Term
3 things information management should be? |
|
Definition
effective, available,integrity, reliable |
|
|
Term
4 Steps for COBIT Framework |
|
Definition
Plan and Organize Acquire and Implement Deliver and Support Monitor and Evaluate |
|
|
Term
Two foundations of Information Security Trust Services Framework |
|
Definition
1. Security is a Management Issue, not a technology issue 2. Defense in depth |
|
|
Term
|
Definition
|
|
Term
Management's Role in IS Security |
|
Definition
create security aware culture, assess and respond to risk, monitor and evaluate |
|
|
Term
|
Definition
|
|
Term
|
Definition
Training, User access controls (authorize/authenticate), physical access controls, network access (firewalls), hardening controls |
|
|
Term
|
Definition
verifies who person is *use password, biometric, and physical access card; combination of 3 is best |
|
|
Term
|
Definition
determines what a person can access |
|
|
Term
|
Definition
connects an organization's information system to the internet |
|
|
Term
|
Definition
software or hardware used to filter information |
|
|
Term
|
Definition
Separate network that permits controlled access from the internet to selected resources |
|
|
Term
Intrusion Prevention Systems (IPS) |
|
Definition
monitors patterns in the traffic flow, rather than only inspecting individual packets, to identify and automatically block attacks |
|
|
Term
Transmission Control Protocol |
|
Definition
specifies the procedures for dividing files and documents into packets to be sent over the Internet and the methods for reassembly of the original document or file at the destination |
|
|
Term
|
Definition
specifies the structure of those packets and how to route them to the proper destination |
|
|
Term
|
Definition
are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next |
|
|
Term
|
Definition
which packets are allowed entry and which are dropped |
|
|
Term
|
Definition
border router screens individual IP packets based solely on the contents of the source and destination fields in the IP packet header |
|
|
Term
Stateful Packet Filtering |
|
Definition
creates and maintains a table in memory that lists all established connections between the organization's computers and the Internet. |
|
|
Term
|
Definition
process of examining the data contents of a packet |
|
|
Term
|
Definition
disable unnecessary features that may be vulnerable to attack, i.e. servers, printers, workstations |
|
|
Term
Examples of detective controls |
|
Definition
log analysis, intrusion detection, managerial reports, security testing |
|
|
Term
|
Definition
RADIUS standard method, remote access server passes credentials to RADIUS server which performs compatibility test to authenticate the identity of user. Server has to be in DMZ
Don't let employee use own modem bc of back door hacking |
|
|
Term
|
Definition
eliminate unnecessary settings and servers |
|
|
Term
|
Definition
CIRT, CISO, patch management |
|
|
Term
|
Definition
|
|
Term
|
Definition
redirecting traffic to a spoofed web site to obtain confidential information |
|
|
Term
Most efficient way to generate a digital signature |
|
Definition
encrypting the hash with the sender's private key |
|
|
Term
Evidence that helps an auditor understand how implemented controls function would be gathered as part of which audit activity? |
|
Definition
|
|
Term
which concurrent audit technique would be most effective and efficient in identifying data entry errors? |
|
Definition
|
|