Shared Flashcard Set

Details

Info Sec Chapter
Chap4,5,6
47
Computer Science
Undergraduate 2
03/13/2009

Additional Computer Science Flashcards

 


 

Cards

Term
Standard Of Care
Definition
When organizations abopt levels of security for a legal defense, they may need to show that they have done any prudent org. would do.
Term
ARO (Annuanlized Rate of Occurrence
Definition
The anticipated rate of occurrence of a loss from the specified threat over one year.
Term
RISK
Definition

The probablility that something can happen.

 

 

ALSO RISK= the Likelihook of vulnerability occurence times value (or impact) - % risk

Term
Incident response plan (IR)
Definition
addresses the identification, classificaton, response, and recovery from an incident.
Term
Risk Appetite
Definition
The quantity and nature of risk that ORG are willing to accept.
Term
Military uses ?- Level classification scheme
Definition
FIVE :)
Term
General Security Policy
Definition
Is an executive-level doc that outlines the ORG's approach and attitude towards INFOSEC
Term
Management of classified data includes its storage and (3 answers)
Definition
Destruction, Distribution, Portability
Term
Weighted Factor Analysis
Definition

In a Weighted Factor Analysis, each information asset is assigned a score of each critical factor.

Page 128

Term
Acceptance of Risk
Definition
Is the choice to do nothing to protect a vulnerability and to accept the oucome of its exploration.
Term
Confidential
Definition
Data that any info or material the unathorized disclosure of which reasonably could be expected to cause damage to the national securtiy.
Term
Competitve disadvantage
Definition
Refers to the need to avoid failling behind the competition
Term
Operational Feasibility
Definition
Address user acceptance and support, management acceptance and support, and the overall requirements of the ORG's stakeholders
Term

Which infomation assets should be tracked?

(3 answers)

Definition
Procedures, People, and Data
Term
Risk Identification
Definition

First phase of Risk Management

 Defined: The formal process of examining and documenting the security posture of an ORG's Into Tech and the risks it faces

Term
Issue-Specific Security Policy
Definition
IS a planning document that outlines the process of implementing security in the ORG.
Term
Risk Control
Definition
Is the process of applying safeguards to reduce the risks to an ORG's data and information systems.
Term
Disaster Recovery Plan (DRP)
Definition
Includes all preparations for the recovery process, startegies to limit losses during the disaster, and detailed steps to follow when the smoke clears.
Term
Lattice Table
Definition
Is a row of attributes associated with a particular subject in the Lattic-Based Access Control Structure
Term
Field Change Order (FCO)
Definition
An authorized issued by an organization for the repair, modification, or update of a piece of equipment.
Term
Annualized Rate of Occurrence
Definition
The anticipated rate of occurrence of a loss from the specified threat over one year.
Term
Discretionary Access Control
Definition
A type of data access control in which data users are allowed to grant access to their peers.
Term
VPN
Definition
A private data network that makes use of public Telco with using privacy through the use of tunneling protocal
Term
Transport Mode
Definition
The data within an IP packet is encrypted, but the header info is not.
Term
Sacrificail Host
Definition
IE- Baston Host stands alone as a sole defender on the network perimeter.
Term
DMZ
Definition
IS an intermediate area between a trusted network and an untrusted network
Term
RADIUS and TACACS
Definition
Are systems that auth the credentials of users who are trying to access an org's net via dial-up
Term
Dynamic Filtering
Definition
Allows the firewall to react to an emergent evernt and update or create rules to deal with the event.
Term
Static Filtering
Definition
Requires that the filtering rules governing how the firewall decides which packets are allowed and which are denied are developed and instatlled.
Term
Key Distribution Center
Definition

Generates Keys which issue a Key Session

in Kerberos

Term
Ticket Granting Service (TGS)
Definition
Kerberos TGS provides tickets to clients who request servcies.
Term
Application Gateway is also known as?
Definition
Application-Level Firewall
Term
What port is Telnet?
Definition
23
Term
Screened Subnet
Definition
Is the dominate architecture used to secure network access today in large org's
Term
Packet Filtering
Definition
Examine every incoming packet header and can selectively filter packets based on header info such as destination address, source addy, packet type and other
Term
Point to Point Tunneling Protocal are used in what server type
Definition
ISA Server
Term
Stateful Firewall
Definition
Keep track of each network connecton between internal and external systems
Term
Most common packet filters on firewalls
Definition
Direction- TCP or UDP source and Destination port request- IP source and Dest addy
Term
ICMP uses what port?
Definition
7
Term
Privilege Attribure Certificate (PAC)
Definition
In SESAME, the user is first Auth to an auth server and receives a token. The token is then presented to a privilege attribute server as proof of identity to gain a PAC
Term
MAC layer firewalls
Definition
Operate at the media access control sub-layer of the data link layer of the OSI model
Term
What 2 impletmetion models are there for content filters
Definition
Rating and Filtering
Term
Proxy server are oftent placed in an unsecure area called?
Definition
Demilitarized zone.
Term
There are _____ major processing-mode categories of firewalls.
Definition
FIVE
Term
What protocal handels TCP traffic on a proxy server?
Definition
SOCKS
Term
What different versions of TACACS are there?
Definition
TACACS+, TACACS, Extended TACACS
Term
Access Controls can be ? (3 answers)
Definition
Discretionary, Mandatory, and nondiscretionary.
Supporting users have an ad free experience!