Term
|
Definition
| An event that could cause harm by violating the security ( i.e. Operator abuse of privileges) |
|
|
Term
|
Definition
| Weakness in a system that enables security to be violated (i.e. Weak Segregation of duties) |
|
|
Term
|
Definition
| Anything that is a computer resource (i.e. software data) |
|
|
Term
|
Definition
Preventive
Detective
Corrective |
|
|
Term
|
Definition
Prevent harmful occurrence
-Lower amount and impact of errors entering the system
-Prevent unauthorized intruders from accessing the system |
|
|
Term
|
Definition
Detect after harmful occurrence;
Track unauthorized transactions |
|
|
Term
|
Definition
| Restore after harmful occurrence; Data recovery |
|
|
Term
|
Definition
| Encourage compliance with external controls |
|
|
Term
|
Definition
| Designed into software applications |
|
|
Term
|
Definition
| Control over the various stages of a transaction |
|
|
Term
|
Definition
| Guarantee transactions are proper and valid |
|
|
Term
|
Definition
| Protect the confidentiality and integrity of output |
|
|
Term
|
Definition
| Preserve integrity when configuration changes are made |
|
|
Term
|
Definition
| Ensure data integrity and confidentiality of data during testing |
|
|
Term
|
Definition
| Level of confidence that security policies have been implemented correctly |
|
|
Term
|
Definition
Focuses on basic features and architecture of a system
-System Architecture
-System Integrity
-Covert Channel Analysis
-Trusted Facility Management
-Trusted Recovery |
|
|
Term
|
Definition
Controls and standards required for building and maintaining a system
-Security Testing
-Design Specification and testing
-Configuration Management
-Trusted Distribution |
|
|
Term
|
Definition
| Convey information by changing stored data (B2) |
|
|
Term
|
Definition
| Convey information by altering the performance of or modifying the timing of system resources in measurable way. (B3, A1= Storage and Timing) |
|
|
Term
| Combat Covert Channel Analysis |
|
Definition
| With noise and traffic generation |
|
|
Term
| Trusted Facility Management |
|
Definition
-Required for B2, B3, and A1
-Defined as assignment of a specific individual to administer the security of a system. (Security Administrator) |
|
|
Term
|
Definition
-Assign different tasks to different personnel
-No single person can completely compromise a system
-Related to the concept of least privileges – least privileges required to do one’s job |
|
|
Term
|
Definition
| System Administrator and Security Administrator must be different roles. SoD |
|
|
Term
|
Definition
| System Administrator, Security Administrator, and Enhanced Operator must be different roles. SoD |
|
|
Term
|
Definition
Enhanced Operator Functions
-Installing software
-Start up and shut down of system
-Adding removing users
-Performing back up and recovery
-Handling printers and queues |
|
|
Term
| Security Administrator Functions |
|
Definition
-Setting user clearances, initial passwords and other security characteristics for new users
-Changing security profiles for users
-Setting file sensitivity labels
-Setting security of devices
-Renewing audit data
-B2 security level requires that systems must support separate operator and system administrator roles.
-B3 and A1, systems must clearly identify the functions of the security administrator to perform the security-related functions |
|
|
Term
|
Definition
| Limiting the length of time a person performs duties before being moved |
|
|
Term
| Hierarchical recovery types |
|
Definition
-Manual Recovery – Sys Admin must be involved
-Automated Recovery – no intervention for single failure
-Automated Recovery without Undue Loss – similar to Automated Recovery, higher level pf recovery no undue loss of protected object |
|
|
Term
|
Definition
Required for B3 and A1 levels
-Ensures Security is not breached when a system crashes or fails
-System must be restarted without compromising security
-Failure Preparation: Backups on a regular basis
System Recovery:
-Rebooting in single user mode – no other users allowed on the system
-Recovering all file systems
-Restoring files
-Recovering security
-Checking security critical files |
|
|
Term
| Configuration Change Management |
|
Definition
Required B2, B3 and A1
-Process of tracking and approving changes
-Identify, control and audit changes
-Changes to the system must not diminish security
-Includes roll back procedures
-Documentation updates to reflect changes
-Recommended for systems below the required B2, B3 and A1
-Change Control Functions
-Configuration Management required for Development and Implementation stages for B2 and B3
-Configuration Management required for life cycle of system for A1 |
|
|
Term
|
Definition
-Orderly manner and formalized testing
-Users informed of changes
-Analyze effects of changes
-Reduce negative impact of changes |
|
|
Term
|
Definition
-HR and personnel controls
-Personnel Security
-Employment screening
-Mandatory Vacation
-Warnings and Termination for violating security policy
-Separation of Duties (SoD)
-Least Privileges
-Need to Know
-Change Control/ Configuration Control
-Record Retention and Documentation |
|
|
Term
|
Definition
-No access beyond job requirements
-Group level privileges for Operators
*Read Only
*Read /Write - usually copies of original data
*Access Change – make changes to original data |
|
|
Term
|
Definition
| - Records should be maintained according to management, legal, audit and tax requirements |
|
|
Term
|
Definition
-Computer Operator – backups, system console, mounting tapes, hardware, software
-Operations Analyst – works with application developers, maintenance programmers and computer operators
-Job Control Analyst – responsible for overall job control quality
-Production Scheduler – planning and timing of processing
-Production Control Analyst – printing and distribution of reports
-Tape Librarian – collects tapes, manages off-site storage |
|
|
Term
|
Definition
| Data left on media after it has been erased |
|
|
Term
| Due care and Due Diligence |
|
Definition
| Security Awareness, Signed Acceptance of Employee Computer Use Policy |
|
|
Term
|
Definition
-Hardware Maintenance
*Requires physical and logical access by support and vendors
*Supervision of vendors and maintenance, background checks
-Maintenance Accounts
*Disable maintenance accounts when not needed
*Rename default passwords
-Diagnostic Port Control
*Specific ports for maintenance
*Should be blocked from external access
-Hardware Physical Controls – require locks and alarms
*Sensitive operator terminals
*Media storage rooms
*Server and communications equipment
*Modem pools and circuit rooms |
|
|
Term
|
Definition
-Anti-virus Management – prevent download of viruses
-Software Testing – formal rigid software testing process
-Software Utilities – control of powerful utilities
-Safe software Storage – prevent modification of software and copies of backups
n Back up Controls – test and restore backups |
|
|
Term
|
Definition
| Prevent the loss of sensitive information when the media is stored outside the system |
|
|
Term
| Types of Media Security Controls |
|
Definition
-Logging – log the use of the media, provides accountability
-Access Control – physical access control
-Proper Disposal – sanitization of data – rewriting, degaussing, destruction |
|
|
Term
|
Definition
| protect during handling, shipping and storage |
|
|
Term
| Media Viability Controls Types |
|
Definition
-Marking – label and mark media, bar codes
-Handling – physical protection of data
-Storage – security and environmental protection from heat, humidity, liquids, dust, smoke, magnetism |
|
|
Term
|
Definition
| Testing a networks defenses by using the same techniques as external intruders |
|
|
Term
| Penetration Testing Types |
|
Definition
-Scanning and Probing – port scanners
-Demon Dialing – war dialing for modems
-Sniffing – capture data packets
-Dumpster Diving – searching paper disposal areas
-Social Engineering – most common, get information by asking |
|
|
Term
|
Definition
Looking for:
-Repetitive Mistakes
-Individuals who exceed authority
-Too many people with unrestricted access
-Patterns indication serious intrusion attempts
-Clipping levels must be established to be effective
-Clipping Level – baseline of normal activity, used to ignore normal user errors
-Profile Based Anomaly Detection |
|
|
Term
|
Definition
IT Auditors Audit:
-Backup Controls
-System and Transaction Controls
-Data Library Controls
-Systems Development Standards
-Data Center Security
-Contingency Plans |
|
|
Term
|
Definition
-Enables tracking of history of modifications, deletions, additions.
-Allow for accountability |
|
|
Term
| Audit logs should record: |
|
Definition
-Transaction time and date
-Who processed transaction
-Which terminal was used
-Various security events relating to transaction |
|
|
Term
|
Definition
-Amendment to production jobs
-Production job reruns
-Computer Operator practices |
|
|
Term
|
Definition
Goals:
-Reduce failures to a manageable level
-Prevent occurrence of a problem
-Mitigate the impact of problems |
|
|
Term
|
Definition
-Degraded resource availability
-Deviations from the standard transaction procedures
-Unexplained occurrences in a processing chain |
|
|
Term
|
Definition
| If realized can cause damage to a system or create a loss of C.I.A. |
|
|
Term
|
Definition
| A weakness in a system that can be exploited by a threat |
|
|
Term
|
Definition
-Can be grounds for job action or dismissal
-Inappropriate content – storing inappropriate content like porn
-Waste of Corporate Resources – personal use of hardware and software
-Sexual or Racial Harassment – Using e-mail or other resources to distribute inappropriate material
-Abuse of privileges or rights – using unauthorized access levels to violate confidentiality of company data |
|
|
Term
| Illegal Computer Operations |
|
Definition
-Eavesdropping – sniffing, dumpster diving, social engineering
-Fraud – collusion, falsified transactions
-Theft – information or trade secrets, physical hardware and software theft
-Sabotage – Denial of Service (DoS), production delays
-External Attacks – malicious cracking, scanning, war dialing |
|
|
Term
|
Definition
-Piecing together information from bits of data
*Keyboard Attacks – sitting at the keyboard using normal utilities to gain information
*Laboratory Attack – using very precise electronic equipment |
|
|
Term
| Network Address Hijacking |
|
Definition
-Enables intruder to capture traffic for analysis or password theft
-Intruder can reroute the data output, obtain supervisory terminal function and bypass system logs. |
|
|
Term
| IPL (Initial Program Load) Vulnerabilities |
|
Definition
-Ability to put the system in single user mode at boot up
-Grants Operator powerful features |
|
|
Term
|
Definition
1.Dedicated - highest
2.System High - 2nd highest
3. Compartmented - 3rd highest
4. Mutlilevel - lowest |
|
|
Term
|
Definition
-Personnel Clearance required for all information
-Formal Access Approval required for all Information on AIS
-Need to Know required for all information on on AIS |
|
|
Term
|
Definition
Personnel Clearnce - Required for all Information on AIS
-Formal access approval required for all information on AIS
-Need to know rquired for SOME information on AIS |
|
|
Term
|
Definition
Personnel clearance - Required for the MOST Restricted information on the AIS
-Formal access approval required for the Information the user has access to
-Need to know reuqired for the information the user has access to |
|
|
Term
|
Definition
-Personnel clearance SOME users don't have clearance for the information
-Formal Access required for the information that Each user can access
-Need to know required for the information that EACH user can access |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
| Discretionary Access Protection |
|
|
Term
|
Definition
| Controlled Access Protection |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Labeled Security Protection |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
-Manual
-Automated
-Automated without Undue Loss |
|
|
Term
|
Definition
-Failure Protection
-System recovery
a. Reboot into single-user mode
b. Recover all files that were active at failure
c.Restore missing or damaged files and data from backups
d.Recover required security characteristics
e.check security-critical files |
|
|
