CS 271 Final

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Digital forensics approaches

1. Protect and forget 2. Apprehend and prosecute

Digital malfeasance

a crime against or using digital media, computer technology, or related components; a computer is the source of the crime or the object of it

Transposition cipher

a cryptographic operation that involves simply rearranging the values within a block based on an established pattern; aka permutation cipher

Vernam cipher

a cryptographic technique developed at AT&T and known as the "one-time pad," this cipher uses a set of characters for encryption operations only one time and then discards it

Request for proposal (RFP)

a document specifying the requirements of a project, provided to solicit bids from internal or external contractors

Pretty Good Privacy (PGP)

a hybrid cryptosystem that combines some of the best cryptographic algorithms; the open-source de facto standard for encryption

Restitution

a legal requirement to make compensation or payment resulting from loss or injury

Work breakdown structure (WBS)

a list of the tasks to be accomplished in the project, the skill sets or individual employees needed to perform the tasks, the start and end dates for tasks, the estimated resources required, and the dependencies among tasks

Mandatory access control (MAC)

a required, structured data classification scheme that rates each colletion of information as well as each other

Lattice-based access control (LBAC)

a variation on the MAC form of access control, which assigns users a matrix of authorizations for particular areas of access, incorporating the information assets of subjects such as users and objects

Discretionary access control (DAC)

access controls that are implemented at the discretion or option of the data user

Nondiscretionary access controls (NDACs)

access controls that are implemented by a central authority

Attribute-based access control (ABAC)

an access control approach whereby the organization specifies the use of objects based on some attribute of the user or system

Vigenere cipher

an advanced type of substitution cipher that uses a siple polyalphabetic code

Wired Equivalent Privacy (WEP)

an early attempt at securing wireless communications based on encryption using a 64- or 128-bit key that is not difficult for hackers to crack

Substitution cipher

an encryption method in which one value is substituted for another

Liability

an entity's legal obligation or responsibility

Task-based access control (TBAC)

an example of a nondiscretionary control where privileges are tied to a task a user performs in an organization adn are inherited when a user is assigned to that task; tasks are more temporary than roles

Role-based access control (RBAC)

an example of a nondiscretionary control where privileges are tied to the role a user performs in an organization, and are inherited when a user is assigned to that role; roles are more persistent than tasks

Static electricity

an imbalance of electrical charges in the atmosphere or on the surface of a material, caused by triboelectrification

Wi-Fi Protected Access (WPA)

created to resolve the issues with WEP and uses dynamic keys created and shared by an authentication server

Payment Card Industry (examples)

credit cards, debit cards, ATM cards, store-value cards, gift cards, etc

Nonrepudiation

customers or partners can be held accountable for transactions, such as online purchases, which they cannot dispute

Digital forensics

investigations that involve the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis; follows clear, well-defined methodologies but still tends to be as much an art as science

Due care

measures that an organization takes to ensure every employee knows what is acceptable and what is not

HIPAA (Health Insurance Portability and Accountability Act)

protects the confidentiality and security of healthcare data by establishing and enforcing standards and by standardizing electronic data interchange

Due diligence

reasonable steps taken by people or organizations to meet the obligations imposed by laws or regulations

Forensics

the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting; allows investigators to determine what happened by examining the results of an event - criminal, natural, intentional, or accidental

Computer Fraud and Abuse Act (CFA Act)

the cornerstone of many computer-related laws and enforcement efforts

Least privilege

the data access principle that ensures no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation needed; implies a need to know

Chain of evidence

the detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court

Triboelectrification

the exchange of electrons between two materials when they make contact, resulting in one object becoming more positively charged and the other more negatively charged

Rand Report R-609

the first widely recognized published document to identify the role of management and policy issues in computer security

Separation of duties

the information security principle that requires significant tasks to be split up so that more than on individual is required to complete them

Two-person control

the organization of a task or process so that at least two individuals must work together to complete it; aka dual control

Jurisdiction

the power to make legal decisions and judgments; typically an area within which an entity such as a court or law enforcement agency is empowered to make legal decision

Need to know

the principle of limiting users' access privileges to the specific information required to perform their assigned tasks

Task rotation

the requirement that all critical tasks can be performed by multiple individuals

Ciphertext/Cryptogram

the unintelligible encrypted or encoded message resulting from an encryption


Ensembles d'études connexes

NSG 1600 EAQ Unit 2 Musculoskeletal system

View Set

Prep-U chapter 49 Assessment and management of Patient with Hepatic disorders

View Set