Term
|
Definition
| a technique used to compromise a system. |
|
|
Term
|
Definition
| a condition or state of being exposed. In information security, it exists when a vulnerability known to an attacker is present. |
|
|
Term
|
Definition
| a single instance of an information asset suffering damage or unintended or unauthorized modification or disclosure. |
|
|
Term
| protection profile or security posture |
|
Definition
| the entire set of controls and safguards, including policy, education, training and awareness, and technology, that the organization implements to protect the asset. |
|
|
Term
|
Definition
| the probability that somethign unwanted will happen. Orgs. must minimize this to match their risk appetite. |
|
|
Term
|
Definition
| the quantity and nature of risk the organization is willing to accept. |
|
|
Term
|
Definition
| a category fo objects, persons, or other entities that presents a danger to an asset. They are always present and can be purposeful or undirected. |
|
|
Term
|
Definition
| the specific instance or a component of a threat. |
|
|
Term
|
Definition
| a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. |
|
|
Term
|
Definition
| enables authorized users to access information without interference or obstruction and to receive it in the required format. |
|
|
Term
|
Definition
| information has ____ when it is free from mistakes or errors and it has the value that the end user expects. If information has been intentionally or unintentionally modified, it no longer is accurate |
|
|
Term
|
Definition
| the quality or state of being genuine or original, rahter than a reproduction or fabrication. |
|
|
Term
|
Definition
| the act of sending an e-mail message with a modified field, is a problem for many people today, because often the modified field is the address fo the originator. |
|
|
Term
|
Definition
| when an attacker attempts to obtain personal or financial information using fraudulent means, most often by posing as another individual or organization. |
|
|
Term
|
Definition
| when information is protected from disclosure or exposure to unauthorized individuals or systems. It ensures that only those with the rights and privileges to access information are able to do so. |
|
|
Term
|
Definition
| taking bits and pieces of information instead of all the required information to avoid detection. |
|
|
Term
|
Definition
| information has this when it is whole, complete, and uncorrupted. It is threatened with the information is exposed to corruption, damage, destruction, or other disruption of its authentic state. |
|
|
Term
|
Definition
| a file is read by a special algorithm that uses the value of the bits in the file to compute a single large number called a hash value. |
|
|
Term
|
Definition
| the quality or state of having value for some purpose or end. |
|
|
Term
|
Definition
| the quality or state of ownership or control. |
|
|
Term
|
Definition
| information security can begin as a grassroots effort in which systems administrators attempt to improve the security of their systems. This is often referred to as a ____. |
|
|
Term
|
Definition
| in which the project is initiated by upper-level managers who issue policy, procedures and processes, dictate the goals and expected outcomes, and determine accountability of reach required action |
|
|
Term
| Systems development life cycle |
|
Definition
| a methodology for the design and implementation of an information system. |
|
|
Term
|
Definition
| a formal approach to solving a problem by means of a structured sequence of procedures. |
|
|
Term
|
Definition
| illustrates that each phase of SDLC begins with the results and information gained from the previous phase. |
|
|
Term
| Investigation; Analysis; Logical Design; Physical Design; Implementation; Maintenance and Change |
|
Definition
| What are the six phases of Systems development life cycle (SDLC) |
|
|
Term
|
Definition
| the most important phases of SDLC |
|
|
Term
|
Definition
| This phase of SDLC consists primarily of assessments of the organization, the status of current systems, and the capability to support the proposed systems. |
|
|
Term
|
Definition
| In this phase of SDLC, the information gained from the analysis phase is used to begin creating a solution system for a business problem. |
|
|
Term
|
Definition
| During this phase of SDLC, specific technologies are selected to support the alternatives identified and evaluated in the logical phase |
|
|
Term
|
Definition
| During this phase of SDLC, any needed software is created or purchased. |
|
|
Term
|
Definition
| During this phase of SDLC, consists fo tasks necessary to support and modify the system for the remainder of its useful life cycle. |
|
|
Term
| The Security Systems Development Life Cycle. (SecSDLC) |
|
Definition
| This is used to identify specific threats and creating controls to counter them. |
|
|
Term
|
Definition
| the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person's intellectual property may or may not involve royalty payments or permissions, but should always include proper credit to the source. |
|
|
Term
|
Definition
| the unlawful use or duplication of software-based intellectual property |
|
|
Term
| Deliberate Software Attacks |
|
Definition
| Occurs when an individual or group designs and deploys software to attack a system |
|
|
Term
| Malicious code, malicious software, Malware |
|
Definition
| Software components or programs are designed to damage, destroy, or deny service to the target systems |
|
|
Term
|
Definition
| segments of code that attaches itself to an existing program and takes control of that program's access to the targeted computer |
|
|
Term
|
Definition
| Virus which is embedded in automatically executing macro code used by word processors, spread sheets, and database applications. |
|
|
Term
|
Definition
| Virus which infects the key operating system files located in a computer's boot sector. |
|
|
Term
|
Definition
| A malicious program that replicates itself constantly, without requiring another program environment. |
|
|
Term
|
Definition
| Software programs that hide their true nature and reveal their designed behavior only when activated. |
|
|
Term
|
Definition
| Allows the attacker to access the system at will with special privileges |
|
|
Term
|
Definition
| A treat that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. |
|
|
Term
|
Definition
| Damage to the physical materials used to send and recieve data can cause ____ |
|
|
Term
|
Definition
| the ownership of ideas and control over the tangible or virtual representation of those ideas. Use of another person's intellectual property may or may not involve royalty payments or permissions, but should always include proper credit to the source. |
|
|
Term
|
Definition
| the unlawful use or duplication of software-based intellectual property |
|
|
Term
| Deliberate Software Attacks |
|
Definition
| Occurs when an individual or group designs and deploys software to attack a system |
|
|
Term
| Malicious code, malicious software, Malware |
|
Definition
| Software components or programs are designed to damage, destroy, or deny service to the target systems |
|
|
Term
|
Definition
| segments of code that attaches itself to an existing program and takes control of that program's access to the targeted computer |
|
|
Term
|
Definition
| Virus which is embedded in automatically executing macro code used by word processors, spread sheets, and database applications. |
|
|
Term
|
Definition
| Virus which infects the key operating system files located in a computer's boot sector. |
|
|
Term
|
Definition
| A malicious program that replicates itself constantly, without requiring another program environment. |
|
|
Term
|
Definition
| Software programs that hide their true nature and reveal their designed behavior only when activated. |
|
|
Term
|
Definition
| Allows the attacker to access the system at will with special privileges |
|
|
Term
|
Definition
| A treat that over time changes the way it appears to antivirus software programs, making it undetectable by techniques that look for preconfigured signatures. |
|
|
Term
|
Definition
| Damage to the physical materials used to send and recieve data can cause ____ |
|
|
Term
|
Definition
| agreement between web hosting services that provide minimum service levels |
|
|
Term
|
Definition
| experince a momentary increase in power levels |
|
|
Term
|
Definition
| experience a prolonged increase |
|
|
Term
|
Definition
| experience a momentary low in power level |
|
|
Term
|
Definition
| experience a prolonged decrease in voltage |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| legal techniques used to access the information about a company and/or clients |
|
|
Term
|
Definition
| when information gatherers employ techniques that cross the threshold of what is legal or ethical. |
|
|
Term
|
Definition
| people who use and create computer software to gain access to information illegally. |
|
|
Term
|
Definition
| unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter. |
|
|
Term
| expert hacker/elite hacker |
|
Definition
| They develop software scripts and program exploits used by those in the second category, the notice hacker. |
|
|
Term
|
Definition
| using a known or previously unknown and newly discovered access mechanism, an attacker can gain access to a system or network resource. |
|
|
Term
|
Definition
| attempting to reverse calculte a password |
|
|
Term
|
Definition
| the application of computing and network resources to try every possible combination of options a password |
|
|
Term
|
Definition
| the type of password attack narrows the field by selecting specific accounts to attack and uses a list of commonly used passwords to guess with |
|
|
Term
|
Definition
| the attacker send a large number of connection or information requests to a target. So many requests are made that the target system cannot handle them successfully along with other, legitimate requests for service. This may result in a system crash or merely an inability to perform ordinary functions. |
|
|
Term
| Distributed Denial-of-Service (DDoS) |
|
Definition
| an attack in which a coordinated stream of requests is launched against a target from many locations at the same time |
|
|
Term
|
Definition
| a technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is comng from a trusted host. |
|
|
Term
|
Definition
| TCPhijacking attack, an attacker sniffs packets from the network, modifies them, and inserts them back into the network |
|
|
Term
|
Definition
| unsolicited commercial e-mail. while many consider it a nuisance rather than an attack, it is emerging as a vector for some attacks |
|
|
Term
|
Definition
| another form of email attack that is also a DoS, in which an attacker routes large quantities of email to the target. |
|
|
Term
|
Definition
| a program and/or device that can monitor data travelling over a network. They can be used both for legitimate network management funcitons and for stealing information form a network |
|
|
Term
|
Definition
| an attempt to gain personal or financial information from and individual, usually by posing as a legitimate entity |
|
|
Term
|
Definition
| the redirection of legitimate web traffic to an illegitimate site for the purpose of obtaining private information |
|
|
Term
|
Definition
| with the context of information security, the process of using social skills to convince people to reveal credentials or other valuableinformation to the hacker |
|
|
Term
|
Definition
| works by exploring the contents of a web browser's cache. This could allow the designer to collect information to access to passwork-protected sites. another attack by the same name involves attempting to intercept cryptographic elements to determine keys and encryption algorithms. |
|
|
Term
| Secure Software Assurance (SwA) Common Body of Knowledge (CBK) |
|
Definition
| serves a strongly recommended guide to developing more secure applications. |
|
|
Term
1)Protects organizations's ability to function
2)Enables safe operations of applications implemented on organization's IT systems
3) Protects date the organization collects and uses
4) Safeguards the technology assets in use at the organization |
|
Definition
| Information security performs four important functions: |
|
|
Term
|
Definition
| object, person, or other entity representing a constant danger to an asset |
|
|
Term
| Policy, education, training, and technology controls |
|
Definition
| management effectively protects its information through: |
|
|
Term
|
Definition
| a deliberate act that exploits vulnerability |
|
|
Term
|
Definition
| secure systems require ____ ____. |
|
|
