18 terms

CIS 424 - Chapter 5

Chapter 5 Notes
Chain of custody
Formal assurance that evidence has passed from agency to agency without tampering
Civil litigation
Court proceedings related to non-criminal legal action
Computer forensics
The analysis of computer equipment to obtain evidence for civil or criminal proceedings
Digital forensics professional
A person who practices digital forensics; implies specialized knowledge and training
Electronic evidence
Evidence that exists in electronic form in a computer or other digital media
Functional role
The role in cybersecurity work that most directly involved in designing, implementing, and sustaining the mechanisms to ensure information
Undesirable events associated with attacks or violations of information
Intrusion response
A targeted response to a violation of secure space; a countermeasure targeted to mitigate a particular type of event
IT security engineer
Cybersecurity role specifically devoted to development and maintenance of enterprise information security architectures (EISA)
IT security operations and maintenance professional
Cybersecurity role devoted to monitoring and control of functioning of the day-to-day cybersecurity process
IT security professional
Cybersecurity role specifically oriented toward development and maintenance of the non-electronic aspects of the cybersecurity process
Non-electronic controls
Controls typically associated with ensuring continuity, compliance, physical, personnel, and secure software development in a cybersecurity solution
Operational controls
The control processes associated with day-to-day business operation
Operational security
The sustainment part of the cybersecurity process; ensures 24/7 protection of the assurance target
Penetration testing
Testing that takes place with specific knowledge of the targeted environment; often used to test a specific defense
The level of access authorization granted to a given individual
Professional certification
A formally recognized documentation of competency in an area of professional work
System development lifecycle (SDLC)
The well-defined set of steps that a system developer follows in the development and maintenance of an information system