Term
| Time-based model of security |
|
Definition
Three fundamental information security concepts
2. the time-based model-focuses on the relationship between preventive, detective, and corrective controls
P>D+C
P=time it takes to break through
D=time it takes to detect
C=time it takes to respond |
|
|
Term
|
Definition
Three fundamental information security concepts
3. Defense-in-depth-to employ multiple layers of controls in order to avoid having a single point of failure. |
|
|
Term
|
Definition
Preventive controls
Authentication-focuses on verifying the identity of the person or device attempting to access the system. |
|
|
Term
|
Definition
Authentication control
Biometric identifier-verifying physical characteristics |
|
|
Term
| multifactor identification |
|
Definition
Authentication controls
multifactor-the use of two of all three methods in conjunction |
|
|
Term
|
Definition
Preventive controls
Authorization control
authorization-restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform |
|
|
Term
|
Definition
authorization controls
access control matrix-a table specifying which portions of the system users are permitted to access and what actions they can perform |
|
|
Term
|
Definition
authorization controls
compatibility test- matches the user's authentication credentials against the access control matrix to determine whether that employee should be allowed to access that resource and perform the requested action |
|
|
Term
|
Definition
Preventive control
Training
social engineering- use deception to obtain unauthorized access to information resources |
|
|
Term
|
Definition
preventive
controlling remote access
border router-connects an organization's information system to the internet |
|
|
Term
|
Definition
preventive
controlling remote access
firewall-behind the router is the main firewall, which is a combination of security algorithms and router communications protocols that prevent outsiders from tapping into corporate databases and e-mail systems |
|
|
Term
|
Definition
preventive
controlling remote access
DMZ-a separate network that permits controlled access from the Internet to selected resourced, such as the organization's e-commerce Web server |
|
|
Term
| Transmission Control Protocol |
|
Definition
preventive
controlling remote access
TCP-specifies the procedures for dividing files and documents into packets to be sent over the Internet and the methods for reassembly of the original documents of file at the destination |
|
|
Term
|
Definition
preventive
controlling remote access
IP-specifies the structure of those packets, TCP packets, and how to route them to the proper destination |
|
|
Term
|
Definition
preventive
controlling remote access
routers-are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next |
|
|
Term
|
Definition
preventive
controlling remote access
filtering packets
access control list (ACL)-set of rules that determine which packets are allowed entry and which are dropped |
|
|
Term
|
Definition
preventive
controlling remote access
filtering packets
static packet filtering-border routers typically perform this. it screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header |
|
|
Term
|
Definition
preventive
controlling remote access
deep packet inspection
deep packet inspection-When the firewall examines the data in the body of an IP packet rather than only looking at the information in the IP header |
|
|
Term
| intrusion prevention systems (IPS) |
|
Definition
preventive
controlling remote access
deep packet inspection
IPS- new type of filter designed to identify and drop packets that are part of an attack
|
|
|
Term
| Remote Authentication Dial-in User Service (RADIUS) |
|
Definition
Preventive
controlling remote access
Dial-up connection
RADIUS-a standard method for verifying the identity of users attempting to connect via dial-in access. Users connect to a remote access server and submit their login credentials. The remote access server passes those credentials to the RADIUS server, which performs compatibility tests to authenticate the identity of that user. |
|
|
Term
|
Definition
preventive
controlling remote access
dial-up connections
war dialing-searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected. |
|
|
Term
|
Definition
preventive
controlling remote access
Host and application hardening
hosts-the workstations, servers, printers, and other devices that comprise the organization's network |
|
|
Term
|
Definition
preventive
controlling remote access
hosts and application hardening
preventive controls on 1) host configurations
vulnerabilities-flaws in programs that which can be exploited to either crash the system or take control of it |
|
|
Term
|
Definition
preventive
controlling remote access
hosts and application hardening
1) host configuration
hardening-the process of turning off unnecessary features |
|
|
Term
|
Definition
Preventive
controlling remote access
Encryption
Encryption-the process of transforming normal text, called plaintext, into unreadable, gibberish, called ciphertext. Encryption is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be electronically monitored without the user's knowledge. |
|
|
Term
|
Definition
| transforming cyphertext to plaintext |
|
|
Term
|
Definition
preventive
controlling remote access
encryption strength
key escrow-the process of storing a copy of an encryption key in a secure location |
|
|
Term
| symmetric encryption system |
|
Definition
| Encryption systems that use the same key both to encrypt and to decrypt |
|
|
Term
| asymmetric encryption systems |
|
Definition
| a public key that publicly available and a private key that is kept secret and known only by the owner of that pair of keys. Either key, can be used to encode a message, but only the other key in that public-private pair can be used to decode that message. |
|
|
Term
|
Definition
| A process that takes plaintext of any length and transforms it into a short code called a hash |
|
|
Term
|
Definition
| 1) a piece of data signed on a document by a computer. A digital signature cannot be forged and is useful in tracing authorization. 2) Information encrypted with the creator's private key. |
|
|
Term
|
Definition
| An electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key. The digital certificate contains that party's public key. Thus, digital certificates provide an automated method for obtaining an organization's or individual's public key. |
|
|
Term
| Public key infrastructure (PKI) |
|
Definition
| An approach to encryption that uses two keys: a public key that is publicly available and a private key that is kept secret and known only by the owner of that pairs of keys. With PKI, either key (the public or private) can be used to encode a message, but only the other key in that public-private pair can be used to decode that message |
|
|
Term
|
Definition
| An independent organization that issues public and private keys and records the public key in a digital certificate. |
|
|
Term
|
Definition
| cursive-style imprint of a person't name that is applied to and electronic document. |
|
|
Term
|
Definition
Detective Controls
log analysis-the process of examining logs to monitor security |
|
|
Term
| Intrusion Detection Systems (IDS) |
|
Definition
| A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions. |
|
|
Term
|
Definition
detective controls
security testing
vulnerability scans-automated tools designed to identify whether a given system possesses any well-known vulnerabilities |
|
|
Term
|
Definition
detective
security testing
penetration test- an authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's information security. |
|
|
Term
| computer emergency response team (CERT) |
|
Definition
Corrective Controls
CERT-a team responsible for dealing with major security incidents |
|
|
Term
|
Definition
corrective controls
patch management
exploit-the set of instructions for taking advantage of a vulnerability |
|
|
Term
|
Definition
corrective
patch management
patch-code released by software developers that fixes a particular vulnerability |
|
|
Term
|
Definition
corrective
patch management-the process of regularly applying patches and updates to software used by the organization |
|
|
