Secure Computing Chapter 12

Ace your homework & exams now with Quizwiz!

The IEEE is an international nonprofit organization that focuses on ___________

developing and distributing standards that relate to electricity and electronics.

Internet Engineering Task Force (IETF)

develops and promotes Internet standards and is an open organization.

To ensure international acceptance and maximum usage of its standards, the IEC _____________

encourages participation from as many countries as possible.

Internet Architecture Board (IAB)

is a subcommittee of the IETF. Is composed of independent researchers and professionals who have a technical interest in the well-being of the Internet

ISO 17799

is an international security standard. This standard documents a comprehensive set of controls that represent best practices in information systems.

National Institute of Standards and Technology (NIST)

maintains the atomic clock that keeps the United States' official tim

ANSI's goal is to _______________

strengthen the U.S. marketplace within the global economy

the Institute of Electrical and Electronics Engineers (IEEE)

"the world's largest professional association for the advancement of technology"

National Institute of Standards and Technology (NIST)

A federal agency within the U.S. Department of Commerce.

Baldrige National Quality Program

A national program that empowers and encourages excellence among U.S. organizations, including manufacturers, service organizations, educational institutions, health care providers, and nonprofit organizations. It also strives to increase quality and recognize organizations that achieve quality goals

Which standards organization publishes American Standard FORTRAN?

ANSI

One of the leading standards agencies on the United States is the _________________

American National Standards Institute (ANSI)

Internet Architecture Board (IAB)

Architecture for Internet protocols and procedures, Processes used to create standards, Editorial and publication procedures for RFCs, Confirmation of IETF chair and technical area directors

A-I-C Triad

Availability, Integrity, and Confidentiality.

The earliest digital computers were the result of experimental standards.

False

Which standards organization formed in 1906 and handles standards for batteries?

IEC

The _______________ is the world's largest professional association for the advancement of technology.

IEEE

The best-known standard that relates to information security is the ____________

IEEE 802 LAN/MAN standard family

RFCs may originate with other organizations

IETF creates only some RFCs. Others may come from independent sources, the IAB. or the Internet Research Task Force (IRTF).

Which standards organization's name derives from the Greek word for "equal"?

ISO

NIST Laboratories

Laboratories that conduct research to advance the United States' technology infrastructure. The nation's industry uses this infrastructure to improve the quality of products and services.

Which of the following is the most well-known ISO standard?

OSI reference model

Only some RFCs are standards

Only RFCs that open with phrases like "This document specifies ..." or "This memo documents ..." should be considered standards or normative documents.

What is the best-known ISO standard?

Open Systems Interconnection (OSI)

RFCs that define formal standards have four stages:

Proposed Standard (PS), Draft Standard (DS), Standard (STD), Best Current Practice (BCP).

National Institute of Standards and Technology (NIST)

Provides standards for measurement and technology on which nearly all computing devices rely

ANSI C

Published by ANSI, this is a standard version of the programming language C in 1989.

switching and signaling recommendations are in the _________ series

Q

IS0 17799 consists of two separate parts:

The ISO 17799 code of practice and the BS 17799-2 specification for an information security management system.

Best Current Practice (BCP)

The alternative method used to document operational specifications that are not formal standards

Standard (STD)

The final stage of a standard, after it has been shown to be widely adopted and deployed

American Standard FORTRAN

The first standard programming language.

Proposed Standard (PS)

The initial official stage of a standard

World Wide Web Consortium (W3C)

The main international standards organization for the World Wide Web.

Draft Standard (DS)

The second stage of a standard, after participants have demonstrated that the standard has been deployed in working environments

ISO/IEC 27002

The standard directs its recommendations to management and security personnel responsible for information security management systems.

ITU-T Recommendation X.509

X.509 is a recommendation for a public key infrastructure (PKI) that addresses single sign-on (SSO) capability and Privilege management infrastructure (PMI). The recommendation defines standard formats for public key certificates, certificate-management capabilities, attribute certificates, and a certification path validation algorithm.

ITU-T divides its recommendations into _________ separate series.

26

International Telecommunication Union (ITU)

A United Nations agency. It is responsible for managing and promoting information and technology issues.

Technology Innovation Program

Another national program that offers awards to organizations and universities to support potentially revolutionary technologies that apply to critical needs of national interest.

RFCs never change

Any changes to an RFC get a new number and become a new RFC. Always look for the latest RFC, because previous documents may be out of date.

Standards the W3C has developed or endorsed include the following:

Cascading Style Sheets (CSS), Common Gateway Interface (CGI), Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Extensible Markup Language (XML)

International Organization for Standardization (ISO)

It is a nongovernmental international organization. Its goal is to develop and publish international standards. ISO, based in Geneva. Switzerland, is a network of 163 national standards institutes. ISO serves as a bridge between the public and private sectors. Its goals are to develop standards that do not cater to either group exclusively, but reach consensus.

National Institute of Standards and Technology (NIST)

Maintains a list of standards and publications of general interest to the computer- security community.

NIST executes its primary mission through four cooperative programs

NIST Laboratories, Baldrigde National Quality Program, Hollings Manufacturing Extension Partnership, and Technology Innovation Program.

The IETF produces documents called ________.

Request for Comments (RFCs)

ISO/IEC 27007 expands on ISO 17799 by adding two new sections, dividing the new standard into 12 major sections.

Risk Assessment, Security Policy, Organization of Information Security, Asset Management, Human Resources Security, Physical and Environmental Security, Communications and Operations Management, Access Control, Information Systems Acquisition Development and Maintenance, Information Security Incident Management, Business Continuity Management, and Compliance.

The ISO divides the 17799 standard into 10 major sections:

Security policy, Security Organization, Asset Classification and Control, Personnel Security, Physical and Environmental Security, Communications and Operations Management, Access Control, System Development and Maintenance, Business Continuity Management, and Compliance

The IETF primarily focuses on standards of the________Internet protocol suite.

TCP/IP

The IETF works closely with the W3C and ISO/IEC, focusing primarily on standards of the ____________

TCP/IP or Internet protocol suite

Hollings Manufacturing Extension Partnership

This partnership is a network of centers around the nation that offer technical and business assistance to small and medium-sized manufacturers.

Which standards organization publishes standards such as CGI. HTML, and XML

W3C

Data networks, open systems communications, and security recommendations are in the ________ series

X

ITU-T Recommendation X.25

X.25 describes a protocol suite for a packet-switched wide area network communication. X.25 is a Layer 3 (Network layer) protocol that provides a resilient w id e area network. Although X.25 is still in use today, most wide area networks use the IP protocol

Three recommendations of particular interest in information security are:

X.25, X.75, and X.509

ITU-T Recommendation X.75

X.75 describes the protocol for connecting two X.25 networks. It defines the requirements for the interface between data communication equipment (DCE) units in a network.

Requests for Com m ents (RFCs)

a series of documents that range from simple memos to standards documents.

ANSI standards cover such business sectors as

acoustical devices, construction equipment, dairy and livestock production, and energy distribution.

ANSI code

code is a standard that defines a set of values used to represent characters in computers. A standard is necessary to enable multiple computers to share data and communicate with each other.

The NIST Special Publications 800 series

contains many standards that provide guidance for information systems security activities.

Today, ANSI is composed of

government agencies, organizations, educational institutions, and individuals.

Internet Architecture Board (IAB) provides much of the ____________

high-level management and validation of the processes of conducting IETF business.

The main purpose of ISO 17799 is to:

is an international security standard. This standard documents a comprehensive set of controls that represent best practices in information systems.

PCI DSS

is an international standard for handling transactions involving payment cards

The stated purpose of the W3C is to ____________

is to develop protocols and guidelines that unify the World Wide Web and ensure its long-term growth.

The oldest and most recognizable activity of the ITU is ____________

its work developing standards.

IEEE is also one of the _________ standards-producing organizations.

largest

ITU Telecommunication Sector (ITU-T) performs

performs all ITU standards work.

Transport layer (Layer 4)

provides error-free communications across a network. It also provides the connections needed by software functions in the Session layer (Layer 3). In addition, it calls functions in the Network layer (Layer 3), the next layer down, to send and receive packets that make up the contents of the network communication.

ITU-T calls the international standards it produces

recommendations

IEC is active in developing standards that support _____________

safety, performance, environmental responsibility, energy efficiency, and renewable energy sources and use.

Because the ITU-T is a United Nations agency, its standards carry

significant international weight

ANSI primarily addresses standards that support:

software development and computer system operation

Even though ITU-T calls its standards recommendations, they tend to carry

substantial authority

ITIJ-T also defines ____________

tariff and accounting principles for international telecommunication services.

ANSI oversees ______________

the creation, publication, and management of many standards and guidelines that directly affect businesses in nearly every sector.

The ITU-T is responsible for ensuring ____________

the efficient and effective production of standards covering all fields of telecommunications for all nations.

IETF focuses on _________

the engineering aspects of Internet communication and attempts to avoid policy and business questions.

International Electrotechnical Commission (IEC)

the preeminent organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes.


Related study sets

AP Gov Economic and Monetary Policy

View Set

Troubled Debt - Settlement, Modification 1

View Set

MGMT 490: Chapter 6 - Learnsmart, Activity and Quiz questions

View Set

BUSINESS COMMUNICATION CARDON CH 9

View Set

Principles of Advertising CH. 9 Planning Media Strategy: Disseminating the Message

View Set