What is the primary objective of the physical design phase of the SecSDLC?
To select specific technologies to support the information security blueprint.
What type of firewall examines every incoming packet header and can selectively filter packets based on header information, such as destination address, source address, packet address, packet type, and other key information?
Which type of firewall allows the firewall to react to an emergent event and update or create rules to deal with the event?
What is the commonly used name for an intermediate area between a trusted network and an untrusted network?
Demilitarized zone (DMZ).
What is the system most often used to authenticate the credentials of user who are trying to access an organization's network via a dial-up connection?
In which mode of IPSEC is the data within an IP packet encrypted, while the header information is not?
__________ are decoy systems designed to lure potential attackers away from critical systems.
A(n) _________ is a network tool that collects copies of packets from the network and analyzes them.
True or False: Encryption is a process of hiding information and has been in use for a long time.
________ is the process of converting an original message into a form that is unreadable to unauthorized individuals.
________ is the information used in conjunction with an algorithm to create the ciphertext from the plaintext or derive the plaintext from the ciphertext.
________ is the process of making and using codes to secure the transmission of information.
True or False: Two hundred and eighty five computers could crack a 56-bit key in one year, whereas 10 times as many could do it in a little over a month.
_______ is the entire range of values that can possibly be used to construct an individual key.
The ________ algorithm was the first public-key encryption algorithm developed (in 1977) and published for commercial use.
In a(n) _______ attack, the attacker eavesdrops during the victim's session and uses statistical analysis of the user's typing patterns and inter-keystroke timings to discern sensitive session information.
______ security addresses the design, implementation and maintenance of countermeasure that protect the physical resources of an organization.
______ management is responsible for the security of the facility in which the organization is housed and the policies and standards for secure operation.
_______ management and professionals are responsible for environmental and access security in technology equipment locations and for the policies and standards of secure equipment operation.
_______ management and professionals perform risk assessments and implementation reviews for the physical security controls implemented by other groups.
A _____ facility is a physical location that has been engineered with controls designed to minimize the risk of attacks from physical threats.
Finger, palm, and hand readers; iris and retina scanners; and voice and signature readers are examples of ______ locks.
To record events within a specific area threat guards and dogs might miss, or to record events in areas where other types of physical controls are not practical, is called ________.
The ______ plan delivers instructions to the individuals who are executing the implementation phase.
Using complex project management tools often results in ______, which is a common pitfall of IT and information security projects.
A(n) ________ is a completed document or program module that can serve either as the beginning point for a later task or as an element in the finished project.
The project plan should describe the skill set or individual person (often called a(n) ______ ) needed to accomplish the task.
A(n) _______ is a specific point in the project plan when a task and its action steps are complete and have a noticeable impact on the progress of the project plan as a whole.
Once a project is underway, it is managed to completion using a process known as a(n) _______ feedback loop or a cybernetic loop, which ensures that progress is measured periodically.
Deploying a system by running the new methods alongside the old methods for a period of time is called _________.
The most common approach of deploying systems that involves rolling out a piece of the system is called _________.
A deployment method called _________ involves implementing all functions in a single part of the organization and resolving issues within that group before expanding to the rest of the organization.
Technology _______ is a complex process that an organization uses to manage the impacts and costs caused by technology implementation, innovation, and obsolescence.
The information security group can also use the _______ control process to ensure that essential process steps that ensure confidentiality, integrity, and availability are followed as systems are upgraded across the organization.
During the analysis phases, a(n) _______ feasibility study should have been conducte4d that addressed the impact of the changes necessary for implementation.
Where should organizations place the information security organization?
Where it best balances the need for compliance with the need for service.
The _______ is one of two certifications offered by the International Information Systems Security Certification Consortium (SC)2.
Once a candidate has accepted the job offer, the employment ______ becomes an important security instrument.
To heighten information security awareness and change workplace behavior, organizations should incorporate information security components into employee _______.
Job descriptions, training sessions, and performance evaluations.