Shared Flashcard Set

Details

CISSP Sellers
V1D1
359
Accounting
Not Applicable
03/19/2017
Click here to study/print these flashcards.

Create your own flash cards! Sign up here.

Additional Accounting Flashcards

 

 

Cards

Term
HIPPA
 Definition
Protection of Medical Records in transit and or stored
Term
Gramm-Leach Bliley Act (GLB)
 Definition
Restricts what banks can use of your PII
Term
Children Online Protection Act
 Definition
Under 13 (Preteen), Facebook
Term
Familey Education Privacy act
 Definition
No release of transcripts students
Term
ISO 27001
 Definition
Regulation for GOVERNANCE of Information Security
Term
ISO 27002
 Definition
Information Sec CONTROLS
Term
SOX Act
 Definition
Sarbanes Oxley Act, passed to prevent false reporting of financial data. Publicly trading Company
Term
ISO 27001
 Definition
Adopts Management process
ongoing testing of controls
Term
Plan Do Check Act
 Definition
Measure twice and cut once it's in reverse alphabetical order
Term
Payment Card Industry (PCI DSS) Data Security Standard
 Definition
Not a US Law, Anything it touches should be in compliance. Everything under the merchants control
Term
How to maintain a vulerablity management program
 Definition
Use and regularly update anti-virus software program
Term
PCI-DSS stuff that business can't collect and keep as it prertains to credit card transactions
 Definition
Full track data
CVC Pin number
PIN number (Card
Term
Due Care (Negilence)
 Definition
Act on proper (Planning)
Term
Due Diligence
 Definition
Proper preparation (Planning)
Term
Negligence
 Definition
Duty , Breach of Duty, Causation, Damages
Term
US Prudent Person Rule
 Definition
Perform duties sensible
Term
Breach of Contract (Contract Law)
 Definition
Not Punitive Damages
Term
Normal Civil Law
 Definition
Preponderance of Evidence (51/49%)
Term
Fraud Cases
 Definition
Clear and Convincing (75/25%)
Term
Criminal Case
 Definition
Beyond reasonable doubt (95/100%)
Term
Auditing
 Definition
Compliance levels (pin testing/vul testing) KPI (Key performance Indicator)
KGI (Key Goal Indicator)
Term
KPI (Key Performance Indicator)
 Definition
Current Compliance
Term
KGI (Key Goal Indicator)
 Definition
Future Compliance
Term
Best way to stop a data breach
 Definition
Limit the amount of PIIor DATA received
Term
PII
 Definition
Anything you can use to identity someone
Term
OECD (Organization Economical Fair Information Practice
 Definition
Trans border data flow of PII
Term
4th Admentment
 Definition
Not businesses only Cititizens
Term
NDA's
 Definition
Businesses expectations for Privacy
Term
Acceptable Use Policy
 Definition
How the business deals with your private information
Term
Breach of Data Reportable
 Definition
Management will report or not (was it actally breached)
Term
copyright
 Definition
first sale (allowed to sale what you bought)
Fair use (Non profit/educational use only)
Term
trade secrets
 Definition
don't register, last for a lifetime
Term
WTO question
 Definition
focused on commercial rentals, who they can rent to
Term
DRM (Digital Rights Management)
 Definition
Protects digital content (Data in Use)
Term
Control (Data in Use) Benifet
 Definition
prevents the user from printing document
Term
Wassenaar Arrangement
 Definition
For countries who don't allow data encyrption.
encryption for personal use only not companys
Term
Safe Harbor
 Definition
Permits US based org to cerifty themselves properly handling of european peoples pii.
Term
ISC2 Code of Ethics Canons
 Definition
Know them all
Term
Laws
 Definition
Prohibited by society
Term
ethics
 Definition
Socially acceptal
Term
Org security Documets
 Definition
Policies, standards, procedures, guidlines
Term
Standards
 Definition
Rules
Term
Procedures
 Definition
Step by steps instructions in a given situation
Term
Guidlines
 Definition
Recommendations only
Term
PolicY
 Definition
Must be followed, binding mandatory
Term
Standards
 Definition
Rules, mandatory
Term
Guidlines
 Definition
non-binding, recommendations only, not mandatory
Term
Documentation v/s Non-documentation
 Definition
go though the procedure
Term
4 things Mgt to risk
 Definition
transfer/SLA's
accept/
migitgate/Controls
avoid/get
Term
Memorandum of Understanding/MOU
 Definition
Used to support SLA/ISA and Not binding
Term
ISA
SLA
 Definition
Interconnection security agreement/binding
Service Level Agreement/binding
Term
Contractor controls
 Definition
Onsite assessment
Document Review
Process/Policy Review
Term
Someone in a police uniform
 Definition
Social Engineering
Term
MiM Passive
 Definition
Sniffing and taking it offline to analyze, not replaying
Term
MiM Active
 Definition
Sniffing and Replaying (credentials involved)
Term
CRacker
 Definition
Criminal Hacker (BLack Hat) for personal gain
Term
Script Kiddies
 Definition
Unskilled attacker using hacking tools (scripts) created by others
Term
Hacktivist
 Definition
blackhat hacker for political reasons
Term
Gray Hat Hacker
 Definition
skilled hackers security research without permission no malichous intent
Term
Advanced Persistant Threat APT (mole)
 Definition
foothold and wait, foreign gov
Term
Risk Analysis
 Definition
Identify threats, events and vulnerablitlity
Term
Quantitative
 Definition
Management needs monetary value to make decision
Term
First step in Qualitiative or Quanitative Risk Analysis
 Definition
Asset value
Term
Single Lose Expectancy
 Definition
Asset value X Exp Factor(%loss if event occurred)
Term
Annualized Loss Expectancey
 Definition
SLE x How many in a year
Term
Low Risk Impact
Moderate
Hight
 Definition
Limited
Serious
Sever/Catastrophic
Term
Residual Risk
 Definition
risk after countermeasures or safeguards
Term
Total Risk
 Definition
any risk before controls
Term
Accepted Risk
 Definition
chooses not to impliment risk based on total dollar/risk
Term
Appropriate Response to Risk (Management)
 Definition
Mitigate-Reduce/control risk
Accept Risk-live with it
Risk Transferance-SLE or Insurance
Avoidance-Change the activety that causes risk
Term
NIST RMF Framework
 Definition
Categorize
Select
Implement
Assess
Authorized
Monitor
Term
Four Common Control Types
 Definition
Administrative/directive
Term
Threat modeling
 Definition
Prioritize Identified Risk
Term
STRIDE threat modeling stands for.
 Definition
Spoofing, Tampering, Repudiation, Information Disclosure (stuff left in code), Denial of Service, Elevation of Privelage
Term
bUSINESS iMPACT analysis Steps
 Definition
Dermine Mission/Business processes that are critical
Identify Resource Requirements
Identify recovery priorities for systems
Term
Quality Control
 Definition
Based on internal standards
Term
Quality Assurances
 Definition
meets predetermined external policies
Term
Applications whitelisting trans
 Definition
Enforcement(Block)
Audit
Term
protect solid state drives from
 Definition
destroy it
Term
Magnetic Media destroy data
 Definition
erase
zero
deguase
destroy
Term
what is a way to erase data in cloud envir
 Definition
encrypt it and throw away the key
Term
symetric
 Definition
same key (1 key) for encrypt and decrpt
AES (any algorith with a S in name or abbreviation) (Robert exception) R starts not symetric
Term
asymetric
 Definition
A means NOT one key two keys, public and private.

ECC, GMAL, RSA, DIFF Helman
Public key is only for encrypting
Term
AES comes in 3 sizes for the KEY
 Definition
128, 192, 256. Block sized 128 bits
Term
What is an advantage to Link encryption?
 Definition
encrypts All data along a route
Term
PGP-Pretty Good Privacy
 Definition
Email security self authentication users create there own. built on own Web of trust not CA
Term
S/SMM
 Definition
elimates email spoofing
Term
Hashing
 Definition
MD5 (128bits), SHA1 (160 bits)
Can't de-hash something. Signature. reflexts what's actually in the message.
Term
Rainbow table
 Definition
pre-computed list of pre-hashed passwords
Term
SALT
 Definition
adding a random varible to hash to change the hash
Term
Birthday attack
 Definition
23 people in a room greater than 50% chance that they have the same birthday.
Term
RSA ECC El-GAmal, Diffied Hellman (Asymetrical Encyrption
 Definition
REED
Term
Symetric Keys use what type
 Definition
AES
Term
Defactor Symetric Key
 Definition
AES
Term
AES drawback
 Definition
initial key exchange
Term
Triple DES is more powerful then DES
 Definition
Yes 3 keys (3Rounds of Encyrption/Decryption)
Term
Meet in the Middle (Triple DES)
 Definition
Only talks about triple des 1st and 3rd keys are sniffed
Term
DES
 Definition
Obsolete/broken symmetric Algorithm
Term
Cypher block chaining
 Definition
frequency anylisis
Term
symetric encryption
 Definition
confidentiality not
Term
all algorithms
 Definition
Blocks (AES 128bit size),
Term
RC4
 Definition
Bit Encypher
Term
How many keys are in Asymetric Encrypted
 Definition
Public key is used for encrypting, private key used for decrypting
Term
HTTPS standard uses RSA Assmetric encryption
 Definition
PKI uses RSA encyrption for certificates
Term
ECC used for Smartphones
 Definition
Term
PKI issues
 Definition
Term
Hybrid
 Definition
taking a asymetric key and exchanging a symeteric key
Term
Online certificates S protocol
 Definition
Term
Perfect Foward Secrecy
 Definition
only used 1 session
Term
entropy
 Definition
more randomness of numbers
Term
x509v3
 Definition
standard format for certificates
Term
Registration Authority
 Definition
verifies identy
Term
Certificate Authorities
 Definition
Public Outside sell/issue (verisign), Private make your own, not valid online
Term
what goes in the Certificate Revocation List
(suspended/revoked only)
 Definition
Certificate Serial Number
Term
DoS for user to bank
 Definition
hack CRL list and paste user cert serial number in it.
Term
MofN
 Definition
1/3rd of key given out (split knowledge)
Term
OCSP & CRL
 Definition
Validation Athorities
Term
RSA
 Definition
Used for PKI
Term
El gumal
 Definition
digital signature
Term
Diffi Helmman
 Definition
IPSEC
Term
IPSEC has how many modes
 Definition
2
Transport
Tunnel
Term
how many phases in IPSEC
 Definition
IKE phase 1, IKE phase 2
Term
2 Layers of IPSEC
 Definition
Layer 2, Layer 3
Term
IPSEC made of 2 protocols
 Definition
L2F & L2TP (PPTP)
Term
IPSEC is a VPN
 Definition
Term
IPSEC
 Definition
a way to send info from one location to another in secret
Term
IPSEC tunneling protocol
 Definition
L2TP
Term
sending data using IPSEC privately on your own network uses which mode
 Definition
using transport mode
Term
Sending data over internet using IPSEC uses what mode
 Definition
Tunneling Mode
Term
ESP mode
 Definition
NOT THE Header
Term
AH
 Definition
Hashed whole header with packet
Term
ESP only
 Definition
transport
Term
encrypting for IPSEC (ESP)
 Definition
is Layer 3
Term
IKE
 Definition
Internet Key Echange
Term
IKE phase 1
 Definition
exchange session key (setup secure channel)
Term
IKE phase 2
 Definition
setup encryption type
Term
what a key exhange for IPSEC
 Definition
Diff Hellman
Term
Quantum Key Crytography
 Definition
photons to do key exchange, only for key exchange (diffie hellman
Term
Port 20-21 FTP
 Definition
File Transfer Protocol
Term
22SSH-23TELENET
 Definition
TELNET/ SSH (Encryption on Layer 7)
Term
ESP encyrption is on what layer
 Definition
layer 3
Term
Ports 80/443
 Definition
HTTP/HTTPS
Term
Ports 53
 Definition
DNS
Term
Ports 67
 Definition
DHCP
Term
Port 3389
 Definition
RDP (Remote Desktop Protocol)
Term
Brute force attack
 Definition
always successful but not quick, youll die before it happens
Term
what is cypher text only
 Definition
attacker captures cypher text only
Term
Birthday attack
 Definition
Term
RC4 is bit not block cypher
 Definition
Yes
Term
MD5 "D" Digest/Hash
 Definition
Digest is another name for HASH
Term
Message authentication without Asymmetric encryption
 Definition
Message Authenication Code (MAC/HMAC)
Term
Is there integrety in encryption
 Definition
yes implicet
Term
Verification means it meets specifications
 Definition
Term
Validation means it solves a real world problem
 Definition
Term
What are the phases of Systems engineer process lifecycle
 Definition
Concept of Op, req and Artch, Det Design, Implement, Integrate test verification, System verifcation and validation, Op and Maint
Term
Framework for Enterprise Security Architechure
 Definition
SABSA
Term
Place security from the beginning
 Definition
Term
Subject/Objects
 Definition
Users/Resource
Term
Lattis based security Model
 Definition
Deals with Mandatory Access Control (MAC)
Term
Matrix Models Rows are Capability Table,
 Definition
Matrix Columns are Objects
Term
reading and writing data from one level to next
 Definition
Beba
Term
Bell LaPadula deals with Confidentuality only
 Definition
True, Lattus Based (MAC Model)
Term
Simple Security Property
 Definition
deals with reading not writing
Term
* Property LaPadula
 Definition
Can't write down star is writing
Term
Strong * Propety of LaPadula
 Definition
read up read down write up or write down.
Term
Biba is what type of model
 Definition
Integrity (NO WURD-WriteUpReadDown)
Term
Invocation Property
 Definition
Users at one level can't even request service from someone at a higher level
Term
Simple/Reading
Star/Writing
 Definition
Term
Bib
 Definition
Term
Bibi Model-No WURD write down
Bella LaPadula Model WDRU
 Definition
Term
Clark Wilson Model Integrity calls for
 Definition
Well Formed Transactions
Seperations of Duty
Term
Brewer Nash Model (Competition)
 Definition
Dynamic Rules
No Conflict of Intrist
Term
Common Criteria
 Definition
Protection Profile Document
Term
What is the name of the object your making meet the protection profile
 Definition
Target of Evalutation
Term
Evaluation Assurance Level
 Definition
EAL- F&F
Term
Security Peremeter
 Definition
Boundary around a trusted protected mechanism
Term
Race Condition
 Definition
Problem with Multiple thread processing
Term
HAL Hardware Abstraction Layer
 Definition
Term
where is HAL implemented
 Definition
Operation system software
Term
what enforces security inside of a computer system
 Definition
Security COL
Term
Mandatory Vacations enforce Job Rotation
 Definition
Term
maintenance hook
 Definition
code written with backdoor
Term
Internet Messaging
Email
 Definition
Mobile Code is used
Term
How do you ensure a software company that goes out of business doesn't leave your company who bought there software from leaving you high and dry?
 Definition
Make a copy of the software and put it in escrow
Term
Covert Timing Channel
Covert Storage Channel
 Definition
Stretch time to allow them to get in
Hiding on someone else channel reading data
Term
Joint tenants
 Definition
important when deciding best facility location
Term
how to mitigate threat at active user station
 Definition
disable portable device inputs
Term
CPTED
 Definition
Crime Prevention through environment design
Term
Deter, Detect, Delay, Respond
 Definition
Four D's
Term
Bollards
 Definition
Cement Pillars to stop someone from raming the facilty
Term
Guards offer dicernment
 Definition
Guards and Dogs Difference
Term
Authentication Types
Something you know Type 1
Something you have Type 2
Something you are Type 3
 Definition
Type 3 is the best
Term
Guards are more expensive then dogs
 Definition
Discernment is why you select guards v/s dogs
Term
CCT needed in BCD
 Definition
blind spots, cash, doors
Term
Data centers should be located where in building
 Definition
Core(center) of the facility not on top floor or in basement
Term
anylizing the questions eliminate the wrong answers
 Definition
Slow down and anylize the questions
Term
 Definition
PLC used industrial
Term
Fire extingisures PLEM
 Definition
Paper, Liquid, Electric, compustable metals
Term
Facility Control Summary
 Definition
Administrative, Technical, Physical KNOW THEM
Term
ARP and Reverse ARP
 Definition
Layer 2
Term
OSI Model
 Definition
Term
logical link controller
MAC
 Definition
layer two sublayer
Term
Cabling
 Definition
Layer 1 in OSI Model
Term
coaxal (analog)
fiber optic
twisted pair
 Definition
Broadband (more than one signal on one line)

Ethernet connection
Term
bottom floor
Other floor wiring closets
 Definition
Main Distribution Frame
Intermediate distribution frame
Term
Fiber is immune to efi/rfi
 Definition
Term
NO T in Cable 100Base -**T**
 Definition
fiber
Term
base band
 Definition
one signal on line
Term
broadband
 Definition
multiple signals on line (multiplexing)
Term
crosstalk
 Definition
two cables talking to each others
Term
single fiber goes farther
 Definition
Term
synchronious Transmission
 Definition
doesn't use start and stop bits (stream of data)uses external clock with data
Term
asynchronous
 Definition
uses start stop bit
Term
Unicast
 Definition
one to one
Term
multicast
 Definition
one to select few (IGMP)
Term
broadcast
 Definition
one to everyone
Term
anycast
 Definition
one to closest one
Term
Bus Network
 Definition
multiple points of failure
Term
star
 Definition
single point of failure
Term
ring
 Definition
multiple points of failure
Term
Aplication Protocol Interface API
 Definition
layer 7
Term
SNMP, install a agent
 Definition
Layer 7, Agent software on device
Term
socket
 Definition
IP address plus port number
Term
segments, packets, frames, bits
 Definition
4, 3, 2, 1
Term
flow control done on which layer
 Definition
transport layer
Term
Christmas tree attack (flags)
 Definition
done on transport layer
Term
IP Header is on what layer
 Definition
Network
Term
IPv4 IP Address bit length
 Definition
32 Bits, 8 in each octet
Term
IPv4 Classes
 Definition
A-1-126
B 128-191
c 192-223
D 224
Term
Private IP address/internal network only
 Definition
10.xxx.xxx.xxx
172.16.xxx.xxx-172.31.xxx.xxx
192.168.xxx.xxx
Term
APIP
 Definition
Automatic Private IP Address
169.254.xxx.xxx (sign of no DHCP)
Term
Local Loopback
 Definition
127.0.0.1
Term
N.H.H.H Class A Network name and Computer Number
N.N.H.H. Class B Network Name and Computer Number
N.N.N.H ClassC Network Name and Computer Number
 Definition
Term
ICMP (ping)is on what layer of OSI Model
 Definition
Layer 3 Network
Term
Routers breakup broadcast domain
 Definition
Switches breakup collision domain
Term
ARP (Layer 2)
 Definition
IP address to Mac address
Term
Reverse ARP (Layer 2)
 Definition
MAC to IP Address
Term
Frame Relay is on which Layer of OSI
 Definition
Layer 2
Term
803.3 LLC, 803.2
 Definition
Layer
Term
PDU Protocol Data Unit
 Definition
Encapsulated on Layer 4,3,2
Term
802.3x
 Definition
ethernet
Term
509.3x
 Definition
certificates
Term
Private Address of IPv6
 Definition
Link Local starts with FE80:
Term
Public Address of IPv6
 Definition
<2000-2999
Term
how many block in IPv6
 Definition
8 (16bits in each block)
Term
ICMP is not a snch flood (TCP/UDP attack)
 Definition
on layer 3
Term
Utility Control System, Supervisor Control Systems,
 Definition
Term
VOIP
 Definition
Unsecure
QoS (traffic Shape)
SIP (session Initiation protocol)
RTP (Real Time Transfer Protocol)
Term
Attacks
 Definition
Sniffing Eavesdropping
SPIT (Spam over IT)
SPIM (Spam over Internet Messaging)
Vishing
Fishing-Email
Pharming-DNS
Term
wireless (only to tower or ap)
 Definition
802.11
802.11i
Term
Direct Seq Spread Spectrum (DSSS) wireless uses how much of the bandwidth
 Definition
All of it
Term
Freq hopping spread spectrum (FHSS)
 Definition
uses only part of the bandwith
Term
WEP wireless uses and why it's bad
 Definition
RC4
Initialation vector
Key was short (64 bit)
Term
WPA
 Definition
128 bit key
TKIP (renegotiate keys every hour)
problem (RC4 is used also)
Term
WPA 2
 Definition
802.11i
uses AES 256 bit
Term
802.1x
 Definition
Radius
Term
802.1q
 Definition
VLAN
Term
rogue access point
 Definition
different ssid used to steal bandwith
unauthorized device on a network
Term
evil twin
 Definition
same ssid ap
Term
DNS poisoning
 Definition
DNS Sec Dig Signatures
Term
block zone transfer
 Definition
TCP port 56
Term
DDOS Distributed Denial of Service
 Definition
Botnets, Handles, zombies
Term
DDOS
 Definition
looks like common network commo
Term
Blue Snarfing /steal
Blue jacking /send
 Definition
stealing info
sending spam
Term
tcp wrapper
 Definition
linux software based firewalls
Term
Packet filtering firewall (ACL)
 Definition
L3 packet filtering(uses access control list filtering)
doesn't care about content
Term
Dynamic Stateful firewall
 Definition
operates on multiple layers (3,4,5)
Term
Application Layer Firewall
 Definition
do deep packet inspection
(performance suffers from lag)
Term
Anonymizer proxy
 Definition
hides real senders ID
Term
(TOR)Onion Browser
 Definition
hides your ip address
Term
Hardened (Endpoint Security)
 Definition
Do every conceivable to it to secure it
Term
Bastion Host (usually inside DMZ)
 Definition
Host that has been hardened
Term
dual homed host
 Definition
Computer with two NIC's
to isolate traffic from internet
Problem accidentally internal routing of the two NIC cards
Term
DMZ
 Definition
area between trusted and untrusted network, Packet filtering firewall, Honeypot
Term
Honeytoken
 Definition
just alert someone is in the DMZ
Term
screened subnet
 Definition
two routers
Term
Detection system
Prevention system
 Definition
only detects
Can detect and block
Term
IDS anyomoly based
 Definition
behavior, downfalls, prevent good things
Term
IDS Signature Based
 Definition
compares to known attack signatures, downfall outdated people get throught
Term
Host based detection system
 Definition
can only detect unencrypted traffic
Term
packet switching
 Definition
bad-not get every packet in sequence
Term
CHAP
 Definition
Challenge Han shake Authentication Protocol
Term
Extensible A Protocol
 Definition
works with radius 802.1x
Term
last mile
 Definition
distance between local internet to your building
Term
CSU/DSU (Converter box used in the last mile)
 Definition
csu on providers side
dsu connects on cutomer side
Term
Packet switching con
 Definition
packets show up out of sequence
Term
Frame Relay
 Definition
PVC SVC
Term
Symmetic DSL
asymetric dsl
 Definition
same up and down speed
fast down slow up
Term
SONET
 Definition
over the ocean Fiber
Term
Anything that has a S is symetric including the Robert rule RC5
 Definition
Term
BIBA NO WURD BellaLaPulla NO WDRU
 Definition
Term
802.1x
802.1q
 Definition
RADIUS
VLAN (Logically Segmented not Physically)
Term
DNS
 Definition
Term
Hypervisor Type 1
Hypervisor Type 2
 Definition
Cloud (NO OS)
OS home
Term
VDI Virtual Desktop Infrastruction
 Definition
thin client and OS hosted one central/cloud server
Term
vm escape
 Definition
virus breaking out of vm into os
Term
cloud bursting
 Definition
moving data from private cloud to public cloud (Hybrid Cloud)
Term
sofware defined network
 Definition
using computer as router, switches, etc v/s hardware
Term
Administrative Control
 Definition
Managment
Term
Technical (Logical Controls)
 Definition
Term
physical
 Definition
card
Term
Id, authentication, authorized, account
 Definition
Term
LDAP
 Definition
directory service (native LDAP Con-Password is sent in cleartext)
Term
injection attacks
 Definition
usually on databases
Term
Kerberos
 Definition
symmetric keys (confidentiality?integrity)port 123 NTP (time stamp)
subject to brute force attack since all users info is on one server
Term
x509v3
 Definition
certificates
Term
 Definition
Anti Tampering Device
Term
Smart card attack
 Definition
Microprobing
Term
biometric things needed to set it up
 Definition
acceptability, enrollment, throughput, cost, accuracy
Term
exact match biometric
 Definition
replay attack on bio metric (normal is usually threshold 75%)
Term
type 11 error
 Definition
false Acceptance Rate
Term
type 1 error
 Definition
false reject rate
Term
crossover Error Rate
 Definition
type 1 equals type 2 errors
Term
soap
 Definition
simple object access protocol (object languages)
Term
SAML
 Definition
Term
Federated ID management SSO
 Definition
Portable ID Accross buisness boundries
Term
SAML assertion
 Definition
Security Assersion markup langage
Term
Federated ID online
 Definition
OAuth 2.0 (Access Tokens used for authorization)
Term
Discretionary Access Control
 Definition
Owner sets permission
Term
Mandatory Access Control (lattic based)with Labels
 Definition
Strongest form of Access conrol (Bibba/Bella Lapadula)
Term
Role Based Access Control
 Definition
Based on users/roles (Separation of Duties)
Term
Rule Based Access Control
 Definition
Packet filtering ACL
Term
Keyboard is not a technique to restric Access Control Technique
 Definition
Menus, Shells, Database views, physically constrained, Encryption
Term
subject/role/user-capability (row)
Objects/file-access control list (colum)
 Definition
Term
Security Test/Assess
 Definition
Design and validate assessment and test strategies
Term
Auditing
 Definition
Form of integrety, software, logs, etc.monitoring the controls
Term
Categorize
Select baseline controls
Implement the controls
assess/test control
authorized
monitor the security controls
 Definition
Term
two types of databases
 Definition
object and relational
Term
Object databased
 Definition
No seq lang between you and database
Term
Relational Database
 Definition
Term
ACID Test
 Definition
Atomicity
Term
Ediscovery
 Definition
Term
Is a Supervisor a Administrative Control
 Definition
Yes
Term
IC2 Business Continnuty Plan
 Definition
NIST contingency plan
Term
Planning/preparation is a function of Due Diligence
 Definition
Term
Acting on the plan/preparation is Due Care
 Definition
Term
Critical IT functions moved/transferred to alternate site for up to 30 days
 Definition
COOP
Term
Occupant Emergency Plan
 Definition
security of the people
Term
BRP Business Resumption Plan
 Definition
To restore everything back to original site
Term
First thing you do in Incident Response
 Definition
Follow the freaking plan
Term
when is the disaster over
 Definition
when you have moved back to original site or a new permanent site
Term
no single point of failure
 Definition
Term
MTBF (Mean time before falure)
 Definition
how long before equip go down, manufacture should provide
Term
MTTR (Mean time to repair)
 Definition
How long to get it repaired
Term
Which RAID uses interleaving
 Definition
Raid 5
Term
Load Balancing v/s Server
 Definition
LB on frontend of network
Server on Backend
Term
COOP
 Definition
Moving everything/mangement HQ to alternated site
Term
If a there is a disaster Rescue Team (First REsponders)
 Definition
First Responders/Understand priority
Term
Recovery team moves everything to alt site
 Definition
Term
Salvage Team try to fix original site
 Definition
Term
BCP/DRP Testing
 Definition
Checklist
Performing Walkthru
Conducting Simulations (scenarios)
Parallel Testing (testing alt site
Full Interruption testing (shutdown and relocate all resources) Most costly best way to prepare
Term
How often should a DRP tested
 Definition
Annually
Term
DR priority
 Definition
1st protect people
2nd get it assets up and running
Term
Three phases following disruptioin
 Definition
Notificaton/Activation after Disaster Delcared
Recovery Phase
Reconstitution
Move most critical moved first
Term
Occupant Emergency Plan (OEP)
 Definition
Who works with OEP and forensics: rescue team
Term
CERT team (Computer Em Response Team)is
 Definition
Rescue team
Term
who is responsible for implementing the COOP
 Definition
Recovery team
Term
business resumption plan
 Definition
Term
Spiral Software development method
 Definition
Requires a Risk Analysts in each spiral
Prototyping
Supporting users have an ad free experience!