Create an account
False Attack Stimulus
An event that triggers alarms and causes a false positive when no actual attacks are in progress.
Involves activities that gather information about the organization and its network activities and assets.
Centralized IDPS control strategy
All IDPS control functions are inplemneted and managed in a central location
is the organized research of the internet address owned or controlled by a target organization
a wireless security toolkit should include the ability to sniff wireless traffic, scan wirelss hosts, and assess the levl of privacy or confidentiality afforded on the wireless network.
the use of biometric based authentication is expected to have little impact in the future because of technical and ethical issues
are unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created.
False reject rate
the percentage of identification instances in which authorized users are denied access a result of a failure in the bio metric device
many biometric systems that are highly reliable and effective are considered somewhat intrusive to users
Corporate security addresses the design, implementation, and maintenance of counter measures that protect the physical resources of an organization.
Is responsible for the security of the facility in which the organization is housed and the policies and standards for secure operations
Information Technology management Professionals
are responsible for environmental and accesss security in technology equipment locations and for the policies and standards of secure equipement
Information Security Management professionals
Perform risk assesments and implementation reviews for the physical security controls implemented by other groups
A physical location that has been engineered with conrols designed to minimize the risk of attacks from physical threats
reader does not requires the insertion of the keycard into the reader but relies on the placement of the card within the locks range to be recognized
Finger, palm, and hand readers, iris and retena scanners, and voice and signature readers are examples of
to record events within a specific area that guards and dogs might miss, or to record events in areas where other types of physical controls are not practical, is called electronic monitoring.
why type of control notes the occurance of some condition and then performs some type of notification activity
Class A materials
fires that involve the ordinary combustibale fuel, such as wood, paper, textiles, rubber, cloth, and trash, belong to
Class B materials
Fires fueled by combustible liquids or gases, such as solvents, gasoline, paint, lacquer, and oil. Use carbon dioxide, multipurpose dry chemical, and halon fire extinguishers
Class C materials
Fires with energized electrical equipment or appliances. Use carbon dioxide, multi-purpose dry chemical, and halon fire extinguishers
Class D materials
Fires fueled by combustible metals, such as magnesium, lithium, and sodium. Use special extinguishing agents and techniques
Fire suppression system is designed to work in areas where electrical equipmetn is used. instead of the system containing water it contains pressurized air
fire suppression system employs a 2 phase response to a fire. the system is normally maintained with nothing in the delievery pipes. when a fire has been detected the first phase is initiated and valves allow water to enter the system
a fire suppression agent that does not leave a residue when dry, nor does it interfere with operation of electrical or electronic equipment
Standby or offline UPS
when the power stops flowing to the equipment, what type of UPS activates a transfer switch, which provides power from the batteries through a DC-to-AC converter until the power is restored or the computer is shut down
True online UPS
Type of ups, the primary power source is the battery and the power feed from the utility constantly recharges this battery.
Off site computing that uses internet connections, dial up connections, conections over leased point to point links between offices and other connections mechanisms
Like other organizational resources computing equipment should be inventoried and inspected on a regular basis
process of converting an aoriginal message into a form that is unreadable to unauthorized individuals
is the information used in conjucntion with an algorithm to create the cipher text from the plain text or derive the plain text from cipher text
is a fingerprint of the authors message that is to be compared with the reciever's locally calculated hash of the same message
285 computers could crack a 56 bit key in one year, where as 10 times as many could do it in little over a month
was the first public key encryption algorithm developed in 1977 and published for commercial use
PKI systems are based on public key crypto systems and include digitial certificates and certificate athorities
Non repudation means that customers or partners can be held accountable for transactions such as online purchases which they cannot later deny
the attacker usually eaves drops during the victims session and uses statistical analysis of teh users typing patterns and inter key stroke timings to discern sensitive session information
if an organization deals successfully with change and has created procedures and systems that can be adjusted to the environment, the existing security improvement program can continue to work well
defined as the direct connection of 2 or more infromation systems for sharing data and other information resourses
indformation security technical controls are not affected by the same factors as most computer based technologies
consists of a process for recovery and documentation of proceddures for conducting recovery
the objective of the internal monotoring domain is to provide the early awareness of new and emerging threats, threat agents, vulnerabilities and attacks that is needed to mount an effective and timely defense
Internal Monitoring Domain
maintain an informed awareness of the state of all of the organizations network, information systems and informations security defenses
Planning Risk Assesment
Primary objective is to keep a look out over the entire information security program
Vulnerability assessments and remediation
identifies specific documented vulnerabilities and thier timely remediation
readiness and review
keeps the information security program functioning as designed and to keep it continuously improving over time
Platform security validation
process is designed to find and document the vulnerabilities that may be present because of misconfigured systems in use within the organization
is the coherent application of methodical investigatory techniques, to present evidence in crimes in a court or court like setting
any information that could potentiall support the organizations legal or policy based case against a suspect
data aquisition is where the investigator removes the power source and then uses a utility or special device to make a bit streams sector by sector copy of the hard drives contained in the system
during the analysis phase a ___________ feasibility study should have been conducted that addressed the impact of the changes necessary for implementation
the best balance between compliance and security needs
whre should organizations place the infromation security organization
build administer define
according t schwartz erwin weafer and briney positions can be classified into one of three areaas those that ____ those that _____ and those that ______
Chief information security officer. typically the top information security employee in the organization
qualified individual who are tasked to configure firewalls deploy IDS implement security software, diagnose and troubleshoot problems and coordinate with systems and network administrators to ensure that security technology is operating to protect the organization
is typically an expert in some aspect of information security and may have been the CISO and have CISSP credentials
addresss the protection of individuals or groups authorized to access an organization
emcompasses the protection of an organization communications media technology and content
if information has a state of being genuine or original and is not a fabrication is has the the characteristic of authenticty
Global Information Assurance Certification . Certifications require the applicant to complete a written practical assignment
Certified information systems auditor while not specifically a security certification contains many information security componants
once a candidate has accepted the job offer, the employment _______ becomes an inportant security instrument
Job descriptions, training sessions, performance evaluations
to heighten information security awareness and change workplace behavior organizations should incorporate information security components into employee ____
employees are typically hired usually under the arrangements with another company to perform specific services for the organization
Seperation of duties
is a control used to reduce the chance of an individual violation information security and breaching the confidentiality, integrity or availibility of the information
Please allow access to your computer’s microphone to use Voice Recording.
Having trouble? Click here for help.
We can’t access your microphone!
Click the icon above to update your browser permissions and try again
Reload the page to try again!Reload
Press Cmd-0 to reset your zoom
Press Ctrl-0 to reset your zoom
It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.
Please upgrade Flash or install Chrome
to use Voice Recording.
For more help, see our troubleshooting page.
Your microphone is muted
For help fixing this issue, see this FAQ.
Star this term
You can study starred terms together