Shared Flashcard Set

Details

ACCTG 320 Key-Terms
Chapter 7
45
Accounting
Undergraduate 3
05/12/2011

Additional Accounting Flashcards

 


 

Cards

Term
Time-Based Model of Security
Definition
Implementing a set of preventive, detective and corrective controls that enable an organization to recognize that an attack is occurring and take steps to thwart it before any assets have been compromised. If P>D+C then the system is effective.
Term
Defense-In-Depth
Definition
Employing multiple layers of controls in order to avoid having a single point-of-failure. The use of overlapping, complementary, and redundant controls buys time for the organization to detect and react to attacks; it also increases effectiveness because even if one procedure fails or is circumvented, another may function as planned.
Term
Authentication
Definition
Verifying the identity of the person or device attempting to access the system
Term
Biometric Identifier
Definition
a physical characteristic (fingerprint, voice, etc.) used to authenticate the identity of a user.
Term
Multifactor Authentication
Definition
The use of two or more authentication methods (passwords, ID badges, biometrics, etc.) in conjunction to achieve a greater level of securtiy.
Term
Authorization
Definition
The empowerment of an employee to perform certain functions within an organization, such as to purchase or sell on behalf of the company. Can be either general or specific. General is when regular employees are authorized to handle routine transactions without special approval. Specific is when an employee must get special approval before handling a transaction.
Term
Access Control Matrix
Definition
An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform. Contains a list of user codes, a list of all files and programs maintained on the system, and a list of the accesses each user is authorized to make.
Term
Compatibility Test
Definition
Checking to see whether a person attempting to access a particular information system resource is authorized to do so. The computer matches the user's authentication credentials against the access control matrix to determine whether the employee should be allowed to access that resource and perform the requested operation.
Term
Social Engineering
Definition
Using deception to obtain unauthorized access to information resources. Access is usually obtained by fooling an employee.
Term
Border Router
Definition
A device that connects an organization's informations system to the Internet.
Term
Firewall
Definition
A combination of security algorithms and router communication protocols that prevent outsiders from tapping into corporate databases and e-mail systems.
Term
Demilitarized Zone (DMZ)
Definition
Placing the organization's Web servers and e-mail servers in a separate network that sits outside the corporate network but is accessible from the Internet.
Term
Transmission Control Protocol/Internet Protocol (TCP/IP)
Definition
The protocol enabling communications on the Internet. It creates what is called a packet-switching network. When a message is ready to be sent over the Internet, the TCP breaks it up into small packets. Each packet is then given a header, which contains the destination address, and the packets are then sent individually over the Internet. The IP uses the information in the packet header to guide the packets so that they arrive at the proper destination. Once there, the TCP reassembles the packets into the original message.
Term
Routers
Definition
Special purpose devices that are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next.
Term
Access Control List (ACL)
Definition
A set of rules that determine which packets of information transmitted over a network, such as the Internet, are allowed entry and which are dropped.
Term
Static Packet Filtering
Definition
A process that screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header.
Term
Stateful Packet Filtering
Definition
A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet. The firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer.
Term
Deep Packet Inspection
Definition
When the firewall examines the data in the body of an IP packet rather than only looking at the information in the IP header.
Term
Intrusion Prevention Systems (IPS)
Definition
A new type of filter designed to identify and drop packets that are part of an attack.
Term
Remote Authentication Dial-In User Service (RADIUS)
Definition
A standard method for verifying the identity of users attempting to connect via dial-in access. Users connect to a remote access server and submit their login credentials. The remote access server passes those credentials to the RADIUS server, which performs compatibility tests to authenticate the identity of that user.
Term
War Dialing
Definition
Searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected.
Term
Hosts
Definition
The workstations, servers, printers, and other devices that comprise the organizations network.
Term
Vulnerabilities
Definition
Flaws in programs which can be exploited to either crash the system or take control of it.
Term
Hardening
Definition
The process of turning off unnecessary program features.
Term
Encryption
Definition
The process of transforming normal text, called plain-text, into unreadable gibberish, called cipher-text. It is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be electronically monitored without the user's knowledge.
Term
Plaintext
Definition
Normal text that hasn't been encrypted.
Term
Ciphertext
Definition
Plaintext that has been transformed into unreadable gibberish through the process of encryption.
Term
Decryption
Definition
Transforming ciphertext back into plaintext.
Term
Key Escrow
Definition
The process of storing a copy of an encryption key in a secure location.
Term
Symmetric Encryption Systems
Definition
Encryption systems that use the same key both to encrypt and decrypt.
Term
Asymmetric Encryption Systems
Definition
Asymmetric encryption systems use two keys. One key, called the public key, is widely distributed and available to everyone; the other, called the private key, is kept secret and known only to the owner of that pair of keys. Either the public or private key can be used to encrypt, but only the other key can decrypt the ciphertext.
Term
Hashing
Definition
A process that takes plaintext of any length and transforms it into a short code called a hash.
Term
Digital Signature
Definition
(1) A piece of data signed on a document by a computer. Cannot be forged and is useful in tracing authorization. (2) Information encrypted with the creator's private key.
Term
Digital certificate
Definition
An electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key. Contains that third party's public key. Thus they provide an automated method for obtaining an organization's or individual's public key.
Term
Public Key Infrastructure (PKI)
Definition
An approach to encryption that uses two keys: a public key that is publicly available and a private key that is kept secret and known only by the owner of that pair of keys. Either key (the public or the private) can be used to encode a message, but only the other key in that public-private pair can be used to decode that message.
Term
Certificate Authority
Definition
An independent organization that issues public and private keys and records the public key in a digital certificate.
Term
E-Signature
Definition
A cursive style imprint of a person's name that is applied to an electronic document.
Term
Log Analysis
Definition
The process of examining logs to monitor security.
Term
Intrusion Detection Systems (IDS)
Definition
A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions.
Term
Vulnerability Scans
Definition
Automated tools designed to identify whether a given system possesses any well-known vulnerabilities.
Term
Penetration Test
Definition
An authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's information system.
Term
Computer Emergency Response Team (CERT)
Definition
A team responsible for dealing with major security incidents.
Term
Exploit
Definition
The set of instructions for taking advantage of a vulnerability.
Term
Patch
Definition
Code released by software developers that fixes a particular vulnerability.
Term
Patch Management
Definition
The process of regularly applying patches and updates to software used by the organization.
Supporting users have an ad free experience!