A(n) __________ information security policy outlines the implementation of a security program within the organization
In an organization, the value of _____________ of information is especially high when it involves personal information about employees, customers, or patients.
The _____________of information is the quality or state of ownership or control of some object or item
buffer-overrun or buffer-overflow
A(n) _____-________ or _____-_______ is an application error that occurs when more data is sent to a program buffer than it is designed to handle.
When information gatherers employ techniques that cross the threshold of what is legal or ethical, they are conducting industrial _________
___________ security addresses the issues necessary to protect the tangible items, objects, or areas of an organization from unauthorized access and misuse
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a _____ value
During the ________ ________ phase, specific technologies are selected to support the alternatives identified and evaluated in the logical design
systems development life cycle
The most successful kind of top-down approach involves a formal development strategy referred to as a ________ _______ _______ _______
Organizations are moving toward more _______-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.
The ______ is a methodology for the design and implementation of an information system in an organization
People with the primary responsibility for administering the systems that house the information used by the organization perform the ________ __________ role.
Microsoft acknowledged that if you type a res:// URL (a Microsoft-devised type of URL) which is longer than ____ characters in Internet Explorer 4.0, the browser will crash.
________ _______ are software programs that hide their true nature, and reveal their designed behavior only when activated
One form of online vandalism is ________operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.
________ is any technology that aids in gathering information about a person or organization without their knowledge
A _______ _____ __ _______ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
In a ________-___-_______ attack, the attacker sends a large number of connection or information requests to a target.
A(n) _____ desk policy requires that employees secure all information in appropriate storage containers at the end of each day.
All information that has been approved by management for public release has a(n) _________ classification.
You can assess the relative risk for each of the vulnerabilities by a process called risk __________.
Security ____________ are the technical implementations of the policies defined by the organization.
Operational ___________ analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
.The ___________ authentication system is named after the three-headed dog of Greek mythology, that guards the gates to the underworld.
The _________ packet-filtering firewall allows only a particular packet with a particular source, destination, and port address to enter through the firewall.
______ firewalls combine the elements of other types of firewalls — that is, the elements of packet filtering and proxy services, or of packet filtering and circuit gateways.
In the U.S. military classification scheme, __________ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
_____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
The ___________security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.
The ________ security policy is a planning document that outlines the process of implementing security in the organization.
The _______ ________strategy attempts to prevent the exploitation of the vulnerability.
The ________ ________strategy attempts to shift risk to other assets, other processes, or other organizations
___ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
The ________ _______strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
standard of due care
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) _________ __ ____ _______
1. IP source and destination address 2.Direction (inbound or outbound) 3.TCP or UDP source and destination port request are all restrictions most commonly implemented in ______-_______ firewalls
______ filtering requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied be developed and installed with the firewall.
_______ inspection firewalls keep track of each network connection between internal and external systems.
The proxy server is often placed in an unsecured area of the network or is placed in the _____________ zone.
____________ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
TACACS, Extended TACACS, and TACACS+
Which of the following is a valid version of TACACS? _________,________ ___________ and __________.
In ___________ mode, the data within an IP packet is encrypted, but the header information is not.
Alarm _________ and compaction is a consolidation of almost identical alarms that happen at close to the same time into a single higher-level alarm
The initial estimation of the defensive state of an organization's networks and systems is called doorknob ________.
In _________ protocol verification, the higher-order protocols are examined for unexpected packet behavior, or improper use.
A(n) ______ IDPS can adapt its reactions in response to administrator guidance over time and circumstances of the current local environment.
False Attack Stimulus
________ __________ __________ is an event that triggers an alarm when no actual attack is in progress.
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known __________ in their knowledge base.
Most NBA sensors can be deployed in _______ mode only, using the same connection methods as network-based IDPSs.
______ sensors are typically intended for network perimeter use, so they would be deployed in close proximity to the perimeter firewalls, often between the firewall and the Internet border router to limit incoming attacks that could overwhelm the firewall
___________ are decoy systems designed to lure potential attackers away from critical systems.
Trap and trace
______ ____ _______ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
___________ is the action of luring an individual into committing a crime to get a conviction.
Biometric access control
_________ _______ __________ is based on the use of some measurable human characteristic or trait to authenticate the identity of a proposed systems user.
The ____ is the level at which the number of false rejections equals the false acceptances, and is also known as the equal error rate.
A message ________ is a fingerprint of the author's message that is compared with the recipient's locally calculated hash of the same message.
Digital ___________ are public-key container files that allow computer programs to validate the key and identify to whom it belongs.
_________ is the entire range of values that can possibly be used to construct an individual key
More advanced substitution ciphers use two or more alphabets, and are referred to as ______________ substitutions.
______ functions are mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes to the content.
A ______ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
_____ is an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely.Digital Certificates.
________ ___________ are encrypted messages that can be mathematically proven to be authentic.
An X.509 v3 certificate binds a _____________ name , which uniquely identifies a certificate entity, to a user's public key.
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication.
__________ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the ciphertext that is the output of the cryptosystem.
In information security, ________theft occurs when an employee steals a few pieces of information at a time, knowing that taking more would be noticed — but eventually the employee gets something complete or useable.
Information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems, which is often referred to as a ____________ approach.
A _______ can deposit copies of itself onto all Web servers that the infected system can reach, so that users who subsequently visit those sites become infected
One form of e-mail attack that is also a DoS is called a ______ _______, in which an attacker routes large quantities of connection or information to the target.
A(n) ________ can allow an attacker to collect information on how to access password-protected sites
______ __________ means identifying, examining, and understanding the information and systems currently in place within the organization.
You should adopt __________ standards that do not convey information to potential system attackers.
One method of protecting the residential user is to install a __________ firewall directly on the user's system
Good policy and practice dictates that each firewall device, whether a filtering router, bastion host, or other firewall implementation, must have its own set of _____________ rules.
A ________ ________ firewall keeps track of each network connection between internal and external systems
A _________ ___________ the state and contect of each packet by recording which station sent the packet and when.
The Application Gateway,Application-level firewall or simply the Application firewall is most commonly called a ________ __________.
A ________ _________ is when the IDPS system mistakes normal system activity for an attack.
A _______ is not optimized to detect multihost scanning, nor it is able to detect the scanning of non-host network devices, such as routers or switches
Your organization's operational goals, constraints, and culture affect the selection of the _____and other security tools and technologies to protect your systems.
Intrusion detection and prevention systems
___________ ___________ and _________ __________ perform monitoring and analysis of system events and user behaviors.
encapsulating security payload protocol
The __________ __________ ________ _________ provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification.
Layers os security:Physical, Personal, Operational, Communication,Network and Informational security.
What does P.P.O.C.N.I represent?
A ______ is a category or objects, persons,or other entities that presents a danger to an asset.
Malicious code attack
includes execution of viruses, worms, Trojan horses, and active Web scripts with intent to destroy or steal information.
Back door attacks
gaining access to system or network using known or previously unknown/newly discovered access mechanism.
selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses
attacker sends large number of connection or information requests to a target.
Distributed denial-of-service attack
coordinated stream of requests is launched against target from many locations simultaneously.
attacker monitors network packets, modifies them, and inserts them back into network
unsolicited commercial e-mail; more a nuisance than an attack, though is emerging as a vector for some attacks.
redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information.
relatively new; works by exploring contents of a Web browser's cache to create malicious cookie.
process of identifying and controlling risks facing an organization. It involves identifying, classifying, and prioritizing an organization's assets.
process of examining an organization's current information technology security situation
Determines the extent to which an organization's information assests are exposed or at risk.
final risk assessment
A ______ _______ __________ worksheet shows asset, asset impact, vulnerability, vulnerability likelihood, and risk-rating factor
Information asset classification worksheet
A __________ _______ _________ worksheet assembles information about information assets and their impact.
Weighted criteria analysis
A ___________ ________ ________ worksheet assigns ranked value or impact weight to each information asset.
Ranked vulnerability risk
A ________ ___________ _____ worksheet assigns ranked value of risk rating for each uncontrolled asset-vulnerability pair.
Defend risk control strategy
A control strategy that attempts to prevent exploitation of the vulnerability
Tranfer risk control strategy
A control strategy that attempts to shift risk to other assets, processes, or organizations
Mitigate risk control strategy
A control strategy that attempts to reduce impact of vulnerability exploitation through planning and preparation
Accept risk control strategy
A control strategy that attempts to do nothing to protect a vulnerability and accepting the outcome of its exploitation
Terminate risk control strategy
A control strategy that directs the organization to avoid those business activities that introduce uncontrollable risks
_______________ ____________ is using evaluation process based on characteristics using nonnumerical measures
Utilizing _______ rather than specific estimates relieves organization from difficulty of determining exact values
Benchmarking and Best Practices
An alternative approach to risk management is ______________ and _________ _____________.
_______________ is a process of seeking out and studying practices in other organizations that one's own organization desires to duplicate
and Process-based measures
________ and ______based measures are two measures typically used to compare practices:
Best business practices
_______ _________ __________ are security efforts that provide a superior level of information protection
A ___________ feasability study examines how well proposed IS alternatives will contribute to organization's efficiency, effectiveness, and overall operation
A ___________ feasability study examines user and management acceptance and support, and the overall requirements of the organization's stakeholders
A ___________ feasability study examines if organization has or can acquire the technology necessary to implement and support the control alternatives
A ___________ feasability study defines what can/cannot occur based on consensus and relationships
________ ________ is a method by which systems determine whether and how to admit a user into a trusted area of the organization
_____-_____________ ________ are strictly-enforced versions of MACs that are managed by a central authority
_____________ is the matching of an authenticated entity to a list of information assets and corresponding access levels
_____________ensures that all actions on a system—authorized or unauthorized—can be attributed to an authenticated identity
Packet filtering firewalls
_________ __________ ___________ examine header information of data packets
_______ __________ firewalls require that filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and installed
________ _________firewalls allow the firewall to react to emergent event and update or create rules to deal with event
_________ ________firewalls keep track of each network connection between internal and external systems using a state table
An _________ __________ is frequently installed on a dedicated computer; also known as a proxy server
___________ ___________can be implemented behind the proxy server, further protecting internal systems
A _______ ________firewall ,like filtering firewalls, do not usually look at data traffic flowing between two networks, but prevent direct connections between one network and another using tunnels to direct specific traffic.
MAC layer firewalls
_________ __________ firewalls use MAC addresses of specific host computers are linked to access control list (ACL) entries that identify specific types of packets that can be sent to each host; all other traffic is blocked
_______ generation Firewalls are dynamic packet filtering firewalls; allow only packets with particular source, destination, and port addresses to enter
_______ generation Firewalls are kernel proxies; specialized form working under kernel of Windows NT
Screened host firewall
A ________ ________ ___________combines packet filtering router with separate, dedicated firewall
Dual-homed host firewall
______-________ _____ firewall is a Bastion host contains two network interface cards one connected to external network, one connected to internal network
Screened subnet firewall
A _________ ________ firewall consists of two or more internal bastion hosts behind packet filtering router, with each host protecting trusted network
Secure European System for Applications in a Multivendor Environment (SESAME) is similar to Kerberos
What does Sesame stand for?
when an attacker attempts to gain entry into or disrupt the normal operations of an information system, almost always with the intent to do harm
NIDPS signature matching
detects an attack by using special implementation of TCP/IP stack , looks for invalid data packets
decoy systems designed to lure potential attackers away from critical systems and encourage attacks against the themselves
A _________ ______ is a honeypot that has been protected so it cannot be easily compromised such as with traditional IDPS's
Centralized Control strategy
The _________ ________ ________is when all IDPS control functions are implemented and managed in a central location
Fully distributed Control strategy
The _________ ________ ________ _______is when all control functions are applied at the physical location of each IDPS component
Partially distributed Control strategy
The _________ ________ ________ _______is when combines Centralized & Fully distributed control strategies.
_____________ is the process of attracting attention to system by placing tantalizing bits of information in key locations Enticement is legal and ethical, entrapment is not
___________ is the action of luring an individual into committing a crime to get a conviction
_________ is the organized research of Internet addresses owned or controlled by a target organization
_____________ is a systematic survey of all of target organization's Internet addresses collected during the footprinting phase
________ _________ scanners scan networks for highly detailed information; initiate traffic to determine holes
_________ __________ scanners listen in on network and determine vulnerable versions of both server and client software
process of obtaining original message from encrypted message without knowing algorithms
bit stream or block cipher method
Plaintext can be encrypted through ___ _________ or ________ _______ method
message divided into blocks (e.g., sets of 8- or 16-bit blocks) and each is transformed into encrypted block of cipher bits using algorithm and key
advanced cipher type that uses simple polyalphabetic code; made up of 26 distinct cipher alphabets
Mathematical algorithms that generate message summary/digest to confirm message identity and confirm no content has changed
Data Encryption Standard -DES
one of most popular symmetric encryption cryptosystems
- 64-bit block size; 56-bit key
Also known as public-key encryption
- Uses two different but related keys,
For cryptosystems, security of encrypted data is not dependent on keeping encrypting ________ secret
Integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services enabling users to communicate securely
the amount of effort (usually hours) to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are known
Transposion Cipher or permutation Cipher
simply rearranges the values within a block to create the ciphertext.
a fingerprint of the authors message that is compared with the recipients locally calculated hash of the same message.