Principles of Information Security
The Risk Management Framework (RMF) Steps
1. Categorize information system 2. Select security controls 3.Implement security controls 4. Assess Security Controls 5. Authorize Information System
All access control approaches rely on the following four mechanisms:
1. Identification- I am a user of the system 2. Authentication- I can prove I'm a user of the system 3. Authorization- Here's what I can do with the system 4. Accountability- You can track and monitor use of the system
Configuration Management Process
1. Identify Change 2. Evaluate the change request 3. Implement the decision 4. Implement approved change request 5. Continuous Monitoring
Search and Seizure Basic Methodology
1. Identify relevant EM 2. Acquire (seize) the evidence without alteration or damage 3. take steps to assure that the evidence is verifiably authentic at every step and is unchanged from the time is was seized 4. Analyze the data without risking modification 5. Report the findings to the proper authority
The Information Security Services Life Cycle Phases
1. Initiation 2. Assessment 3. Solution 4. Implementation 5. Operations 6. Closeout
Interconnecting Systems Life Management Phase Cycles
1. Planning the interconnection 2. Establishing the interconnection 3. Maintaining the interconnection 4. Disconnecting the interconnection
Ongoing Monitoring Activities of Information Security Governance
1. Plans of Actions and Milestones - assist in identifying, assessing, prioritizing, and monitoring progress and corrective efforts for security weaknesses found in programs and systems 2. Measurement & Metrics- metrics are tools designed to improve performance and accountability through the collection analysis and reporting of relevant performance data 3. Continuous Assessment- monitors the initial security accreditation of an information system to track changes to it, etc. 4. Configuration Management- monitors the status of security controls and identifying potential security problems 5. Network Monitoring- information about network performance and user behavior on the network 6. Incident and Event Statistics- valuable in determining the effectiveness of implemented security policies and procedures
line-interactive UPS
A UPS in which a pair of inverters and converters draw power from the outside source both to charge the battery and provide power to the internal protected device.
Standby ferroresonant UPS
A UPS in which the outside power source directly feeds the internal protected device.
double conversion online UPS
A UPS in which the protected device draws power from an output inverter
Secure VPN
A VPN implementation that uses security protocols to encrypt traffic transmitted across unsecured public networks.
Configuration
A collection of components that make up a configuration item.
Software Library
A collection of configuration items that is usually controlled and that developers use to construct revisions and issue new configuration items
Hybrid VPN
A combination of trusted and secure VPN implementations
Deliverable
A completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.
Symmetric Encryption
A cryptographic method in which the same algorithm and secret key are used both to encipher and decipher the message.
Vernam Cipher
A cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it.
Project Scope
A description of a project's features, capabilities, functions, and quality level, used as the basis of a project plan.
1976
A designed based on Lucifer was chosen by the U>S National Security Agency as the Data Encryption Standard, which found worldwide acceptance.
Application Layer Proxy Firewall
A device capable of functioning both as a firewall and an application layer proxy server.
Request for Proposal (RFP)
A document specifying the requirements of a project, provided to solicit bids from internal or external contractors.
rate-of-rise sensor
A fire detection sensor that works by detecting an unusually rapid increase in the area temperature within a relatively short period of time.
ionization sensor
A fire detection sensor that works by exposing the ambient air to a small amount of a harmless radioactive material within a detection chamber; an alarm is triggered when the level of electrical conductivity changes within the chamber.
photoelectric sensor
A fire detection sensor that works by projecting an infrared beam across an area. If the beam is interrupted, presumably by smoke, the alarm or suppression system is activated.
Air-Aspirating Detector
A fire detection sensor used in high-sensitivity areas that works by taking in air, filtering it, and passing it through a chamber that contains a laser beam. The alarm triggers if the beam is broken.
Clean Agent
A fire suppression agent that does not leave any residue after use or interfere with the operation of electrical or electronic equipment.
pre-action system
A fire suppression sprinkler system that employs a two-phase response to a fire. When a fire is detected anywhere in the facility, the system will first flood all pipes, then activate only the sprinkler heads in the area of the fire.
Dry-Pipe System
A fire suppression sprinkler system that has pressurized air in all pipes. The air is released in the event of a fire, allowing water to flow from a central area.
Deluge System
A fire suppression sprinkler system that keeps all individual sprinkler heads open and applies water to all areas when activated.
Screened host architecture
A firewall architectural model that combines the packet filtering router with a second, dedicated device such as a proxy server or proxy firewall.
Screened subnet architecture
A firewall architectural model that consists of one or more internal bastion hosts located behind a packet filtering router on a dedicated network segment, with each host performing a role in protecting the trusted network.
Media Access Control Layer Firewall
A firewall designed to operate at the media access control sublayer of the network's data link layer
Dynamic packet filtering firewall
A firewall type that can react to network traffic and create or modify configuration rules to adapt.
Stateful Packet Inspection (SPI) Firewall
A firewall type that keeps track of each network connection between internal and external systems using a state table and that expedites the filtering of those communications
Virtual Organization
A group of people brought together for a specific task, usually from different organizations, divisions, or departments
Sensor
A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application
Configuration Item
A hardware or software item that will be modified and revised throughout its life cycle.
Diffie-Hellman key exchange
A hybrid cryptosystem that facilitates exchanging private keys using public-key encryption.
Message Authentication Code (MAC)
A key-dependent, one-way hash function that allows only specific recipients (symmetric key holders) to access the message digest.
Work Breakdown Structure (WBS)
A list of the tasks to be accomplished in the project, the skill sets or individual employees needed to perform the tasks, the start and end dates for tasks, the estimated resources required, and the dependencies among tasks.
Build List
A list of the versions of components that make up a build.
electromechanical lock
A lock that can accept a variety of inputs as keys, including magnetic strips on ID cards, radio signals from name badges, personal identification numbers (PINs) typed into a keypad, or some combination of these to activate an electrically powered locking mechanism.
Biometric Lock
A lock that reads a unique biological attribute such as a fingerprint, iris, retina, or palm and then uses that input as a key.
Attack Protocol
A logical sequence of steps or processes used by an attacker to launch an attack against a target system or network.
Exit Interview
A meeting with an employee who is leaving the organization to remind the employee of contractual obligations, such as nondisclosure agreements, and to obtain feedback about the employee's tenure.
Bull's Eye Model
A method for prioritizing a program of complex change; it requires that issues be addressed from the general to the specific and focuses on systematic solutions instead of individual problems.
Change control
A method of regulating the modification of systems within the organization by requiring formal review and approval for each change.
minor release
A minor revision of a version from its previous state.
Honeynet
A monitored network or network segment that contains multiple honeypot systems.
Secure Facility
A physical location that has controls in place to minimize the risk of attacks from physical threats.
Mechanical Lock
A physical lock that may rely on either a key or numerical combination to rotate tumblers and release the hasp. Also known as a manual lock.
Passphrase
A plain-language phrase, typically longer than a password, from which a virtual password is derived.
Virtual Private Network (VPN)
A private and secure data network operated over a public and insecure network
Difference Analysis
A procedure that compares the current state of a network segment against a known previous state of the same network segment (the baseline of systems and services).
Project wrap-up
A process of bringing a project to a conclusion, addressing any pending issues and the overall project effort, and identifying ways to improve the process in the future.
technology governance
A process organizations use to manage the effects and costs of technology implementation, innovation, and obsolescence.
Padded Cell System
A protected honeypot that cannot be easily compromised.
Known Vulnerability
A published weakness or fault in an information asset or its protective systems that may be exploited and result in loss.
Mandatory Access Control (MAC)
A required, structured data classification scheme that rates each collection of information as well as each user
Passive vulnerability scanner
A scanner that listens in on a network and identifies vulnerable versions of both server and client software.
Password
A secret word or combination of characters that only the user should know; a password is used to authenticate the user
Next Generation Firewall (NextGEn or NGFW)
A security appliance that delivers unified threat management capabilities in a single appliance.
Access Control
A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it.
Secure Sockets Layer (SSL)
A security protocol developed by Netscape to use public-key encryption to secure a channel over the internet.
Proxy Server
A server that exists to intercept requests for information from external users and provide requested information by retrieving it from an internal server; thus protecting and minimizing demand on internal servers
Penetration Testing
A set of security tests and evaluations that simulate attacks by a hacker or other malicious external source.
major release
A significant revision of a version from its previous state.
Projectitis
A situation in project planning in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts in the project management software than accomplishing meaningful project work.
mantrap
A small room or enclosure with separate entry and exit points, designed to restrain a person who fails an access authorization attempt.
Packet Sniffer
A software program or hardware appliance that can intercept, copy, and interpret network traffic.
Content Filter
A software program or hardware/software appliance that allows administrators to restrict content that comes into or leaves a network—for example, restricting user access to Web sites from material that is not related to business, such as pornography or entertainment.
Security Information and Event Management (SIEM)
A software-enabled approach to aggregating, filtering, and managing the reaction to events, many of which are collected by logging activities of IDPSs and network management devices.
Ground Fault Circuit Interrupter (GFCI)
A special circuit device designed to immediately disconnect a power supply when a sudden discharge (ground fault) is detected
Milestone
A specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.
Privacy Enhanced Mail (PEM)
A standard proposed by the Internet Engineering Task Force (IETF) that uses 3DES symmetric key encryption and RSA for key exchanges and digital signatures.
Data Loss Prevention
A strategy to gain assurance that the users of a network do not send high value information or other critical information outside the network
Intrusion Detection System (IDS)
A system capable of automatically detecting an intrusion into an organization's networks or host systems and notifying a designated authority.
State Table
A tabular record of the state and context of each packet in a conversation between an internal and external user or system
Port Address Translation (PAT)
A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-many basis; that is, one external valid address is mapped dynamically to a range of internal addresses by adding a unique port number to the address when traffic leaves the private network and is placed on the public network.
Network Address Translation (NAT)
A technology in which multiple real, routable external IP addresses are converted to special ranges of internal IP addresses, usually on a one-to-one basis; that is, one external valid address directly maps to one assigned internal address.
War Game
A type of rehearsal that seeks to realistically simulate the circumstances needed to thoroughly test a plan.
Lattice-based access control (LBAC)
A variation on the MAC form of access control, which assigns users a matrix of authorizations for particular areas of access, incorporating the information assets of subjects such as users and objects.
Systems Development Life Cycle (SDLC) Phases
A. Initiation Phase B. Development/ Acquisition Phase C. Implementation Phase D. Operations Maintenance Phase E. Disposal Phase
Year 855
Abu Wahshiyyaan-Nabati, a scholar published several cipher alphabets that were used to encrypt magic formulas
Discretionary Access Control (DAC)
Access controls that are implemented at the discretion or option of the data user
Nondiscretionary Access Controls (NDACs)
Access controls that are implemented by a central authority
Security Manager
Accountable for day-to-day operation of information security program
Crossover Error Rate (CER)
Also called the equal error rate, the point at which the rate of false rejections equals the rate of false acceptances.
Trusted VPN
Also known as a legacy VPN, a VPN implementation that uses leased circuits from a service provider who gives contractual assurance that no one else is allowed to use these circuits and that they are properly maintained and protected.
Monitoring Port
Also known as a switched port analysis (SPAN) port or mirror port, a specially configured connection on a network device that can view all the traffic that moves through the device.
Anomaly Based Detection
Also known as behavior-based detection, an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy.
Signature Based Detection
Also known as knowledge-based detection or misuse detection, the examination of system or network data in search of patterns that match known attack signatures.
Inline Sensor
An IDPS sensor intended for network perimeter use and deployed in close proximity to a perimeter firewall to detect incoming attacks that could overwhelm the firewall.
Network Based IDPS
An IDPS that resides on a computer or appliance connected to a segment of an organization's network and monitors traffic on that segment, looking for indications of ongoing or successful attacks.
Host-Based IDPS
An IDPS that resides on a particular computer or server, known as the host, and monitors activity only on that system. Also known as a system integrity verifier.
Attribute Based Access Control
An access control approach whereby the organization specifies the use of objects based on some attribute of the user or system.
Thermal Detector
An alarm sensor designed to detect a defined rate of change in the ambient temperature within a defined space.
contact and weight sensor
An alarm sensor designed to detect increased pressure or contact at a specific location, such as a floor pad or a window.
Vibration Sensor
An alarm sensor designed to detect movement of the sensor rather than movement in the environment.
Motion Detector
An alarm sensor designed to detect movement within a defined space.
Trap and trace application
An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network.
Honeypot
An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the administrator of the intrusion.
Pen Register
An application that records information about outbound communications.
Active Vulnerability Scanner
An application that scans networks to identify exposed usernames and groups, open network shares, configuration problems, and other vulnerabilities in servers.
Configuration and Change Management (CCM)
An approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes, track changes through completion, and maintain systems inventory and supporting documentation.
Intranet Vulnerability Assessment
An assessment approach designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.
Platform Security Validation (PSV)
An assessment approach designed to find and document vulnerabilities that may be present because misconfigured systems are used within the organization.
Internet Vulnerability Assessment
An assessment approach designed to find and document vulnerabilities that may be present in the organization's public network.
Wireless Vulnerability Assessment
An assessment approach designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.
Log File Monitor (LFM)
An attack detection method that reviews the log files generated by computer systems, looking for patterns and signatures that may indicate an attack or intrusion is in process or has already occurred.
Smart Card
An authentication component similar to a dumb card that contains a computer chip to verify and validate several pieces of information instead of just a PIN.
Kerberos
An authentication system developed by the Massachusetts Institute of Technology (MIT) and used to verify the identity of networked users.
Fail safe lock
An electromechanical device that automatically releases the lock protecting a control point if a power outage occurs. This type of lock is used for fire safety locations.
Fail secure Lock
An electromechanical device that stays locked and maintains the security of the control point if a power outage occurs.
Proximity Reader
An electronic signal receiver used with an electromechanical lock that allows users to place their cards within the reader's range and release the locking mechanism.
task-based access control (TBAC)
An example of a nondiscretionary control where privileges are tied to a task a user performs in an organization and are inherited when a user is assigned to that task. Tasks are considered more temporary than roles. TBAC is an example of an LDAC.
Public Key Infrastructure (PKI)
An integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely through the use of digital certificates.
Access Control Matrix
An integration of access control lists(focusing on assets) and capabilities tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings
demilitarized zone (DMZ)
An intermediate area between two networks designed to provide servers and firewall filtering between a trusted internal network and the outside, untrusted network. Traffic on the outside network carries a higher level of risk.
Standby (or offline) UPS
An offline battery backup that detects the interruption of power to equipment and activates a transfer switch that provides power from batteries through a DC to AC converter until normal power is restored or the computer is shut down.
Delta Conversion Online (UPS)
An uninterruptible power supply (UPS) that is similar to a double conversion online UPS except that it incorporates a delta transformer, which assists in powering the inverter while outside power is available.
zero-day vulnerability
An unknown or undisclosed vulnerability in an information asset or its protection systems that may be exploited and result in loss.
Biba Integrity Model
Based on the premise that higher levels of integrity are more worthy of trust than lower ones. The intent is to provide access controls to ensure that objects or subjects cannot have less integrity as a result of read/write operations
Clark-Wilson Integrity Model
Built upon principles of change control rather than integrity levels; was designed for the commercial environment
Graham-Denning Access Control Model
Consists of three parts: set of objects, set of subjects, and a set of rights. Subjects= process & domain (set of constraints that control how subjects may access objects) The set of rights govern how subjects may manipulate passive objects This model describes 8 primitive protection rights, called commands which subjects can execute to have an effect on other subjects or objects: 1. create object 2. create subject 3. delete object 4. delete subject 5. read access right 6. grant access right 7. delete access right 8. Transfer access right
Transport Mode
Data within an IP packet is encrypted but not the header information.
Foundations of Cryptology 1900 B.C.
Egyptian scribes used hieroglyphs while inscribing clay tablets; first documented used of cryptography
Address Restrictions
Firewall rules designed to prohibit packets with certain addresses or partial addresses from passing through the device.
Temporary employees
Hired by organization to serve in temporary position or to supplement existing workforce
Encapsulating Security Payload (ESP) Protocol
In IPSec, a protocol that provides secrecy for the contents of network communications as well as system-to-system authentication and data integrity verification
Certificate Revocation List (CRL)
In PKI, a published list of revoked or terminated digital certificates.
Certificate Authority
In PKI, a third party that manages users' digital certificates.
Registration Authority (RA)
In PKI, a third party that operates under the trusted collaboration of the certificate authority and handles day-to-day certification functions.
Capabilities Table
In a lattice-based access control, the row of attributes associated with a particular subject (such as a user).
Strong authentication
In access control, the use of at least two different authentication mechanisms drawn from two different factors of authentication.
Minutiae
In biometric access controls, unique points of reference that are digitized and stored in an encrypted format when the user's system access credentials are created
Friendly Departures
Include resignation, retirement, promotion, or relocation
ITSEC
Information Technology Security Evaluation Criteria, an international set of criteria for evaluating computer systems.
Year 1518
Johannes Trithemius wrote the first printed book on cryptography and invented a steganographic cipher in which each letter was represented as a word taken from a succession column
Foundations of Cryptology 50 B.C
Julius Caesar used a substitution cipher to secure military and government communications
Session Keys
Limited-use symmetric keys for temporary communications during an online session.
Wireless NIDPS
Monitors and analyzes wireless network traffic
Unified Threat Management (UTM)
Networking devices categorized by their ability to perform the work of multiple devices, such as stateful packet inspection firewalls, network intrusion detection and prevention systems, content filters, spam filters, and malware scanners and filters.
Signatures
Patterns that correspond to a known attack.
Digital Certificates
Public-key container files that allow PKI system components and end users to validate a public key and identify its owner.
Next Generation Wireless Protocols
Robust Secure Network is a protocol for establishing secure communications over an 802.11 wireless network
Foundations of Cryptology 487 B.C
Spartans of Greece developed the skytale; a strip of papyrus wrapped around a wooden staff
Timing Channels
TCSEC-defined covert channels that communicate by managing the relative timing of events
Storage Channels
TCSEC-defined covert channels that communicate by modifying a stored object, such as in steganography.
Successors
Tasks or action steps that come after the specific task at hand.
Predecessors
Tasks or action steps that come before the specific task at hand.
The Common Criteria
The Common Criteria for Information Technology Security Evaluation, is in international standard for computer security certification; it is widely considered the successor to both TCSEC and ITSEC in that it reconciles some differences between the various other standards
Authorization
The access control mechanism that represents the matching of an authenticated entity to a list of information assets and corresponding access levels.
Authenication
The access control mechanism that requires the validation and verification of an unauthenticated entity's purported identity
Identification
The access control mechanism whereby unverified or unauthenticated entities who seek access to a resource provide a label by which they are known to the system
Entrapment
The act of luring a person into committing a crime in order to get a conviction.
Facilities Management
The aspect of organizational management focused on the development and maintenance of its buildings and physical infrastructure
Stateful protocol analysis (SPA)
The comparison of vendor-supplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks.
Vulnerability Assessment and Remediation Domain
The component of the maintenance model focused on identifying specific, documented vulnerabilities and remediating them in a timely fashion.
Planning and Risk Assessment Domain
The component of the maintenance model that focuses on identifying and planning ongoing information security activities and identifying and managing risks introduced through IT information security projects.
Internal Monitoring Domain
The component of the maintenance model that focuses on identifying, assessing, and managing the configuration and status of information assets in an organization.
phased implementation
The conversion strategy that involves a measured rollout of the planned system; only part of the system is brought out and disseminated across an organization before the next piece is implemented.
Pilot Implementation
The conversion strategy that involves implementing the entire system into a single office, department, or division, and dealing with issues that arise before expanding to the rest of the organization.
Parallel operations
The conversion strategy that involves running the new system concurrently with the old system.
Direct Changeover
The conversion strategy that involves stopping the old system and starting the new one without any overlap.
Least Privilege
The data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation needed. Least privilege implies a need to know.
Revision Date
The date associated with a particular version or build.
Chain of Evidence
The detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court.
Project Plan
The documented instructions for participants and stakeholders of a project that provide details on goals, objectives, tasks, scheduling, and resource management.
Attack Surface
The functions and features that a system exposes to unauthenticated users.
Configuration Rules
The instructions a system administrator codes into a server, networking device, or security device to specify how it operates.
Two-person control
The organization of a task or process so that at least two individuals must work together to complete it. Also known as dual control.
Need to Know
The principle of limiting users' access privileges to only the specific information required to perform their assigned tasks.
gap analysis
The process of comparing measured results against expected results, then using the resulting "gap" as a measure of project success and as feedback for project management.
Protocol Stack Verification
The process of examining and verifying network traffic for invalid data packets—that is, packets that are malformed under the rules of the TCP/IP protocol.
Application Protocol Verification
The process of examining and verifying the higher-order protocols (HTTP, FTP, and Telnet) in network traffic for unexpected packet behavior or improper use.
Tailgating
The process of gaining unauthorized entry into a facility by closely following another person through an entrance and using the credentials of the authorized person to bypass a control point.
Steganography
The process of hiding a message inside another object, such as a picture or document.
Vulnerability Assessment (VA)
The process of identifying and documenting specific and provable flaws in the organization's information asset environment.
Back Hack
The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system.
Cryptanalysis
The process of obtaining the plaintext message from a ciphertext message without knowing the keys used to perform the encryption.
Nonrepudiation
The process of reversing public-key encryption to verify that a message was sent by the sender and thus cannot be refuted.
Physical Security
The protection of physical items, objects, or areas from unauthorized access and misuse.
False accept rate
The rate at which fraudulent users or nonusers are allowed access to systems or areas as a result of a failure in the biometric device. This failure is also known as a Type II error or a false positive.
electrostatic discharge (ESD)
The release of ambient static electricity into a ground.
Task Rotation
The requirement that all critical tasks can be performed by multiple individuals.
Trusted network
The system of networks inside the organization that contains its information assets and is under the organization's control.
Fingerprinting
The systematic survey of a targeted organization's Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range.
Biometric Access Control
The use of physiological characteristics to provide authentication for a provided identification.
1790s
Thomas Jefferson created a 26-letter wheel cipher which is used for official communications while ambassador to France ; reinvented in 1854 and 1913
Port Scanners
Tools used both by attackers and defenders to identify or fingerprint active computers on a network, the active ports and services on those computers, the functions and roles of the machines, and other useful information.
Covert Channels
Unauthorized or unintended methods of communications hidden inside a computer system.
Trusted Computing Base (TCB)
Under TCSEC, the combination of all hardware, firmware, and software responsible for enforcing the security policy.
Wi-Fi Protected Access (WPA and WPA2)
WPA was created to resolve the issues with WEP
Reference Monitor
Within TCB, a conceptual piece of the system that manages access controls—in other words, it mediates all access to objects by subjects.
TEMPEST
a U.S government program designed to protect computes from electronic remote eavesdropping by reducing EMR transmissions
thermal detection system
a category of fire detection systems that focuses on detecting the heat from a fire
smoke detection system
a category of fire detection systems that focuses on detecting the smoke from a fire
Attribute
a characteristic of a subject (user or system) that can be used to restrict access to an object. Known as a subject attribute
Firewall
a combination of hardware and software that filters or prevents specific information from moving between the outside network and the inside network
Remote Authentication Dial-In User Service (RADIUS)
a computer connection system that centralizes the management of user authentication by placing the responsibility for authenticating each user on a central authentication server
Certified Computer Examiner (CCE)
a computer forensics certification provided by ISFCE
Digital Mafeasance
a crime against or using digital media, computer technology, or related components
Asymmetric Encyption
a cryptographic method that incorporates mathematical operations involving both a public key and a private key to encipher or decipher a message
Transportation Cipher
a cryptographic operation that involves simply rearranging the values within a block based on an established pattern
Bluetooth
a de facto industry standard for short range wireless communications between devices
Bastion Host
a device placed between external , untrusted network and an internal, trusted network
Identification Card (ID)
a document used to verify the identity of a member of an organization, group or domain
Fixed temperature sensor
a fire detection sensor that works by detecting the point at which the ambient temperature in an area reaches a predetermined level
Flame Detector
a fire detection system that works by detecting the infrared or ultraviolet light produced by an open flame
wet-pipe system
a fire suppression sprinkler system that contains pressurized water in all pipes and has some form of valve in each protected area.
water mist sprinkler
a fire suppression sprinkler system that relies on ultra-fine mists to reduce the ambient temperature below that needed to sustain a flame
sprinkler system
a fire suppression system designed to apply a liquid, usually water, to all areas in which a fire has been detected
Static Packet-Filtering Firewall
a firewall type that requires the configuration rules to be manually created, sequenced, and modified within the firewall.
Exclusive OR operation (XOR)
a function within Boolean algebra used as an encryption function in which two bits are compared. If the two bits are identical, the result is a binary 0; otherwise, the result is a binary 1.
Secret Key
a key that can be used in symmetric encryption both to encipher and decipher the message
Whitelist
a list of systems , users, files, or addresses that are known to be benign; it is commonly used to expedite those entities access to systems or networks
Blacklist
a list of systems, users, files, or addresses that have been associated with malicious activity; it is commonly used to block those entities from systems or network access
Clipping Level
a predefined assessment level that triggers a predetermined response when surpassed. Typically, the response is to notify an administrator.
Secure Electronic Transaction (SET)
a protocol developed by credit card companies to protect against electronic payment fraud
Reverse Proxy
a proxy server that most commonly retrieves information from inside an organization and provides it to a requesting user or system outside the organization
Secure Multipurpose Internet Mail Extensions (S/MIME)
a security protocol that builds on the encoding format of the multipurpose internet mail extensions protocol and uses digital signatures based on public key cryptosystems to secure email
Extranet
a segment of of DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public
Build
a snapshot of a particular version of software assembled or linked from its component modules
Plenum
a space between the ceiling in one level of a commercial building and the floor of the level above. The plenum is used for air return.
Secure Hash Standard (SHS)
a standard issued by the National Institute of Standards and Technology (NIST) that specifies secure algorithms, such as SHA-1, for computing a condensed representation of a message or data file.
Bell-LaPadula Confidentiality Model
a state machine reference model of an automated system that is able to manipulate its state or status over time
polyalphabetic substitution
a substitution cipher that incorporates two or more alphabets in the encryption process
Monoalphabetic substitution
a substitution cipher that only incorporates a single alphabet in the encryption process
Message Digest
a value representing the application of a hash algorithm on a message that is transmitted with the message so it can be compared with the recipient's locally calculated hash of the same message. If both hashes are identical after transmission, the message has arrived without modification. Also known as a hash value.
Threshold
a value that sets the limit between normal and abnormal behavior
closed circuit television (CCTV)
a video capture and recording system used to monitor a facility
Telecommuting
a work arrangement in which employees work from an off-site location and connect to an organization's equipment electronically
Certified Cloud Security Professional (CCSP) Certification
aimed at professionals who are primarily responsible for specifying , acquiring, securing, and managing cloud-based services for their organization
Evidentiary Material (EM)
also known as "items of potential evidentiary value" any information that could potentially support an organization's legal or policy based case against a suspect
Template Cipher
also known as the perforated page cipher, involves the use of hidden messages in a book, letter, or other message
Fully Distributed IDPS Control Strategy
an IDPS implementation approach in which all control functions are applied at the physical location of each IDPS component
Centralized IDPS Control Strategy
an IDPS implementation approach in which all control functions are implemented and managed in a central location
Partially Distributed IDPS Control Strategy
an IDPS implementation approach that combines the best aspects of the centralized and fully distributed strategies
Passive Mode
an IDPS sensor setting in which the device simply monitors and analyzes observed network traffic
Vigenere Cipher
an advanced type of substitution cipher that uses a simple polyalphabetic code
Intrusion
an adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations, almost always with the intent to do harm
Dumb Card
an authentication card that contains digital user data, such as a personal identification number (PIN), against which user input is compared
Asynchronous Token
an authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token does not require calibration of the central authentication server; instead, it uses a challenge/response system.
Synchronous Token
an authentication component in the form of a token—a card or key fob that contains a computer chip and a liquid crystal display and shows a computer-generated number used to support remote login authentication. This token must be calibrated with the corresponding software on the central authentication server.
Wired Equivalent Privacy (WEP)
an early attempt to provide security with the 802.11 network protocol
Substitution Cipher
an encryption method in which one value is substituted for another
Role-Based Access Control (RBAC)
an example of a nondiscretionary control where privileges are tied to the role a user performs in an organization, and are inherited when a user is assigned to that role. Roles are considered more persistent than tasks. RBAC is an example of an LDAC.
Secure HTTP (S-HTTP)
an extended version of Hypertext Transfer Protocol that provides for the encryption of protected Web pages transmitted via the Internet between a client and server
Badge
an identification card typically worn in a visible location to quickly verify an authorized member
static electricity
an imbalance of electric charges within or on the surface of a material
Certified Information Systems Auditor (CISA) Certification
appropriate for auditing, networking and security professionals
Certified in Risk and Information Systems Control (CRISC) Certification
areas of knowledge include risk management and information systems and control
War Dialer
automatic phone-dialing program that dials every number in a configured range and checks whether a person, answering machine, or modem picks up
Book Cipher
ciphertext consists of a list of codes representing the page number, line number, and word number of the plaintext word
Resources
components required for the completion of a project which could include skills, personnel, time, money, and material
Certified Information Systems Security Professional (CISSP) Certification
considered the most prestigious for security managers and CISOs ; it recognizes mastery of an internationally identified Common Body of Knowledge (CBK) in information security
Harrison-Ruzzo-Ullman model
defines a method to allow changes to access rights & addition & removal of subjects & objects
Virtual Password
derived from a passphrase.
Brewer-Nash (The Chinese Wall) Model
designed to prevent a conflict of interest between two parties
Certified Cyber Forensics Professional (CCFP) Certification
encompasses six domains: legal & ethical principles investigations forensic science digital forensics application forensics hybrid & emerging technologies
Digital Signatures
encrypted message components that can be mathematically proven as authentic
Tunnel Mode
establishes two perimeter tunnel servers to encrypt all traffic that will traverse and unsecure network; the entire client packet is encrypted and added as the data portion of a packet addressed from one tunneling server to another
gaseous (or chemical gas) emission systems
fire suppression systems that operate through the delivery of gases rather than water
Certified Secure Software Lifecycle Professional (CSSLP) Certification
focused on the development of secure applications
Systems Security Certified Practitioner (SSCP) Certification
focuses on practices, roles, and responsibilities as defined by experts from major information security industries
Certified Information Security Manager (CISM) Certification
geared toward experienced information security managers and others who may have similar management responsibilities
Contract employees
hired to perform specific services for the organization
Network Behavior Analysis System NBA
identify problems related to the flow of network traffic
Application Header Protocol
in IPSec a protocol that provides system to system authentication and data integrity verification but does not provide secrecy for the content of a network communication
Certification
in information security, the comprehensive evaluation of an IT system's technical and nontechnical security controls that establishes the extent to which a particular design and implementation meets a set of predefined security requirements
Hostile Departures
include termination for cause, permanent downsizing, temporary layoffs, and quitting in some instances
Consultants
individuals who specialize in areas related to the business process
Digital Forensics
investigations that involve the preservation, identification, extraction, documentation, & interpretation of computer media for evidentiary & root cause analysis
PGP (Pretty Good Privacy)
is a hybrid cryptosystem that combines some of the best available cryptographic algorithms
Hash functions
mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm message identity and integrity
Search Warrant
permission to search for evidentiary material at a specified location and/or to seize items to return to an investigator's lab for examination
Chief Security Officer (CSO)
position may be combined with physical security responsibilities or may even report to a security manager who is responsible for both logical (information) security and physical security
Cryptography
process of making and using codes to secure transmission of information
Hash algorithm
public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed-length value
Certified in the Governance of Enterprise IT (CGEIT) Certification
risk management components, IT governance
Security Analyst
security technicians, security architects, or security engineers who are tasked to configure firewalls, deploy IDPs , implement security software, diagnose and trouble shoot problems and coordinate with systems and network administrators to ensure that an organization's security technology is properly implemented
Healthcare Information Security and Privacy Practitioner (HCISPP)
similar to the CISSP but focused on security management topics and healthcare
Certifications cost
starting at $750 but those that require multiple certifications can cost thousands of dollars
Business Partners
strategic alliances with other people and/or organizations that want to exchange information, integrate systems, or simply discuss operations
Affidavit
sworn testimony that certain facts are in the possession of an investigating officer and that they warrant the examination of specific items located at a specific place
Digital Signature Standard
the NIST standard for digital signature algorithm usage by federal information systems
Accountability
the access control mechanism that ensures all actions on a system - authorized or unauthorized; can be attributed to an authenticated identity
Enticement
the act of attracting attention to a system by placing tantalizing information in key locations.
Humidity
the amount of moisture in the air
Forensics
the coherent application of methodical investigatory techniques to present evidence if crimes in court or similar setting
External monitoring domain
the component of the maintenance model that focuses on evaluating external threats to the organization's information assets
Advanced Encryption Standard (AES)
the current federal standard for the encryption of data, as specified by NIST. AES is based on the Rijndael algorithm, which was developed by Vincent Rijmen and Joan Daemen
triboelectrification
the exchange of electrons between two materials when they make contact, resulting in one object becoming more positively charged and the other more negatively charged
Crypotology
the field of science that encompasses cryptography and cryptanalysis
Intrusion Detection and Prevention System (IDPS)
the general term for a system that can both detect and modify its configuration and environment to prevent intrusions
Separation of Duties
the information security principle that requires significant tasks to be split up so that more than one individual is required to complete them
Footprinting
the organized research of the Internet addresses owned or controlled by a target organization.
Noise
the presence of additional and disruptive signals in network communications or electrical power delivery
IP Security
the primary and now dominant cryptographic authentication and encryption product of the IETF's IP protocol security working group
Project Management
the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward a goal
Remediation
the process of removing or repairing flaws in information assets that cause a vulnerability or removing the risk associated with the vulnerability
Accreditation
the process that authorizes an IT system to process, store or transmit information
False reject rate
the rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device; known as a type I error or false negative
Version
the recorded state of a particular revision of a software or hardware configuration item
Job rotation
the requirement that every employee be able to perform the work of another employee
Auditing
the review of a system's use to determine if misuse or malfeasance has occurred
Untrusted Network
the system of networks outside the organization over which the organization has not control. The Internet is an example of an untrusted network.
Electromagnetic Radiation (EMR)
the transmission of radiant energy through space, commonly referred to as radio waves
War Driving
the use of mobile scanning techniques to identify open wireless access points
Authentication Factors
three mechanisms that provide authentication based on something a supplicant knows, something a supplicant has, and something a supplicant is
Chief Information Security Officer (CISO)
top information security officer in the organization; not in an executive level position, and reports to the chief information officer
Running Key Cipher
uses a book for passing the key to a cipher that is similar to the Vigenere cipher
