Shared Flashcard Set

Details

xxxSecurity+ Chap 1, 2
Chap 1 and 2
44
Computer Networking
Professional
05/07/2014

Additional Computer Networking Flashcards

 


 

Cards

Term
critical infrastructure
Definition
infrastructures such as water, electricity, oil and gas refineries, and distribution, banking and finance, and telecommunications; loss would have severe repercussions on the nation
Term
elite hackers
Definition
highly technical individuals; have the ability to write scripts that exploit vulnerabilities and also capable of discovering new vulnerabilities
Term
hacking:
Definition
act of deliberately accessing computer systems and networks without authorization
Term
hactivist:
Definition
a hacker who uses his / her skill for political purposes
Term
highly structured threat:
Definition
threat that is backed by the time and resources to allow virtually any form of attack
Term
information warfare:
Definition
use of information security techniques, both offensive and defensive, when combating an opponent
Term
ping sweep:
Definition
the use of a series of ICMP ping messages to map out a network
Term
port scan:
Definition
examination of TCP and UDP ports to determine which are open and what services are running
Term
script kiddies:
Definition
hackers with little true technical skill and hence only use scripts that someone else has developed
Term
structured threat:
Definition
threat that has reasonable financial backing and can last for a few days or more; organizational elements allow for greater time to penetrate and attack a system
Term
unstructured threat:
Definition
generally conducted over short periods, do not involve large numbers of individuals, have little financial backing; usually accomplished by insiders or outsiders not seeking collusion with others
Term
access control:
Definition
the ability to control whether a subject (individual or process running on a computer system) can interact with an object (file or hardware device); term used to describe a variety of protection schemes; sometimes refers to all security features used to prevent unauthorized access; controls what operations a user can perform
Term
authentication:
Definition
process by which a subject’s identity is verified; ensure that an individual is who they claim to be
Term
availability:
Definition
part of the “CIA” of security; applies to the resources being present and accessible when the subject (user) wants to access or use them
Term
Bell-LaPadula security model:
Definition
security model built around the property of confidentiality; characterized by no-read-up and no-write-down rules
Term
Biba security model:
Definition
security model built around property of integrity; characterized by no-write-up and no-read-down rules
Term
confidentiality:
Definition
part of the “CIA” of security; information should not be disclosed to unauthorized
Term
implicit deny:
Definition
all actions are prohibited unless specifically authorized
Term
integrity:
Definition
part of the “CIA” of security; information is not modified except by authorized individuals
Term
nonrepudiation:
Definition
ability to verify that an operation has been performed by a particular person or account; system property that prevents parties to a transaction from subsequently denying involvement in the transaction; deals with ability to verify that a message has been sent and received, and sender can be identified and verified; tied to asymmetric cryptography
Term
security through obscurity:
Definition
uses the approach of protecting something by hiding it
Term
separation of duties:
Definition
ensures that for any given task, more than one individual needs to be involved
Term
social engineering:
Definition
process of convincing an authorized individual to provide confidential information or access to an unauthorized individual
Term
Quantitative risk assessment
Definition
Only deals with strict $$ amount.
Term
Qualitative risk assessment
Definition
takes into account of tangible and intangible value
Term
Risk Assessment and Mitigation
Definition
Deals with identifying, assessing and reducing the risk of security breaches against company assests.
Term
ALE
Definition
Annual Loss Expectancy (ALE = ARO * SLE)
Term
ARO
Definition
Annual Rate of Occurance (risk of occurance)
Term
SLE
Definition
Single Loss of expectancy (loss of revenue based on down time)
Term
Asset Identification
Definition
Identifying hardware and data, evaluating their worth.
Term
Risk Management Options
Definition
options based on the probability of the risk vs. the cost of the solution (avoidence, transference, acceptance, mitigation, and deterrence)
Term
Avoidence
Definition
Risk doesn't merit the cost of implementing a solution
Term
Transference
Definition
Company transfers the risk to a third party (such as an insurance company or offsite storage area)
Term
Acceptance
Definition
Acceptable level of risk for the profits that can be achieved.
Term
Mitigation
Definition
implementing countermeasures for the risk.
Term
Deterrence
Definition
extension of mitigation where more controls are used to deter threats.
Term
False Negative
Definition
Security issue that has passed security controls as a legitimate action when it should not have.
Term
False Positive
Definition
Legitimate action that is perceived as a risk/threat.
Term
Ways to reduce risk
Definition
Security policies, Network access policies, HR policies.
Term
HIPA
Definition
Health Insurance Portability and Accountability
Term
PCI
Definition
Payment Card Industry
Term
SOX
Definition
Sarbanes-Oxley Act
Supporting users have an ad free experience!