Information Security chapter 12
configuration
A collection of components that make up an configuration item
software library
A collection of configuration items that is usually controlled and that developers use to construct revisions and issue new configuration items.
Build list
A list of the versions of components that make up a build.
minor release
A minor revision of a version from its previous state.
Difference Analysis
A procedure that compares the current state of a network segment against a known previous state of the same network segment (the baseline of systems and services).
Penetration Testing
A set of security tests and evaluations that simulate attacks by a hacker or other malicious external source.
major release
A significant revision of a version from its previous state.
Build
A snapshot of a particular version of software assembled or linked from its component modules.
War Game
A type of rehearsal that seeks to realistically simulate the circumstances needed to thoroughly test a plan.
evidentiary material (EM)
Also known as " objects of potential evidentiary value " information that could potentially support an organizations legal or policy-based case against a subject
Configuration and Change Management
An approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes, track changes through completion, and maintain systems inventory and supporting documentation.
intranet vulnerability assessment
An assessment approach designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.
Platform security validation
An assessment approach designed to find and document vulnerabilities that may be present because misconfigured systems are used within the organization.
Internet vulnerability assessment
An assessment approach designed to find and document vulnerabilities that may be present in the organization's public network.
wireless vulnerability assessment
An assessment approach designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.
search warrant
Permission to search for evidentiary material at a specified location and/or seize item to return to investigators lab for examination. An affidavit becomes a search warrant when signed by approving authority.
Affidavit
Sworn testimony that certain facts are in possession of investigating officer and that they warrant the examination of specific item located at a specific place. The facts, the items, and the place must be specified in affidavit
Forensics
The coherent application of methodical investigatory techniques to present evidence of crime in court or similar setting. Forensics allow investigators to determine what happen by examining the results of an event -criminal , natural , intentional , or accidental
vulnerability assessment and remediation domain
The component of the maintenance model focused on identifying specific, documented vulnerabilities and remediating them in a timely fashion.
external monitoring domain
The component of the maintenance model that focuses on evaluating external threats to the organizations information assets
Planning and risk assessment domain
The component of the maintenance model that focuses on identifying and planning ongoing information security activities and identifying and managing risks introduced through IT information security projects.
Internal Monitoring Domain
The component of the maintenance model that focuses on identifying, assessing, and managing the configuration and status of information assets in an organization.
Revision date
The date associated with a particular version or build.
chain of evidence
The detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court.
Vulnerability Assessment
The process of identifying and documenting specific and provable flaws in the organizations information asset environment.
Auditing
The review of a systems use to determine if misuse or malfeasance has occurred
digital malfeasance
a crime against or using digital media, computer technology, or related components
Digital Forensics
investigations that involve the preservation, identification, extraction, documentation, & interpretation of computer media for evidentiary & root cause analysis
Remediation
the processes of removing or repairing flaws in information assets that cause a vulnerability or removing the risk associated with the vulnerability
version
the recorded state of a particular revision of a software or hardware configuration item. The version of the number is often noted in specific format, such as " M.N.b". In this notation , M is the major and N.B represent various minor release or builds within the major release
war driving
the use of mobile scanning techniques to identify open wireless access points
