Chapter 2

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Payment Card Industry Data Security Standard (PCI-DSS)

Standard used by major credit card companies where the main focus is the security controls and objectives that companies that process credit cards should implement.

Development Environment

THis is where the application is developed

International Organization for Standardization (ISO)

The defacto source for international standards.

Software Defined Networking (SDN)

The entire network is virtualized which allows a relatively easy segmentation of the network.

Application Blacklisting

The process of listing banned applications.

Least functinality

The system itself should be configured and capable of doing only what it is intended to do and no more.

NIST SP 800-53

This document organizes security measures into families of controls, such as risk assessment, access control, incident response, and others. The document also defines three levels of minimum security controls.

air gap

This occurs when one or more systems are literally not connected to a network.

ISO 27002

This standard recommends best practices for initiating, implementing, and maintaining information security management systems.

Proxy firewall

Used to process requests from an outside networks. Can be thought of as an intermediary between your network and any other network.

Dual-homed firewall

a host that resides on more than one network and possesses more than one network card

Extranet

a network configuration that allows selected outside organizations to access internal information systems

Intranet

a network designed for the exclusive use of computer users within an organization that cannot be accessed by users outside the organization

Stateless firewalls

make decisions based on the data that comes in—the packet, for example—and not based on any complex decisions

Secure baseline

process whereby you find a baseline for any system, application, or service that is considered secure.

Staging

used to roll the new software out in sections instead of deploying to the entire network at once.

VPN concentrator

A hardware device used to create remote access VPNs.

Virtual private network (VPN)

A private network connection that occurs through a public network.

Secure boot

A process whereby the BIOS or UEFI makes a cryptographic hash of the operating system boot loader and any boot drivers and compares that against a stored hash.

root of trust (RoT)

A security process that has to begin with some unchangeable hardware identity often stored in a TPM.

Honeypot

A separate system that appears to be an attractive target but is in reality a trap for attackers.

ISA/IEC-62443

A series of standards that define procedures for implementing electronically secure industrial automation and control systems.

Sandbox

A test environment that is completely isolated from the rest of the network.

Administrative controls

All the policies, procedures, and processes that are in place to support security.

Demilitarized zone (DMZ)

An area where you can place a public server for access by people whom you might not trust otherwise.

Test Environment

An environment containing hardware, instrumentation, simulators, software tools, and other support elements needed to conduct a test.

Open Web Application Security Project (OWASP)

An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted.

Technical controls

Controls that involve software and hardware.

Trusted Platform Module (TPM)

Dedicated processors that use cryptographic keys to perform a variety of tasks.

Hardware security modules (HSM)

Devices that handle digital keys.

Full Disk Encryption (FDE)

Encrypting the entire disk, rather than a specific file or folder.

Firewalls

First lines of defense in a network to prevent unauthorized users.

Appliances

Freestanding devices that operate in a largely self-contained manner, requiring less maintenance and support than a server-based product.

Defense in depth

Fundamental precept that means that it should never be the case that your security is either all or primarily focused on your network's borders.

Self-encrypting drive (SED)

Has a controller chip built into it that automatically encrypts the drive and decrypts it.

Networking segmentation

Involves dividing your network into zones based on security needs.

Stateful inspection

It does what a packet filtering firewall does, but it also remembers what the recent previous packets from the same client contained.

Key encryption key (KEK)

Key that encrypts or decrypts other key for transmission or storage

Media encryption key (MEK)

Key used for unlocking and locking a drive used in SED.

Application Whitelisting

Making a list of allowed apps, and only those applications may be installed.

Integrity measurement

Monitor a system to ensure that it has not deviated from that secure baseline.

Honeynet

Next logical extension of a honeypot. For example, there is a fake network segment that appears to be a very enticing target.

Packet filter

Passes or blocks traffic to specific addresses based on the type of application.

North American Electric Reliability Corporation (NERC)

Publishes standards for electrical power companies.

National Institute of Standards and Technology (NIST)

Source for many of the national standards in the United States. Publishes a number of standards, many of which are related to cybersecurity.

ISO IEC 27001:2013

Specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization.


Ensembles d'études connexes

SCM 6216 Final Exam (CH 6, 8, 9, 10, 12, 13, 14)

View Set

Get Ready For Biology Chapter 2: Basic Math Review

View Set

The Natural Environment - Chapter 20

View Set

Chapter 8: Skeletal System - Axial and Appendicular Skeleton

View Set

"Songs of Myself" by Walt Whitman

View Set

EAQ-Renal, Urinary, & Repro Systems

View Set