Upgrade to remove ads
Terms in this set (130)
The process of determining what information will be disclosed and how to disclose it to ensure an organization's privacy requirements.
A senior person in an organization with the authority to make decisions regarding the quality of data created, stored, consumed, and retired.
A person that is responsible for the quality of the data on a day-to-day basis.
A person responsible for creating or capturing data. Most people in an organization are data producers.
A person who uses data.
A person who oversees data activities to ensure they follow government laws.
A method for removing all traces of ink from paper by using chemicals and then mashing the paper into pulp.
Using a punch press or hammer system to destroy a data storage device.
Purges a hard disk by exposing it to high magnetic pulses that destroys all the data on the disk.
The removal of sensitive data, making sure that the data cannot be reconstructed by any known technique.
A software-based method of overwriting data to completely destroy all electronic data residing on a hard disk drive or other digital media.
The process of converting information or data into an code to prevent unauthorized access.
A random string of bits used in an encryption algorithm to scramble and unscramble data.
A mathematical scheme for demonstrating the authenticity of digital message or document.
The delay before a transfer of data begins to follow an instruction for its transfer.
High Resilience Cryptography
Cryptographic protocols that remain secure and resistant to side channel attacks.
The assurance that someone cannot deny something.
A method of encryption that uses a single key for both encryption and decryption.
A method of encryption that uses two different yet mathematically related keys, one for encryption and one for decryption.
A property of a cryptographic algorithm that makes the relationship between the key and ciphertext as complex as possible.
A property of a cryptographic algorithm that identifies the amount of change to the ciphertext when there is a change in the input text.
A method of using asymmetric encryption to secure a message before sending it to the recipient.
Trusted Platform Module (TMP)
A hardware chip on the motherboard that can generate and store cryptographic keys.
Hardware Security Module (HSM)
A piece of hardware and associated software/firmware that is connected to a computer system to provide cryptographic functions such as encryption, decryption, key generation, and hashing.
A method used to recover original data from encrypted data without having access to the key used in the encryption process.
Brute Force Attack
A cryptographic attack where the attacker tries every known combination.
A cryptographic attack in which the attacker produces ciphertext and then sends it through a decryption process to see the resulting plaintext, which provides clues to the encryption key used.
A cryptographic attack that uses an algebraic manipulation to reduce the complexity of the algorithm.
Weakness Exploitation Attack
A cryptographic attack that exploits weaknesses in encryption, such as the inability to produce random numbers, floating point errors, or poorly decrypted ciphertext.
Cryptographic attacks that include statistical attacks that decrypt an encoded message using a different key than was used during encryption, replay attacks where the attacker attempts to re-transmit encryption session keys, PKI attacks where the attacker attempts to have a user accept a fake PKI certificate, and side-channel attacks based on information gained from the physical implementation of a cryptosystem rather than theoretical weaknesses in the algorithms.
A cryptographic attack where the attacker is able to read, insert, and modify messages between two parties without either party knowing that the link between them has been compromised.
A cryptographic attack that attempts to convince a protocol to disregard a high-quality mode of operation and use a low-quality mode instead.
A symmetric encryption that transposes plaintext to ciphertext in chunks (block by block).
A symmetric encryption that is performed on each bit within a stream of data in real time.
Ron's Cipher v2 orRon's Code v2 (RC2)
A symmetric cryptography method that implements a variable-key-sized block cipher and was designed to replace DES.
Ron's Cipher v5 orRon's Code v5 (RC5)
A symmetric cryptography method that implements a symmetric-key block cipher cryptographic algorithm produced by RSA Security, Inc.
International DataEncryption Algorithm (IDEA)
A symmetric cryptography method that is a minor revision of an earlier PES (Proposed Encryption Standard) that uses 64-bit blocks with 128-bit keys and is employed by Pretty Good Privacy (PGP) email encryption.
Data Encryption Standard (DES)
A very popular symmetric cryptography method created by the National Security Agency (NSA) that was one of the first symmetric encryption methods and is now obsolete due to known weaknesses.
Triple DES (3DES)
An enhanced version of DES.
Advanced Encryption Standard (AES)
An iterative symmetric-key block cipher that was developed as a replacement for DES in 2001.
A keyed symmetric block cipher that was intended to be free of the problems associated with other algorithms and replace DES.
A symmetric block cipher that permits a wide variety of tradeoffs between speed, software size, key setup time, and memory.
A symmetric cryptography method created by the NSA that uses the Clipper chip (Very Large-Scale Integration) device with an Advanced RISC Machine (ARM).
An encryption method that uses two mathematically related keys called a key pair.
Diffie-Hellman Key Exchange
The first asymmetric algorithm developed by Whitfield Diffie and Martin Hellman in 1976 that generates symmetric keys simultaneously at sender and recipient sites over non-secure channels.
An asymmetric encryption system based on a discrete logarithm problem.
Elliptic CurveCryptography (ECC)
An asymmetric encryption system based on groups of numbers in an elliptical curve.
An asymmetric encryption system based on the subset sum problem (given a list of numbers and a sum, determine the subset used to create the sum).
Rivest, Shamir,Adleman (RSA)
An asymmetric encryption system based on factoring large numbers into their prime values.
Encrypting File System (EFS)
A Microsoft Windows feature that encrypts files and folders stored on NTFS partitions.
Pretty GoodPrivacy (PGP)
A popular encryption program that can be used to encrypt texts, emails, files, folders, and disks.
GNU Privacy Guard (GPG)
An encryption tool that is an implementation of the PGP protocol that is used to protect laptops, desktops, USB drives, optical media, and smartphones.
A Microsoft Windows feature that provides full volume encryption.
An electronic document that uses a digital signature to bind a public key with an identity.
Public Key Infrastructure (PKI)
A hierarchy of computers that issues and manages certificates.
Certificate Authority (CA)
An entity trusted to issue, store, and revoke digital certificates.
A CA that functions within the hierarchy in a parent-child relationship with the root CA or another subordinate CA and is responsible for issuing certificates, holding the Certificate Practice Statement (CPS), and publishing the Certificate Revocation List (CRL).
Certificate Practice Statement (CPS)
A declaration of the security that the organization is implementing for all certificates issued by the CA holding the CPS.
Cryptographic Service Provider (CSP)
A software library that resides on the client and generates key pairs.
Online Certificate Status Protocol (OCSP)
A protocol used for checking the status of an individual digital certificate to verify if it is good or has been revoked.
Certificate RevocationList (CRL)
A list of certificates that have been previously revoked that resides at the CA.
Registration Authority (RA)
An authority that verifies user request for digital certificates and requests the certificate from the CA.
The official standard of ITU Telecommunication Standardization Sector (ITU-T) that identifies the format for public key certificates and certification path validation.
A user who is authorized to request certificates for other users.
The process of associating a host with its expected certificate.
A function that takes a variable-length string (message) and compresses and transforms it into a fixed-length value.
A hash function developed by RSA (Rivest-Shamir-Adleman) that generates a message digest of 128 bits.
A hash function developed by NIST and NSA that generates a message digest of 160 bits.
A hash function developed by the COSIC research group that generates a message digest of 128, 160, 256, or 320 bits.
An issue when two different messages produce the same hash value.
A hash algorithm's ability to avoid the same output from two guessed inputs.
A brute force attack in which the attacker hashes messages until one with the same hash is found.
Secure Sockets Layer (SSL)
A protocol that secures messages being transmitted on the internet.
Transport Layer Security (TLS)
A protocol that secures messages being transmitted on the internet that is the successor to SSL 3.0.
Secure Shell (SSH)
A protocol that allows secure interactive control of remote systems.
Hyper Text Transfer Protocol Secure (HTTPS)
A secure form of HTTP that uses either SSL or TLS to encrypt sensitive data before it is transmitted.
Secure Hypertext Transfer Protocol (S-HTTP)
An alternate protocol that is not widely used because it is not as secure as HTTPS.
IP Security (IPsec)
A set of protocols that provides secure data transmission over unprotected TCP/IP networks.
Authentication Header (AH)
A protocol within IPsec that provides authenticity, non-repudiation, and integrity.
Encapsulating Security Payload (ESP)
A protocol within IPsec that provides all the security of AH plus confidentiality.
Security Association (SA)
The establishment of shared security information between two network entities to support secure communications.
Data Loss Prevention (DLP)
A system that attempts to detect and stop breaches of sensitive data within an organization.
A software or hardware solution that is typically installed near the network perimeter that analyzes network traffic in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies.
DLP software that runs on end-user workstations and servers.
DLP software that is used to identify sensitive files in a file system and then to embed the organization's security policy within the file so that it travels with the file when it is moved or copied.
A software solution that is typically on cloud-based systems that analyze traffic to and from cloud systems in an attempt to detect sensitive data that is being transmitted in violation of an organization's security policies.
Unified Threat Management (UTM)
A security system related to DLP that can be implemented as a single network appliance or as a service on the network.
The ability to respond to an unexpected hardware or software failure without loss of data or loss of operation.
A method for providing fault tolerance by providing duplicate or multiple components that perform the same function.
A redundant facility that is immediately available, requiring just a few minutes or hours to activate.
A hot site that has instant failover, provides parallel processing, and is immediately available in the event of a disaster.
Rolling Hot Site
A mobile facility, typically in the back of an 18-wheel truck, that has all the capabilities of a hot site and is very versatile, but expensive.
A partially configured redundant facility that takes a few days to a few weeks to activate.
An arrangement with another company that may have similar computing needs.
A redundant facility that takes a few weeks to a few months to activate.
Recovery Time Objective
The actual time required to successfully recover all operations.
Recovery Point Objective
A measurement of how old data is at the point that it is successfully recovered.
Mean Time Between Failures
The average lifetime of a system or component.
Mean Time to Failure
Mean Time to Failure
Mean Time to Repair
The average amount of time to repair a failed component or to restore operations.
Maximum Tolerable Downtime
The length of time an organization can survive with a specified service, asset, or process down.
Single Point of Failure
The idea that any one failure in your system or site could cause systematic failure to your organization.
The label given to functions that help an organization accomplish their goals or missions.
Order of Restoration
The idea that there is a defined order in which systems or services must be restored to working order.
The practice of storing backups in a location apart from your main campus.
Redundant Array of Independent Disks (RAID)
A disk subsystem that combines multiple physical disks into a single logical storage unit.
RAID 0 (Striping)
A RAID set that breaks data into units and stores the units across a series of disks by reading and writing to all disks simultaneously.
RAID 5 (Striping with Distributed Parity)
A RAID set that combines disk striping across multiple disks with parity for data redundancy.
RAID 1 (Mirroring)
A RAID set that stores data to two duplicate disks simultaneously.
A RAID set that combines disk striping (0) and disk mirroring (1).
A RAID set that combines disk mirroring (1) and disk striping (0).
Connecting a group of independent computers to increase the availability to applications and services.
A server in a cluster.
The process that cluster members use to reach a consistent state.
The level of difficulty involved when removing nodes from the data store.
A system's ability to handle a growing level of work.
The process of copying data to a second form of storage, such as tape, recordable optical media (CD-R and DVD-R), removable hard disk, flash drive, or solid state drive in order to protect data by providing a second copy that can be available in case the original data is lost, modified, or corrupted.
A backup of all files, regardless of the archive bit.
A backup of files on which the archive bit is set, which backs up only the data changed since the last full or incremental backup.
A backup of files on which the archived bit is set, which backs up only the data changed since the last full backup.
A copy of a disk or partition where individual files are not examined, so all data is copied regardless, of the archive bit.
A backup of all files, regardless of the archive bit status.
A backup of all files modified that day, regardless of the archive bit status.
The process of copying backup data to its original storage location.
Online Tape Vaulting
The transmission of tape backups to an offsite location by the primary data processing center.
Hierarchical Storage Management
The process of keeping the most current, necessary items on the fastest media devices.
The transmission of data journals and logs to an offsite location.
The transmission of a production database to an offsite location.
A data storage model that a third party usually provides as a service.
Cloud Access SecurityBroker (CASB)
A software tool or service that acts as a gatekeeper, allowing the organization to extend the reach of their security policies into the cloud storage infrastructure.
YOU MIGHT ALSO LIKE...
CH3 Network security
CCNA Cyber Ops
Chapter 3 Security
OTHER SETS BY THIS CREATOR
Fatty Acid Metabolism
BIochem quiz 4