Chapter 12 CSC 382

System Interconnection

A(n) __ __ is defined as the direct connection of two or more information systems for sharing data and other information resources.

constant

An effective information security governance program requires __ __ review.

Evidentiary Material

Any information that could potentially support the organization's legal or policy-based case against a suspect is known as _____

Patching

Repairing known vulnerabilities in any of the network or system environments is known as _______

Offline

The __ ___ model of data acquisition is where the investigator removes the power source and then uses a utility or special device to make a bit-stream sector-by-sector copy of the hard drives contained in the system.

PSV

The _____ process is designed to find and document the vulnerabilities that may be present because of misconfigured systems in use within the organization.

Chain of Evidence

The detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court is known as ______

vulnerability and remediation assessment

The primary goal of the __ ___ domain to identify specific, documented vulnerabilities and their timely remediation.

Internal Monitoring Domain

The primary goal of the _____ is to maintain an informed awareness of the state of all of the organization's networks, information systems, and information security defenses. a. awareness monitoring domain b. information monitoring domain c. internal monitoring domain d. external monitoring domain

planning and risk assessment

The primary objective of the _____ domain is to keep a lookout over the entire information security program.

Digital malfeasance

a crime against or using digital media, computer technology, or related components.

Search warrent

a document issued by an authorized authority that allows law enforcement agents to search for EM at a specified location and seize specific items for official examination.

Configuration item

a hardware or software item that will be modified and revised throughout its life cycle.

Build List

a list of the versions of components that make up a build.

Difference analysis

a procedure that compares the current state of a network segment against a known previous state of the same network segment (the baseline of systems and services).

Penetration testing

a set of security tests and evaluations that simulate attacks by a hacker or other malicious external source.

Major release

a significant revision of a version from its previous state.

Build

a snapshot of a particular version of software assembled or linked from its component modules.

War game

a type of rehearsal that seeks to realistically simulate the circumstances needed to thoroughly test a plan.

Configuration and change management (CCM)

an approach to implementing system change that uses policies, procedures, techniques, and tools to manage and evaluate proposed changes, track changes through completion, and maintain systems inventory and supporting documentation.

Modem vulnerability assessment

an assessment approach designed to find and document any vulnerability on dial-up modems connected to the organization's networks.

Intranet vulnerability assessment process

an assessment approach designed to find and document selected vulnerabilities that are likely to be present on the organization's internal network.

Platform Security Validation (PSV)

an assessment approach designed to find and document vulnerabilities that may be present because misconfigured systems are used within the organization.

Internet vulnerability assessment

an assessment approach designed to find and document vulnerabilities that may be present in the organization's public network.

Wireless vulnerability assessment process

an assessment approach designed to find and document vulnerabilities that may be present in the organization's wireless local area networks.

Evidentiary Material(EM)

any item or information that applies to an organization's legal or policy-based case; also known as an item of potential evidentiary value.

Affidavit

sworn testimony that certain facts are in the possession of an investigating officer; an affidavit can be used to request a search warrant.

Digital forensics

the application of forensics techniques and methodologies to the preservation, identification, extraction, documentation, and interpretation of digital media for evidentiary and/or root-cause analysis.

Forensics

the coherent application of methodical investigatory techniques to present evidence of crimes in a court or similar setting.

Vulnerability assessment and remediation domain

the component of the maintenance model focused on identifying specific, documented vulnerabilities and remediating them in a timely fashion.

External monitoring domain

the component of the maintenance model that focuses on evaluating external threats to the organization's information assets.

Planning and risk assessment domain

the component of the maintenance model that focuses on identifying and planning ongoing information security activities and identifying and managing risks introduced through IT information security projects.

Internal monitoring domain

the component of the maintenance model that focuses on identifying, assessing, and managing the configuration and status of information assets in an organization.

Revision date

the date associated with a particular version or build

Chain of Evidence

the detailed documentation of the collection, storage, transfer, and ownership of evidence from the crime scene through its presentation in court.

Vulnerability assessment (VA)

the process of identifying and documenting specific and provable flaws in the organization's information asset environment.

Remediation

the processes of removing or repairing flaws in information assets that cause a vulnerability or removing the risk associated with the vulnerability.

Version

the recorded state of a particular revision of a software or hardware configuration item. The version number is often noted in a specific format, such as "M.N.b." In this notation, "M" is the major release number and "N.b" can represent various minor releases or builds within the major release.

Auditing

the review of a system's use to determine if misuse or malfeasance has occurred.

War dialing

the use of scripted dialing attacks against a pool of phone numbers in an effort to identify modem connections.

Minor release

(update or patch) a minor revision of a version from its previous state.

False

True or False: Information security technical controls are not affected by the same factors as most computer-based technologies.

true

True or False: Once a suitable amount of information has been found, investigators can summarize their findings with a synopsis of their investigatory procedures in a report and submit it to the appropriate authority.

False

True or False: The objective of the internal monitoring domain is to provide the early awareness of new and emerging threats, threat agents, vulnerabilities, and attacks that is needed to mount an effective and timely defense.

Digital Forensics

________ is the application of forensics techniques and methodologies to the preservation, identification, extraction, documentation, and interpretation of digital media for evidentiary and/or root-cause analysis.

Contingency

__________ planning consists of a process for recovery and documentation of procedures for conducting recovery.

Configuration

a collection of components that make up a configuration item.

Software Library

a collection of configuration items that is usually controlled and that developers use to construct revisions and issue new configuration items.