authentication required.
DMZ semi secure environment network sitting in front of the intranet
This is the gateway before you enter the DMZ Firewalls
a global system of interconnected computer networks that use the standard Internet protocol suite (TCP/IP) to link several billion devices worldwide. Internet
is a network based on TCP/IP protocols (an internet) belonging to an organization, usually a corporation, accessible only by the organization’s members, employees, or others with authorization. Intranet
a computer network that allows controlled access from the outside for specific business or educational purposes. extranet
computer host or small network inserted as a “neutral zone” between a company’s private network and the outside public network. It prevents outside users from getting direct access to a server that has company data DMZ
A series of trust relationships that authentication requests must follow between domains trust path
Trust path is only available to authenticated users
The trust type and its assigned direction affect the trust path that is used for authentication. True or false? True
a unidirectional authentication path that is created between two domains A one-way trust
Domain A and Domain B, users in Domain A can access resources in Domain B. However, users in Domain B cannot access resources in Domain A. one-way trust
Transitive trust is trust the is transferred to a third party based on the trust already established by two other parties
Domain A trusts Domain B, and Domain B trusts Domain A. This means that authentication requests can be passed between the two domains in both directions. two-way trust
This determines whether a trust can be extended outside two domains between which the trust was formed transitive trust
You can use the non-transitive trust to deny trust relationships with other domains
a channel of communication within a computer system, or network that is not designed or intended to transfer information Covert Channel
communicate by modifying a stored object Storage channels
transmit information by affecting the relative timing of events Timing channels
the task of controlling information about users on computers identity management
determines whether a user is permitted to access a particular resource authorization
verifying identities before credentials are issued proofing
There are five areas that make up the identity management life cycle ■■ Authorization ■■ Proofing ■■ Provisioning ■■ Maintenance ■■ Entitlement
creation of the users account provisioning
Access control maintenance includes user management, delegated administration, self-password reset
These are items or things that can be people, devices, organizations, code, agents( things we ascribe access control to) entities
All procedures and tools to manage the life cycle of an identity includes: ■■ Creation of the identifier for the identity ■■ Linkage to the authentication providers ■■ Setting and changing attributes and privileges ■■ Decommissioning of the identity
There are five types of “entity” that require digital identity ■■ People ■■ Devices ■■ Organizations ■■ Code ■■ Agents
a set of rules, defined by the resource owner for managing access to a resource and for whatever purpose that access is granted entitlement
Mandatory access control(MAC) applies the need to know element, the system that patriciates in applying a mandatory access policy set through central control
means that a central authority, not by the individual owner of an object, makes access control policy decisions and the owner cannot change access rights. Mandatory access control (MAC) policy
establish controls that cannot be changed by users but only through administrative action. Non-discretionary policies
assigning access rights based on rules specified by the owner. Discretionary Access Control (DAC)
Systems typically store the information from this matrix either by columns or by rows. An implementation that stores by columns is commonly known as an access control list (ACL)
An implementation that stores by rows is commonly known as a capability list
True of False? DACs are not very scalable; they rely on the decisions made by each individual access control object owner, and it can be difficult to find the source of access control issues when problems occur. True
are discretionary controls giving data owners the discretion to determine the rules necessary to facilitate access. Rule Set-Based Access Controls (RSBAC)
users are granted membership into roles based on their competencies and responsibilities in the organization. The operations that a user is permitted to perform are based on the user’s role. Role-Based Access Control (RBAC)
are a natural way of organizing roles to reflect authority, responsibility, and competency. The role in which the user is gaining membership is not mutually exclusive with another role for which the user already possesses membership. Role hierarchies
) is a methodology that restricts the user’s actions to specific functions by not allowing the user to request functions that are outside of his/her respective level of privilege or role. Constrained User Interface (CUI)
Subject is user
Object is system or data you are trying to access
When menu and shell restrictions are used, the options users are given are the commands they can execute
are mechanisms used to restrict user access to data contained in databases. Database views
Physically constraining a user interface can be implemented by providing only certain keys on a keypad or certain touch buttons on a screen. Physically constraining a user interface
restricts or limits an access control subject’s ability to view or perhaps act on “components” of an access control object based on the access control subject’s assigned level of authority. View-Based Access Control
works by permitting or denying the access control subjects access to access control objects based on the explicit content within the access control object. Content-Dependent Access Control (CDAC)
is used in firewall applications to extend the firewall’s decision-making process beyond basic ACL decisions to decisions based on state as well as application-layer protocol session information. Context-Based Access Control (CBAC)
effectively applies a time limitation to “when” a given role can be activated for a given access control subject Temporal Isolation (Time-Based) Access Control
is an access control method where subject requests to perform operations on objects are granted or denied based on assigned attributes of the subject, assigned attributes of the object, environment conditions, and a set of policies Attribute-Based Access Control (ABAC)
are characteristics of the subject, object, or environment conditions and contain information given by a name-value pair. Attributes
is the execution of a function at the request of a subject upon an object. Operations include read, write, edit, delete, copy, execute, and modify. An operation
is the representation of rules or relationships that makes it possible determine if a requested access should be allowed, given the values of the attributes of the subject, object, and possibly environment conditions. Policy
Environment characteristics are independent of subject or object and may include the current time, day of the week, location of a user, or the current threat level.
conditions represent the operational or situational context in which access requests occur and conditions are detectable environmental characteristics Environment conditions
are limited only by the computational language and the richness of the available attributes. Attribute-Based Access Control (ABAC)
This establishes guidelines that require that no single person should perform a task from beginning to end and that the task should be accomplished by two or more people to mitigate the potential for fraud in one person performing the task alone. Separation of Duties
was designed as an architectural reference for controlling access to sensitive data in government and military applications. The components of the model are subjects, objects, and an access control matrix. Bell–LaPadula Confidentiality Model
True or false? The basic tenet of Bell–LaPadula is that a given subject can read objects at the same or lower sensitivity level, but not those at a higher sensitivity level; this is called the simple security property and can be remembered as “no read up.”
it focuses on ensuring that the integrity of information is being maintained by preventing corruption. At the core of the model is a multilevel approach to integrity designed to prevent unauthorized subjects from modifying objects. Biba Integrity Model
Biba integrity model can write up but not down
model addresses this risk using the idea of a well-formed transaction operating on the data. a triple: ■■ Authenticated principals (users) ■■ Programs acting on data (transaction processes) ■■ The data items themselves Clark–Wilson Integrity Model
focuses on preventing subjects from access to objects with sensitive information associated with two competing parties. The principle is that users should not access the confidential information of both a client organization and its competitors. Brewer–Nash (The Chinese Wall) Model
it is primarily concerned with how a model system controls subjects and objects at a very basic level, where other models simply assumed such control. Graham–Denning Model
concerned with situations in which a subject should be restricted from gaining particular privileges. Harrison–Ruzzo–Ullman Mode
View Based Access Controls are an example of: Constrained User Interface
Which of the following is an example of a network device that uses Context-Based Access Control? Stateful inspection firewall
Which of the following are behavioral traits in a biometric device? Voice pattern and Keystroke dynamics
What is the difference between a synchronous and asynchronous password token? Synchronous tokens are generated with the use of a timer while asynchronous tokens do not use a clock for generation
What is an authorization table? A matrix of access control objects, access control subjects and their respective rights
Access control subject is passive entity that typically receives or contains some of data. True
Disconnected tokens are not linked to the network or computer. Connected tokens automatically transmit information to the network as soon as connected. True
A popular network authentication protocol for indirect (third-party) authentication services. Kerberos
An authentication mechanism that allows a single identity to be shared across multiple applications. Single sign on
If a record contains information about an HIV test, the health-care worker may be denied access to the existence of the HIV test and the results of the HIV test. Only specific hospital staff would have the necessary access control rights to view Content-Dependent Access Control
In the measurement of biometric accuracy, which of the following is commonly referred to as a “Type 2 error”? Rate of false acceptance—False Acceptance Rate (FAR)
There are four mandatory tenets of the Code of Ethics: ■■ Protect society, the commonwealth, and the infrastructure ■■ Act honorably, honestly, justly, responsibly, and legally ■■ Provide diligent and competent service to principals ■■ Advance and protect the profession
refers to the property of information in which it is only made available to those who have a legitimate need to know. Confidentiality
may include legal and regulatory fines and sanctions, loss of customer and investor confidence, loss of competitive advantage, and civil litigation consequences of a breach in confidentiality
An important measure to ensure confidentiality of information is _______This helps to determine who should have access to the information (public, internal use only, or confidential). data classification
is the property of information whereby it is recorded, used, and maintained in a way that ensures its completeness, accuracy, internal consistency, and usefulness for a stated purpose. Integrity
refers to the maintenance of a known good configuration and expected operational function Systems integrity
include an inability to read or access critical files, errors, and failures in information processing, calculation errors, and uninformed decision making by business leaders. Consequences of integrity failure
may also result in inaccuracies in reporting, resulting in the levying of fines and sanctions, and in inadmissibility of evidence when making certain legal claims or prosecuting crime. Integrity failures
refers to the ability to access and use information systems when and as needed to support an organization’s operations. Availability
include interruption in services and revenue streams, fines and sanctions for failure to provide timely information to regulatory bodies or those to whom an organization is obliged under contract, and errors in transaction processing and decision making. Consequences of availability failures
A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key. nonrepudiation
is a service that ensures that the sender cannot deny a message was sent and the integrity of the message is intact Non-repudiation
“the rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information.” Privacy
The Organization for Economic Cooperation and Development (OECD) has broadly classified these principles into collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability.
Data should collection ability should be limited to only what is needed to fulfill the needs of the organization.(only collect minimum needed ) collection limitation
Data should be high quality, valid and correct data quality
It needs to be clearly specified how data is being used another words the purpose of use purpose specification
Only use the data for intended usage and not other things use limitation
Keeps CIA of the data intact when embedded in the system. security safeguards
Data should be available and made available to all authorized parties in order for them to use it. Openness
Having the right to opt in and decide whether you want to participate and be held accountable for data Individual participation
Being held accountable for the data accountability
access rights are permissions granted based on the need of a user or process to access and use information and resources. Only those rights and privileges needed to perform a specific function are granted least privilege
Unfortunately, many COTS (commercial, off-the-shelf) applications are developed in environments that have not adopted least privilege principles and, as a result, these products often require elevated privilege to run
is similar to a separation of duties in that it requires two or more people operating at the same time to perform a single function. Dual control
By placing safeguards at two or more points along the access path to the asset, failure of one safeguard can be counteracted by the function of another safeguard further along the access path. This concept is defense-in-depth
are designed to inform security practitioners when a preventive control fails or is bypassed. Detective controls
seek to minimize extent or impact of damage from an attack and return compromised systems and data to a known good state. Corrective controls
THREAT + VULNERABILITY + IMPACT = RISK
states that the total costs to implement and maintain a security measure should be commensurate with the degree to which risks to the confidentiality, integrity, and availability of the assets protected by the security measure The concept of risk-based controls
may be qualitative or quantitative in nature; whenever possible, use quantitative data to document incident probability and impact. A risk assessment
should be kept to support access control system validation testing, in which actual access is compared with authorized access to determine whether the process of assigning access entitlements is working as intended and is aligned with the stated policy. A record of authorizations
is a principle that ties authorized users to their actions Accountability
is enforced through assigning individual access accounts and by generating audit trails and activity logs that link identifying information about the actor (person, system, or application) with specific events. Accountability
Directive control specify rules of behavior
Deterrent control discourage violations
Compensating control substitute for a primary control or loss
Recovery control restore normal operations
are safeguards and countermeasures that are implemented to mitigate, lessen, or avoid a risk. Controls
Controls based on the management of risk and the management of information systems security. These are generally policies and procedures Management
Controls that are primarily implemented and executed through mechanisms contained in the hardware, software, and firmware of the components of the system. Technical
Controls that are primarily implemented and executed by people (as opposed to systems Operational
are introduced when the existing capabilities of a system do not support the requirements of a policy. Compensating controls
True or false? Compensating controls designated as temporary should be removed after they have served their purpose and another, more permanent control should be established True
consists of a linear sequence of six steps. Steps are taken in order, and as each step in the process is completed, the development team moves on to the next step. The waterfall model
Steps in the waterfall model are: Requirement Gathering and Analysis, System Design, Implementation, Integration and Testing, Deployment of System, Maintenance
All possible requirements of the system to be developed are captured in this phase and documented in a requirement specification document. Requirement Gathering and Analysis
The requirement specifications from first phase are studied in this phase and system design is prepared. System Design helps in specifying hardware and system requirements and also helps in defining overall system architecture System Design
With inputs from system design, the system is first developed in small programs called units, which are integrated in the next phase. Each unit is developed and tested for its functionality, which is referred to as Unit Testing. Implementation
All the units developed in the implementation phase are integrated into a system after testing of each unit. Post integration, the entire system is tested for any faults and failures. Integration and Testing
Once the functional and non-functional testing is done, the product is deployed in the customer environment or released into the market. Deployment of System
There are some issues that come up in the client environment. To fix those issues, patches are released. Also, to enhance the product, some better versions are released. Maintenance is done to deliver these changes in the customer environment. Maintenance
Major benefits of using the waterfall method are its ease of use and management (even with large teams), and the broad scope and detailed specificity of systems documentation that is available to certification, accreditation, and application maintenance and enhancement teams.
A major drawback of the waterfall model is that it assumes a static set of requirements captured before design and coding phases begin. Thus, errors may not be noticed until later testing phases, where they are more costly to address.
Security requirements may be incorporated within the nonfunctional requirements specification
Functional security requirements such as how an application responds to incorrect passwords, malformed input, or unauthorized access attempts, can be documented in the form of “abuse” or “misuse” case diagrams.
Functional requirements specify user interactions and system processing steps and are often documented in the form of sequences of action called use cases, documented using Unified Modeling Language (UML)
Nonfunctional requirements, such as those for performance and quality or those imposed by design or environmental constraints, are documented using narratives and diagrams
The spiral model is based on the waterfall development life cycle, but adds a repeated Plan–Do–Check–Act (PDCA) sequence at each stage of the waterfall progression.
was designed to fully leverage modern development environments that make it possible to quickly build user interface components as requirements are gathered Rapid Application Development (RAD
ethods rely on feedback from application users and development teams as their primary control mechanism. Software development is seen as a continuous evolution, where results from continuous release testing are evaluated Agile development
idea of component-based development is based on the reuse of proven design solutions to address new problems. Component Development and Reuse
provides a freely available listing of the top vulnerabilities found in web applications; in reality, the list contains a mix of vulnerabilities and exploits that frequently occur as a result of compromised web browsers and, in some cases, web servers. Open Web Application Security Project (OWASP
Perform authorization checks to requested objects such as files, URLs, and database entries. Secure objects from unauthorized access. Authorization
Most web application platforms include session management functions that link individual requests to an authenticated user account so that the user does not need to manually re-authenticate to each web page. Session management
Encryption of sensitive data Encryption of data at rest may not be feasible for your organization, with the exception of authentication credentials, which should always be encrypted.
User input should be validated using an “accepted known good” approach wherever possible (matching input to a set or range of acceptable values). String length or field size limits, data types, syntax, and business rules should be enforced input fields. Input validation
Dynamic queries and direct database access should not be allowed within web applications. Stored procedures (routines precompiled in the database or callable as program code) should be used wherever possible. Disallow dynamic queries
Consider sending confirmations out of band when there has been a password change or significant business transaction performed via the website. Out-of-band confirmations
Avoid exposing references to private application objects in URL strings, cookies, or user messages. Avoid exposing system information
Avoid exposing information about the system or process, such as path information, stack trace and debugging information, and standard platform error messages in response to errors and consider setting a low debug level for general use. Error handling
ITAM entails collecting inventory and financial and contractual data to manage the IT asset throughout its life cycle. True
addresses whether someone is assigned to manage the machine and whether the machine is authorized; it does not address how well the machine is managed The Hardware Asset Management capability
Quality of management is covered by Software Asset Management (SWAM), Configuration Setting Management (CSM), and Vulnerability Management (VUL)
that is addressable (i.e., has an IP address) and is connected to your organization’s network(s). These devices and their peripherals are remotely attackable. Any hardware asset
The list of desired state hardware assets should: ■■ Be created through a repeatable process ■■ Include only authorized devices ■■ Assign each authorized device for technical management of settings, software, patching, etc.
Because it is important to find unauthorized devices quickly, the list of authorized devices should be stored in a data format that is easy to compare to actual inventory via automation, so unauthorized devices can be easily identified. True
Hardware Asset Management (HAM)
Software Asset Management (SAM)
Align the organization’s Hardware Asset Management strategy with operational goals True
Identify best practices to maximize hardware asset ROI while offering adequate risk protection True
Construct the supporting documents you need to make the case True
Full disk encryption protects the entire contents of a laptop’s hard drive, including the boot sector, operating system, swap files, and user data. True
Devices containing a TPM (Trusted Platform Module) chip chip contain a unique, secret RSA key burned into the chip during manufacture to securely generate derivative keys. Using hardware encryption in conjunction with software-based encryption products is a more secure approach to protecting data.
it is detrimental to encrypt an entire database when only one data element is confidential. True
Encryption may increase the size of data elements in your database by padding smaller chunks of data to produce fixed block sizes. If the database is not sized to accommodate these changes, it may need to be altered. Database size
Performance degradation, particularly when encrypting indexed or frequently accessed fields, may be noticeable. If application performance is a concern, databases may need to be reorganized and reindexed to accommodate the additional decrypting fields. Performance
While some newer, integrated encryption solutions provide transparent decryption services to applications, most communicate through APIs, which must be compiled into business applications that access encrypted data. Application compatibility
o sanitize the data, that is, to mask, scramble, or overwrite sensitive data values with meaningless data, which nonetheless conform to data format and size restrictions. Data sanitization is also known as scrubbing or de-identification.
is a process that scans the entire collection of information looking for similar chunks of data that can be consolidated. Deduplication
Key management refers to the set of systems and procedures used to securely generate, store, distribute, use, archive, revoke, and delete keys. True
Encryption keys are assigned a cryptoperiod, or time span in which they are authorized for use. Expiration
The key distribution center or facility should be capable of authenticating and checking authorization for key requests. Distribution
The key management system should support timely revocation of expired and compromised keys, and secure destruction of key material that is no longer valid. Revocation and destruction
All key management operations should be fully audited, and event logs or audit records should be protected from unauthorized access and modification. Audit and tracking
The key management policy should specify the requirements for emergency replacement and revocation of encryption keys. Availability should be protected by storing backup or archive copies of keys in a separate location. Emergency managemen
functions to assign specific properties to an object such as how long the object may exist, what users or systems may access it, and if any notifications need to occur when the file is opened, modified, or printed. Information Rights Management (IRM)
Many print processing functions send output to printers in the form of print spooler files, which contain human-readable copies of data to be printed. Securing spooled files is necessary to preserving confidentiality. True
(list of records, owners, retention periods, and destruction methods) is an important component of an organization’s information handling procedures. A record retention policy and schedule
are responsible for designating retention periods and assigning custodial duties, typically in IT, to ensure that record integrity is preserved for the specified retention period. Information owners
Handling procedures for confidential information must include provisions for secure destruction of records containing sensitive information. True
include burning, shredding, disk cleaning or reformatting, and tape degaussing. Secure destruction methods
Strip-cut shredders Cut paper in long, thin strips
Preferable to strip-cut, these cut paper into small rectangular fragments Cross-cut shredders
Similar to cross-cut; creates tiny square or circular fragments Particle-cut shredders
Pound paper through a screen Hammermills
Repeatedly cut paper into fine, mesh-size particles Granulators (or disintegrators)
Government and certain private applications may require use of shredders certified and labeled at a specific maximum security level for paper documents containing classified information. Secerety level 1-6 smaller the level the least secure and least small of cuts
to any operation that removes or obscures stored data such that it cannot be reconstructed using operating system or third-party utilities. Clearing
removes data in such a way that it cannot be reconstructed at all. Sanitizing or purging
or overwriting, is a method of writing over existing data — typically with a stream of zeroes, ones, or a random pattern of both Disk wiping
is a technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data. Degaussing
DLP Data Leakage Prevention
distributed files and databases to locate sensitive data is the first step in implementing data leakage prevention tools. The process of “crawling
Data may be labeled or “tagged” with an identifier that can be used to subsequently monitor movement of that data across the network. This is particularly useful in identifying documents and files containing sensitive information. Labeling
Content monitoring and usage policies specify which data are sensitive and define rules for copying or transmitting that data, typically using a combination of predefined labels, keywords, and regular expressions Policy Creation
Data communications over local and wide area networks, data ata traversing perimeter gateway devices, and data leaving host computers via USB or serial connections are monitored by inspecting the contents of the communication Content Detection/Monitoring
When policy violations are detected, user actions may be prevented or network traffic may be dropped, depending on the location of the violation. Prevention or Blocking
Violations of data disclosure policies are reported, typically showing the policy that was violated, the source IP address, and the login account under which the violation occurred. Reporting
Waterfall model is development method that follows a linear sequence of steps Waterfall model is development method that follows a linear sequence of steps Waterfall model is development method that follows a linear sequence of steps The met True
A technique of erasing data on disk or tape A technique of erasing data on disk or tape Degaussing
Assigns specific properties to an object such as how long the object may exist, what users or systems may access it, and if any notifications need to occur when the file is opened, modified, or printed. Information Rights Management (IRM)
Waterfall Model is easy to use and manage. True
Entails collecting inventory and financial and contractual data to manage the IT asset throughout its life cycle. IT Asset Management (ITAM)
Security requirements should be considered along with functional requirements? True
Burning paper records or disks is an appropriate way of data disposal FALSE
One of the most important security considerations for application security is data input ____ validation
The method of writing over existing data. Data wiping
Overwriting sensitive data value with meaningless data. Data scrubbing
are security controls that the computer system executes. The controls can provide automated protection from unauthorized access or misuse, facilitate detection of security violations, and support security requirements for applications and data. Technical controls
address process-based security controls implemented and executed by people. These controls rely on management controls to identify the appropriate processes or actions, and often rely on the technical controls for enforcement. Operational Control policies
These are accidental in nature and are by far the most frequent type of operational issues. Mistyping a value (such as the route target in MPLS VPNs) is one example, or forgetting statements in a firewall is another example Accidental misconfigurations
These are deliberate in nature but vary in their degree of maliciousness. For example, violation of the security policy to allow an operator’s home system access through the corporate firewall is not as likely to be as severe as acts of sabotage Deliberate misconfigurations
written documents that set the expectations for how security will be implemented and managed in an organization Security policies are formal
address security topics that can be characterized as managerial. They are techniques and concerns that are normally addressed by management in the organization’s computer security program. Management Controls
typically address a limited area of risk related to a particular class of assets, type of technology, or business function. Subject-specific security policies
■■ E-Mail and Internet Usage Policies ■■ Antivirus Policy ■■ Remote Access Policy ■■ Information Classification Policy ■■ Encryption Policies ■■ Policy Document Format Examples of specific security policies include
This statement provides the policy’s context. It gives background information and states the purpose for writing the policy, including the risk or threats the policy addresses and the benefits to be achieved by policy adherence. Objective
A succinct statement of management’s expectations for what must be done to meet policy objectives Policy Statement
This lists the positions to whom the policy applies, the situations in which it applies, and any specific conditions under which the policy is to be in effect Applicability
How compliance with the policy will be enforced using technical and administrative means. This includes consequences for noncompliance. Enforcement
States who is responsible for reviewing and approving, monitoring compliance, enforcing, and adhering to the policy. Roles and Responsibilities
Specifies a frequency of review or the next review date on which the policy will be assessed for currency and updated if needed Review
are living documents that communicate management expectations for behavior Security policies
A clear statement of policy objectives answers the question, “Why are we developing this policy?” The statement of objective will guide development of the specific points in the policy statement and will help keep team discussions in scope and focused. State the objective
The policy statement should be drafted in simple, clear language that will be easily understood by those who must comply with the policy. Draft the policy specifics
Policy enforcement mechanisms may include technical controls, such as access management systems, content blocking, and other preventive measures, as well as administrative controls, such as management oversight and supervision. Identify methods for measurement and enforcement
can be measured through audit trails, automated monitoring systems, random or routine audits, or management supervision. Compliance with policy expectations
The timing, frequency, and mechanism by which the policy will be communicated to employees and others should be established before final policy approval. Communication
olicies should be reviewed at least annually to ensure that they continue to reflect management’s expectations, current legal and regulatory obligations, and any changes to the organization’s operations. Periodic review
is a formal, documented requirement that sets uniform criteria for a specific technology, configuration, nomenclature, or method. A standard
are recommended practices to be followed to achieve a desired result. They are not mandatory and provide room for flexibility in how they are interpreted and implemented Guidelines
is a special type of standard that specifies the minimum set of security controls that must be applied to a particular system or practice area in order to achieve an acceptable level of assurance. A baseline
are step-by-step instructions for performing a specific task or set of tasks. Like standards, procedures are often implemented to enforce policies or meet quality goals. Procedures
The reason for performing the procedure, usually the desired outcome Purpose
Who is responsible for following the procedure, and in what circumstances the procedure is followed Applicability
The detailed steps taken to perform the procedure Steps
Illustrations, diagrams, or tables used to depict a workflow, values to enter in specific fields, or display screen shots to show formats and to enhance ease of use Figures
Yes–no questions whose answer results in branching to a different step in the procedure; these may be written as steps in the procedure or included in a workflow diagram or decision tree Decision points
Typical components of a procedure are purpose, applicability, steps, figures, decision points
Components of a security policy objective, draft, methods of measurement and enforcement, compliance expectations, communications, periodic review
The goal of release management is to provide assurance that only tested and approved application code is promoted to production or distributed for use. True
is a software engineering discipline that controls the release of applications, updates, and patches to the production environment Release management
is responsible for planning, coordination, implementation, and communication of all application releases. The release manager
Release management policy specifies ■■ The conditions that must be met for an application or component to be released to production ■■ Roles and responsibilities for packaging, approving, moving, and testing code releases ■■ Approval and documentation requirements
Release management tools ■■ Role-based access control to enforce separation of duties ■■ Approval checking and rejection of unapproved packages ■■ Component verification tools to ensure that all required application ■■ Auditing and reporting tools
is the process of validating that existing security controls are configured and functioning as expected, both during initial implementation and on an ongoing basis. Systems assurance
is a discipline that seeks to manage configuration changes so that they are appropriately approved and documented, so that the integrity of the security state is maintained, and so that disruptions to performance and availability are minimized. Configuration management (CM)
Typical steps in the configuration management process are: Change request Approval Documentation Testing Implementation Reporting
CM System Goals The system should identify and maintain: Baseline hardware, software, and firmware configurations ■■ Design, installation, and operational documentation ■■ Changes to the system since the last baseline ■■ Software test plans and results
The configuration management system implements the four operational aspects of CM: Identification Control Accounting Auditing
s a process of identifying and documenting hardware components, software, and the associated settings. Configuration management
All devices and systems connected to the network should be in the hardware list.
At a minimum, configuration documentation should include the following information about each device and system: ■■ Make ■■ Model ■■ MAC addresses ■■ Serial number ■■ Operating system or firmware version ■■ Location ■■ BIOS and other hardware-related passwords ■■ Assigned IP address if applicable
Software is a similar concern and a software inventory should minimally include: Software name ■■ Software vendor (and reseller if appropriate) ■■ Keys or activation codes (note if there are hardware keys) ■■ Type of license and for what version ■■ Number of licenses ■■ License expiration
System and application configuration should be standardized to the greatest extent possible to reduce the number of issues that may be encountered during integration testing. True
Software configurations and their changes should be documented and tracked with the assistance of the security practitioner. It is possible that server and workstation configuration guides will change frequently due to changes in the software baseline. True
Each component of the system configuration should be separately identified and maintained as a configuration item (CI) within configuration management database (CMDB)
Within the _______changes are tracked by comparing the differences between a CI before and after the change in a change set or delta CMDB
implemented to govern change requests, approvals, change propagation, impact analysis, bug tracking, and propagation of changes. Control mechanisms
captures, tracks, and reports on the status of CIs, change requests, configurations, and change history. Accounting
is a process of logging, reviewing, and validating the state of CIs in the CMDB Auditing
CMDB Auditing ensures that changes are appropriately documented ■■ A clear history of changes is retained in such a way that they can be traced ■ Auditing also compares the information in the CMDB with the actual system configuration
is the analysis conducted by qualified staff within an organization to determine the extent to which changes to the information system affect the security posture of the system. Security impact assessment
describes the extent to which systems and devices can exchange data and interpret that shared data Interoperability
is the ability to automatically interpret the information exchanged meaningfully and accurately in order to produce useful results as defined by the end users of both systems. semantic interoperability
If two or more systems are capable of communicating and exchanging data, they are exhibiting syntactic interoperability
The application of software and firmware patches to correct vulnerabilities is a critical component of vulnerability and configuration management practices Patch Management
The patch management process includes the following steps: Acquisition, Testing, Approval, packaging, deployment, verification
Automated patch management tools should be able to verify correct application of patches and report all successful and unsuccessful deployments back to a centralized console or reporting engine. Verification
Having an accurate inventory of machines and their current patch levels is critical to successful deployment of patches. Deployment
Patches must be packaged or configured for distribution and installation on target systems. Depending on how patches are deployed, packaging can take several forms Packaging
Not all patches will be immediately approved for deployment. Approval
Patches must be tested to ensure that they can be correctly distributed and installed, and that they do not interfere with normal system or application functioning Testing
Patches are most often supplied via download from the vendor’s website. Acquisition
Policies are often a collection of data. False
Baselines are: Minimum levels of security
There are usually three types of controls managerial , technical, and physical. True
Code signing ensures the integrity of source code True
Question 5 Release manager is responsible for planning, coordination, implementation, and communication of all application releases. True
Question 6 A software engineering discipline that controls the release of applications, updates, and patches to the production environment. Release management
Which of the following is the last step in any change control process? Configuration management should be based on a foundation of policies, standards, and procedures True
Configuration management and patch management should be part of any organization’s change control process? True
A repository that contains a collection of IT assets that are referred to as configuration items. Configuration management database
This device uses a magnetic field or mechanical contact to determine if an alarm signal is initiated. One magnet will be attached to the door and the other to the frame; when the door is opened, the field is broken. Balanced Magnetic Switch (BMS)
A fixed camera with a video motion feature can be used as an interior intrusion point sensor Motion Activated Cameras
This device uses passive listening devices to monitor building spaces. Acoustic Sensors
Many think of this device from spy movies, where the enduring image of secret agents and bank robbers donning their special goggles to avoid triggering an active infrared beam is recalled. Infrared Linear Beam Sensors
A PIR sensor is one of the most common interior volumetric intrusion detection sensors. Because there is no beam, it is called passive. A PIR picks up heat signatures (infrared emissions) from intruders by comparing infrared receptions Passive Infrared (PIR) Sensors
These provide a common-sense approach for the reduction of false alarm rates. Dual-Technology Sensors
All visitors entering the facility should: Sign in and sign out on a visitor’s log to maintain accountability of who is in the facility, Be greeted by a knowledgeable receptionist who in turn will promptly contact the employee with whom the visitor is there to meet.
All visitors entering the facility should: Be given a temporary badge that does not double as an access card.Present a form of photo identification, such as a driver’s license to the receptionist for verification.
Perimeter Doors Perimeter doors should consist of hollow steel doors or steel-clad doors with steel frames. ■■ Ensure the strength of the latch and frame anchor equals that of the door and frame. ■■ Permit normal egress through a limited number of doors,
The electric lock is a secure method to control a door. An electric lock actuates the door bolt. For secure applications, dual locks can be used. Electric Locks
The difference between an electric strike and an electric lock is in the mechanism that is activated at the door. In an electric-strike door, the bolt remains stationary and the strike is retracted. Electric Strikes
is surface-mounted to the door and doorframe. Power is applied to magnets continuously to hold the door closed The magnetic lock
is a strategy where a person must present a credential to enter an area or facility, and then again use the credential to “badge out.” Anti-passback
A correctly constructed mantrap or portal will provide for tailgate detection while it allows roller luggage, briefcases, and other large packages to pass without causing nuisance alarms. People atte overhead sensing True
which is designed to provide a secure access control in the lobby of a busy building. This system is designed as a set of parallel pedestals that form lanes, which allow entry or exit. optical turnstile
According to UL standard 437, door locks and locking cylinders must resist attack through the following testing procedures: the picking test, impression test (a lock is surreptitiously opened by making an impression of the key with a key blank of some malleable material forcing test, and salt spray corrosion test
Key locks are one of the basic safeguards in protecting buildings, personnel, and property and are generally used to secure doors and windows. True
A rim lock is a lock or latch typically mounted on the surface of a door. It is typically associated with a dead bolt type of lock. Rim lock
is a lock or latch that is recessed into the edge of a door, rather than being mounted to its surface. Mortise lock
The pin tumbler cylinder is a locking cylinder that is composed of circular pin tumblers that fit into matching circular holes on two internal parts of the lock. Locking cylinders
A cipher lock is controlled by a mechanical keypad, typically five digits, that when pushed in the right combination the lock will release and allow entry. Cipher lock
are keys with a built-in microprocessor, which is unique to the individual key holder and identifies the key holder specifically. “Intelligent keys”
provide a quick way to disable a key by permitting one turn of the master key to change a lock. “Instant keys”
are often the last bastion of defense between an attacker and an asset. Safes
It must be resistant to entry (by opening the door or making a six-inch hand hole through the door) for a net working time of 15 minutes using any combination of the following tools: mechanical or portable electric hand drills ,carbide drill Tool-Resistant Safe Class TL-15
is defined as a room or compartment designed for the storage and safekeeping of valuables and has a size and shape that permits entrance and movement within by one or more persons. A vault
The standards are intended to establish the burglary-resistant rating of vault doors and modular vault panels according to the length of time they withstand attack by common mechanical tools, electric tools, cutting torches, or any combination thereof. ■■ Class M: one-quarter hour ■■ Class 1: one-half hour ■■ Class 2: one hour ■■ Class 3: two hours
is a reinforced filing cabinet that can be used to store proprietary and sensitive information. The standards for classified containers are typically from a government. A container
all keys need to be tightly controlled from the day of purchase by designated personnel responsible for the lock system. True
needs a higher level of security than the rest of the facility. This should encompass a protected room with no windows and only one controlled entry into the area. A server room
rack locks can ensure that only the correct people have access to servers and only telecommunications people have access to telecommunications gear. “ Rack Security
Personnel within the organization need to be segregated from access areas where they have no “need to know” for that area.
rule is a strategy where two people must be in an area together, making it impossible for a person to be in the area alone. It prevents an individual cardholder from entering a selected empty security area unless accompanied by at least one other person. The “two-person” rule
This is a battery backup system, which maintains a continuous supply of electric power to connected equipment by supplying power from a separate source when utility power is not available Uninterruptible Power Supply (UPS)
Generator power should be activated automatically in the event of a utility failure by the transfer switch. True
stands for heating, ventilation, and air-conditioning. HVAC
Excessive heat degrades _______and causes downtime. Data centers and server rooms need an uninterrupted cooling system. network performance
is the ability of the air-conditioning system to remove moisture. This is important in typical comfort-cooling applications, such as office buildings, retail stores, and other facilities with high human occupancy and use. Latent cooling
is the ability of the air-conditioning system to remove heat that can be measured by a thermometer. Data centers generate much higher heat per square foot than typical comfort-cooling building environments Sensible cooling
Restrict access to main air intake points to people who have a work-related reason to be there and that air intake points are adequately secured with locking devices True
Maintain access rosters of pre-approved maintenance personnel authorized to work on the system True
Escort all contractors with access to the system while on site True
To protect your server room from fire, the organization needs to have smoke detectors installed and linked to a panel with enunciators that will warn people that there is smoke in the room. Also, it should be linked to a fire suppression True
Optical detection (photoelectric): Classified as either beam or refraction
operate on the principle of light and a receiver. Once enough smoke enters the room and breaks the beam of light, the alarm is sounded. Beam detectors
has a blocker between the light and the receiver. Once enough smoke enters the room, the light is deflected around the beam to the signal. The refraction type
Primarily detect a large mass of hot gases that emit a specific spectral pattern in the location of the detector; these patterns are sensed with a thermographic camera and an alarm is sounded. Infrared (IR
Detect flames at speeds of 3 – 4 milliseconds due to the high-energy radiation emitted by fires and explosions at the instant of their ignition. Some of the false alarms of this system include random UV sources such as lightning, radiation, Ultraviolet (UV) detectors
Include fixed temperature or rate of rise detectors. The user will set a predetermined temperature level for the alarm to sound. If the room temperature rises to that setting, the alarm will sound. Heat detectors
All buildings should be equipped with an effective _________, providing the building with around-the-clock protection. Traditionally, fire suppression systems employed arrays of water sprinklers that would douse a fire and surrounding areas. fire supression system
have a constant supply of water in them at all times; these sprinklers once activated will not shut off until the water source is shut off. Wet systems
do not have water in them. The valve will not release until the electric valve is stimulated by excess heat. Dry systems
incorporate a detection system, which can eliminate concerns of water damage due to false activations. Water is held back until detectors in the area are activated. Pre-action systems
operate in the same function as the pre-action system except all sprinkler heads are in the open position. Deluge systems
systems operate to starve the fire of oxygen. Gas suppression
uses an aerosol of microscopic potassium compounds in a carrier gas released from small canisters mounted on walls near the ceiling. Aero-K
is a colorless, liquefied compressed gas. It is stored as a liquid and dispensed into the hazard as a colorless, electrically non-conductive vapor that is clear and does not obscure vision. FM-200
seeks to reduce the risk related to human error, misjudgment, and ignorance by educating people about the risks and threats to confidentiality, integrity, and availability, and how they can help the organization be more resistant to threats Security awareness
General security awareness differs from awareness training in that awareness is designed to get people’s attention while training instructs people on practices they can adopt to identify, respond to, and protect against security threats. True
Some specific vehicles for delivering general security awareness include: Threat alerts distributed by e-mail ■■ Security-specific newsletters or articles in your company’s newsletter ■■ Security awareness intranet sites ■■ Screensavers and computer wallpaper ■■ Posters and notices ■■ Brochures or pamphlets
is typically more formal in nature and produces more directly measurable results. Training
Potential Training Topics ■ Labeling and handling of sensitive information ■■ Appropriate use policies for e-mail, Internet, and other services ■■ Customer privacy laws, policies, and procedures ■■ Protecting intellectual property and copyright
Security awareness is an example of a very effective way of dealing with the risk of social engineering? True
A security awareness program should be re-enforced by policy? True
All buildings are required to be equipped with an effective fire suppression system to provide protection. True
True
Which of the following describes best the capabilities of camera systems in physical security? Cameras provide surveillance, incident detection and response capabilities
A security technique in which a person opens one door and waits for it to close before the next door opens. Mantrap
Air contamination is a security issue. True
A fire suppression system that does not have water in the pipes until the electric valve is stimulated by excess heat. Dry system
Risks related to human error, misjudgement, and ignorance can be reduced by _________ Security awareness training
A strategy where two people must be in an area together, making it impossible for a person to be in the area alone. Two- person rule
Physical security is an integral part of information security. True
Senior management is ultimately accountable for the protection of valuable information True
Security strategy needs to be aligned with the strategy of the business. True
Which of the following is NOT true of policies? Policies are often a collection of ideas
Question 5 A fire suppression system that contains water in the pipes but will not release the water until detectors in the area have been activated. Pre-action System
Question 6 It is important to understand that each layer of security should have preventive, detective and corrective capabilities? True
CCTV is an example of __________ Detective control
Lighting is an example of ______ Deterrent control
Fence in an example of _________ Preventive control
Accountability for protecting information rest with the ____. Owner
Securing our systems, networks, and applications requires an integrated solution that is interoperable, easy to maintain, and easy to _____. Monitor
A process that scans the entire collection of information looking for similar chunks of data that can be consolidated. Deduplication
Controls that prescribe some sort of punishment, randing from embarrassment to job termination or jail time for noncompliance. Their intent is to dissuade people from performing unwanted acts. Deterrent control
These controls remedy the circumstances that enabled unwarranted activity, and/or return conditions to where they were prior to the unwanted activity. Corrective control
A security principle in which any user/process is given only the necessary,minimum level of access rights explicitly, for the minimum amount of time, in order for it to complete its operation. Least privilege
When different encryption keys generate the same ciphertext from the same plaintext message. Key clustering
Each encryption or decryption request is performed immediately. Synchronous
Encrypt/Decrypt requests are processed in queues. A key benefit of asynchronous cryptography is utilization of hardware devices and multiprocessor systems for cryptographic acceleration. Asynchronous
is a one-way mathematical operation that reduces a message or data file into a smaller fixed length output, or hash value. A hash function
provide authentication of a sender and integrity of a sender’s message. A message is input into a hash function. Then, the hash value is encrypted using the private key of the sender. The result of these two steps yields a digital signature. Digital signatures
is a term used in cryptography in which a secret key is applied to a message to change the content in a particular way. An example is shifting the letter by a specified number in the alphabet, A turns into D. Symmetric
is a term used in cryptography in which two different but mathematically related keys are used where one key is used to encrypt and another is used to decrypt. This term is most commonly used in reference to Public Key Infrastructure (PKI). Asymmetric
is an electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, digital certificate
an entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates. Certificate authority (CA)
performs certificate registration services on behalf of a CA.The RA is also expected to perform user validation before issuing a certificate request. Registration authority(RA)
is the message in its natural format. Plaintext is readable to anyone and is extremely vulnerable from a confidentiality perspective. Plaintext or cleartext
is the altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients Ciphertext or cryptogram
is the process of converting the message from its plaintext to ciphertext. Encryption
is the reverse process from encryption. Decryption
is the input that controls the operation of the cryptographic algorithm. It determines the behavior of the algorithm and permits the reliable encryption and decryption of the message. The key or cryptovariable
is a security service by which evidence is maintained so that the sender and the recipient of data cannot deny having participated in the communication. Non-repudiation
is a mathematical function that is used in the encryption and decryption processes. An algorithm
is the study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services. Cryptanalysis
is the science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence. Cryptology
occurs when a hash function generates the same output for different inputs. Collision
represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password. Key space
represents the time and effort required to break a protective measure. Work factor
is a non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment. An initialization vector (IV)
is the action of changing a message into another format through the use of a code. Encoding
is the reverse process from encoding — converting the encoded message back into its plaintext format. Decoding
or permutation is the process of reordering the plaintext to hide the message. Transposition
Substitution is the process of exchanging one letter or byte for another.
SP stands for substitution and permutation (transposition), and most block ciphers do a series of repeated substitutions and permutations to add confusion and diffusion to the encryption process. The SP-network
is provided by mixing (changing) the key values used during the repeated rounds of encryption. Confusion
is provided by mixing up the location of the plaintext throughout the ciphertext. Through transposition, the location of the first character of the plaintext may change several times during the encryption process, Diffusion
is an important consideration in all cryptography used to design algorithms where a minor change in either the key or the plaintex will have a significant change in the resulting ciphertext. This is also a feature of a strong-hashing algorithm. The avalanche effect
If the work factor is sufficiently high, the encryption system is considered to be practically or economically unbreakable, and is sometimes referred to as “economically infeasible” to break
The cryptographic key cannot be sent in the same channel (or transmission medium) as the data, so out-of-band distribution must be considered. Out of band means using a different channel to transmit the keys, such as courier, fax, phone, orother methods. True
Separate the key and the message Out-of-Band Key Distribution
is an encryption protocol that forms part of the 802.11i standard for wireless local area networks. The CCMP protocol is based on AES encryption using the CTR with CBC-MAC (CCM) mode of operation. Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)
was developed in 1996 by Carlisle Adams and Stafford Tavares. CAST-128 can use keys between 40 and 128 bits in length and will do between 12 and 16 rounds of operation, depending on key length. CAST
was developed as a replacement for DES by Xuejai Lai and James Massey in 1991. IDEA uses a 128-bit key and operates on 64-bit blocks. IDEA does eight rounds of transposition and substitution using modular addition and multiplication International Data Encryption Algorithm (IDEA)
. The algorithms were developed by James Massey and work on either 64-bit input blocks (SAFER-SK64) or 128- bit blocks (SAFER-SK128). A variation of SAFER is used as a block cipher in Bluetooth. Secure and Fast Encryption Routine (SAFER)
is a symmetrical algorithm developed by Bruce Schneier. It is an extremely fast cipher and can be implemented in as little as 5K of memory Blowfish
by Ron Rivest of RSA and is deployed in many of RSA’s products. It is a very adaptable product useful for many applications, ranging from software to hardware implementations. RC5
a stream-based cipher, was developed in 1987 by Ron Rivest for RSA Data Security and has become the most widely used stream cipher, being deployed, for example, in WEP and SSL/TLS. RC4,
Symmetric algorithms are very fast and secure methods of providing confidentiality and some integrity and authentication for messages being stored or transmitted True
However, there are serious disadvantages to symmetric algorithms — key management is very difficult, especially in large organizations. True
the attacker has access to both the ciphertext and the plaintext versions of the same message. The goal of this type of attack is to find the link — the cryptographic key that was used to encrypt the message. known plaintext attack
This attack works closely with several other types of attacks. It is especially useful when attacking a substitution cipher where the statistics of the plaintext language are known. Frequency Analysis
the attacker has access to the decryption device or software and is attempting to defeat the cryptographic protection by decrypting chosen pieces of ciphertext to discover the key. Chosen Cipher-Text
that it is easier to find two messages that hash to the same message digest than to match a specific message and its specific message digest. birthday attack
merely encrypts all of the words in a dictionary and then checks whether the resulting hash matches an encrypted password stored in the SAM file or other password file. The dictionary attack
This attack is meant to disrupt and damage processing by the attacker sending repeated files to the host. Replay Attack
This attack is aimed at the RSA algorithm. Because that algorithm uses the product of large prime numbers to generate the public and private keys, this attack attempts to find the keys through solving the factoring of these numbers. Factoring Attack
This attack is one of the most common. A competing firm buys a crypto product from another firm and then tries to reverse engineer the product. Through reverse engineering, it may be able to find weaknesses in the system or gain crucial information Reverse Engineering
Most cryptosystems will use temporary files to perform their calculations. If these files are not deleted and overwritten, they may be compromised and lead an attacker to the message in plaintext. True
Implementation attacks are some of the most common and popular attacks against cryptographic systems due to their ease and reliance on system elements outside of the algorithm. True
The main types of implementation attacks include: ■■ Side-channel analysis ■■ Fault analysis ■■ Probing attacks
are passive attacks that rely on a physical attribute of the implementation such as power consumption/emanation. These attributes are studied to determine the secret key and the algorithm function Side-channel attacks
force the system into an error state to gain erroneous results. By forcing an error, gaining the results, and comparing it with known good results, an attacker may learn about the secret key and the algorithm Fault analysis attempts
watch the circuitry surrounding the cryptographic module in hopes that the complementary components will disclose information about the key or the algorithm. Probing attacks
the European Data Protection Directive only allows for the processing of personal data under specific circumstances, such as: When processing is necessary for compliance with a legal action ■■ When processing is required to protect the life of the subject ■■ When consent is provided ■■ When the processing is performed within “public interest”
is the knowledge and attitude members of an organization possess regarding the protection of the physical and especially information assets of that organization. Security awareness
is a set of system, software, and communication protocols required to use, manage, and control public key cryptography. It has three primary purposes A PKI
A PKI has three primary purposes: ■■ Publish public keys/certificates ■■ Certify that a key is tied to an individual or entity ■■ Provide verification of the validity of a public key
“signs” an entity’s digital certificate to certify that the certificate content accurately represents the certificate owner. The CA
The CA can revoke certificates and provide an update service to the other members of the PKI via a Certificate Revocation List (CRL)
is a list of non-valid certificates that should not be accepted by any member of the PKI Certificate Revocation List (CRL)
The use of public key (asymmetric) cryptography has enabled more effective use of symmetric cryptography as well as several other important features, such as greater access control, non-repudiation, and digital signatures. True
was developed to address the need of financial institutions to transmit securities and funds securely using an electronic medium. Specifically, it describes the means to ensure the secrecy of keys. ANSI X9.17
approach is based on a hierarchy of keys. At the bottom are data keys (DKs). Data keys are used to encrypt and decrypt messages. They are given short lifespans, such as one message or one connection. At the top are master key-encrypting keys The ANSI X9.17
Two mechanisms necessary to implement high integrity cryptographic operations environments where separation of duties is paramount are Dual Control and Split knowledge
is the unique “what each must bring” and joined together when implementing dual control. Split Knowledge
is implemented as a security procedure that requires two or more persons to come together and collude to complete a process. In a cryptographic system, the two (or more) people would each supply a unique key that together performs a cryptographic process. Dual Control
Computers are so thoroughly deterministic that they have a hard time generating high-quality randomness. Therefore, special purpose built hardware and software called “random number generators,” or RNGs, are needed for cryptography applications.
Key length is another important aspect of key management to consider when generating cryptographic keys. Key length is the size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering pi True
The process of using a KEK(Key Encrypting Keys) to protect session keys is called key wrapping.
Keys can be distributed in a number of ways. For example, two people who wish to perform key exchange can use a medium other than that through which secure messages will be sent. This is “out-of-band” key exchange.
A more scalable method of exchanging keys is through the use of a PKI key server
is a central repository of public keys of members of a group of users interested in exchanging keys to facilitate electronic transactions. A key server
Recall the formula used before to calculate the number of symmetric keys needed for users: n (n −1)/2
Methods for protecting stored keying material, passphrase-protected smart cards, key wrapping session keys using long-term storage KEKs, splitting cipher keys and storing in physically separate storage locations, strong passwords/passphrases, key expiry, True
In order to guard against a long-term cryptanalytic attack, every key must have an expiration date
Additional guidance for storage of cipher keys include: All centrally stored data that is related to user keys should be signed or have a MAC applied to it, Backup copies should be made of central/root keys, Provide key recovery capabilities, Archive user keys for a sufficiently long crypto period
Among the factors affecting the risk of exposure are: The strength of the cryptographic mechanisms, the embodiment of the mechanisms, the operating environment, The security life of the data, The key update or key derivation process
is the process of ensuring a third party maintains a copy of a private key or key needed to decrypt information. Key escrow
is a concept used in PGP, GnuPG, and other OpenPGP-compatible systems to establish the authenticity of the binding between a public key and its owner. a web of trust
is a suite of protocols for communicating securely with IP by providing mechanisms for authenticating and encryption. IP Security (IPSec)
Further, IPSec can be implemented in two modes ■■ One that is appropriate for end-to-end protection ■■ One that safeguards traffic between networks
is used to prove the identity of the sender and ensure that the transmitted data has not been tampered with. The authentication header
The encapsulating security payload encrypts IP packets and ensures their integrity True
Encapsulating Security Payload (ESP) contains four sections ■■ ESP header: ■■ ESP payload: ■■ ESP trailer: ■■ Authentication:
A Security Association (SA) defines the mechanisms that an endpoint will use to communicate with its partner. Mechanisms that are defined in the SA include the encryption and authentication algorithms, and whether to use the AH or ESP protocol.
Endpoints communicate with IPSec using either transport or tunnel mode. True
the IP payload is protected. This mode is mostly used for end-to-end protection, for example, between client and server. In transport mode
the IP payload and its IP header are protected. The entire protected IP packet becomes a payload of a new IP packet and header. Tunnel mode is often used between networks, such as with firewall-tofirewall VPNs. In tunnel mode
Internet key exchange allows communicating partners to prove their identity to each other and establish a secure communication channel, and is applied as an authentication component of IPSec. True
IKE uses two phases: ■■ Phase 1: In this phase, the partners authenticate with each other, using one of the following: ■■ Phase 2: The peers’ security associations are established, using the secure tunnel and temporary SA created at the end of phase 1.
is a widely accepted method, or more precisely a protocol, for sending digitally signed and encrypted messages. S/MIME allows you to encrypt e-mails and digitally sign them. Secure/Multipurpose Internet Mail Extensions (S/MIME)
S/MIME provides two security services: ■■ Digital signatures ■■ Message encryption
digital signatures provide the following security capabilities: ■■ Authentication ■■ Non-repudiation ■■ Data integrity
Process for Digitally Signing an E-Mail 1. Message is captured. 2. Information uniquely identifying the sender is retrieved. 3. Signing operation is performed on the message using the sender’s unique information to produce a digital signature. 4. Digital signature appended to the ,messag
Process for Verifying a Digital Signature of an E-Mail Message 1. Message is received. 2. Digital signature is retrieved from the message. 3. Message is retrieved. 4. Information identifying the sender is retrieved. 5. Signing operation is performed on the message. 6. Digital signature included wi
Message encryption provides two specific security services: ■■ Confidentiality ■■ Data integrity
message is one that is signed, encrypted, and then signed again. A triple-wrapped S/MIME
Key distribution is a key problem associated with asymmetric key cryptography. False
Steganography is defined as hiding a message within something else? True
Cryptography addresses integrity through hashing and digital signatures. True
The ‘web of trust’ is just as effective as a hierarchical trust model in providing trust. False
Which of the following does a digital signature NOT provide? Confidentiality
Question 7 A security service by which evidence is maintained so that the sender and the recipient of data cannot deny having participated in the communication. Non-repudiation
Secure email requires the implementations of cryptography solutions? True
In symmetric key cryptography, each party should use a? Previously exchanged secret key
Nonrepudiation of a message ensures that a message? Can be attributed to a particular author.
In Electronic Code Book (ECB) mode, data are encrypted using? The same cipher for every block of a message
Stream ciphers are normally selected over block ciphers because of? The high degree of speed behind the encryption algorithms
Question 6 The correct choice for encrypting the entire original data packet in a tunneled mode for an IPSec solution is? Encapsulating Security Payload (ESP)
Question 7 When implementing a password-based access control solution, what function should be used to help avoid rainbow table collisions? Salt
Asymmetric key cryptography is used for the following: Encryption of Data, Nonrepudiation, Access Control
Which of the following algorithms supports asymmetric key cryptography? Diffie-Hellman
A Certificate Authority (CA) provides which benefit to a user? Validation that a public key is associated with a particular user
What is the input that controls the operation of the cryptographic algorithm? Cryptovariable
AES is a block cipher with variable key lengths of? 128, 192 or 256 bits
Question 14 A Hashed Message Authentication Code (HMAC) works by? Adding a secret key value to the input function along with the source message.
What is the process of using a Key Encrypting Key (KEK) to protect session keys called? Key generation
A function of the likelihood of a given threat source exercising a potential vulnerability, and the resulting impact of that adverse event on the organization. Risk
The probability that a potential vulnerability may be exercised within the construct of the associated threat environment. Likelihood
Either intent and method targeted at the intentional exploitation of a vulnerability or a situation or method that may accidentally trigger a vulnerability. Threat Source
The potential for a threat source to exercise (accidentally trigger or intentionally exploit) a specific vulnerability. Threat
A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy. Vulnerability
The magnitude of harm that could be caused by a threat’s exercise of a vulnerability. Impact
Anything of value that is owned by an organization. Assets include both tangible items, such as information systems and physical property, and intangible assets, such as intellectual property. Asset
evaluate threats to information systems, system vulnerabilities and weaknesses, and the likelihood that threats will exploit these vulnerabilities and weaknesses to cause adverse effects. Risk assessments
Impact can be assessed in either quantitative or qualitative terms. True
Annual Loss Expectancy Single Loss Expectancy X Annualized Rate of Occurrence
impact analysis assesses impact in relative terms such as high impact, medium impact, and low impact without assigning a dollar value to the impact. A qualitative
transfers risk from an organization to a third party. Risk transference
These audits are performed before a merger/ acquisition to give the purchasing company an idea of where the company they are trying to acquire stands on security in relation to its own security framework. Merger/acquisition audit
Although rare, there are times when a company is ordered by the courts to have a security audit performed. Ordered audit
The six-step RMF includes: ■■ Security categorization ■■ Security control selection ■■ Security control implementation ■■ Security control assessment ■■ Information system authorization ■■ Security control monitoring
Note that vulnerability-testing software is often placed into two broad categories: ■■ General vulnerability ■■ Application-specific vulnerability
is simply the process of checking a system for weaknesses. Vulnerability scanning
Problems that may arise when using vulnerability analysis tools include False positives, Weeding out false positives,Crash exposure,Temporal information
These systems monitor for viruses contained within communications of major application types, such as web traffic, e-mail, and FTP Antivirus gateways
These systems screen communications for these components and block or limit their transmission Java/ActiveX filters
These systems block web traffic to and from specific sites or sites of a specific type (gambling, pornography, games, travel and leisure, etc.) Web traffic screening
attempts to locate unauthorized, also called rogue, modems connected to computers that are connected to networks. War dialing
is the wireless equivalent of war dialing. While war dialing involves checking banks of numbers for a modem, war driving involves traveling around with a wireless scanner looking for wireless access points. War driving
enetration testing consists of five different phases: ■■ Phase 1: Preparation ■■ Phase 2: Information gathering ■■ Phase 3: Information evaluation and risk analysis ■■ Phase 4: Active penetration ■■ Phase 5: Analysis and reporting
Tester has complete knowledge of the systems and infrastructure being tested White box / hat
: A hybrid between white and black box; this mode can vary greatly ■■ Gray box / hat
Assumes no prior knowledge of the systems or infrastructure being tested ■ Black box / hat
Collecting information about the organization from publicly available sources, social engineering, and low-tech methods. This information forms the test attack basis by providing useful information to the tester. Reconnaissance
Collecting information about the organization’s Internet connectivity and available hosts by (usually) using automated mapping software tools. Network mapping
a system that records Internet registration information, including the company that owns the domain, administrative contacts, technical contacts, when the record of domain ownership expires, and DNS servers authoritative for maintaining host IP addresses
is an activity that involves the manipulation of people or physical reconnaissance to get information for use in exploitation or testing activities. Social engineering
a system that records Internet registration information, including the company that owns the domain, administrative contacts, technical contacts, when the record of domain ownership expires, and DNS servers authoritative for maintaining host IP addresses Whois is
is a special type of query directed at a DNS server that asks the server for the entire contents of its zone (the domain that it serves). A zone transfer
is a process that “paints the picture” of which hosts are up and running externally or internally and what services are available on the system. Network mapping
If you ping a host and it replies, it is alive (i.e., up and running). This test does not show what individual services are running. ICMP echo requests (ping)
A connect scan can be used to discover TCP services running on a host even if ICMP is blocked. This type of scan is considered “noisy” (noticeable to logging and intrusion detection systems) because it goes all the way through the connection process. TCP Connect scan
SYN scanning can be used to discover TCP services running on a host even if ICMP is blocked. SYN scanning is considered less noisy than connect scans. TCP SYN scan:
FIN scanning can be used to discover TCP services running on a host even if ICMP is blocked. FIN scanning is considered a stealthy way to discover if a service is running. TCP FIN scan
: XMAS scans are similar to a FIN scan (and similarly stealthy), but they additionally turn on the URG (urgent) and PSH (push) flags. TCP XMAS scan
are similar to a FIN scan but they turn off all flags. The NULL scan is similar to the others noted above; however, by turning off all TCP flags , the packet might be handled differently and you may see a different result. TCP NULL scan
A UDP scan determines which UDP service ports are opened on a host. The test machine sends a UDP packet on a port to the target. UDP scans
uses traceroute techniques to discover which services a filtering device such as a router or firewall will allow through. firewalking
Uses ICMP or TCP depending on the implementation of a path to a host or network. Traceroute (Windows calls this tracert)
See if a host is alive using ICMP echo request messages. Ping
Telnetting to a particular port is a quick way to find out if the host is servicing that port in some way. Telnet
refers to testing techniques used by port scanners and vulnerability analysis software that attempt to identify the operating system in use on a network device and the versions of services running on the host. System Fingerprinting
A string of characters or activities found within processes or data communications that describes a known system attack. Some monitoring systems identify attacks by means of a signature. Signature
Monitoring triggered an event but nothing was actually wrong, and in doing so the monitoring has incorrectly identified benign communications as a danger. False positive
The monitoring system missed reporting an exploit event by not firing an alarm. This is bad False negative
The monitoring system recognized an exploit event correctly. True positive
The monitoring system has not recognized benign traffic as cause for concern. In other words, it does nothing when nothing needs to be done. This is good. True negative
Customizing a monitoring system to your environment. Tuning
A network interface that collects and processes all of the packets sent to it regardless of the destination MAC address. Promiscuous interface
Each packet that is forwarded within a router or switch is examined for a set of IP packet attributes. IP
NetFlow is an embedded instrumentation within Cisco IOS Software to characterize network operation. NetFlow
It provides a means for exporting truncated packets, together with interface counters. sFlow
SIEM Security, Information, and Event Management (SIEM)
These devices capture every single information packet that flows across the border, making them indispensable tools as they capture the raw packet data, which can be analyzed later should an incident occur. Full packet
defines a set of basic security objectives that must be met by any given service or system. A Security Baseline
SIEM (Security Information and Event Management) systems collect data from multiple sources and bring it together for meaningful analysis. True
Countermeasure is an added-on reactive security controls. True
False positive is the monitoring system missed reporting an exploit event by not firing an alarm. False
Tuning is customizing a monitoring system to your environment True
A passive system that detects security events but has limited ability to intervene on the event. Intrusion Detection System (IDS)
An effort to help people understand the significance of data by placing it in a visual context. Data visualization
The process for generating, transmitting, storing, analyzing, and disposing of computer security log data. Log management
The monitoring system recognizing an exploit event correctly. True positive
Log filtering takes place before log files have been written. False
A particular attack that exploit system vulnerabilities. Exploit
is the process of responding in an organized manner to a compromise or attempted compromise of organizational information technology assets. Incident response
is any observable occurrence in a system or network. An event
are events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page, and execution of malicious code that destroys data.” Adverse events
as a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices.” Computer Security Incident
Effective incident management in any organization first requires a well-written and communicated policy. True
Communication Planning is an essential part of ________. Incident response planning
Question 4 Using available information to determine if an attack is underway, send alerts, and provide limited response capabilities is _______. Intrusion Detection System (IDS)
The correct order by which incident response should be conducted is: Detection, containment, analysis, restoration, feedback
Which of the following statements is the most correct in incident response? The goal of incident response is to minimize the damage and learn from the incident as to prevent it from happening again
Because of the need to respond quickly in incident response, the most important phase in incident management is _______________. Detection
Question 9 The process of responding in an organized manner to a compromise or attempted compromise of organizational information technology assets is called ___________. Incident response
Question 10 Using available information to determine if an attack is underway, send alerts but also block the attack from reaching its intended target is _______. Intrusion Prevention Systems (IPS)
is focused on recovery of information technology infrastructure, applications, communications equipment, and data after a disaster Disaster recovery planning
focuses on the continuity and recovery of critical business functions during and after a disaster Both disaster recovery planning and business continuity planning will be discussed in detail. Business continuity planning
is performed to assess the financial and nonfinancial impacts to an organization that would result from a business disruption. BIA
is the maximum amount of time that a business function can be unavailable before the organization is harmed to a degree that puts the survivability of the organization at risk. maximum tolerable downtime (MTD)
the entire system is copied to backup media. This is the slowest type of backup to perform as more data is copied to backup media ful backup
record differences in data since the most recent full backup. Differential backups
record changes that are made to the system on a daily basis. Incremental backups
refers to a method of configuring multiple computers so that they effectively operate as a single system. Clustering
is a clustering method that uses multiple systems to reduce the risk associated with a single point of failure. High-availability clustering
Redundant Array of Independent Disks (RAID)
is a method that may be used to provide data redundancy. In a RAID implementation, data are written across a series of disks. RAID
data are striped across multiple disks but no parity information is included. As a result, although performance is improved, RAID 0 provides no data redundancy. RAID 0
configuration, data mirroring is used. Identical copies of data are stored on two separate drives. In the event that one disk fails, an exact duplicate of the data resides on the other disk. RAID 1
configuration, striping is performed at the bit level. RAID 2
configuration, striping is performed at the byte level and uses a dedicated parity disk. RAID 3
configurations implement striping at the block level and use a dedicated parity disk RAID 4
uses block-level striping with parity information that is distributed across multiple disks. RAID 5
each participant reviews his or her section of the plan to validate that it still contains accurate information. checklist test
representatives from each business unit gather together to review the BCP. Each team presents its section of the BCP to the group. a structured walkthrough test
an actual disaster situation is simulated. The disaster is simulated so that business operations are not actually interrupted. simulation test
is an operational test and generally does not include representatives from departments that do not have direct involvement in operations such as human resources, public relations, or marketing. Parallel testing
testing is performed when business operations are actually interrupted at the primary processing facility. Processing is performed at the alternate site, Full interruption
Created by: mkaila
 

 



Voices

Use these flashcards to help memorize information. Look at the large card and try to recall what is on the other side. Then click the card to flip it. If you knew the answer, click the green Know box. Otherwise, click the red Don't know box.

When you've placed seven or more cards in the Don't know box, click "retry" to try those cards again.

If you've accidentally put the card in the wrong box, just click on the card to take it out of the box.

You can also use your keyboard to move the cards as follows:

If you are logged in to your account, this website will remember which cards you know and don't know so that they are in the same box the next time you log in.

When you need a break, try one of the other activities listed below the flashcards like Matching, Snowman, or Hungry Bug. Although it may feel like you're playing a game, your brain is still making more connections with the information to help you out.

To see how well you know the information, try the Quiz or Test activity.

Pass complete!
"Know" box contains:
Time elapsed:
Retries:
restart all cards