Term
|
Definition
Recovery Point Objective (RPO)
is a measure of how frequently you take backups.
RPO refers to the amount of data the business can afford to lose |
|
|
Term
|
Definition
Recovery Time Objective (RTO)
is the amount of downtime a business can tolerate.
RTO = Downtime. RTO states how much downtime an application experiences before there is a measurable business loss. |
|
|
Term
|
Definition
| Mean Time To Repair, is the time it takes to run a repair after the occurrence of the failure. |
|
|
Term
|
Definition
| Mean Time Between Failures, is a metric that concerns the average time elapsed between a failure and the next time it occurs. |
|
|
Term
| Privacy Threshold Analysis |
|
Definition
PTA => to help a company's departments gauge their system's information, and determine how to appropriately treat data that has been acquired by the organization.
Identify if PII is present |
|
|
Term
| Privacy Impact Assessment |
|
Definition
The objective of the PIA is to systematically identify the risks and potential effects of collecting, maintaining, and disseminating PII and to examine and evaluate alternative processes for handling information to mitigate potential privacy risks.
This comes after PTA |
|
|
Term
|
Definition
| Business Continuity Plan include a BIA (Business Impact Analysis) |
|
|
Term
|
Definition
| Business Impact Analysis includes information potential monetary losses along with the impact on life, and the organization's reputation. |
|
|
Term
|
Definition
| Spanning Tree Protocol (STP) is a network protocol that builds a loop-free logical topology for Ethernet networks |
|
|
Term
|
Definition
Rapid Spanning Tree Protocol - RSTP provides significantly faster recovery in response to network changes or failures, introducing new convergence behaviors and bridge port roles to do this.
with backward compatibility to legacy Spanning Tree (STP) 802.1D |
|
|
Term
|
Definition
a network switch can connect multiple devices and networks to expand the LAN.
Ethernet switch creates networks.
Network switches operate at layer two (Data Link Layer) of the OSI model. |
|
|
Term
|
Definition
a router will allow you to share a single IP address among multiple network devices.
Routers operate at Layer 3 (Network) of the OSI model
The router allows for connections between networks |
|
|
Term
|
Definition
* Integrity
* Nonrepudiation |
|
|
Term
|
Definition
| two or more parties authenticate each other |
|
|
Term
| Type 1: authentication factors |
|
Definition
| Type 1 – Something You Know – includes passwords, PINs, combinations, code words, or secret handshakes. Anything that you can remember and then type, say, do, perform, or otherwise recall when needed falls into this category. |
|
|
Term
| Type 2: authentication factors |
|
Definition
| Type 2 – Something You Have – includes all items that are physical objects, such as keys, smart phones, smart cards, USB drives, and token devices. (A token device produces a time-based PIN or can compute a response from a challenge number issued by the server.). |
|
|
Term
| Type 3: authentication factors |
|
Definition
| Type 3 – Something You Are – includes any part of the human body that can be offered for verification, such as fingerprints, palm scanning, facial recognition, retina scans, iris scans, and voice verification. |
|
|
Term
|
Definition
| when an occurrence is flagged as malicious |
|
|
Term
|
Definition
Remote Authentication Dial-In User Service servers are central user or authentication points on the network.
Authentication can occur in many ways, such as like EAP (Extensible Auth. Protocol) or CHAP (Challenge Handshake Auth. Protocol) |
|
|
Term
|
Definition
| attempts to replay the results of a previously successful session to gain access. |
|
|
Term
| Input validation helps against... |
|
Definition
|
|
Term
|
Definition
| Trusted Platform Module - the name of a chip that can store cryptographic keys, passwords, or certificates. |
|
|
Term
| "bare metal" hypervisor type |
|
Definition
|
|
Term
|
Definition
| defines port based authentication prior to allowing client network access. |
|
|
Term
|
Definition
uses the public key to identify the data's source.
Asymmetric encryption. |
|
|
Term
|
Definition
| an encrypted message that uses both secret key and public key cryptography methods. A secret symmetric key is used to encrypt and decrypt the message, but the public key method is used to send the secret key to the other party. |
|
|
Term
|
Definition
| uses the public key to verify the data's integrity. |
|
|
Term
|
Definition
| the attacker uses a precomputed lookup table of all possible passwords and their matching hashes. |
|
|
Term
|
Definition
| an attacker obtains the hash of a user password and presents the hash (without cracking it) to authenticate to network protocols. |
|
|
Term
|
Definition
| attack that compares encrypted passwords against a predetermined list of possible password values |
|
|
Term
|
Definition
| the additional time that it takes to restore data from backup, reintegrate different systems and test overall functionality |
|
|
Term
|
Definition
| Challenge-Handshake Authentication Protocol (CHAP) is an identity verification protocol that does not rely on sending a shared secret between the access-requesting party and the identity-verifying party (the authenticator). CHAP is based on a shared secret, but in order to authenticate, the authenticator sends a “challenge” message to the access-requesting party, which responds with a value calculated using a “one-way hash” function |
|
|
Term
|
Definition
| Windows NT LAN Manager (NTLM) is a challenge-response authentication protocol used to authenticate a client to a resource on an Active Directory domain. When the client requests access to a service associated with the domain, the service sends a challenge to the client, requiring that the client to perform a mathematical operation using its authentication token, and then return the result |
|
|
Term
|
Definition
| Internet Key Exchange (IKE) is the protocol used to set up a secure, authenticated communications channel between two parties. IKE typically uses X.509 PKI certificates for authentication and the Diffie–Hellman key exchange protocol to set up a shared session secret. IKE is part of the Internet Security Protocol (IPSec) |
|
|
Term
|
Definition
| Extensible Authentication Protocol (EAP) is an authentication framework, not a specific authentication mechanism, frequently used in wireless networks and point-to-point connections. It provides some common functions and negotiation of authentication methods called EAP methods. The EAP protocol can support multiple authentication mechanisms without having to pre-negotiate a particular one. There are currently about 40 different methods defined. |
|
|
