Cover security processes that are designed by strategic planners and implemented by the security administration of the organization.
Physical Design Phase
Specific technologies are selected to support the alternatives identified and evaluated in the logical design.
Can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.
Security and Freedom Through Encryption Act
(1999) Guidance on use of encryption, and provides protection from government intervention.
Operational Feasibility Analysis
Examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
Standard of Due Care
Shows an organization has done what any prudent organization would do in similar circumstances.
Document containing contact information for people to be notified in the event of an incident.
Technology that aids in gathering information about a person or organization without their knowledge.
Computer Security Act
Establishes minimum acceptable security practices. Federal systems that contain classified data.
Addresses issues necessary to protect tangible items, objects, or areas of an organization from unauthorized access and misuse.
Individuals with authorization and privileges to manage information within the organization are most likely to cause harm or damage _____
Application of controls to reduce the risks to an organization's data and information systems.
All of the above
Which of the following functions does information security perform for an organization?
In a ____ attack, the attacker sends a large number of connection or information requests to a target.
There are individuals who search trash and recycling - a practice known as ____ - to retrieve information that could embarrass a company or compromise information security.
A ____ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.
____ controls address personal security, and the protection of production inputs and outputs.
The spheres of ____ are the foundation of the security framework and illustrate how information is under attack from a variety of sources.
Incident damage ____ is the rapid determination of the scope of the breach of the confidentiality, integrity, and availability of information and information assets during or just following an incident.
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.
Electronic Communications Privacy Act
Which of the following acts is a collection of statutes that regulate the interception of wire, electronic, and oral communications?
The ____ Portability and Accountability Act Of 1996, also known as the Kennedy-Kassebaum Act, protects the confidentiality and security of health care data by establishing and enforcing standards and by standardizing electronic data interchange
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
People with the primary responsibility for administering the systems that house the information used by the organization perform the ____ role
Part of the logical design phase of the SecSDLC is planning for partial or catastrophic loss. ____ dictates what steps are taken when an attack occurs.
All of the above
An information system is the entire set of ____, people, procedures, and networks that make possible the use of information resources in the organization.
The Privacy of Customer Information Section of the common carrier regulation states that any proprietary information shall be used explicitly for providing services, and not for any ____ purposes.
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.
In the well-known ____ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.
One form of online vandalism is ____ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency
In file hashing, a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a ____ value.
A security ____ is an outline of the overall information security strategy for the organization and a roadmap for planned changes to the information security environment of the organization.
All of the above
Redundancy can be implemented at a number of points throughout the security architecture, such as in ____.
Computer Fraud and Abuse Act
Which of the following acts defines and formalizes laws to counter threats from computer related acts and offenses?
systems development life cycle
The most successful kind of top-down approach involves a formal development strategy referred to as a ____.
Computer Fraud and Abuse Act
The National Information Infrastructure Protection Act of 1996 modified which Act?
____ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack
NSTISSI No. 4011
____ presents a comprehensive information security model and has become a widely accepted evaluation standard for the security of information systems.
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
____ is an integrated system of software, encryption methodologies, and legal agreements that can be used to support the entire information infrastructure of an organization.
According to the National Information Infrastructure Protection Act of 1996, the severity of the penalty for computer crimes depends on the value of the information obtained and whether the offense is judged to have been committed for each of the following except ____.
maintenance and change
Which of the following phases is the longest and most expensive phase of the systems development life cycle?
privilege attribute certificate (PAC)
In SESAME, the user is first authenticated to an authentication server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a(n) ____.
A ____ is "a private data network that makes use of the public telecommunication infrastructure, maintaining privacy through the use of a tunneling protocol and security procedures."
____ firewalls examine every incoming packet header and can selectively filter packets based on header information such as destination address, source address, packet type, and other key information.
The ____ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, it enables all other information security components to function correctly.
____ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
A ____, typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan.
In the ____ approach, the sensor detects an unusually rapid increase in the area temperature within a relatively short period of time
A(n) ____ is a network tool that collects copies of packets from the network and analyzes them
The ____ involves collecting information about an organization's objectives, its technical architecture, and its information security environment.
rating and filtering
In most common implementation models, the content filter has two components: __.
The ____ protocol provides system-to-system authentication and data integrity verification, but does not provide secrecy for the content of a network communication
The proxy server is often placed in an unsecured area of the network or is placed in the ____ zone.
process of change
By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.
Intrusion ____ activities finalize the restoration of operations to a normal state and seek to identify the source and method of the intrusion in order to ensure that the same type of attack cannot occur again.
____ inspection firewalls keep track of each network connection between internal and external systems.
Computing and other electrical equipment in areas where water can accumulate must be uniquely grounded, using ____ equipment.
Contact and weight
____ sensors work when two contacts are connected as, for example, when a foot steps on a pressure-sensitive pad under a rug, or a window being opened triggers a pin-and-spring sensor.
____ sprinklers are the newest form of sprinkler systems and rely on ultra-fine mists instead of traditional shower-type systems.
To determine whether an attack has occurred or is underway, NIDPSs compare measured activity to known ____ in their knowledge base.
The CA periodically distributes a(n) ____ to all users that identifies all revoked certificates.
The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.
In the ____ UPS, the internal components of the standby models are replaced with a pair of inverters and converters.
In a ____ attack, the attacker eavesdrops during the victim's session and uses statistical analysis of patterns and inter-keystroke timings to discern sensitive session information.
A method of encryption that requires the same secret key to encipher and decipher the message is known as ____ encryption.
Public organizations often have "____" to spend all their remaining funds before the end of the fiscal year.
Using ___, the system reviews the log files generated by servers, network devices, and even other IDPSs.
____ is the entire range of values that can possibly be used to construct an individual key.
IP source and destination address, Direction, TCP or UDP source and destination port.
The restrictions most commonly implemented in packet-filtering firewalls are based on ____.
In a ____ implementation, the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.
____ occurs when an authorized person presents a key to open a door, and other people, who may or may not be authorized, also enter.
Since the bastion host stands as a sole defender on the network perimeter, it is commonly referred to as the ____ host.
A ____ is a key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
____ is the amount of effort (usually in hours) required to perform cryptanalysis to decode an encrypted message when the key or algorithm (or both) are unknown.
SSL Record Protocol
The ____ is responsible for the fragmentation, compression, encryption, and attachment of an SSL header to the cleartext prior to transmission.
In recent years, the broadband router devices that can function as packet-filtering firewalls have been enhanced to combine the features of ____.
The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.
____ is a hybrid cryptosystem that combines some of the best available cryptographic algorithms and has become the open-source de facto standard for encryption and authentication of e-mail and file storage applications.
A ____ system is designed to work in areas where electrical equipment is used. Instead of containing water, the system contains pressurized air.
The ____ algorithm was the first public key encryption algorithm developed (in 1977) and published for commercial use.
____ and TACACS are systems that authenticate the credentials of users who are trying to access an organization's network via a dial-up connection.
____ benchmark and monitor the status of key system files and detect when an intruder creates, modifies, or deletes monitored files.
____ is the process of classifying IDPS alerts so that they can be more effectively managed.
____ locks can be changed after they are put in service, allowing for combination or key changes without a locksmith and even allowing the owner to change to another access method (key or combination) to upgrade security.
Trap and trace
____ applications use a combination of techniques to detect an intrusion and then trace it back to its source.
Most NBA sensors can be deployed in ____ mode only, using the same connection methods as network-based IDPSs.