Principles of Information Security

The Risk Management Framework (RMF) Steps

1. Categorize information system 2. Select security controls 3.Implement security controls 4. Assess Security Controls 5. Authorize Information System

All access control approaches rely on the following four mechanisms:

1. Identification- I am a user of the system 2. Authentication- I can prove I'm a user of the system 3. Authorization- Here's what I can do with the system 4. Accountability- You can track and monitor use of the system

Configuration Management Process

1. Identify Change 2. Evaluate the change request 3. Implement the decision 4. Implement approved change request 5. Continuous Monitoring

Search and Seizure Basic Methodology

1. Identify relevant EM 2. Acquire (seize) the evidence without alteration or damage 3. take steps to assure that the evidence is verifiably authentic at every step and is unchanged from the time is was seized 4. Analyze the data without risking modification 5. Report the findings to the proper authority

The Information Security Services Life Cycle Phases

1. Initiation 2. Assessment 3. Solution 4. Implementation 5. Operations 6. Closeout

Interconnecting Systems Life Management Phase Cycles

1. Planning the interconnection 2. Establishing the interconnection 3. Maintaining the interconnection 4. Disconnecting the interconnection

Ongoing Monitoring Activities of Information Security Governance

1. Plans of Actions and Milestones - assist in identifying, assessing, prioritizing, and monitoring progress and corrective efforts for security weaknesses found in programs and systems 2. Measurement & Metrics- metrics are tools designed to improve performance and accountability through the collection analysis and reporting of relevant performance data 3. Continuous Assessment- monitors the initial security accreditation of an information system to track changes to it, etc. 4. Configuration Management- monitors the status of security controls and identifying potential security problems 5. Network Monitoring- information about network performance and user behavior on the network 6. Incident and Event Statistics- valuable in determining the effectiveness of implemented security policies and procedures

line-interactive UPS

A UPS in which a pair of inverters and converters draw power from the outside source both to charge the battery and provide power to the internal protected device.

Standby ferroresonant UPS

A UPS in which the outside power source directly feeds the internal protected device.

double conversion online UPS

A UPS in which the protected device draws power from an output inverter

Secure VPN

A VPN implementation that uses security protocols to encrypt traffic transmitted across unsecured public networks.

Configuration

A collection of components that make up a configuration item.

Software Library

A collection of configuration items that is usually controlled and that developers use to construct revisions and issue new configuration items

Hybrid VPN

A combination of trusted and secure VPN implementations

Deliverable

A completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.

Symmetric Encryption

A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.

Vernam Cipher

A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.

Project Scope

A description of a project's features, capabilities, functions, and quality level, used as the basis of a project plan.

1976

A designed based on Lucifer was chosen by the U>S National Security Agency as the Data Encryption Standard, which found worldwide acceptance.

Application Layer Proxy Firewall

A device capable of functioning both as a firewall and an application layer proxy server.

Request for Proposal (RFP)

A document specifying the requirements of a project, provided to solicit bids from internal or external contractors.

rate-of-rise sensor

A fire detection sensor that works by detecting an unusually rapid increase in the area temperature within a relatively short period of time.

ionization sensor

A fire detection sensor that works by exposing the ambient air to a small amount of a harmless radioactive material within a detection chamber; an alarm is triggered when the level of electrical conductivity changes within the chamber.

photoelectric sensor

A fire detection sensor that works by projecting an infrared beam across an area. If the beam is interrupted, presumably by smoke, the alarm or suppression system is activated.

Air-Aspirating Detector

A fire detection sensor used in high-sensitivity areas that works by taking in air, filtering it, and passing it through a chamber that contains a laser beam. The alarm triggers if the beam is broken.

Clean Agent

A fire suppression agent that does not leave any residue after use or interfere with the operation of electrical or electronic equipment.

pre-action system

A fire suppression sprinkler system that employs a two-phase response to a fire. When a fire is detected anywhere in the facility, the system will first flood all pipes, then activate only the sprinkler heads in the area of the fire.

Dry-Pipe System

A fire suppression sprinkler system that has pressurized air in all pipes. The air is released in the event of a fire, allowing water to flow from a central area.

Deluge System

A fire suppression sprinkler system that keeps all individual sprinkler heads open and applies water to all areas when activated.

Screened host architecture

A firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall.

Screened subnet architecture

A firewall architectural model that consists of one or more internal bastion hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protecting the trusted network.

Media Access Control Layer Firewall

A firewall designed to operate at the media access control sublayer of the network's data link layer

Dynamic packet filtering firewall

A firewall type that can react to network traffic and create or modify configuration rules to adapt.

Stateful Packet Inspection (SPI) Firewall

A firewall type that keeps track of each network connection between internal and external systems using a state table and that expedites the filtering of those communications

Virtual Organization

A group of people brought together for a specific task, usually from different organizations, divisions, or departments

Sensor

A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application

Configuration Item

A hardware or software item that will be modified and revised throughout its life cycle.

Diffie-Hellman key exchange

A hybrid cryptosystem that facilitates exchanging private keys using public-key encryption.

Message Authentication Code (MAC)

A key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.

Work Breakdown Structure (WBS)

A list of the tasks to be accomplished in the project, the skill sets or individual employees needed to perform the tasks, the start and end dates for tasks, the estimated resources required, and the dependencies among tasks.

Build List

A list of the versions of components that make up a build.

electromechanical lock

A lock that can accept a variety of inputs as keys, including magnetic strips on ID cards, radio signals from name badges, personal identification numbers (PINs) typed into a keypad, or some combination of these to activate an electrically powered locking mechanism.

Biometric Lock

A lock that reads a unique biological attribute such as a fingerprint, iris, retina, or palm and then uses that input as a key.

Attack Protocol

A logical sequence of steps or processes used by an attacker to launch an attack against a target system or network.

Exit Interview

A meeting with an employee who is leaving the organization to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback about the employee's tenure.

Bull's Eye Model

A method for prioritizing a program of complex change; it requires that issues be addressed from the general to the specific and focuses on systematic solutions instead of individual problems.

Change control

A method of regulating the modification of systems within the organization by requiring formal review and approval for each change.

minor release

A minor revision of a version from its previous state.

Honeynet

A monitored network or network segment that contains multiple honeypot systems.

Secure Facility

A physical location that has controls in place to minimize the risk of attacks from physical threats.

Mechanical Lock

A physical lock that may rely on either a key or numerical combination to rotate tumblers and release the hasp. Also known as a manual lock.

Passphrase

A plain-language phrase, typically longer than a password, from which a virtual password is derived.

Virtual Private Network (VPN)

A private and secure data network operated over a public and insecure network

Difference Analysis

A procedure that compares the current state of a network segment against a known previous state of the same network segment (the baseline of systems and services).

Project wrap-up

A process of bringing a project to a conclusion, addressing any pending issues and the overall project effort, and identifying ways to improve the process in the future.

technology governance

A process organizations use to manage the effects and costs of technology implementation, innovation, and obsolescence.

Padded Cell System

A protected honeypot that cannot be easily compromised.

Known Vulnerability

A published weakness or fault in an information asset or its protective systems that may be exploited and result in loss.

Mandatory Access Control (MAC)

A required, structured data classification scheme that rates each collection of information as well as each user

Passive vulnerability scanner

A scanner that listens in on a network and identifies vulnerable versions of both server and client software.

Password

A secret word or combination of characters that only the user should know; a password is used to authenticate the user

Next Generation Firewall (NextGEn or NGFW)

A security appliance that delivers unified threat management capabilities in a single appliance.

Access Control

A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it.

Secure Sockets Layer (SSL)

A security protocol developed by Netscape to use public-key encryption to secure a channel over the internet.

Proxy Server

A server that exists to intercept requests for information from external users and provide requested information by retrieving it from an internal server; thus protecting and minimizing demand on internal servers

Penetration Testing

A set of security tests and evaluations that simulate attacks by a hacker or other malicious external source.

major release

A significant revision of a version from its previous state.

Projectitis

A situation in project planning in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts in the project management software than accomplishing meaningful project work.

mantrap

A small room or enclosure with separate entry and exit points, designed to restrain a person who fails an access authorization attempt.

Packet Sniffer

A software program or hardware appliance that can intercept, copy, and interpret network traffic.

Content Filter

A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites from material that is not related to business, such as pornography or entertainment.

Security Information and Event Management (SIEM)

A software-enabled approach to aggregating, filtering, and managing the reaction to events, many of which are collected by logging activities of IDPSs and network management devices.

Ground Fault Circuit Interrupter (GFCI)

A special circuit device designed to immediately disconnect a power supply when a sudden discharge (ground fault) is detected

Milestone

A specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.

Privacy Enhanced Mail (PEM)

A standard proposed by the Internet Engineering Task Force (IETF) that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.

Data Loss Prevention

A strategy to gain assurance that the users of a network do not send high value information or other critical information outside the network

Intrusion Detection System (IDS)

A system capable of automatically detecting an intrusion into an organization's networks or host systems and notifying a designated authority.

State Table

A tabular record of the state and context of each packet in a conversation between an internal and external user or system

Port Address Translation (PAT)

A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-many basis; that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address when traffic leaves the private network and is placed on the public network.

Network Address Translation (NAT)

A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address.

War Game

A type of rehearsal that seeks to realistically simulate the circumstances needed to thoroughly test a plan.

Lattice-based access control (LBAC)

A variation on the MAC form of access control, which assigns users a matrix of authorizations for particular areas of access, incorporating the information assets of subjects such as users and objects.

Systems Development Life Cycle (SDLC) Phases

A. Initiation Phase B. Development/ Acquisition Phase C. Implementation Phase D. Operations Maintenance Phase E. Disposal Phase

Year 855

Abu Wahshiyyaan-Nabati, a scholar published several cipher alphabets that were used to encrypt magic formulas

Discretionary Access Control (DAC)

Access controls that are implemented at the discretion or option of the data user

Nondiscretionary Access Controls (NDACs)

Access controls that are implemented by a central authority

Security Manager

Accountable for day-to-day operation of information security program

Crossover Error Rate (CER)

Also called the equal error rate, the point at which the rate of false rejections equals the rate of false acceptances.

Trusted VPN

Also known as a legacy VPN, a VPN implementation that uses leased circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuits and that they are properly maintained and protected.

Monitoring Port

Also known as a switched port analysis (SPAN) port or mirror port, a specially configured connection on a network device that can view all the traffic that moves through the device.

Anomaly Based Detection

Also known as behavior-based detection, an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy.

Signature Based Detection

Also known as knowledge-based detection or misuse detection, the examination of system or network data in search of patterns that match known attack signatures.

Inline Sensor

An IDPS sensor intended for network perimeter use and deployed in close proximity to a perimeter firewall to detect incoming attacks that could overwhelm the firewall.

Network Based IDPS

An IDPS that resides on a computer or appliance connected to a segment of an organization's network and monitors traffic on that segment, looking for indications of ongoing or successful attacks.

Host-Based IDPS

An IDPS that resides on a particular computer or server, known as the host, and monitors activity only on that system. Also known as a system integrity verifier.

Attribute Based Access Control

An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system.

Thermal Detector

An alarm sensor designed to detect a defined rate of change in the ambient temperature within a defined space.

contact and weight sensor

An alarm sensor designed to detect increased pressure or contact at a specific location, such as a floor pad or a window.

Vibration Sensor

An alarm sensor designed to detect movement of the sensor rather than movement in the environment.

Motion Detector

An alarm sensor designed to detect movement within a defined space.

Trap and trace application

An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network.

Honeypot

An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion.

Pen Register

An application that records information about outbound communications.

Active Vulnerability Scanner

An application that scans networks to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers.

Configuration and Change Management (CCM)

An approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes, track changes through completion, and maintain systems inventory and supporting documentation.

Intranet Vulnerability Assessment

An assessment approach designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

Platform Security Validation (PSV)

An assessment approach designed to find and document vulnerabilities that may be present because misconfigured systems are used within the organization.

Internet Vulnerability Assessment

An assessment approach designed to find and document vulnerabilities that may be present in the organization's public network.

Wireless Vulnerability Assessment

An assessment approach designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

Log File Monitor (LFM)

An attack detection method that reviews the log files generated by computer systems, looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred.

Smart Card

An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN.

Kerberos

An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.

Fail safe lock

An electromechanical device that automatically releases the lock protecting a control point if a power outage occurs. This type of lock is used for fire safety locations.

Fail secure Lock

An electromechanical device that stays locked and maintains the security of the control point if a power outage occurs.

Proximity Reader

An electronic signal receiver used with an electromechanical lock that allows users to place their cards within the reader's range and release the locking mechanism.

task-based access control (TBAC)

An example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. Tasks are considered more temporary than roles. TBAC is an example of an LDAC.

Public Key Infrastructure (PKI)

An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.

Access Control Matrix

An integration of access control lists(focusing on assets) and capabilities tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings

demilitarized zone (DMZ)

An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network. Traffic on the outside network carries a higher level of risk.

Standby (or offline) UPS

An offline battery backup that detects the interruption of power to equipment and activates a transfer switch that provides power from batteries through a DC to AC converter until normal power is restored or the computer is shut down.

Delta Conversion Online (UPS)

An uninterruptible power supply (UPS) that is similar to a double conversion online UPS except that it incorporates a delta transformer, which assists in powering the inverter while outside power is available.

zero-day vulnerability

An unknown or undisclosed vulnerability in an information asset or its protection systems that may be exploited and result in loss.

Biba Integrity Model

Based on the premise that higher levels of integrity are more worthy of trust than lower ones. The intent is to provide access controls to ensure that objects or subjects cannot have less integrity as a result of read/write operations

Clark-Wilson Integrity Model

Built upon principles of change control rather than integrity levels; was designed for the commercial environment

Graham-Denning Access Control Model

Consists of three parts: set of objects, set of subjects, and a set of rights. Subjects= process & domain (set of constraints that control how subjects may access objects) The set of rights govern how subjects may manipulate passive objects This model describes 8 primitive protection rights, called commands which subjects can execute to have an effect on other subjects or objects: 1. create object 2. create subject 3. delete object 4. delete subject 5. read access right 6. grant access right 7. delete access right 8. Transfer access right

Transport Mode

Data within an IP packet is encrypted but not the header information.

Foundations of Cryptology 1900 B.C.

Egyptian scribes used hieroglyphs while inscribing clay tablets; first documented used of cryptography

Address Restrictions

Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device.

Temporary employees

Hired by organization to serve in temporary position or to supplement existing workforce

Encapsulating Security Payload (ESP) Protocol

In IPSec, a protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification

Certificate Revocation List (CRL)

In PKI, a published list of revoked or terminated digital certificates.

Certificate Authority

In PKI, a third party that manages users' digital certificates.

Registration Authority (RA)

In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.

Capabilities Table

In a lattice-based access control, the row of attributes associated with a particular subject (such as a user).

Strong authentication

In access control, the use of at least two different authentication mechanisms drawn from two different factors of authentication.

Minutiae

In biometric access controls, unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created

Friendly Departures

Include resignation, retirement, promotion, or relocation

ITSEC

Information Technology Security Evaluation Criteria, an international set of criteria for evaluating computer systems.

Year 1518

Johannes Trithemius wrote the first printed book on cryptography and invented a steganographic cipher in which each letter was represented as a word taken from a succession column

Foundations of Cryptology 50 B.C

Julius Caesar used a substitution cipher to secure military and government communications

Session Keys

Limited-use symmetric keys for temporary communications during an online session.

Wireless NIDPS

Monitors and analyzes wireless network traffic

Unified Threat Management (UTM)

Networking devices categorized by their ability to perform the work of multiple devices, such as stateful packet inspection firewalls, network intrusion detection and prevention systems, content filters, spam filters, and malware scanners and filters.

Signatures

Patterns that correspond to a known attack.

Digital Certificates

Public-key container files that allow PKI system components and end users to validate a public key and identify its owner.

Next Generation Wireless Protocols

Robust Secure Network is a protocol for establishing secure communications over an 802.11 wireless network

Foundations of Cryptology 487 B.C

Spartans of Greece developed the skytale; a strip of papyrus wrapped around a wooden staff

Timing Channels

TCSEC-defined covert channels that communicate by managing the relative timing of events

Storage Channels

TCSEC-defined covert channels that communicate by modifying a stored object, such as in steganography.

Successors

Tasks or action steps that come after the specific task at hand.

Predecessors

Tasks or action steps that come before the specific task at hand.

The Common Criteria

The Common Criteria for Information Technology Security Evaluation, is in international standard for computer security certification; it is widely considered the successor to both TCSEC and ITSEC in that it reconciles some differences between the various other standards

Authorization

The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels.

Authenication

The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity

Identification

The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system

Entrapment

The act of luring a person into committing a crime in order to get a conviction.

Facilities Management

The aspect of organizational management focused on the development and maintenance of its buildings and physical infrastructure

Stateful protocol analysis (SPA)

The comparison of vendor-supplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks.

Vulnerability Assessment and Remediation Domain

The component of the maintenance model focused on identifying specific, documented vulnerabilities and remediating them in a timely fashion.

Planning and Risk Assessment Domain

The component of the maintenance model that focuses on identifying and planning ongoing information security activities and identifying and managing risks introduced through IT information security projects.

Internal Monitoring Domain

The component of the maintenance model that focuses on identifying, assessing, and managing the configuration and status of information assets in an organization.

phased implementation

The conversion strategy that involves a measured rollout of the planned system; only part of the system is brought out and disseminated across an organization before the next piece is implemented.

Pilot Implementation

The conversion strategy that involves implementing the entire system into a single office, department, or division, and dealing with issues that arise before expanding to the rest of the organization.

Parallel operations

The conversion strategy that involves running the new system concurrently with the old system.

Direct Changeover

The conversion strategy that involves stopping the old system and starting the new one without any overlap.

Least Privilege

The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation needed. Least privilege implies a need to know.

Revision Date

The date associated with a particular version or build.

Chain of Evidence

The detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court.

Project Plan

The documented instructions for participants and stakeholders of a project that provide details on goals, objectives, tasks, scheduling, and resource management.

Attack Surface

The functions and features that a system exposes to unauthenticated users.

Configuration Rules

The instructions a system administrator codes into a server, networking device, or security device to specify how it operates.

Two-person control

The organization of a task or process so that at least two individuals must work together to complete it. Also known as dual control.

Need to Know

The principle of limiting users' access privileges to only the specific information required to perform their assigned tasks.

gap analysis

The process of comparing measured results against expected results, then using the resulting "gap" as a measure of project success and as feedback for project management.

Protocol Stack Verification

The process of examining and verifying network traffic for invalid data packets—that is, packets that are malformed under the rules of the TCP/IP protocol.

Application Protocol Verification

The process of examining and verifying the higher-order protocols (HTTP, FTP, and Telnet) in network traffic for unexpected packet behavior or improper use.

Tailgating

The process of gaining unauthorized entry into a facility by closely following another person through an entrance and using the credentials of the authorized person to bypass a control point.

Steganography

The process of hiding a message inside another object, such as a picture or document.

Vulnerability Assessment (VA)

The process of identifying and documenting specific and provable flaws in the organization's information asset environment.

Back Hack

The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system.

Cryptanalysis

The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.

Nonrepudiation

The process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted.

Physical Security

The protection of physical items, objects, or areas from unauthorized access and misuse.

False accept rate

The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.

electrostatic discharge (ESD)

The release of ambient static electricity into a ground.

Task Rotation

The requirement that all critical tasks can be performed by multiple individuals.

Trusted network

The system of networks inside the organization that contains its information assets and is under the organization's control.

Fingerprinting

The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.

Biometric Access Control

The use of physiological characteristics to provide authentication for a provided identification.

1790s

Thomas Jefferson created a 26-letter wheel cipher which is used for official communications while ambassador to France ; reinvented in 1854 and 1913

Port Scanners

Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.

Covert Channels

Unauthorized or unintended methods of communications hidden inside a computer system.

Trusted Computing Base (TCB)

Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy.

Wi-Fi Protected Access (WPA and WPA2)

WPA was created to resolve the issues with WEP

Reference Monitor

Within TCB, a conceptual piece of the system that manages access controls—in other words, it mediates all access to objects by subjects.

TEMPEST

a U.S government program designed to protect computes from electronic remote eavesdropping by reducing EMR transmissions

thermal detection system

a category of fire detection systems that focuses on detecting the heat from a fire

smoke detection system

a category of fire detection systems that focuses on detecting the smoke from a fire

Attribute

a characteristic of a subject (user or system) that can be used to restrict access to an object. Known as a subject attribute

Firewall

a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network

Remote Authentication Dial-In User Service (RADIUS)

a computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server

Certified Computer Examiner (CCE)

a computer forensics certification provided by ISFCE

Digital Mafeasance

a crime against or using digital media, computer technology, or related components

Asymmetric Encyption

a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message

Transportation Cipher

a cryptographic operation that involves simply rearranging the values within a block based on an established pattern

Bluetooth

a de facto industry standard for short range wireless communications between devices

Bastion Host

a device placed between external , untrusted network and an internal, trusted network

Identification Card (ID)

a document used to verify the identity of a member of an organization, group or domain

Fixed temperature sensor

a fire detection sensor that works by detecting the point at which the ambient temperature in an area reaches a predetermined level

Flame Detector

a fire detection system that works by detecting the infrared or ultraviolet light produced by an open flame

wet-pipe system

a fire suppression sprinkler system that contains pressurized water in all pipes and has some form of valve in each protected area.

water mist sprinkler

a fire suppression sprinkler system that relies on ultra-fine mists to reduce the ambient temperature below that needed to sustain a flame

sprinkler system

a fire suppression system designed to apply a liquid, usually water, to all areas in which a fire has been detected

Static Packet-Filtering Firewall

a firewall type that requires the configuration rules to be manually created, sequenced, and modified within the firewall.

Exclusive OR operation (XOR)

a function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result is a binary 1.

Secret Key

a key that can be used in symmetric encryption both to encipher and decipher the message

Whitelist

a list of systems , users, files, or addresses that are known to be benign; it is commonly used to expedite those entities access to systems or networks

Blacklist

a list of systems, users, files, or addresses that have been associated with malicious activity; it is commonly used to block those entities from systems or network access

Clipping Level

a predefined assessment level that triggers a predetermined response when surpassed. Typically, the response is to notify an administrator.

Secure Electronic Transaction (SET)

a protocol developed by credit card companies to protect against electronic payment fraud

Reverse Proxy

a proxy server that most commonly retrieves information from inside an organization and provides it to a requesting user or system outside the organization

Secure Multipurpose Internet Mail Extensions (S/MIME)

a security protocol that builds on the encoding format of the multipurpose internet mail extensions protocol and uses digital signatures based on public key cryptosystems to secure email

Extranet

a segment of of DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public

Build

a snapshot of a particular version of software assembled or linked from its component modules

Plenum

a space between the ceiling in one level of a commercial building and the floor of the level above. The plenum is used for air return.

Secure Hash Standard (SHS)

a standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.

Bell-LaPadula Confidentiality Model

a state machine reference model of an automated system that is able to manipulate its state or status over time

polyalphabetic substitution

a substitution cipher that incorporates two or more alphabets in the encryption process

Monoalphabetic substitution

a substitution cipher that only incorporates a single alphabet in the encryption process

Message Digest

a value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification. Also known as a hash value.

Threshold

a value that sets the limit between normal and abnormal behavior

closed circuit television (CCTV)

a video capture and recording system used to monitor a facility

Telecommuting

a work arrangement in which employees work from an off-site location and connect to an organization's equipment electronically

Certified Cloud Security Professional (CCSP) Certification

aimed at professionals who are primarily responsible for specifying , acquiring, securing, and managing cloud-based services for their organization

Evidentiary Material (EM)

also known as "items of potential evidentiary value" any information that could potentially support an organization's legal or policy based case against a suspect

Template Cipher

also known as the perforated page cipher, involves the use of hidden messages in a book, letter, or other message

Fully Distributed IDPS Control Strategy

an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component

Centralized IDPS Control Strategy

an IDPS implementation approach in which all control functions are implemented and managed in a central location

Partially Distributed IDPS Control Strategy

an IDPS implementation approach that combines the best aspects of the centralized and fully distributed strategies

Passive Mode

an IDPS sensor setting in which the device simply monitors and analyzes observed network traffic

Vigenere Cipher

an advanced type of substitution cipher that uses a simple polyalphabetic code

Intrusion

an adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations, almost always with the intent to do harm

Dumb Card

an authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared

Asynchronous Token

an authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token does not require calibration of the central authentication server; instead, it uses a challenge/response system.

Synchronous Token

an authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token must be calibrated with the corresponding software on the central authentication server.

Wired Equivalent Privacy (WEP)

an early attempt to provide security with the 802.11 network protocol

Substitution Cipher

an encryption method in which one value is substituted for another

Role-Based Access Control (RBAC)

an example of a nondiscretionary control where privileges are tied to the role a user performs in an organization, and are inherited when a user is assigned to that role. Roles are considered more persistent than tasks. RBAC is an example of an LDAC.

Secure HTTP (S-HTTP)

an extended version of Hypertext Transfer Protocol that provides for the encryption of protected Web pages transmitted via the Internet between a client and server

Badge

an identification card typically worn in a visible location to quickly verify an authorized member

static electricity

an imbalance of electric charges within or on the surface of a material

Certified Information Systems Auditor (CISA) Certification

appropriate for auditing, networking and security professionals

Certified in Risk and Information Systems Control (CRISC) Certification

areas of knowledge include risk management and information systems and control

War Dialer

automatic phone-dialing program that dials every number in a configured range and checks whether a person, answering machine, or modem picks up

Book Cipher

ciphertext consists of a list of codes representing the page number, line number, and word number of the plaintext word

Resources

components required for the completion of a project which could include skills, personnel, time, money, and material

Certified Information Systems Security Professional (CISSP) Certification

considered the most prestigious for security managers and CISOs ; it recognizes mastery of an internationally identified Common Body of Knowledge (CBK) in information security

Harrison-Ruzzo-Ullman model

defines a method to allow changes to access rights & addition & removal of subjects & objects

Virtual Password

derived from a passphrase.

Brewer-Nash (The Chinese Wall) Model

designed to prevent a conflict of interest between two parties

Certified Cyber Forensics Professional (CCFP) Certification

encompasses six domains: legal & ethical principles investigations forensic science digital forensics application forensics hybrid & emerging technologies

Digital Signatures

encrypted message components that can be mathematically proven as authentic

Tunnel Mode

establishes two perimeter tunnel servers to encrypt all traffic that will traverse and unsecure network; the entire client packet is encrypted and added as the data portion of a packet addressed from one tunneling server to another

gaseous (or chemical gas) emission systems

fire suppression systems that operate through the delivery of gases rather than water

Certified Secure Software Lifecycle Professional (CSSLP) Certification

focused on the development of secure applications

Systems Security Certified Practitioner (SSCP) Certification

focuses on practices, roles, and responsibilities as defined by experts from major information security industries

Certified Information Security Manager (CISM) Certification

geared toward experienced information security managers and others who may have similar management responsibilities

Contract employees

hired to perform specific services for the organization

Network Behavior Analysis System NBA

identify problems related to the flow of network traffic

Application Header Protocol

in IPSec a protocol that provides system to system authentication and data integrity verification but does not provide secrecy for the content of a network communication

Certification

in information security, the comprehensive evaluation of an IT system's technical and nontechnical security controls that establishes the extent to which a particular design and implementation meets a set of predefined security requirements

Hostile Departures

include termination for cause, permanent downsizing, temporary layoffs, and quitting in some instances

Consultants

individuals who specialize in areas related to the business process

Digital Forensics

investigations that involve the preservation, identification, extraction, documentation, & interpretation of computer media for evidentiary & root cause analysis

PGP (Pretty Good Privacy)

is a hybrid cryptosystem that combines some of the best available cryptographic algorithms

Hash functions

mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity

Search Warrant

permission to search for evidentiary material at a specified location and/or to seize items to return to an investigator's lab for examination

Chief Security Officer (CSO)

position may be combined with physical security responsibilities or may even report to a security manager who is responsible for both logical (information) security and physical security

Cryptography

process of making and using codes to secure transmission of information

Hash algorithm

public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value

Certified in the Governance of Enterprise IT (CGEIT) Certification

risk management components, IT governance

Security Analyst

security technicians, security architects, or security engineers who are tasked to configure firewalls, deploy IDPs , implement security software, diagnose and trouble shoot problems and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented

Healthcare Information Security and Privacy Practitioner (HCISPP)

similar to the CISSP but focused on security management topics and healthcare

Certifications cost

starting at $750 but those that require multiple certifications can cost thousands of dollars

Business Partners

strategic alliances with other people and/or organizations that want to exchange information, integrate systems, or simply discuss operations

Affidavit

sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place

Digital Signature Standard

the NIST standard for digital signature algorithm usage by federal information systems

Accountability

the access control mechanism that ensures all actions on a system - authorized or unauthorized; can be attributed to an authenticated identity

Enticement

the act of attracting attention to a system by placing tantalizing information in key locations.

Humidity

the amount of moisture in the air

Forensics

the coherent application of methodical investigatory techniques to present evidence if crimes in court or similar setting

External monitoring domain

the component of the maintenance model that focuses on evaluating external threats to the organization's information assets

Advanced Encryption Standard (AES)

the current federal standard for the encryption of data, as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen

triboelectrification

the exchange of electrons between two materials when they make contact, resulting in one object becoming more positively charged and the other more negatively charged

Crypotology

the field of science that encompasses cryptography and cryptanalysis

Intrusion Detection and Prevention System (IDPS)

the general term for a system that can both detect and modify its configuration and environment to prevent intrusions

Separation of Duties

the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them

Footprinting

the organized research of the Internet addresses owned or controlled by a target organization.

Noise

the presence of additional and disruptive signals in network communications or electrical power delivery

IP Security

the primary and now dominant cryptographic authentication and encryption product of the IETF's IP protocol security working group

Project Management

the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward a goal

Remediation

the process of removing or repairing flaws in information assets that cause a vulnerability or removing the risk associated with the vulnerability

Accreditation

the process that authorizes an IT system to process, store or transmit information

False reject rate

the rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device; known as a type I error or false negative

Version

the recorded state of a particular revision of a software or hardware configuration item

Job rotation

the requirement that every employee be able to perform the work of another employee

Auditing

the review of a system's use to determine if misuse or malfeasance has occurred

Untrusted Network

the system of networks outside the organization over which the organization has not control. The Internet is an example of an untrusted network.

Electromagnetic Radiation (EMR)

the transmission of radiant energy through space, commonly referred to as radio waves

War Driving

the use of mobile scanning techniques to identify open wireless access points

Authentication Factors

three mechanisms that provide authentication based on something a supplicant knows, something a supplicant has, and something a supplicant is

Chief Information Security Officer (CISO)

top information security officer in the organization; not in an executive level position, and reports to the chief information officer

Running Key Cipher

uses a book for passing the key to a cipher that is similar to the Vigenere cipher