564 terms

CISSP - Practice

ALL domains studies in various methods, combined others desks with my own. Credits: aread327 and higgi
Data Remanence
The remains of partial or even the entire data set of digital information
Disaster Recovery Planning (DRP)
Deals with restoring normal business operations after the disaster takes place...works to get the business back to normal
Maximum tolerable downtime
The maximum period of time that a critical business function can be inoperative before the company incurs significant and long-lasting damage.
IEEE standard defines the Token Ring media access method
Recovery Time Objective
The balance against the cost of recover and the cost of disruption
Resource Requirements
portion of the BIA that lists the resources that an organization needs in order to continue operating each critical business function.
Test is one in which copies of the plan are handed out to each functional area to ensure the plan deal with their needs
Information Owner
The one person responsible for data, its classification and control setting
Job Rotation
To move from location to location, keeping the same function
Differential power analysis
A side-channel attack carry-out on smart cards that examining the power emission release during processing
Defined as real-time monitoring and analysis of network activity and data for potential vulnerabilities and attacks in
Electromagnetic analysis
A side-channel attack on smart cards that examine the frequencies emitted and timing
Systematic assessment of threats and vulnerabilities that provides a basis for effective management of risk.
Change Control
Maintaining full control over requests, implementation, traceability, and proper documentation of changes.
Mitigate damage by isolating compromised systems from the network.
30 to 90 Days
Most organizations enforce policies to change password ranging from
Process must within set time constrains, applications are video related where audio and video must match perfectly
Identification and notification of an unauthorized and/or undesired action
Electronic Vaulting
Periodic, automatic and transparent backup of data in bulk.
Fault Tolerance
Mitigation of system or component loss or interruption through use of backup capability.
A backup method use when time and space are a high importance
Secure HTTP
Protocol designed to same individual message securely
Conduct that violates government laws developed to protect society
Class C
Has 256 hosts
Creates one large disk by using several disks
Trade secrets
Deemed proprietary to a company and often include information that provides a competitive edge, the information is protected as long the owner takes protective actions
Active Directory standard
Controls deployed to avert unauthorized and/or undesired actions.
Redundant Array Of Independent Drives (RAID)
A group of hard drives working as one storage unit for the purpose of speed and fault tolerance
Define the way in which the organization operates.
Used to connect two networks using dissimilar protocols at different layers of the OSI model
The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification.
Data Integrity
The property that data meet with a priority expectation of quality and that the data can be relied upon.
Alarm Filtering
The process of categorizing attack alerts produced from an IDS in order to distinguish false positives from actual attacks
Coaxial Cable
A cable consisting of a core, inner conductor that is surrounding by an insulator, an outer cylindrical conductor
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a hub).
Digital Signature
An asymmetric cryptography mechanism that provides authentication.
A passive network attack involving monitoring of traffic.
E-Mail Spoofing
Forgery of the sender's email address in an email header.
Potentially compromising leakage of electrical or acoustical signals.
Fiber Optics
Bundles of long strands of pure glass that efficiently transmit light pulses over long distances. Interception without detection is difficult.
A Denial of Service attack initiated by sending spoofed UDP echo request to IP broadcast addresses.
Interception of a communication session by an attacker.
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).
An attack technique that exploits systems that do not perform input validation by embedding partial SQL queries inside input.
Unauthorized access of information (e.g. Tapping, sniffing, unsecured wireless communication, emanations)
IP Address Spoofing
Forging of an IP address.
IP Fragmentation
An attack that breaks up malicious code into fragments, in an attempt to elude detection.
A trusted third party authentication protocol
Incident response
Team should consist of: management, IT, legal, human resources, public relations, security etc.
A type of attack involving attempted insertion, deletion or altering of data.
A device that sequentially switches multiple analog inputs to the output.
Open Mail Relay Servers
A mail server that improperly allows inbound SMTP connections for domains it does not serve.
The legal act of luring an intruder, with intend to monitor their behavior
Packet Filtering
A basic level of network access control that is based upon information contained in the IP packet header.
Patch Panels
Provides a physical cross connect point for devices.
Private Branch Exchange (PBX)
A telephone exchange for a specific office or business.
A social engineering attack that uses spoofed email or websites to persuade people to divulge information.
Physical Tampering
Unauthorized access of network devices.
Mediates communication between un-trusted hosts on behalf of the hosts that it protects.
Layer 1 network device that is used to connect network segments together, but provides no traffic control (a concentrator).
Radio Frequency Interference (RFI)
A disturbance that degrades performance of electronic devices and electronic communications.
Rogue Access Points
Unauthorized wireless network access device.
A layer 3 device that used to connect two or more network segments and regulate traffic.
A specialized wireless receiver/ transmitter placed in orbit that facilitates long distance communication.
Sequence Attack
An attack involving the hijacking of a TCP session by predicting a sequence number.
Enclosure of electronic communication devices to prevent leakage of electromagnetic signals.
A Denial of Service attack initiated by sending spoofed ICMP echo request to IP broadcast addresses. (See Fraggle)
Eavesdropping on network communications by a third party.
Source Routing Exploitation
A vulnerability in IP that allows an attacker to dictate the path of a communication and thereby access an internal network.
Unsolicited commercial email
A layer 2 device that used to connect two or more network segments and regulate traffic.
SYN Flooding
A Denial of Service attack that floods the target system with connection requests that are not finalized.
Eavesdropping on network communications by a third party.
Tar Pits
Mitigation of spamming and other attacks by delaying incoming connections as long as possible.
A Denial of Service attack that exploits systems that are not able to handle malicious, overlapping and oversized IP fragments.
A codename that refers to the study and mitigation of information disclosure via electromagnetic emanations from electronic equipment.
Twisted Pair
A simple, inexpensive cabling technology consisting of two conductors that are wound together to decrease interference.
War Dialing
Reconnaissance technique, involving automated, brute force identification of potentially vulnerable modems.
Worldwide Interoperability for Microwave Access (WI-MAX )
A specification for wireless Metropolitan Area Networks (IEEE 802.16) that provides an alternative to the use of cable and DSL for last mile delivery.
The managerial approval to operate a system based upon knowledge of risk to operate
18 USC - Fraud and Related Activity in Connection with Access Devices
The technical and risk assesment of a system within the context of the operating environment
Common Criteria
The current internationally accepted set of standards and processes for information security products evaluation and assurance, which joins function and assurance requirements
Covert Channel
An unintended communication path
Data Hiding
A software design technique for abstraction of a process
Hardware or software that is part of a larger system
Usually inspect the header, because the data payload is encrypted in most cases
Third party processes used to organize the implementation of an architecture
Internet Architecture Board
Committee for internet design, engineering, and management, responsible for the architectural oversight of the IETF
Registered ports as defined by IANA
The past internationally accepted set of standards and processes for information security products evaluation and assurance, which separates function and assurance requirements
Semiformally verified design and tested
Memory Management
A program in the operating system responsible for maintaining the hierarchical storage relocation requirements for processes and data from RAM to hard drives
Race Condition
Processes carry out their tasks on a shared resource in an incorrect order
To execute more than one instruction at an instant in time
More than one processor sharing same memory, also know as parallel systems
Rapid switching back and forth between programs from the computer's perspective and appearing to do more that one thing at a time from the user's perspective
More than one process in the middle of executing at a time
A type of multitasking that allows for more even distribution of computing time among competing request
Primary Storage
Memory - RAM
Process Isolation
A form of data hiding which protects running threads of execution from using each other's memory
Memory management technique that allows two processes to run concurrently without interaction
Reference Monitor
The hardware and software mediator of all subject and object interactions which has as its primary goal security policy enforcement.
Memory management technique which allows data to be moved from one memory address to another
Ring Protection
Implementation of operating system protection mechanism, where more sensitive built upon the layering concept
Protect words, names, product shapes, symbols, colors, or a combination of these, used to identify product a company
Secondary Storage
The hard drive
Virtual Memory
Memory management programming which make the limited RAM of the physical machine appear to be more by using a portion of the hard drive
A passive attack that eavesdrops on communications, only legal with prior consent or warrant
Electronic Vaulting
Makes copies of files as they are modified and periodically transmits them to an off-site backup site
Security Kernel
Subset of operating systems components dedicated to protection mechanisms
Structured Walk-through
Representatives from each functional area or department review the plan in its entirely
State Machine Model
Abstract and mathematical in nature, defining all possible states, transitions and operations
Internal use only
Information that can be distribute within the organization but could harm the company if disclosed externally
Synchronous token
Generates a one-time password that is only valid for a short period of time
User Mode
(problem or program state) the problems solving state, the opposite of supervisor mode
TCSEC (Orange Book)
The past U.S. military accepted set of standards and processes for computer systems evaluation and assurance, which combines function and assurance requirements
A unit of execution
TNI (Red Book)
The past U.S. military accepted set of standards and processes for network evaluation and assurance, which combines function and assurance requirements
Trusted Computing Base
All of the protection mechanism in a computer system
Many implementations run LDAP on SSL on this port
To start business continuity processes
Access Control Process
1- Defining resources
2- Determining users
3- Specifying how users use recourse
Alternate Site
Location to perform the business function
Business Continuity Planning (BCP)
Organization's prior arrangements made to maintain the functions and processes important to the existence of the organization
Business Continuity Program
An ongoing program supported and funded by executive staff to ensure business continuity requirements are assessed, resources are allocated and, recovery and continuity strategies and procedures are completed and tested.
Business Continuity Steering Committee
A committee of decision makers, business owners, technology experts and continuity professionals, tasked with making strategic recovery and continuity planning decisions for the organization.
Encrypt/Decrypt are processes in queues, key benefit utilization of hardware devices and multiprocessor systems
Protects the expression of an idea, rather than the idea itself
Business Interruption Insurance
Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster.
Digital Signatures
Message encrypted is input into the hash function then the hash value is encrypted with the sender's private key
Business Recovery Timeline
The chronological sequence of recovery activities, or critical path, that must be followed to resume an acceptable level of operations following a business interruption.
Business Unit Recovery
The component of Disaster Recovery which deals specifically with the relocation of a key function or department in the event of a disaster, including personnel, essential records, communication facilities, fax, mail services, etc.
Checklist Test
(desk check) a test that answers the questions: Does the organization have the documentation it needs? Can it be located?
Cold Site
Recovery alternative, a building only with sufficient power, and HVAC
Enables data owners to dictate what subjects have access to the objects they own
Contingency Plan
A plan used by an organization or business unit to respond to a specific systems failure or disruption of operations. May use any number of resources (e.e workaround procedures, alternate work area, etc.)
A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization's profitability, reputation, or ability to operate.
Critical Functions
Business activities or information that could not be interrupted or unavailable for several business days without significantly jeopardizing operation of the organization.
Critical Infrastructure
Systems whose incapacity or destruction would have a debilitating impact on the economic security of an organization, community, nation, etc
Critical Records
Records or documents that, if damaged or destroyed, would cause considerable inconvenience and/or require replacement or recreation at considerable expense.
Damage Assessment
The process of assessing damage, following a disaster, to computer hardware, vital records, office facilities, etc. And determining what can be salvaged or restored and what must be replaced.
Data Backup Strategies
Those actions and backup processes determined by an organization to be necessary to meet its data recovery and restoration objectives, including timeframes, technologies, offsite storage, and will ensuretime objectives can be met.
Data Backups
The back up of system, application, program and/or production files to secondary media. Data backups can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster.
Data Recovery
The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup.
Database Replication
The partial or full duplication of data from a source database to one or more destination databases.
A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g. A move to an alternate site.)
Desk Check Test
A test that answers the questions: Does the organization have the documentation and people it needs. Do they understand the documentation?
An event which stops business from continuing.
Disaster Recovery Plan
The document that defines the resources, actions, tasks and data required to manage the business recovery process in the event of a business interruption within the stated disaster recovery goals.
Disaster Recovery Teams (Business Recovery Teams)
A structured group of teams ready to take control of the recovery operations if a disaster should occur.
Red box
Simulates the alert tones of coins being deposited into a pay phone
Distributed Processing
A back up type, where the organization has excess capacity in another location.
Network Address Hijacking
Enable the attacker to re-route traffic from a network device to a personal machine
EAL Methodically designed, tested, and reviewed
A sudden, unexpected event requiring immediate action due to potential threat to health and safety, the environment, or property.
Accidental threats
More than 3-4 of all security violations are linked to insiders of a company are
Emergency Procedures
A plan of action to commence immediately to prevent the loss of life and minimize injury and property damage.
Executive Succession
Planning for the delegation of authority required when decisions must be made without the normal chain of command
Disk Shadowing
Ensure availability of data and provide fault-tolerance by creating and maintaining two identical disks, provide online backup storage, but is very expensive
Forward Recovery
The process of recovering a database to the point of failure by applying active journal or log data to the current backup files of the database.
Full Test (Full Interruption)
A BCP testing type, a test that answers the question: Can the organization operate at the alternate location only?
High-Risk Areas
Heavily populated areas, particularly susceptible to high-intensity earthquakes, floods, tsunamis, or other disasters, for which emergency response may be necessary in the event of a disaster.
Hot Site
Recovery alternative, everything needed for the business function, except people and last backup
Regular operations is completely stop and move to the alternative site
Incident Response
The response of an organization to a disaster or other significant event that may significantly impact the organization, its people, or its ability to function productively.
Integrated Test
A test conducted on multiple components of a plan, in conjunction with each other, typically under simulated operating conditions
Hackers who specialize in committing telephone fraud
Maximum Tolerable Downtime (MTD)
Amount of time for restoring a business process or function to normal operations without major loss
Data Source Name
A logical name for the data store and does not use the drive letter or directory location of the database. Can be use when programming ODBC
Mission-Critical Application
An application that is essential to the organization's ability to perform necessary business functions. Loss of the mission-critical application would have a negative impact on the business, as well as legal or regulatory impacts.
Mobile Recovery
A mobilized resource purchased or contracted for the purpose of business recovery.
ISO/IEC standard for smart cards - Transmission protocol
Mock Disaster
One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all, or most, of the applicable teams.
Data Mining
The act of collecting and analyzing large quantities of information to determine pattern of behavior and use them to form a conclusion about past, current, and future behavior
Off Site
A backup of data located where staff can not gain access readily and a regional disaster will not cause harm
Off-Site Storage
Alternate facility, other than the primary production site, where duplicated vital records and documentation may be stored for use during disaster recovery.
Spreading out of light pulses which overlap the preceding or upcoming purses, most prevalent in fiber optic cabling
Operational Exercise
One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Operational exercises are typically performed under actual operating conditions
Operational Impact Analysis
Determines the impact of the loss of an operational or technological resource. The loss of a system, network or other critical resource may affect a number of business processes.
Operational Test
A test conducted on one or more components of a plan under actual operating conditions.
Synchronous (TIME BASED) dynamic
Uses time or a counter between the token and the authentication server, secure-ID is an example
Reciprocal Agreement
Agreement between two organizations (or two internal business groups) with basically the same equipment/same environment that allows each one to recover at each other's site.
Recovery Period
The time period between a disaster and a return to normal functions, during which the disaster recovery plan is employed.
Recovery Point Objective (RPO)
The point in time to which systems and data must be recovered after an outage.
Recovery Strategy
An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organizations strategy.
Recovery Time Objectives
Maximum tolerance for loss of certain business function, basis of strategy
Remote Journaling
A database backup type which records at the transaction level
EAL Structurally tested
Digital Linear Tape
Is only 4mm in size, but compression technique and head scanning makes it a large capacity and fast
Users have clearances, and resources have security levels that contain data classifications
Risk Assessment / Analysis
Process of identifying the risks to an organization, assessing the critical functions, defining the controls in place to reduce organization exposure and evaluating the cost for such controls.
Risk Mitigation
Implementation of measures to deter specific threats to the continuity of business operations, and/or respond to any occurrence of such threats in a timely and appropriate manner.
(file shadowing) a backup type, for databases at a point in time
Security Domain
An area where common processes and security control work to separate all entities involved in these processes from other entities
A flow of information between a subject and an object
Structured Walkthrough
One method of testing a specific component of a plan. Typically, a team member makes a detailed presentation of the component to other team members (and possibly non-members) for their critique and evaluation.
System Downtime
A planned or unplanned interruption in system availability.
Information that utmost protection or, if discovered by unauthorized personnel, would caused irreparable damage
Hot Site
Fully configured with hardware, software, and environmental needs, can be up and running quickly, expensive
Uninterruptible Power Supply (Online)
A backup supply that provides continuous power to critical equipment in the event that commercial power is lost.
Vital Record
A record that must be preserved and available for retrieval if needed.
Warm Site
Recovery alternative which includes cold site and some equipment and infrastructure is available
IT Contingency
Plan for systems,networks, and major applications recovery procedures after disruptions, should be develop for each major system and application
A design methodology which addresses risk early and often
Business Continuity Plan
Provides procedures for emergency responses, extended backup operations, and post-disaster recovery
System Life Cycle
Robust project management process of new systems with at least the following phases: design and development, production, distribution, operation, maintenance, retirement, and disposal
Object Oriented Programming (OOP)
A programming design philosophy and a type of programming language, which breaks a program into smaller units. Each unit has its own function.
The process of separating group of people and information from other groups such as isolated from each other thus information does not flow between them
Induces an individual to commit a crime other wise he won't, it is illegal
Dumpster diving
Refers to going through someone's trash to find information, it is legal, unless involves trespassing
OOP concept of an object's abilities, what it does
OOP concept of a class's details to be hidden from object
Objects or programming that looks the different but act same
OOP concept of a taking attributes from the original or parent
Converts a high level language into machine language
Converts source code to an executable
Line by line translation from a high level language to machine code
Machine Language (Machine Code)
Program instructions based upon the CPU's specific architecture
2-Phase Commit
A distributed system's transaction control that requires updates to complete or rollback
Black box
Manipulates line voltage to enable toll-free calling
Data Dictionary
A description of a database
Part of a transaction control for a database which informs the database of the last recorded transaction
Trojan Horse
A program with an inappropriate second purpose
Packet-switching technology that is used by telecom services for data-only traffic, operate at L3 and L2
Federated identity
A portable identity, and its associated entitlements, that can be used across business boundaries, allow user to be authenticated across multiple IT systems
Logic Bomb
A program that waits for a condition or time to occur that executes an inappropriate activity
Data Diddler
Malware that makes small random changes to many data points
Remote Access Trojan
A Trojan horse with the express underlying purpose of controlling host from a distance
Malware that subverts the detective controls of an operating system
Final purpose or result
Organized group of compromised computers
Program that inappropriately collects private data or activity
Unsolicited advertising software
A condition in which neither party is willing to stop their activity for the other to complete
Business Impact Analysis
Qualitative & quantitative data is gathered, analyzed, interpreted, and presented to management
Damage Assessment
Responsible for determining: cause of the disaster, potential for further damage, and identify affected areas.
Fiber Distributed Data Interface
A token-passing ring scheme, has a second ring that remains dormant until an error condition is detected
Race Condition
A state where two subjects can access the same object without proper mediation
Time Of Check/Time Of Use
A race condition where the security changes during the object's access
Denial Of Service
An availability attack, to consume resources to the point of exhaustion
Distributed Denial Of Service
An availability attack, to consume resources to the point of exhaustion from multiple vectors
Trapdoors (Backdoors) (Maintenance Hooks)
A programming device use in development to circumvent controls
Buffer Overflow
Unchecked data which spills into another location in memory
Alternate Data Streams (File System Forks)
A covert storage channel on the file attribute
Malformed Input
Inappropriate data
Dangling Pointer
False memory reference
SQL Injection
A type of malformed input that takes advantage of an appropriate true conditional logic statement adding a request for data that is against the security policy
Cross-Site Scripting
Malware that uses the trust on a website to redirect users to untrusted websites which captures data or installs more malware
A network authentication protocol, provide protection by: authentication, authorization, and auditing
Separation of Duties
Distributing tasks and associated privileges among multiple people, primary objective to prevent fraud and errors
Information that if release outside of the organization could create severe problems for the organization
Application Programming Interface
A library of commands maintained by a system for other programs to use, provides consistency and integrity for the programs
Each encryption and decryption request is perform immediately
Atomicity, Consistency, Isolation, Durability
A set of best practices for programmers to seek in all application or data base design
Indivisible, data field must contain only one value that either all transactions take place or none do
Distance vector routing protocol, doesn't offer security and is interior gateway protocol
Another subject cannot see an ongoing or pending update until it is complete
An active entity that requests access to a passive entity
Passwords base on user's opinion or life experience
5 Rules Of Evidence
Evidence must be: admissible, authentic, complete, accurate, and convincing
Pertaining to law, high degree of veracity
Active Data
Information residing on computer systems, that is readily visible to the operating system with which it was created and is immediately accessible to users without deletion, modification or reconstruction.
Wireless Application Protocols
A specification for a set of communication protocols to standardize the way that wireless devices
Secure MIME
A standard for encrypting and digitally signing electronic mail and for secure data transmissions.
Archival Data
Archival Data is information that is not directly accessible to the user of a computer system but that the organization maintains for long-term storage and record keeping purposes.
Acronym for American Standard Code for Information Interchange (ASCII)
Text that does not include special formatting features and therefore can be exchanged and read by most computer systems
Information Classification
The practice of evaluating the risk levels of an organization's information to ensure that it receives the appropriate level of protection
Discretionary Access Control
The owner determines who has access to the data and what privileges they have - user centric
Ertaining to a number system that has just two unique digits.
A measurement of data. It is the smallest unit of data. A bit is either the "1" or "0" component of the binary code.
Remote journaling
Transmit the journal or transaction log offsite to a backup location
Slang for making (burning) a CD-ROM copy of data, whether it is music, software, or other data.
Targeted Attack
An attack that sends specially developed bot only to one or a few IP Addresses in the target organization
A type a computer memory that temporarily stores frequently used information for quick access.
Chain Of Custody
Recording the Who What When Where How of evidence
Civil Or Code Law
System of law based upon what is good for society
Mobile Code
Software that is transmitted across the network from a remote source to a local system then executed at the local system
Covers standards of performance or conduct expected by government agencies from companies, industries, certain officials
Pertaining to law, lending it self to one side of an argument
Small data files written to a user's hard drive by a web server.
Intellectual property protection for the expression of an idea
Salvage team
Responsible for starting the recovery of the original site
Process whereby data is removed from active files and other data storage structures
Disaster Recovery Tape
Portable media used to store data that is not presently in use by an organization to free up space but still allow for disaster recovery. May also be called "Backup Tapes."
Excessive privileges
Employee has more rights than necessary to complete his tasks
Due Diligence
Actions measured against either a policy or what a reasonable person would do
A procedure that renders the contents of a message or file unintelligible to anyone not authorized to read it.
Diverse routing
A method of providing telecommunication continuity which involve routing traffic through split or duplicate cable facilities
File Extension
A tag of three or four letters, preceded by a period, which identifies a data file's format or the application used to create the file.
File Level Deletion
Renders the file inaccessible to the operating system, available to reuse for data storage.
TCP/IP protocol provides for reliable end-to-end communication, ensure error free delivery, handles data's packet sequencing, and maintains the data's integrity
File Sharing
One of the key benefits of a network is the ability to share files stored on the server among several users.
A system designed to prevent unauthorized access to or from a private network.
Forensic Copy
An exact bit-by-bit copy of the entire physical hard drive or floppy disk, including slack and unallocated space. Only forensic copy quality will hold up in court.
Fragmented Data
Fragmented data is live data that has been broken up and stored in various locations on a single hard drive or disk.
Relies on UDP whereas services such as: FTP, Telnet and SMTP rely on TCP
Hard Disk
A peripheral data storage device that may be found inside a desktop or laptop as permanent storage solution. The hard disk may also be a transportable version and attached to a desktop or laptop.
Practice execution of the plan takes place, focus on specifics scenario, continues up to the point of actual relocation of the alternative site
A computer designed for the purpose of studying adversaries
Methodical research of an incident with the purpose of finding the root cause
JPEG (Joint Photographic Experts Group)
An image compression standard for photographs
Legacy Data
Information which has retained its importance, but which has been created or stored by software/hardware that has been rendered obsolete.
18 USC - Fraud and Related Activity in Connection with Computers
The duplication of data for purposes of backup or to distribute network traffic among several computers with identical data.
Continuous authentication
A type of authentication that provides protections against impostors who can see, alter, and insert information passed between the claimant and verifier even after the claimant/verifier authentication is complete
Hierarchical Storage Management
Provides continuous online backup by using optical or tape jukeboxes
Residual Data
Residual Data (sometimes referred to as "Ambient Data") refers to data that is not active on a computer system.
Process of statistically testing a data set for the likelihood of relevant information.
TIFF (Tagged Image File Format)
One of the most widely supported file formats for storing bit-mapped images. Files in TIFF format often end with a .tif extension.
Business Continuity Plan
Strategy documents that provide detailed procedures that: ensure business functions are maintained, help minimize losses of life, operations, and systems
Reciprocal Agreement
Two companies agreed to share their facility in the event of a disaster, not enforceable
Mathematical function that determines the cryptographic operations
Encryption system using a pair of mathematically related unequal keys
It must be legally permissible, meaning it was seized legally, and the chance of custody was not alter
A mathematical tool for verifying no unintentional changes have been made
Cipher Text
Scrambled form of the message or data
This control is based on the actual information within the data rather than the general definition
HR Database
Normally consider the authority source for user identities because is where they are developed
Code breaking, practice of defeating the protective properties of cryptography.
Social engineering
Act of tricking or deceiving a person into giving confidential or sensitive information
The study of cryptography and cryptanalysis
Civil Law
Wrongs against individuals or companies, resulting in damage or loss
The administrator define and control access to rules for files in system
Class B
Has 65,536 hosts
Executed by carrying out smaller crimes with the hope that a larger crime will not be noticed
Act of scrambling the cleartext message by using a key.
Initialization Vector
Randomly-generated value used by many cryptosystems to ensure that a unique ciphertext is generated
Key Clustering
Two different keys decrypt the same cipher text
Key Escrow
For PKI, to store another copy of a key
Lightweight Directory Access Protocol
Key Space
Total number of keys available that may be selected by the user of a cryptosystem
Keyed-Hashing For Message Authentication
A hash that has been further encrypted with a symmetric algorithm
Least Privilege
Subjects and objects are given the minimum level of access required to perform functions or, tasks
ISO/IEC standard for smart card physical characteristics
A device where the two connecting networks must have the same network protocol
Blue box
Simulates a particular calling tone, enabling the theft of long distance service
Data diddling
Act of willfully modifying information, programs, or documentation in an effort to commit fraud or disrupt production
One Time Pad
A running key using a random key that is never used again
Permutation /Transposition
Moving letters around
Plain Text
Natural or human-readable form of message
Public Key Infrastructure (PKI)
A cooperative collection of business processes and technologies used for the purpose of binding individuals to a digital certificate
Occupant emergency plan
Establish personnel safety and evacuation procedures
Running Key
An encryption method that has a key as long as the message
Works as an email transfer agent at the application layer
Side Channel Attack
Inference about encrypted communications
Hiding the fact that communication has occurred
Cover losses caused by Denial-of-Service, Malware damage, hackers, electronic theft, privacy-related lawsuits, and more
Encryption system using shared key/private key/single key/secret key
Intellectual property management technique for identifying after distribution
Work Factor
Effort/time needed to overcome a protective measure
Prolonged, complete loss of electric power
Reduction of voltage by the utility company for a prolonged period of time
Hitting a filed down key in a lock with a hammer to open without real key
A system that's configured to automatically block suspected attacks in process without any intervention required by an operator
Momentary loss of power
Fire Detection
Alerts personnel to the presence of a fire
Restoration team
Responsible for getting the alternative site into a functioning environment
Fire Suppression
To reduce fire
Fault tolerance for power
Inrush Current
Initial surge of current
Asynchronous communication
Transfers data by sending bits of data in irregular timing patterns
ISO/IEC standard for smart cards initialization and anticollision
Using small special tools all tumblers of the lock are aligned, opening the door
Warm Site
No computers, just peripheral, disk drives, controllers, and tape drives, most widely use option
Second hand evidence and usually not admissible in court
Sudden rise in voltage in the power supply.
Off-site media storage
ensures that up-to-date data is available in the event that the primary data center is damaged or destroyed.
cold site
an empty computer room with environmental facilities (UPS; heating, ventilation, and air conditioning [HVAC]; and so on) but no computing equipment.
warm site
is basically a cold site, but with computers and communications links already in place.
EAL Semiformally designed and tested
reciprocal site
your organization and another organization sign a reciprocal agreement in which you both pledge the availability of your organization's data center in the event of a disaster.
multiple data centers
larger organizations can consider the option of running daily operations out of two or more regional data centers that are hundreds (or more) of miles apart.
EAL Methodically tested and checked
Grants ownership and enables owner to legally enforce his rights to exclude others from using the invention.
The system applies controls based on the clearance of a user and the classification of an object or data - the owner provide the need to know
This type of DRP test is a detailed review of DRP documents, performed by individuals working on their own. It is used to identify inaccuracies, errors, and omissions in DRP documentation.
structured walkthrough
This type of DRP test is where several business and technology experts in the organization gather to "walk" through the BCP plan documents.
This type of DRP test uses all the designated disaster recovery personnel practice going through the motions associated with a real recovery.
A BCP test - Some systems are run at the alternate site
interruption (a.k.a. cutover)
this type of DRP test is similar to a parallel test except that in this test a function's computer systems are actually shut off or disconnected.
Desire service
Describe the destination for a TCP/UDP packet
Packet filtering firewall
Are not vulnerable to DOS attacks, should be place in the outermost boundary with an untrusted network
Parity Information
RAID 2 - Created using hamming code, detects errors and establishes location of the error on the drive
Object-Oriented Database
Reduces maintenance, ease of reusing code
Public Key Infrastructure
ISO authentication framework, provide: Integrity, Confidentially, Access Control, Authentication, and Nonrepudation
Offiline printing
Other unauthorized copies of reports could be printed
Well Known ports
Black Boxes
Manipulates line voltage for toll free calls
Ensured system accountability
Recognition of an individual's assertion of identity, does not ensure accountability
Central service, classified as AAA server, does not comparable with other similar server
Authentication - Biometric
one-to-one search to verify identity
LAN media access method
Use to share file between Unix computers
Tunneling protocols, operate at the Data Link Layer
Encapsulating Security Payload
Are limited due non-inclusion of IP header information
System development and maintenance
Can be perform by the same person in a well-controlled environment
Computing in Galois fields
Uses mathematical properties of modular arithmetic to make RSA more feasible for computer use
Maximum allow key size is 256
Vibration detection devices
Are vulnerable to non-adversary disturbances
Identity Management
Most be able to scale to support the volume of data
LAN attack
Attacker sends spoofed packet SYSN flag set to the victim's IP address
Overlapping packets when the victims attempts to re-construct the packets the machine hangs
Attacker sends spoofed ICMP echo traffic to a broadcast addresses
IPSec - Tunnel model
Required when the communication is gateway-to-gateway or host-to-host
What, how, where, when
Proper BACKUP procedure steps
1994 U.S Communication Assistance for Law enforcement Act
Requires all communications carriers to make wiretaps possible
Risk Analysis
(1) Identify assets and their values
(2) Identify vulnerabilities and threats
(3) Quantify the probability and business impact of these potential threats
(4) Provide an economic balance between the impact of threat and the cost of the countermeasure
Mirroring, has the higher cost per megabyte
Twisted pair
Consist of two insulated wires arranged in a spiral pattern
Supports multiple network types in the same serial link
Dynamic packet filtering
Create ACLs on the fly, allows dynamic ports higher 1023
Support server (mandatory) and client (optional) authentication
Can delivery 52 Mbps downstream over a single cooper twisted wire
Deliver 1.544 of bandwidth each way
Delivers a max of 9 Mpbs downstream
IP Header Field = 6
IP Header Field = 17
IP Header Field = 1
IP Header Field = 2
• Project initiation
• Functional design analysis & planning
• Security requirements developed
• System design specifications
• Software developments
• Installation
• Maintenance support
• Revision and replacement
System Development Life Cycle phase
Establishes minimal levels national standards for certifying national security systems
Passwords management
Is a preventive control
Connection-Oriented protocols
Provide reliability at the Transport Layer
Authentication Header
Provides integrity, authentication, and (depend on the the algorithm) nonrepudation
Business continuity plan
Sustain organization's business
Access Control
The process of allowing only authorized users, programs, or other computer systems, to observe, modify, or otherwise take possession of the resources of a computer system. It also limit authorized users to some resources.
Access control protect entry to, and movement around, an organization's physical location to protect its assets
Which users can access a system
What resources they can access
What operations they can perform
Enforce accountability for their actions
Four Key to access control Specify:
Use to test response of antivirus software on a computer system, a detectable string is use
Asset management
Involved knowing and keeping all company's IT assets up to date
Kernel proxy
All inspection and processing takes place within it at the lower layer
Frame relay
Allows multiple companies and networks to share WAN media
Data Terminal Equipment
The equipment use at the company-end in a frame relay environment
Data Circuit-Terminating Equipment
The equipment use by the service provider in a frame relay environment
Disaster, Interim operations, Alternate operations, Normal operations
Represents the correct sequence of tasks in a event of a disaster
Authentic, accurate, complete, convincing, admissible
5 Rules of evidence
Smoke-Activated detectors
Early-warning device to start in evacuation, use photo-electric, detect variations in light intensity
The Federal Privacy act
Protects US citizen's sensitive information collected by government agencies
Port Address Translation
Minimize the number of public IP addresses that organization purchases
Grid computing
Massive computational power is available but is not suitable for processing sensitive data
ISO/IEC 27001
Specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system
ISO 9001
ISO standard related to Quality management
ISO 14001
ISO standard related to Environmental management
ISO 31000
ISO Standard related to Risk Management
The Business Continuity plan guidelines are defined
Operating systems functionality takes place in ring zero in privileged or supervisory mode
Simple method used in symmetric key cryptography to ensured data integrity
To protect sensitive data such as top secret, users lower-level users received fake view of the data
Electromagnetic Interference
Caused by electronic Motors, lightning, etc
Radio Frequency Interference
Caused by Components of Electrical System, Cables, Fluorescent Lighting, Truck Ignitions. Can cause permanent damage to sensitive system components
Magnetic Media
Affected from 100 degrees Fahrenheit
Damaged at 150 degrees Fahrenheit
Computer equipment
Damaged at 175 degrees Fahrenheit
Paper products
Damaged at 350 degrees Fahrenheit
EMI- Common Mode Noise
Noise from Radiation Generated by the difference between Hot and Ground wires
EMI- Traverse Mode Noise
Noise from Radiation Generated by the difference between Hot and Neutral wires
Prolong loss of power
Project Initiation
Involves getting management support, developing the scope of the plan, and securing funding and resources
Line noise that is superimposed on the supply Circuit can cause fluctuation in power
Inrush Current
The initial surge of current required when there is an increase in power demand i.e starting a large motor
Electrostatic Discharge
Power surge generated by a person or device contacting another device and transferring high voltage shock. Affected by low humidity
Greater than 60
Causes problems with condensation on computer equipment, corrosion of electrical connections
Less than 40
Causes Increase in Electrostatic Discharge, up 4000 Volts under normal humidity and up to 25000 volts under very low humidity
Measure humidity levels
40 Volts
Static charge damage Sensitive Circuits and Transistors
1000 Volts
Static charge damage Scramble Monitor Display
1500 Volts
Static charge damage Disk Drive, causing data loss
2000 Volts
Static charge damage System Shutdown
4000 Volts
Static charge damage Printer Jam
17000 Volts
Static charge damage Permanent Chip
Class A Fire
Common Combustibles such as paper, wood, furniture, clothing - Water, Foam
Class B Fire
Burnable fuels such as gasoline, oil, or alcohol - Inert Gas, CO2
Class C Fire
Electrical fires such as computers and electronics - Inert Gas, CO2 - Turn off electricity first
Class D Fire
Special Fires, such as chemical, metal - Dry powder
Class K Fire
Commercial Kitchens - Wet Chemicals
Wet Pipe
Always contains water - most popular and reliable, 165 Fuse Melts - can freeze in winter - pipe breaks can cause floods
Dry Pipe
No water in Pipe - preferred for computer installations, use a clapper to hold the water, air blows out of pipe
Water Discharge is large, not recommended for computer installations
Most recommended for computer room, combines both dry and wet pipes, water released into pipe first then after fuse melts in nozzle the water is dispersed
Efforts to prevent unauthorized discloser of information to those who do not the need, or right to see it
Pretty Good Privacy
First widespread public key encryption program, provide C by using IDEA and with MD5
Motive, opportunity, and means
Administrative Control
These include the developing and publishing of policies, standards, procedures, guidelines, risk management, and security awareness training
Technical Control
These consist in implementing and maintaining access control mechanisms, password and resource management, identification and authentication methods, configuration of the infrastructure
Physical Control
These entail controlling access to a facility, and protecting its perimeter
Due Care
Term and concept used to help determine liability in a court of law, ensure someone is acting responsible
A framework developed by the Information Systems Audit and Control Association and the IT Governance Institute. Defines the goals for the controls that should be used to properly manage IT and ensure IT maps to business needs. Four domains: Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate
Class A
Has 16,777,216 host
The possibility that someone or something would exploit a vulnerability, intentionally, or accidentally
The probability of a threat agent exploiting a vulnerability and the loss potential
Planning for longer term - 5 years or more
Midterm planning - less than 5 years
Bastion host
A strongly protected computer that is in a network protected by a
firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks
on the other side of the firewall
Degree of confidence that certain security level provided
Set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensured objectives are achieved and risks are properly managed.
An International organization that helps different governments to collaborate in order to tackled economic, social and governance challenges of the globalized economy
Total Risk
Threats x vulnerability x asset value =
Residual Risk
(Threats x vulnerability x asset value) x control gap =
Risk management
The process of identifying, assessing, and reducing risk to an acceptable level and implementing various mechanisms to maintain that level of risks
Need to Know
Defines the minimum level of access for subjects based on their job or business requirements
The attacker has the ciphertext of several message, each message encrypted using the same algorithm. His goal is to discover the key used in the encryption process
The attacker has the plaintext and ciphertext of one more messages. His goal is to discover the key used in the encryption process
The attacker has the plaintext and ciphertext, but can choose the plaintext that gets encrypted to see the corresponding ciphertext
The attacker can choose the ciphertext to be decrypted and has access to the resulting decrypted plaintext. Hard to accomplished, the attacker may need to have control of the system
Differential cryptanalysis
The attacker takes two messages of plaintext and follows the changes that take place to the blocks as they go through the different S-boxes, each message is encrypted with same key
Linear Cryptanalysis
Attacker carries out a known-plaintext attack on several different messages encrypted with the same key, identifying specific output combination allows him to assign probability values to different keys, resulting on key display a pattern
Side-Channel Attack
Gathering outside information by watching how it behaves with the goal of uncovering the encryption key
The science of protecting information by encoding it into an unreadable format
The most famous rotor machine used by the Germans in Word War II
The mathematical rules that dictate the functions of enciphering and deciphering
The study of breaking cryptosystems
Key clustering
An instance in which two different keys generate the same ciphertext from the same plaintext
Uses more than one alphabet to defeat frequency analysis
A method of hiding data within another media type, such as graphic, WAV file, or document
Symmetric Key
Provide confidentially, but does not provide authentication or nonrepudiation
Symmetric algorithms
DES, 3DES, Blowfish, IDEA, RC4-RC6, and AES are
Asymmetric Key
Provide authentication or nonrepudiation, but is slower than its counterpart
Asymmetric algorithms
RSA, ECC, Diffie-Hellman, El Gamal, Knapsack, and DSA
Stream cipher
Use a keystream generator and encrypt a message one bit at a time, usually implemented in hardware
Block cipher
Divides the message into groups of bits and encrypts them, usually implemented in software
A block cipher that divides a message into 64-bit blocks and employs S-box-type functions on them
Uses 48 rounds of computation and up to three different keys
A symmetric block cipher with a key of 128 bits
asymmetric algorithm developed three individuals, one named Adleman, is de facto standard for digital signatures
Asymmetric algorithm, provide digital signature, secure key distribution, and encryption. Use much less resources, more suitable for wireless device and cell phone encryption
Public Key Infrastructure
Framework of programs, procedures, communication protocols, and public key cryptography, enable secure communication among diverse individual
Certificate authority
Trusted third party that generates and maintains user certificates, which hold their public key
Certification revocation list
Keep track of revoked certificates
A mechanism use to associate a public key to person's identity
Registration authority
Validates the user's identity and then sends a request to another entity to fulfill user's request
These algorithms provide data integrity only
Based one a one-way function that factors large numbers into prime numbers, only the private key knows the trapdoor to decrypt the message
Message digest - Digital Signature
When a hash algorithm is applied to a message, it produces _________ and this value is signed with a private key to produce ___________
Produces a variable-length hash value
The attacker tries to create two messages with the same hashing value, brute force
Produces a 160-bit hash value and is used in DSS
One-time pad
Random values XOred againts the message to produce ciphertext
Digital Signature
Result of a user performing an action on a hash value with a private key, provides authentication, nonrepudiation, and data integrity
RSA, El Gamal, ECDSA, and DSA
Algorithm use for digital signature
Key management
Most challenging task in cryptography, pertains to creating, maintaining, distributing, and destroying it
A key agreement protocol, does not provide any security services nor digital signature
Criminal Law
Individual's conduct violate certain criteria developed to protect the public
Privacy-Enhance Mail
An Internet standard that provides secure e-email over the Internet by using encryption, digital signatures, and key management
Message Security Protocol
The military version of Privacy-Enhance Mail
Pretty Good Privacy
An e-mail security that uses public key encryption, employs a web of trust
Provides protection for message sent between two computers, but not the actual link
Dynamic and/or private ports
Secure Electronic Transaction
Proposed electronic commerce technology that provides a safer method for customer and merchant to perform transactions over the a public domain
Transport mode
The data payload is protected - IPSec
Tunnel mode
The payload and headers are protected - IPSec
Standard dictates different type of fields used within a certificate and the value within those fields
Electronic Code Book
Each block is encrypted independently, allowing randomly accessed files to be encrypted and still accessed without having to process the file in a linear encryption, for each block of plaintext the same block of ciphertext is produced - very short message 64 bits in length
Cipher Block Chaining
The result of encrypting one data is fed back into the process to encrypt the next block of data - Authentication
Cipher Feedback
Each bit produced in the keystream is the result of a predetermined number of fixed ciphertext bits - Authentication
Output Feedback
In The keystream is generated independently of the message - Authentication
Counter (CTR)
A 64 bit random data block is used as the first initialization - Used in high speed apps such as IPSec and ATM
Link Encryption
Encrypts all the data along a specific communication path i.e satellite, T3 line or telephone circuit. Data is decrypt and encrypt at each point - Layer 1 & 2
End-to-end Encryption
The headers, addresses, routing, and trailer are not encrypted, provided at the end-user computer as result more flexible - Layer 7