Term
|
Definition
| When organizations abopt levels of security for a legal defense, they may need to show that they have done any prudent org. would do. |
|
|
Term
| ARO (Annuanlized Rate of Occurrence |
|
Definition
| The anticipated rate of occurrence of a loss from the specified threat over one year. |
|
|
Term
|
Definition
The probablility that something can happen. ALSO RISK= the Likelihook of vulnerability occurence times value (or impact) - % risk |
|
|
Term
| Incident response plan (IR) |
|
Definition
| addresses the identification, classificaton, response, and recovery from an incident. |
|
|
Term
|
Definition
| The quantity and nature of risk that ORG are willing to accept. |
|
|
Term
| Military uses ?- Level classification scheme |
|
Definition
|
|
Term
|
Definition
| Is an executive-level doc that outlines the ORG's approach and attitude towards INFOSEC |
|
|
Term
| Management of classified data includes its storage and (3 answers) |
|
Definition
| Destruction, Distribution, Portability |
|
|
Term
|
Definition
In a Weighted Factor Analysis, each information asset is assigned a score of each critical factor. Page 128 |
|
|
Term
|
Definition
| Is the choice to do nothing to protect a vulnerability and to accept the oucome of its exploration. |
|
|
Term
|
Definition
| Data that any info or material the unathorized disclosure of which reasonably could be expected to cause damage to the national securtiy. |
|
|
Term
|
Definition
| Refers to the need to avoid failling behind the competition |
|
|
Term
|
Definition
| Address user acceptance and support, management acceptance and support, and the overall requirements of the ORG's stakeholders |
|
|
Term
Which infomation assets should be tracked? (3 answers) |
|
Definition
| Procedures, People, and Data |
|
|
Term
|
Definition
First phase of Risk Management Defined: The formal process of examining and documenting the security posture of an ORG's Into Tech and the risks it faces |
|
|
Term
| Issue-Specific Security Policy |
|
Definition
| IS a planning document that outlines the process of implementing security in the ORG. |
|
|
Term
|
Definition
| Is the process of applying safeguards to reduce the risks to an ORG's data and information systems. |
|
|
Term
| Disaster Recovery Plan (DRP) |
|
Definition
| Includes all preparations for the recovery process, startegies to limit losses during the disaster, and detailed steps to follow when the smoke clears. |
|
|
Term
|
Definition
| Is a row of attributes associated with a particular subject in the Lattic-Based Access Control Structure |
|
|
Term
|
Definition
| An authorized issued by an organization for the repair, modification, or update of a piece of equipment. |
|
|
Term
| Annualized Rate of Occurrence |
|
Definition
| The anticipated rate of occurrence of a loss from the specified threat over one year. |
|
|
Term
| Discretionary Access Control |
|
Definition
| A type of data access control in which data users are allowed to grant access to their peers. |
|
|
Term
|
Definition
| A private data network that makes use of public Telco with using privacy through the use of tunneling protocal |
|
|
Term
|
Definition
| The data within an IP packet is encrypted, but the header info is not. |
|
|
Term
|
Definition
| IE- Baston Host stands alone as a sole defender on the network perimeter. |
|
|
Term
|
Definition
| IS an intermediate area between a trusted network and an untrusted network |
|
|
Term
|
Definition
| Are systems that auth the credentials of users who are trying to access an org's net via dial-up |
|
|
Term
|
Definition
| Allows the firewall to react to an emergent evernt and update or create rules to deal with the event. |
|
|
Term
|
Definition
| Requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and instatlled. |
|
|
Term
|
Definition
Generates Keys which issue a Key Session in Kerberos |
|
|
Term
| Ticket Granting Service (TGS) |
|
Definition
| Kerberos TGS provides tickets to clients who request servcies. |
|
|
Term
| Application Gateway is also known as? |
|
Definition
| Application-Level Firewall |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Is the dominate architecture used to secure network access today in large org's |
|
|
Term
|
Definition
| Examine every incoming packet header and can selectively filter packets based on header info such as destination address, source addy, packet type and other |
|
|
Term
| Point to Point Tunneling Protocal are used in what server type |
|
Definition
|
|
Term
|
Definition
| Keep track of each network connecton between internal and external systems |
|
|
Term
| Most common packet filters on firewalls |
|
Definition
| Direction- TCP or UDP source and Destination port request- IP source and Dest addy |
|
|
Term
|
Definition
|
|
Term
| Privilege Attribure Certificate (PAC) |
|
Definition
| In SESAME, the user is first Auth to an auth server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a PAC |
|
|
Term
|
Definition
| Operate at the media access control sub-layer of the data link layer of the OSI model |
|
|
Term
| What 2 impletmetion models are there for content filters |
|
Definition
|
|
Term
| Proxy server are oftent placed in an unsecure area called? |
|
Definition
|
|
Term
| There are _____ major processing-mode categories of firewalls. |
|
Definition
|
|
Term
| What protocal handels TCP traffic on a proxy server? |
|
Definition
|
|
Term
| What different versions of TACACS are there? |
|
Definition
| TACACS+, TACACS, Extended TACACS |
|
|
Term
| Access Controls can be ? (3 answers) |
|
Definition
| Discretionary, Mandatory, and nondiscretionary. |
|
|
