The need to secure the physical location of computer technology from outside threats Computer security Security Communications security Network security. A state of being secure and free from danger or harm. Also; the actions taken to make
someone or something secure Computer security Security Communications security Network security. The protection of all communications media; technology; and content Computer security Security Communications security Network security. A subset of communications security; the protection of voice and data; Networking
components; connections; and content. Computer security Security Communications security Network security. Protection of the confidentiality; integrity; and availability of information assets;
whether in storage; processing; or transmission; via the application of policy;
education;training and awareness; and technology. information security C.I.A. triad
Access Asset. The industry standard for computer security since the development of the mainframe.
The standard is based on three characteristics that describe the utility of information -
confidentiality; integrity; and availability information security C.I.A. triad Access Asset
. Authorized users have legal access to a system; whereas hackers must gain illegal
access to a system information security C.I.A. triad Access Asset. The organizational resource that is being protected. information security C.I.A. triad Access Asset. Asset
Q.9 An intentional or unintentional act that can damage or compromise information and
the systems that support it. Attacks can be active or passive; intentional or
unintentional; and direct or indirect. Attack A direct attack Indirect attack Control; safeguard; or countermeasure. It is perpetrated by a hacker using a PC to break into a system Direct attacks originate
from the threat itself. Attack A direct attack Indirect attack Control; safeguard; or countermeasure. It is originated from a compromised system or resource that is malfunctioning or
working under the control of a threat. Attack A direct attack Indirect attack Control; safeguard; or countermeasure. Security mechanisms; policies; or procedures that can successfully counter attacks;
reduce risk; resolve vulnerabilities Attack A direct attack Indirect attack Control; safeguard; or countermeasure. A technique used to compromise a system. This term can be a verb or a noun. Threat
agents may attempt to exploit a system or other information asset by using it illegally
for their personal gain Exploit
Exposure Loss Risk. A condition or state of being exposed; in information security; exposure exists when a
vulnerability is known to an attacker Exploit Exposure Loss Risk. A single instance of an information asset suffering damage or destruction; unintended
or unauthorized modification or disclosure; or denial of use. When an organization’s
information is stolen; it has suffered a loss.
Exploit Exposure Loss Risk . The probability of an unwanted occurrence; such as an adverse event or loss. Exploit Exposure Loss Risk . EX; it can be compromised by an attack (object) and then used to attack other systems
(subject). Subjects and objects of attack Threat Threat agent Threat event. Any event or circumstance that has the potential to adversely affect operations and
assets. Subjects and objects of attack Threat Threat agent Threat event. The specific instance or a component of a threat Subjects and objects of attack Threat Threat agent Threat event. An occurrence of an event caused by a threat agent. Subjects and objects of attack Threat Threat agent Threat event. A category of objects; people; or other entities that represents the origin of danger to
an asset—in other words; can be purposeful or undirected - threat source known as
“acts of God/acts of nature.”
Threat source Vulnerability Accuracy Authenticity. A potential weakness in an asset or its defensive control system(s). Some examples of
vulnerabilities are a flaw in a software package; an unprotected system
Threat source Vulnerability Accuracy Authenticity. An attribute of information that describes how data is free of errors and has the value
that the user expects. Threat source Vulnerability Accuracy Authenticity. An attribute of information that describes how data is genuine or original rather than
reproduced or fabricated. Threat source Vulnerability Accuracy Authenticity. An attribute of information that describes how data is accessible and correctly
formatted for use without interference or obstruction. Availability Confidentiality Integrity Personally Identifiable Information (PII). An attribute of information that describes how data is protected from disclosure or
exposure to unauthorized individuals or systems Availability Confidentiality Integrity Personally Identifiable Information (PII). An attribute of information that describes how data is whole; complete; and
uncorrupted.
Availability Confidentiality Integrity Personally Identifiable Information (PII). A set of information that could uniquely identify an individual. Availability Confidentiality Integrity Personally Identifiable Information (PII). An attribute of information that describes how the data’s ownership or control is
legitimate or authorized. Possession Utility Information System (IS) Software. An attribute of information that describes how data has value or usefulness for an end
purpose Possession Utility Information System (IS) Software
. The entire set of software; hardware; data; people; procedures; and networks that
enable the use of information resources in the organization. physical security The
protection of physical items; objects; or areas from unauthorized access and misuse. Possession Utility Information System (IS) Software
. It includes applications (programs); operating systems; and assorted command
utilities Possession Utility Information System (IS) Software. It is the physical technology that houses and executes the software; stores and
transports the data; and provides interfaces for the entry and removal of information
from the system. Physical security policies deal with hardware as a physical asset and
with the protection of physical assets – such as locks and keys - from harm or theft. Ex:
passed it through the conveyor scanning devices. Hardware Data People Procedures. Data stored; processed; and transmitted by a computer system must be protected.
Data is often the most valuable asset of an organization and therefore is the main
target of intentional attacks. Information was originally defined as data with meaning
we will use the term information to represent both unprocessed data and actual
information Hardware Data People Procedures. Though often overlooked in computer security considerations; people have always
been a threat to information security. In the end; the Khan simply bribed the
gatekeeper - and the rest is history. Whether this event actually occurred or not; the
moral of the story is that people can be the weakest link in an organization’s
information security program Hardware Data People Procedures. They are written instructions for accomplishing a specific task. should be disseminated
among members of an organization on a need-to-know basis.
Hardware Data People Procedures. Networking is the IS component that created much of the need for increased
computer and information security. When information systems are connected to each
other to form LANs; and these LANs are connected to other networks such as the
Internet; new security challenges rapidly emerge. However; when computer systems
are networked; this approach (locks and keys) is no longer enough. Steps to provide
network security such as installing and configuring firewalls are essential Networks Balancing Information Security and Access Bottom-up approach Top-down approach. Information security technologists and end users must recognize that both groups
share the same overall goals of the organization—to ensure that data is available
when; where; and how it is needed; with minimal delays or obstacles. Networks Balancing Information Security and Access Bottom-up approach Top-down approach. A method of establishing security policies and/or practices that begins as a grassroots
effort in which systems administrators attempt to improve the security of their
systems. Networks Balancing Information Security and Access Bottom-up approach Top-down approach. A methodology of establishing security policies and/or practices that is initiated by
upper management. It has a higher probability of success. Networks Balancing Information Security and Access Bottom-up approach
Top-down approach. A formal approach to solving a problem based on a structured sequence of
procedures. Methodology Systems Development Life Cycle (SDLC)
Waterfall SDLC DevOps SDLC. A methodology for the design and implementation of an information system. The SDLC
contains different phases depending on the methodology deployed; but generally the
phases address the investigation; analysis; design; implementation; and maintenance
of an information system. Methodology Systems Development Life Cycle (SDLC)
Waterfall SDLC DevOps SDLC. A type of SDLC in which each phase of the process “flows from” the information
gained in the previous phase; with multiple opportunities to return to previous phases
and make adjustments. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC
DevOps SDLC. A formal approach to solving a problem based on a structured sequence of
procedures. focuses on integrating the need for the development team to provide
iterative and rapid improvements to system functionality and the need for the
operations team to improve security and minimize the disruption from software
release cycles. Methodology Systems Development Life Cycle (SDLC) Waterfall SDLC DevOps SDLC. In the logical design phase; the information gained from the analysis phase is used to
begin creating a systems solution for a business problem. Logical Design Implementation Maintenance and Change Software Assurance (SA). In the implementation phase; any needed software is created. Logical Design Implementation Maintenance and Change Software Assurance (SA). The maintenance and change phase is the longest and most expensive of the process.
This phase consists of the tasks necessary to support and modify the system for the
remainder of its useful life cycle.
Logical Design Implementation Maintenance and Change Software Assurance (SA)
. A methodological approach to the development of software that seeks to build
security into the development life cycle rather than address it at later stages.
Logical Design
Implementation Maintenance and Change Software Assurance (SA)
. Keep the design as simple and small as possible Economy of mechanism Fail-safe defaults Complete mediation Open design. Base access decisions on permission rather than exclusion. Economy of mechanism Fail-safe defaults Complete mediation Open design. Every access to every object must be checked for authority. Economy of mechanism Fail-safe defaults
Complete mediation Open design . The design should not be secret; but rather depend on the possession of keys or
passwords Economy of mechanism Fail-safe defaults Complete mediation Open design . Where feasible; a protection mechanism should require two keys to unlock; rather
than one.
Separation of privilege Least privilege Least common mechanism Psychological acceptability
. Every program and every user of the system should operate using the least set of
privileges necessary to complete the job. Separation of privilege Least privilege Least common mechanism Psychological acceptability. Minimize mechanisms (or shared variables) common to more than one user and
depended on by all users. Separation of privilege Least privilege Least common mechanism Psychological acceptability. It is essential that the human interface be designed for ease of use; so that users
routinely and automatically apply the protection mechanisms correctly Separation of privilege Least privilege Least common mechanism Psychological acceptability. The CIO translates the strategic plans of the organization as a whole into strategic
information plans for the information systems or data processing division of the
organization. An executive-level position that oversees the organization’s computing
technology and strives to create efficiency in the processing and access of the
organization’s information. chief information officer (CIO) chief information security officer (CISO) Project team Champion. Typically considered the top information security officer in an organization. chief information officer (CIO) chief information security officer (CISO) Project team Champion. A small functional team of people who are experienced in one or multiple facets of the
required technical and nontechnical areas for the project to which they are assigned. chief information officer (CIO) chief information security officer (CISO) Project team
Champion. A senior executive who promotes the project and ensures its support; both financially
and administratively; at the highest levels of the organization. chief information officer (CIO) chief information security officer (CISO) Project team Champion
. A project manager who may also be a departmental line manager or staff unit
manager; and who understands project management; personnel management; and
information security technical requirements. Team leader Security policy developers Risk assessment specialists Security professionals. People who understand the organizational culture; existing policies; and requirements
for developing and implementing successful policies. Team leader Security policy developers Risk assessment specialists Security professionals. People who understand financial risk assessment techniques; the value of
organizational assets; and the security methods to be used. Team leader
Security policy developers Risk assessment specialists Security professionals
. Dedicated; trained; and well-educated specialists in all aspects of information security
from both a technical and nontechnical standpoint. Team leader
Security policy developers Risk assessment specialists Security professionals
. People with the primary responsibility for administering systems that house the
information used by the organization. Systems administrators
End users data custDdians Security as Art. Those whom the new system will most directly affect. Ideally; a selection of users from
various departments; levels; and degrees of technical knowledge assist the team in
focusing on the application of realistic controls that do not disrupt the essential
business activities they seek to safeguard. Systems administrators End users data custDdians Security as Art. Individuals who work directly with data owners and are responsible for storage;
maintenance; and protection of information.
Systems administrators End users data custDdians Security as Art. The administrators and technicians who implement security can be compared to a
painter applying oils to canvas. A touch of color here; a brush stroke there; just
enough to represent the image the artist wants to convey without overwhelming the
viewer—or in security terms; without overly restricting user access. Systems administrators End users data custDdians Security as Art. Technology developed by computer scientists and engineers—which is designed for
rigorous performance levels—makes information security a science as well as an art. Security as Science Security as a Social Science delete delete
. Social science examines the behavior of people as they interact with systems; whether
they are societal systems or; as in this context; information systems. Security as Science Security as a Social Science delete delete. To protect the confidentiality of information; you can use several measures; including
the following:
Information classification A direct attack Indirect attack Control; safeguard; or countermeasure. To protect the confidentiality of information; you can use several measures; including
the following: Exploit Secure document storage Loss Risk . To protect the confidentiality of information; you can use several measures; including
the following: Subjects and objects of attack Threat Application of general security policies Threat event. To protect the confidentiality of information; you can use several measures; including
the following: Threat source Vulnerability Accuracy Education of information custodians and end users. For detecting a virus or worm is to look for changes in file integrity; as shown by The file size. Confidentiality
Integrity Personally Identifiable Information (PII). For detecting a virus or worm is to look for changes in file integrity; as shown by Attack File hashing Indirect attack Control; safeguard; or countermeasure. Secure Software Assurance (SwA) Common Body of Knowledge (CBK) examine two
key questions Exploit Exposure What are the engineering activities or aspects of activities that are relevant to
achieving secure software?
Risk. Secure Software Assurance (SwA) Common Body of Knowledge (CBK) examine two
key questions Subjects and objects of attack Threat Threat agent What knowledge is needed to perform these activities or aspects?. The SwA CBK; which is a work in progress; contains the following sections: Nature of Dangers Vulnerability Accuracy Authenticity. The SwA CBK; which is a work in progress; contains the following sections: Availability Fundamental Concepts and Principles Integrity Personally Identifiable Information (PII). The SwA CBK; which is a work in progress; contains the following sections: Attack A direct attack
Ethics; Law; and Governance Control; safeguard; or countermeasure. The SwA CBK; which is a work in progress; contains the following sections: Exploit Exposure Loss Secure Software Requirements. The SwA CBK; which is a work in progress; contains the following sections: Secure Software Design Threat Threat agent Threat event. The SwA CBK; which is a work in progress; contains the following sections: Threat source Secure Software Construction Accuracy Authenticity. The SwA CBK; which is a work in progress; contains the following sections: Availability Confidentiality Secure Software Verification; Validation; and Evaluation Personally Identifiable Information (PII). The SwA CBK; which is a work in progress; contains the following sections: Attack A direct attack Indirect attack
Secure Software Tools and Methods. The SwA CBK; which is a work in progress; contains the following sections: Secure Software Processes Exposure Loss Risk. The SwA CBK; which is a work in progress; contains the following sections: Subjects and objects of attack Secure Software Project Management Threat agent Threat event. The SwA CBK; which is a work in progress; contains the following sections: Threat source Vulnerability Acquisition of Secure Software Authenticity. The SwA CBK; which is a work in progress; contains the following sections: Authenticity Availability Confidentiality Integrity. They carry the authority of a governing body. laws Ethics Aggregate information Information aggregation. They are based on cultural mores laws Ethics Aggregate information Information aggregation. Collective data that relates to a group or category of people and that has been altered
to remove characteristics or components that make it possible to identify individuals
within the group. laws Ethics Aggregate information Information aggregation. Pieces of nonprivate data that- when combined- may create information that violates
privacy. Not to be confused with aggregate information. laws Ethics Aggregate information Information aggregation. In the context of information security- the right of individuals or groups to protect
themselves and their information from unauthorized access- providing confidentiality. Privacy Association of Computing Machinery (ACM)
Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS). It is a respected professional society that was established in 1947 as “the world’s first
educational and scientific computing society.” Privacy Association of Computing Machinery (ACM) Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS). It investigates both traditional crimes and cybercrimes- and works with the U.S. Privacy Association of Computing Machinery (ACM)
Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS). It is organization that process payment cards- such as credit cards- debit cards- ATM
cards- store-value cards- gift cards- or other related items Privacy Association of Computing Machinery (ACM) Federal Bureau of Investigation (FBI) Payment Card Industry Data Security Standards (PCI DSS). The desired end of a planning cycle. goals objectives strategic plan strategic planning. The intermediate states obtained to achieve progress toward a goal or goals. goals objectives strategic plan strategic planning. A plan for the organization’s intended strategic efforts over the next several years. goals
objectives strategic plan strategic planning
. The process of defining and specifying the long-term direction (strategy). goals objectives strategic plan strategic planning. The process of tactical planning breaks each strategic goal into a series of incremental
objectives. Tactical planning Policies Standard Practice. They direct how issues should be addressed and how technologies should be used. Tactical planning Policies Standard Practice. A detailed statement of what must be done to comply with policy- sometimes viewed
as the rules governing policy compliance. Tactical planning Policies Standard Practice. recommendations Tactical planning Policies Standard Practice. recommendations the employee may use as a reference in complying with a policy guidelines procedures Comprehension (understanding) Compliance (agreement). Step-by-step instructions designed to assist employees in following policies- standardsand guDissemination (distribution) - The organization must be able to demonstrate
that the policy has been made readily available for review by the employee (eg.- hard
copy and electronic distribution) guidelines procedures Comprehension (understanding) Compliance (agreement). The organization must be able to demonstrate that the employee understands the
requirements and content of the policy (eg.- quizzes and other assessments). guidelines procedures Comprehension (understanding) Compliance (agreement)
. The organization must be able to demonstrate that the employee agrees to comply
with the policy through act or affirmation (eg.- logon banners- which require a specific
action to acknowledge agreement).
guidelines procedures Comprehension (understanding) Compliance (agreement)
. The organization must be able to demonstrate that the policy has been uniformly
enforced- regardless of employee status or assignment. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix. Written instructions provided by management that inform employees and others in
the workplace about proper behavior regarding the use of information and
information assets. Uniform enforcement (fairness in application) Information security policy
Access control list (ACL) Access control matrix. Specifications of authorization that govern the rights and privileges of users to a
particular information asset. Uniform enforcement (fairness in application) Information security policy Access control list (ACL) Access control matrix. An integration of access control lists (focusing on assets) and capability tables
(focusing on users) that results in a matrix with organizational assets listed in the
column headings and users listed in the row headings. Uniform enforcement (fairness in application) Information security policy
Access control list (ACL) Access control matrix. A lattice-based access control with rows of attributes associated with a particular
subject (such as a user). Capabilities table
Configuration Rule Policies Information security blueprint Information security framework. Configuring firewalls- intrusion detection and prevention systems (IDPSs)- and proxy
servers—use specific configuration scripts that represent the configuration rule policy .
Capabilities table Configuration Rule Policies Information security blueprint Information security framework. A framework or security model customized to an organization- including
implementation details. Capabilities table
Configuration Rule Policies Information security blueprint Information security framework. A specification of a model to be followed during the design- selection- and initial and
ongoing implementation of all subsequent security controls- including information
security policies- security education and training programs- and technological controls. Capabilities table Configuration Rule Policies Information security blueprint Information security framework. It illustrate how information is under attack from a variety of sources. It illustrates the
ways in which people access information. Spheres of Security
Design of Security Architecture (Layers PPT) Defense in depth
managerial controls. It is designed and implemented policies- people (education- training- and awareness
programs)- and technology. Spheres of Security Design of Security Architecture (Layers PPT)
Defense in depth managerial controls. A strategy for the protection of information assets that uses multiple layers and
different types of controls (managerial- operational- and technical) to provide optimal
protection. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth managerial controls. Information security safeguards that focus on administrative planning- organizingleading- and controlling- and that are designed by strategic planners and implemented
by the organization’s security administration. These safeguards include governance
and risk management. Spheres of Security Design of Security Architecture (Layers PPT) Defense in depth
managerial controls. Information security safeguards focusing on lower-level planning that deals with the
functionality of the organization’s security. These safeguards include disaster recovery
and incident response planning operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan). Information security safeguards that focus on the application of modern technologiessystems- and processes to protect information assets. These safeguards include
firewalls- virtual private networks- and IDPSs. operational controls technical controls Security Education- Training- and Awareness (SETA) Program
Business continuity plan (BC plan). It is a managerial program designed to improve the security of information assets by
providing targeted knowledge- skills- and guidance for an organization’s employees. operational controls technical controls
Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan). The documented product of business continuity planning. Occurs concurrently with
the DR plan when the damage is major or ongoing. operational controls technical controls Security Education- Training- and Awareness (SETA) Program Business continuity plan (BC plan). The actions taken to develop and implement the BC policy Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT)
. The actions taken to implement a combined DR and BC policy- and plan Business continuity planning (BCP)
Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT). The actions taken to incident response- disaster recovery- and business continuity
efforts- as well as preparatory business impact analysis. It includes incident response
planning (IRP)- disaster recovery planning (DRP)- and business continuity planning
(BCP)
Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT). It leads all CP efforts. Business continuity planning (BCP) Business resumption planning (BRP) Contingency planning (CP) Contingency planning management team (CPMT). The documented product. It focuses on restoring systems. Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA). The actions taken Disaster recovery plan (DR plan) Disaster recovery planning (DRP)
Incident response plan (IR plan) Business impact analysis (BIA). The documented product. It focuses on immediate response- but if the attack is there. Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA). An investigation and assessment of the various adverse events that can affect the
organization. The BIA attempts to answer the question- “How will it affect us?” Disaster recovery plan (DR plan) Disaster recovery planning (DRP) Incident response plan (IR plan) Business impact analysis (BIA). The total amount of time the system owner or authorizing official is willing to accept
for a mission/business process outage or disruption- including all impact
considerations. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT)
. The point in time prior to a disruption or system outage to which mission/business
process data can be recovered after an outage (given the most recent backup copy of
the data).
Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT). The maximum amount of time that a system resource can remain unavailable before
there is an unacceptable impact on other system resources- supported
mission/business processes- and the MTD. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO) Work recovery time (WRT). The amount of effort (expressed as elapsed time) necessary to make the business
function operational after the technology element is recovered (as identified with
RTO). Tasks include testing and validation of the system. Maximum tolerable downtime (MTD) Recovery point objective (RPO) Recovery time objective (RTO)
Work recovery time (WRT). It is important to collect critical information about each business unit before
prioritizing the business units. Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification. Identify Resource Requirements. Once the organization has created a prioritized list of
its mission and business processes- it needs to determine which resources would be
required to recover those processes and associated assets. Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification. Identify Recovery Priorities for System Resources To do so- it needs to understand the
information assets used by those processes Business Impact Analysis stage1 Business Impact Analysis stage2 Business Impact Analysis stage3 Incident classification
. The process of examining an incident candidate and determining whether it
constitutes an actual incident (both host-based and network-based). Business Impact Analysis stage1 Business Impact Analysis stage2
Business Impact Analysis stage3 Incident classification. Information or information systems become unavailable Loss of availability Loss of integrity Loss of confidentiality Violation of policy. Users report corrupt data files- garbage where data should be- or data that looks
wrong Loss of availability Loss of integrity Loss of confidentiality Violation of policy. You are notified of sensitive information leaks or informed that information you
thought was protected has been disclosed. Loss of availability Loss of integrity Loss of confidentiality Violation of policy. Organizational policies that address information or information security have been
violated.
Loss of availability Loss of integrity Loss of confidentiality Violation of policy. The law has been broken- and the organization’s information assets are involved. Violation of law Alert message Alert roster After-action review. A scripted description of the incident that usually contains just enough information so
that each person knows what portion of the IR plan to implement without slowing
down the notification process. Violation of law Alert message Alert roster After-action review. A document that contains contact information for people to be notified in the event of
an incident Violation of law Alert message Alert roster After-action review. A detailed examination and discussion of the events that occurred- from first
detection to final recovery. Violation of law Alert message Alert roster After-action review. The process of collecting- analyzing- and preserving computer-related evidence. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS). A physical object or documented information entered into a legal proceeding that
proves an action occurred or identifies the intent of a perpetrator. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS). in which applications are provided for a fee but hosted on third-party systems and
accessed over the Internet and the Web Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS). in which development platforms are available to developers for a fee and are hosted
by third parties. Computer forensics Evidence Software as a Service (SaaS) Platform as a Service (PaaS)
. which is informally known as Everything as a Service- provides hardware and
operating systems resources to host whatever the organization wants to implement.
Again- the service is hosted by a third party for a fee. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup. One of the newest options available as a specialized disaster recovery. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup. The duplication of all files that have changed or been added since the last full backup. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup. The duplication of all files for an entire system- including all applications- operating
systems components- and data. Infrastructure as a Service (IaaS) Disaster Recovery as a Service (DRaaS) Differential backup Full backup. The duplication of only the files that have been modified since the previous
incremental backup. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0. An approach to disk mirroring in which each drive has its own controller to provide
additional redundancy. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0. It is where the computer records all data to twin drives simultaneously- providing a
backup if the primary drive fails. Incremental backup Disk duplexing Disk mirroring L1
Disk striping L0. L1- It is where one logical volume is created by storing data across several available
hard drives in segments called stripes. Incremental backup Disk duplexing Disk mirroring L1 Disk striping L0. A hard drive feature that allows individual drives to be replaced without powering
down the entire system and without causing a fault during the replacement. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site. A system of drives that stores information across Multiple units to spread out data and
minimize the impact of a single drive failure Hot swap
Redundant array of independent disks (RAID) Server fault tolerance Cold site. provided by mirroring entire servers to provide redundant capaA level of redundancy
city for services Hot swap
Redundant array of independent disks (RAID) Server fault tolerance Cold site. A facility that provides only rudimentary services- with no computer hardware or
peripherals. Hot swap Redundant array of independent disks (RAID) Server fault tolerance Cold site. A backup strategy to store duplicate online transaction data along with duplicate
databases at the remote site on a redundant server Database shadowing Hot site Warm site Bonus
. A fully configured computing facility that includes all services- communications linksand physical plant operations. Database shadowing
Hot site Warm site Bonus. A facility that provides many of the same services and options as a hot site- but
typically without installed and configured software applications. Database shadowing Hot site Warm site Bonus. Bonus Database shadowing Hot site Warm site Bonus. The adoption and implementation of an innovative business model- methodtechnique- resource- or technology in order to outperform the competition. competitive advantage risk assessment risk control risk identification. A determination of the extent to which an organization’s information assets are
exposed to risk competitive advantage risk assessment risk control
risk identification. The application of controls that reduce the risks to an organization’s information
assets to an acceptable level. competitive advantage risk assessment risk control risk identification. The recognition- enumeration- and documentation of risks to an organization’s
information assets. competitive advantage risk assessment risk control
risk identification. The process of identifying risk- assessing its relative magnitude- and taking steps to
reduce it to an acceptable level. risk management
residual risk In Asset Identification - People Procedures. The risk to information assets that remains even after current controls have been
applied. risk management residual risk In Asset Identification - People Procedures. Position name- number- or ID (avoid using people’s names and stick to identifying
positions- roles- or functions)- supervisor- security clearance level- special skills risk management residual risk In Asset Identification - People Procedures. Description- intended purpose- relationship to software- hardware- and networking
elements- storage location for reference- storage location for update risk management residual risk In Asset Identification - People Procedures. Classification- owner- creator- and manager- size of datastructure- data structure used
(sequential or relational)- online or offline- location- backup procedures employed Data IP address Name
Media access control (MAC) address. Make sure that the names you choose are meaningful to all the groups that use the
information. You should adopt naming standards that do not convey information to
potential system attackers. Data Name IP address Media access control (MAC) address. This can be a useful identifier for network devices and servers- but it does not usually
apply to software. You can- however- use a relational database to track software
instances on specific servers or networking devices. Data Name IP address Media access control (MAC) address. They are sometimes called electronic serial numbers or hardware addresses. Data Name IP address Media access control (MAC) address
. For hardware- you can develop a list of element types- such as servers- desktopsnetworking devices- or test equipment. For software elements- you may develop a list
of types that includes operating systems- custom applications by type (accounting- HRor payroll- for example)- packaged applications- and specialty applications- such as
firewall programs.
Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA). This information falls under asset inventory- which can be performed once the
identification process is started. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA). The logical location is most useful for networking devices and indicates the logical
network where the device is connected. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA). triples Apairing of an asset with a threat and an identification of vulnerabilities that
exist between the two. Element type Physical location Logical location Threats-vulnerabilitiesassets(TVA). Likelihood ? Attack Success Probability Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE). Asset Value ? Probable Loss Loss Frequency Loss Magnitude single loss expectancy (SLE)
annualized loss expectancy (ALE). exposure factor (EF) * asset value (AV). Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE). single loss expectancy (SLE) * annualized rate of occurrence (ARO) Loss Frequency Loss Magnitude single loss expectancy (SLE) annualized loss expectancy (ALE). The number of successful attacks that are expected to occur within a specified time
period attack success probability Likelihood loss frequency transference risk control strategy. The probability that a specific vulnerability within an organization will be the target of
an attack. attack success probability Likelihood loss frequency transference risk control strategy. The calculation of the likelihood of an attack coupled with the attack frequency to
determine the expected number of losses within a specified time range. attack success probability Likelihood
loss frequency transference risk control strategy. It attempts to shift risk to other assets- other processes- or other organizations. attack success probability Likelihood
loss frequency transference risk control strategy. It indicates the organization is willing to accept the current level of risk Acceptance
termination risk control strategy access control access control list (ACL). It eliminates all risk associated with an information asset by removing it from service
or handling decision points. Acceptance
termination risk control strategy access control
access control list (ACL). The selective method by which systems specify who may use a particular resource and
how they may use it. Acceptance termination risk control strategy access control
access control list (ACL). Specifications of authorization that govern the rights and privileges of users to a
particular information asset. Acceptance termination risk control strategy access control
access control list (ACL). An access control approach whereby the organization specifies the use of objects
based on some attribute of the user or system. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC). In a lattice-based access control- the row of attributes associated with a particular
subject (such as a user). attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC). Access controls that are implemented at the discretion or option of the data user. attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC). A variation on the MAC form of access control- which assigns users a matrix of
authorizations for particular areas of access- incorporating the information assets of
subjects such as users and objects attribute-based access control (ABAC) capabilities table discretionary access controls (DACs) ? lattice-based access control (LBAC). A required- structured data classification scheme that rates each collection of
information as well as each user mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC). They are implemented by a central authority. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC). An example of a nondiscretionary control where privileges are tied to the role a user
performs in an organization- and are inherited when a user is assigned to that role. mandatory access control (MAC) nondiscretionary access controls (NDACs) role-based access control (RBAC) task-based access control (TBAC). An example of a nondiscretionary control where privileges are tied to a task a user
performs in an organization and are inherited when a user is assigned to that task. mandatory access control (MAC) nondiscretionary access controls (NDACs)
role-based access control (RBAC) task-based access control (TBAC). An integration of access control lists (focusing on assets) and capabilities tables
(focusing on users) that results in a matrixwith organizational assets listed in the
column headings and users listed in the row headings. access control matrix accountability authentication authorization. The access control mechanism that ensures all actions ona system—authorized or
unauthorized—can be attributed to anauthenticated identity. Also known as
auditability. access control matrix accountability authentication authorization. The access control mechanism that requires the validation and verification of an
unauthenticated entity’s purportedidentity. access control matrix accountability authentication authorization. The access control mechanism that represents the matching of an authenticated entity
to a list of information assets and corresponding access levels. access control matrix accountability authentication authorization. It is the method by which systems determine whether and how to admit a user into a
trusted area of the organization—that is-information systems- restricted areas such as
computer rooms- and the entire physical location. Access control
dumb card identification passphrase. An authentication card that contains digital user data- such as a personal identification
number (PIN)- against which user input is compared. Access control dumb card identification passphrase
. The access control mechanism whereby unverified or unauthenticated entities who
seek access to a resource provide a label by which they are known to the system. Access control dumb card identification passphrase. A plain-language phrase- typically longer than a password- from which a virtual
password is derived. Access control dumb card identification passphrase
. A secret word or combination of characters that only the user should know- a
password is used to authenticate the user. password smart card biometric access control minutiae. An authentication component similar to a dumb card that contains a computer chip to
verify and validate several pieces of information instead of just a PIN. password smart card biometric access control minutiae. The use of physiological characteristics to provide authentication for a provided
identification. password smart card biometric access control minutiae. In biometric access controls- unique points of reference that are digitized and stored in
an encrypted format when the user’s system access credentials are created password
smart card biometric access control minutiae. Firewall rules designed to prohibit packets with certain addresses or partial addresses
from passing through the device. address restrictions dynamic packet-filtering firewall firewall
application layer proxy firewall
. A firewall type that can react to network traffic and create or modify configuration
rules to adapt address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall. In information security- a combination of hardware and software that filters or
prevents specific information from moving between the outside network and the
inside network.
address restrictions dynamic packet-filtering firewall firewall
application layer proxy firewall. A device capable of functioning both as a firewall and an application layer proxy
server address restrictions dynamic packet-filtering firewall firewall application layer proxy firewall. An intermediate area between two networks designed to provide servers and firewall
filtering between a trusted internal network and the outside- untrusted network. demilitarized zone (DMZ) proxy server content filter data loss prevention
. A server that exists to intercept requests for information from external users and
provide the requested information by retrieving it from an internal server- thus
protecting and minimizing the demand on internal servers. Some proxy servers are
also cache servers demilitarized zone (DMZ) proxy server content filter data loss prevention. A software program or hardware/software appliance that allows administrators to
restrict content that comes into or leaves a network—for example- restricting user
access to Web sites from material that is not related to business- such as pornography
or entertainment.
demilitarized zone (DMZ) proxy server
content filter data loss prevention. A strategy to gain assurance that the users of a network do not send high value
information or other critical information outside the network.
demilitarized zone (DMZ) proxy server content filter data loss prevention. A private- secure network operated over a public and insecure network. virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce. This factor of authentication relies on what the unverified user or system knows and
can recall—for example- a assword- passphrase- or other unique authentication codesuch as a personal identification number (PIN). virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce. This authentication factor relies on something an unverified user or system has and
can produce when necessary. virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have
In authentication factors - Something You Are or Can Produce. This relies on individual characteristics- such as fingerprints- palm or prints virtual private network (VPN) In authentication factors - Something You Know In authentication factors - Something You Have In authentication factors - Something You Are or Can Produce. An adverse event in which an attacker attempts to gain entry into an information
system or disrupt its normal operations- almost always with the intent to do harm. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique . The general term for a system that can both detect and modify its configuration and
environment to prevent. intrusion
intrusion detection and prevention system (IDPS) intrusion detection system (IDS)
IDPS response technique. A system capable of automatically detecting an intrusion into an organization’s
networks or host systems and notifying a designated authority. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique. Terminating- Blocking- and Blocking all access intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique. A process of grouping almost identical alarms that occur nearly at the same time into a
single higher-level alarm Alarm clustering and compaction Alarm filtering
Confidence value Evasion. The process of classifying IDPS alerts so they can be more effectively managed. Alarm clustering and compaction Alarm filtering Confidence value Evasion. The measure of an IDPS’s ability to correctly detect and identify certain types of
attacks which is based on fuzzy logic.
Alarm clustering and compaction Alarm filtering Confidence value Evasion. The process by which attackers change the format and/or timing of their activities to
avoid being detected by an IDPS Alarm clustering and compaction Alarm filtering Confidence value Evasion. An event that triggers an alarm when no actual attack is in progress. Scenarios that
test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs
can distinguish between these stimuli and real attacks. False attack stimulus False negative False positive Tuning. The failure of an IDPS to react to an actual attack event. False attack stimulus False negative False positive Tuning. An alert or alarm that occurs in the absence of an actual attack. False attack stimulus False negative False positive Tuning. The process of adjusting an IDPS to maximize its efficiency in detecting true positives
while minimizing false positives and false negatives. False attack stimulus False negative False positive Tuning. Alarm events that are accurate and noteworthy but do not pose significant threats to
information security. Noise Site policy Data Collection Attack Deterrence
. The rules and configuration guidelines governing the implementation and operation of
IDPSs within the organization. Noise Site policy Data Collection Attack Deterrence. In the process of analyzing data and network activity- IDPSs can be configured to log
data for later analysis. Noise Site policy Data Collection Attack Deterrence. Another reason to install an IDPS is that it serves as a deterrent by increasing the fear
of detection among would be attackers. Noise Site policy Data Collection Attack Deterrence. The process of examining and verifying the higher-order protocols (HTTP- FTP- and
Telnet) in network traffic for unexpected packet behavior or improper use. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification. An IDPS that resides on a particular computer or server- known as the host- and
monitors activity only on that system. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification. Also known as a switched port analysis (SPAN) port or mirror port- a specially
configured connection on a network device that can view all the traffic that moves
through the device. application protocol verification host-based IDPS (HIDPS) monitoring port
protocol stack verification
. The process of examining and verifying network traffic for invalid data packets—that ispackets that are malformed under the rules of the TCP/IP protocol. application protocol verification host-based IDPS (HIDPS) monitoring port
protocol stack verification. A hardware and/or software component deployed on a remote computer or network
segment and designed to monitor network or system traffic for suspicious activities
and report back to the host application. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. Source IP addresses - Source and destination TCP - Number of packets and bytes
transmitted in the session - Starting and ending timestamps for the session. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. Also known as behavior-based detection- an IDPS detection method that compares
current data and traffic patterns to an established baseline of normalcy. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. A predefined assessment level that triggers a predetermined response when
surpassed. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level
. Also known as knowledge-based detection or misuse detection- the examination of
system or network data in search of patterns that match known attack signatures. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM). The comparison of vendorsupplied profiles of protocol use and behavior against
observed data and network patterns in an effort to detect misuse and attacks. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM). An attack detection method that reviews the log files generated by computer systemslooking for patterns and signatures that may indicate an attack or intrusion is in
process or has already occurred. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM). A software-enabled approach to aggregating- filtering- and managing the reaction to
events- many of which are collected by logging activities of IDPSs and network
management devices.
signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM). A monitored network or network segment that contains multiple honeypot systems honeynet honeypot padded cell system back hack
. An application that entices people who are illegally perusing the internal areas of a
network by providing simulated rich content while the software notifies the
administrator of the intrusion honeynet
honeypot padded cell system back hack
. A protected honeypot that cannot be easily compromised. honeynet honeypot padded cell system back hack. The process of illegally attempting to determine the source of an intrusion by tracing it
and trying to gain access to the originating system. honeynet honeypot padded cell system back hack. The act of attracting attention to a system by placing tantalizing information in key
locations enticement entrapment pen register trap-and-trace application. The act of luring a person into committing a crime in order to get a conviction enticement entrapment pen register trap-and-trace application. An application that records information about outbound communications enticement entrapment pen register trap-and-trace application. An application that combines the function of honeypots or honeynets with the
capability to track the attacker back through the network. enticement entrapment pen register trap-and-trace application
. A logical sequence of steps or processes used by anattacker to launch an attack against
a target system or network. attack protocol
fingerprinting footprinting port scanners. The systematic survey of a targeted organization’s Internet addresses collected during
the footprinting phase to identify the network services offered by the hosts in that
range attack protocol
fingerprinting
footprinting port scanners
. The organized research and investigation of Internet addresses owned or controlled by
a target organization. attack protocol fingerprinting footprinting port scanners. It used both by attackers and defenders to identify orfingerprint active computers on a
network- the active ports and serviceson those computers- the functions and roles of
the machines- and other useful information. attack protocol
fingerprinting footprinting Secure Software Sustainment. Computer security Means The need to secure the physical location of computer
technology from outside threats. TRUE FALSE. Security Means A state of being secure and free from danger or harm. Also; the
actions taken to make someone or something secure. TRUE FALSE. Communications security Means The protection of all communications media;
technology; and content. TRUE FALSE. Network security Means Protection of the confidentiality; integrity; and
availability of information assets; whether in storage; processing; or transmission; via
the application of policy; education;training and awareness; and technology. TRUE FALSE. information security Means A subset of communications security; the protection
of voice and data; Networking components; connections; and content. TRUE FALSE. C.I.A. triad Means The industry standard for computer security since the
development of the mainframe. The standard is based on three characteristics that
describe the utility of information - confidentiality; integrity; and availability. TRUE FALSE. Access Means Authorized users have legal access to a system; whereas hackers
must gain illegal access to a system. TRUE FALSE. A direct attack Means An intentional or unintentional act that can damage or
compromise information and the systems that support it. Attacks can be active or
passive; intentional or unintentional; and direct or indirect. TRUE FALSE. Indirect attack Means Security mechanisms; policies; or procedures that can
successfully counter attacks; reduce risk; resolve vulnerabilities TRUE FALSE. Control; safeguard; or countermeasure Means It is originated from a
compromised system or resource that is malfunctioning or working under the control
of a threat. TRUE FALSE. Exploit Means A technique used to compromise a system. This term can be a
verb or a noun. Threat agents may attempt to exploit a system or other information
asset by using it illegally for their personal gain. TRUE FALSE. Exposure Means A condition or state of being exposed; in information security;
exposure exists when a vulnerability is known to an attacker TRUE FALSE. Threat agent Means An occurrence of an event caused by a threat agent. TRUE FALSE. Threat event Means The specific instance or a component of a threat. TRUE FALSE. Threat source Means A category of objects; people; or other entities that
represents the origin of danger to an asset—in other words; can be purposeful or
undirected - threat source known as “acts of God/acts of nature.”
TRUE FALSE. Vulnerability Means A potential weakness in an asset or its defensive control
system(s). Some examples of vulnerabilities are a flaw in a software package; an
unprotected system TRUE FALSE. Accuracy Means An attribute of information that describes how data is genuine
or original rather than reproduced or fabricated. TRUE FALSE. Authenticity Means An attribute of information that describes how data is free
of errors and has the value that the user expects. TRUE FALSE. Availability Means An attribute of information that describes how data is
protected from disclosure or exposure to unauthorized individuals or systems TRUE FALSE. Confidentiality Means An attribute of information that describes how data is
accessible and correctly formatted for use without interference or obstruction.
TRUE FALSE. Integrity Means A set of information that could uniquely identify an individual TRUE FALSE. Personally Identifiable Information (PII) Means An attribute of information that
describes how data is whole; complete; and uncorrupted. TRUE FALSE. Utility Means An attribute of information that describes how data has value or
usefulness for an end purpose TRUE FALSE. Information System (IS) Means The entire set of software; hardware; data;
people; procedures; and networks that enable the use of information resources in the
organization. physical security The protection of physical items; objects; or areas from
unauthorized access and misuse. TRUE FALSE. Hardware Means It is the physical technology that houses and executes the
software; stores and transports the data; and provides interfaces for the entry and
removal of information from the system. Physical security policies deal with hardware
as a physical asset and with the protection of physical assets – such as locks and keys -
from harm or theft. Ex: passed it through the conveyor scanning devices TRUE FALSE. Data Means Data stored; processed; and transmitted by a computer system
must be protected. Data is often the most valuable asset of an organization and
therefore is the main target of intentional attacks. Information was originally defined
as data with meaning we will use the term information to represent both unprocessed
data and actual information.
TRUE FALSE. People Means Though often overlooked in computer security considerations;
people have always been a threat to information security. In the end; the Khan simply
bribed the gatekeeper - and the rest is history. Whether this event actually occurred or
not; the moral of the story is that people can be the weakest link in an organization’s
information security program TRUE FALSE. Procedures Means Networking is the IS component that created much of the
need for increased computer and information security. When information systems are
connected to each other to form LANs; and these LANs are connected to other
networks such as the Internet; new security challenges rapidly emerge. However;
when computer systems are networked; this approach (locks and keys) is no longer
enough. Steps to provide network security such as installing and configuring firewalls
are essential TRUE FALSE. Networks Means They are written instructions for accomplishing a specific task.
should be disseminated among members of an organization on a need-to-know basis. TRUE FALSE. Bottom-up approach Means A method of establishing security policies and/or
practices that begins as a grassroots effort in which systems administrators attempt to
improve the security of their systems. TRUE FALSE. Top-down approach Means A methodology of establishing security policies
and/or practices that is initiated by upper management. It has a higher probability of
success. TRUE FALSE. Methodology Means A formal approach to solving a problem based on a
structured sequence of procedures. TRUE FALSE. Systems Development Life Cycle (SDLC) Means A methodology for the design
and implementation of an information system. The SDLC contains different phases
depending on the methodology deployed; but generally the phases address the
investigation; analysis; design; implementation; and maintenance of an information
system TRUE FALSE. Waterfall SDLC Means A type of SDLC in which each phase of the process “flows
from” the information gained in the previous phase; with multiple opportunities to
return to previous phases and make adjustments TRUE FALSE. Logical Design Means In the logical design phase; the information gained from
the analysis phase is used to begin creating a systems solution for a business problem. TRUE FALSE. Implementation Means In the implementation phase; any needed software is
created. TRUE FALSE. Software Assurance (SA) Means A methodological approach to the development
of software that seeks to build security into the development life cycle rather than
address it at later stages. TRUE FALSE. Fail-safe defaults Means Base access decisions on permission rather than
exclusion. TRUE FALSE. Complete mediation Means Every access to every object must be checked for
authority TRUE FALSE. Open design Means Where feasible; a protection mechanism should require
two keys to unlock; rather than one TRUE FALSE. Separation of privilege Means The design should not be secret; but rather
depend on the possession of keys or passwords. TRUE FALSE. Least privilege Means Every program and every user of the system should
operate using the least set of privileges necessary to complete the job.
TRUE FALSE. Least common mechanism Means Minimize mechanisms (or shared variables)
common to more than one user and depended on by all users TRUE FALSE. chief information security officer (CISO) Means Typically considered the top
information security officer in an organization. TRUE FALSE. Project team Means A small functional team of people who are experienced in
one or multiple facets of the required technical and nontechnical areas for the project
to which they are assigned. TRUE FALSE. Champion Means A senior executive who promotes the project and ensures its
support; both financially and administratively; at the highest levels of the organization TRUE FALSE. Team leader Means A project manager who may also be a departmental line
manager or staff unit manager; and who understands project management; personnel
management; and information security technical requirements. TRUE FALSE. Security policy developers Means People who understand the organizational
culture; existing policies; and requirements for developing and implementing
successful policies. TRUE FALSE. Security professionals Means Dedicated; trained; and well-educated specialists
in all aspects of information security from both a technical and nontechnical
standpoint. TRUE FALSE. Systems administrators Means People with the primary responsibility for
administering systems that house the information used by the organization. TRUE FALSE. End users Means Individuals who work directly with data owners and are
responsible for storage; maintenance; and protection of information. TRUE FALSE. data custDdians Means Those whom the new system will most directly affect.
Ideally; a selection of users from various departments; levels; and degrees of technical
knowledge assist the team in focusing on the application of realistic controls that do
not disrupt the essential business activities they seek to safeguard.
TRUE FALSE. Security as Art Means The administrators and technicians who implement
security can be compared to a painter applying oils to canvas. A touch of color here; a
brush stroke there; just enough to represent the image the artist wants to convey
without overwhelming the viewer—or in security terms; without overly restricting
user access.
TRUE FALSE. Ethics Means They carry the authority of a governing body TRUE FALSE. laws Means They are based on cultural mores TRUE FALSE. Information aggregation Means Collective data that relates to a group or category
of people and that has been altered to remove characteristics or components that
make it possible to identify individuals within the group. TRUE FALSE. Privacy Means Pieces of nonprivate data that- when combined- may create
information that violates privacy. Not to be confused with aggregate information. TRUE FALSE
. Aggregate information Means In the context of information security- the right of
individuals or groups to protect themselves and their information from unauthorized
access- providing confidentiality. TRUE FALSE. Association of Computing Machinery (ACM) Means It is a respected professional
society that was established in 1947 as “the world’s first educational and scientific
computing society.” TRUE FALSE. Federal Bureau of Investigation (FBI) Means It investigates both traditional crimes
and cybercrimes- and works with the U.S. TRUE FALSE. Payment Card Industry Data Security Standards (PCI DSS) Means It is organization
that process payment cards- such as credit cards- debit cards- ATM cards- store-value
cards- gift cards- or other related items TRUE FALSE. goals Means The desired end of a planning cycle. TRUE FALSE. strategic plan Means The intermediate states obtained to achieve progress toward
a goal or goals TRUE FALSE. objectives Means A plan for the organization’s intended strategic efforts over the
next several years. TRUE FALSE. Tactical planning Means The process of defining and specifying the long-term
direction (strategy). TRUE FALSE. Policies Means The process of tactical planning breaks each strategic goal into a
series of incremental objectives. TRUE FALSE. strategic planning Means They direct how issues should be addressed and how
technologies should be used. TRUE FALSE. Practice Means A detailed statement of what must be done to comply with policysometimes viewed as the rules governing policy compliance. TRUE FALSE. Standard Means recommendations TRUE FALSE. guidelines Means recommendations the employee may use as a reference in
complying with a policy TRUE FALSE. Compliance (agreement) Means Step-by-step instructions designed to assist
employees in following policies- standards- and guDissemination (distribution) - The
organization must be able to demonstrate that the policy has been made readily
available for review by the employee (eg.- hard copy and electronic distribution). TRUE FALSE. Uniform enforcement (fairness in application) Means The organization must be
able to demonstrate that the employee understands the requirements and content of
the policy (eg.- quizzes and other assessments) TRUE FALSE. procedures Means The organization must be able to demonstrate that the
employee agrees to comply with the policy through act or affirmation (eg.- logon
banners- which require a specific action to acknowledge agreement). TRUE FALSE. Comprehension (understanding) Means The organization must be able to
demonstrate that the policy has been uniformly enforced- regardless of employee
status or assignment. TRUE FALSE. Information security policy Means Written instructions provided by management
that inform employees and others in the workplace about proper behavior regarding
the use of information and information assets TRUE FALSE. Access control list (ACL) Means Specifications of authorization that govern the
rights and privileges of users to a particular information asset TRUE FALSE. Access control matrix Means An integration of access control lists (focusing on
assets) and capability tables (focusing on users) that results in a matrix with
organizational assets listed in the column headings and users listed in the row
headings. TRUE FALSE. Capabilities table Means A lattice-based access control with rows of attributes
associated with a particular subject (such as a user). TRUE FALSE. Configuration Rule Policies Means Configuring firewalls- intrusion detection and
prevention systems (IDPSs)- and proxy servers—use specific configuration scripts that
represent the configuration rule policy . TRUE FALSE. Information security blueprint Means A framework or security model customized
to an organization- including implementation details. TRUE FALSE. Information security framework Means A specification of a model to be followed
during the design- selection- and initial and ongoing implementation of all subsequent
security controls- including information security policies- security education and
training programs- and technological controls. TRUE FALSE. Spheres of Security Means It illustrate how information is under attack from a
variety of sources. It illustrates the ways in which people access information. TRUE FALSE. Design of Security Architecture (Layers PPT) Means It is designed and implemented
policies- people (education- training- and awareness programs)- and technology. TRUE FALSE. Defense in depth Means A strategy for the protection of information assets that
uses multiple layers and different types of controls (managerial- operational- and
technical) to provide optimal protection TRUE FALSE. operational controls Means Information security safeguards that focus on
administrative planning- organizing- leading- and controlling- and that are designed by
strategic planners and implemented by the organization’s security administration.
These safeguards include governance and risk management TRUE FALSE. managerial controls Means Information security safeguards focusing on lowerlevel planning that deals with the functionality of the organization’s security. These
safeguards include disaster recovery and incident response planning. TRUE FALSE. Security Education- Training- and Awareness (SETA) Program Means Information
security safeguards that focus on the application of modern technologies- systemsand processes to protect information assets. These safeguards include firewalls- virtual
private networks- and IDPSs. TRUE FALSE. technical controls Means It is a managerial program designed to improve the
security of information assets by providing targeted knowledge- skills- and guidance
for an organization’s employees. TRUE FALSE. Business continuity planning (BCP) Means The documented product of business
continuity planning. Occurs concurrently with the DR plan when the damage is major
or ongoing. TRUE FALSE. Business continuity plan (BC plan) Means The actions taken to develop and
implement the BC policy.
TRUE FALSE. Business resumption planning (BRP) Means The actions taken to implement a
combined DR and BC policy- and plan. TRUE FALSE. Contingency planning (CP) Means The actions taken to incident response- disaster
recovery- and business continuity efforts- as well as preparatory business impact
analysis. It includes incident response planning (IRP)- disaster recovery planning (DRP)-
and business continuity planning (BCP) TRUE FALSE. Contingency planning management team (CPMT) Means It leads all CP efforts. TRUE FALSE. Disaster recovery plan (DR plan) Means The documented product. It focuses on
restoring systems.
TRUE FALSE. Disaster recovery planning (DRP) Means The actions taken TRUE FALSE. Incident response plan (IR plan) Means The documented product. It focuses on
immediate response- but if the attack is there. TRUE FALSE. Recovery time objective (RTO) Means An investigation and assessment of the
various adverse events that can affect the organization. The BIA attempts to answer
the question- “How will it affect us?” TRUE FALSE. Business impact analysis (BIA) Means The total amount of time the system owner
or authorizing official is willing to accept for a mission/business process outage or
disruption- including all impact considerations TRUE FALSE. Maximum tolerable downtime (MTD) Means The point in time prior to a
disruption or system outage to which mission/business process data can be recovered
after an outage (given the most recent backup copy of the data). TRUE FALSE. Recovery point objective (RPO) Means The maximum amount of time that a
system resource can remain unavailable before there is an unacceptable impact on
other system resources- supported mission/business processes- and the MTD. TRUE FALSE. Work recovery time (WRT) Means The amount of effort (expressed as elapsed
time) necessary to make the business function operational after the technology
element is recovered (as identified with RTO). Tasks include testing and validation of
the system. TRUE FALSE. Business Impact Analysis stage2 Means It is important to collect critical
information about each business unit before prioritizing the business units. TRUE FALSE. Business Impact Analysis stage1 Means Identify Resource Requirements. Once the
organization has created a prioritized list of its mission and business processes- it
needs to determine which resources would be required to recover those processes
and associated assets. TRUE FALSE. Business Impact Analysis stage3 Means Identify Recovery Priorities for System
Resources To do so- it needs to understand the information assets used by those
processes TRUE FALSE. Loss of confidentiality Means The process of examining an incident candidate and
determining whether it constitutes an actual incident (both host-based and networkbased). TRUE FALSE. Incident classification Means Information or information systems become
unavailable. TRUE FALSE. Loss of availability Means Users report corrupt data files- garbage where data
should be- or data that looks wrong. TRUE FALSE. Loss of integrity Means You are notified of sensitive information leaks or informed
that information you thought was protected has been disclosed. TRUE FALSE. Violation of policy Means Organizational policies that address information or
information security have been violated.
TRUE FALSE. Violation of law Means The law has been broken- and the organization’s
information assets are involved. TRUE FALSE. Alert roster Means A scripted description of the incident that usually contains just
enough information so that each person knows what portion of the IR plan to
implement without slowing down the notification process. TRUE FALSE. Alert message Means A document that contains contact information for people to
be notified in the event of an incident. TRUE FALSE. After-action review Means A detailed examination and discussion of the events
that occurred- from first detection to final recovery. TRUE FALSE. Evidence Means The process of collecting- analyzing- and preserving computerrelated evidence. TRUE FALSE. Software as a Service (SaaS) Means A physical object or documented information
entered into a legal proceeding that proves an action occurred or identifies the intent
of a perpetrator TRUE FALSE. Computer forensics Means in which applications are provided for a fee but hosted
on third-party systems and accessed over the Internet and the Web. TRUE FALSE. Platform as a Service (PaaS) Means in which development platforms are available
to developers for a fee and are hosted by third parties. TRUE FALSE. Disaster Recovery as a Service (DRaaS) Means which is informally known as
Everything as a Service- provides hardware and operating systems resources to host
whatever the organization wants to implement. Again- the service is hosted by a third
party for a fee. TRUE FALSE. Full backup Means One of the newest options available as a specialized disaster
recovery. TRUE FALSE. Infrastructure as a Service (IaaS) Means The duplication of all files that have
changed or been added since the last full backup TRUE FALSE. Disk duplexing Means The duplication of all files for an entire system- including all
applications- operating systems components- and data. TRUE FALSE. Differential backup Means The duplication of only the files that have been
modified since the previous incremental backup TRUE FALSE. Disk mirroring L1 Means An approach to disk mirroring in which each drive has its
own controller to provide additional redundancy TRUE FALSE. Disk striping L0 Means It is where the computer records all data to twin drives
simultaneously- providing a backup if the primary drive fails TRUE FALSE. Incremental backup Means L1- It is where one logical volume is created by storing
data across several available hard drives in segments called stripes. TRUE FALSE. Hot swap Means A hard drive feature that allows individual drives to be replaced
without powering down the entire system and without causing a fault during the
replacement. TRUE FALSE. Redundant array of independent disks (RAID) Means A system of drives that stores
information across Multiple units to spread out data and minimize the impact of a
single drive failure. TRUE FALSE. Database shadowing Means provided by mirroring entire servers to provide
redundant capaA level of redundancy city for services TRUE FALSE. Server fault tolerance Means A facility that provides only rudimentary serviceswith no computer hardware or peripherals. TRUE FALSE. Cold site Means A backup strategy to store duplicate online transaction data along
with duplicate databases at the remote site on a redundant server.
TRUE FALSE. Warm site Means A fully configured computing facility that includes all servicescommunications links- and physical plant operations. TRUE FALSE. Hot site Means A facility that provides many of the same services and options as a
hot site- but typically without installed and configured software applications. TRUE FALSE. Bonus Means Bonus TRUE FALSE. competitive advantage Means That The adoption and implementation of an
innovative business model- method- technique- resource- or technology in order to
outperform the competition. TRUE FALSE. risk assessment Means That A determination of the extent to which an organization’s
information assets are exposed to risk. TRUE FALSE. risk identification Means That The application of controls that reduce the risks to an
organization’s information assets to an acceptable level. TRUE FALSE
. risk control Means That The recognition- enumeration- and documentation of risks to
an organization’s information assets. TRUE FALSE. risk management Means That The process of identifying risk- assessing its relative
magnitude- and taking steps to reduce it to an acceptable level. TRUE FALSE. residual risk Means That The risk to information assets that remains even after
current controls have been applied. TRUE FALSE. In Asset Identification - People Means That Position name- number- or ID (avoid using
people’s names and stick to identifying positions- roles- or functions)- supervisorsecurity clearance level- special skills TRUE FALSE. Procedures Means That Description- intended purpose- relationship to softwarehardware- and networking elements- storage location for reference- storage location
for update TRUE FALSE. Name Means That Classification- owner- creator- and manager- size of datastructuredata structure used (sequential or relational)- online or offline- location- backup
procedures employed. TRUE FALSE. Data Means That Make sure that the names you choose are meaningful to all the
groups that use the information. You should adopt naming standards that do not
convey information to potential system attackers.
TRUE FALSE. IP address Means That This can be a useful identifier for network devices and serversbut it does not usually apply to software. You can- however- use a relational database
to track software instances on specific servers or networking devices. TRUE FALSE. Media access control (MAC) address Means That They are sometimes called
electronic serial numbers or hardware addresses. TRUE FALSE. Element type Means That For hardware- you can develop a list of element typessuch as servers- desktops- networking devices- or test equipment. For software
elements- you may develop a list of types that includes operating systems- custom
applications by type (accounting- HR- or payroll- for example)- packaged applicationsand specialty applications- such as firewall programs. TRUE FALSE. Physical location Means That This information falls under asset inventory- which can
be performed once the identification process is started. TRUE FALSE. Threats-vulnerabilitiesassets(TVA) Means That The logical location is most useful for
networking devices and indicates the logical network where the device is connected.
TRUE FALSE. Logical location Means That triples Apairing of an asset with a threat and an
identification of vulnerabilities that exist between the two.
TRUE FALSE. Loss Frequency Means That Likelihood ? Attack Success Probability TRUE FALSE. Loss Magnitude Means That Asset Value ? Probable Loss TRUE FALSE. single loss expectancy (SLE) Means That exposure factor (EF) * asset value (AV) TRUE FALSE. attack success probability Means That single loss expectancy (SLE) * annualized rate
of occurrence (ARO) TRUE FALSE. annualized loss expectancy (ALE) Means That The number of successful attacks that
are expected to occur within a specified time period. TRUE FALSE. loss frequency Means That The probability that a specific vulnerability within an
organization will be the target of an attack. TRUE FALSE. Likelihood Means That The calculation of the likelihood of an attack coupled with the
attack frequency to determine the expected number of losses within a specified time
range. TRUE FALSE. transference risk control strategy Means That It attempts to shift risk to other assetsother processes- or other organizations. TRUE FALSE. termination risk control strategy Means That It indicates the organization is willing to
accept the current level of risk. TRUE FALSE. Acceptance Means That It eliminates all risk associated with an information asset by
removing it from service or handling decision points. TRUE FALSE. access control Means That The selective method by which systems specify who may
use a particular resource and how they may use it. TRUE FALSE. attribute-based access control (ABAC) Means That Specifications of authorization that
govern the rights and privileges of users to a particular information asset. TRUE FALSE. access control list (ACL) Means That An access control approach whereby the
organization specifies the use of objects based on some attribute of the user or
system TRUE FALSE. capabilities table Means That In a lattice-based access control- the row of attributes
associated with a particular subject (such as a user). TRUE FALSE. discretionary access controls (DACs) Means That Access controls that are
implemented at the discretion or option of the data user.
TRUE FALSE. ? lattice-based access control (LBAC) Means That A variation on the MAC form of
access control- which assigns users a matrix of authorizations for particular areas of
access- incorporating the information assets of subjects such as users and objects.
TRUE FALSE. mandatory access control (MAC) Means That A required- structured data
classification scheme that rates each collection of information as well as each user. TRUE FALSE. nondiscretionary access controls (NDACs) Means That They are implemented by a
central authority. TRUE FALSE. role-based access control (RBAC) Means That An example of a nondiscretionary
control where privileges are tied to the role a user performs in an organization- and
are inherited when a user is assigned to that role TRUE FALSE. task-based access control (TBAC) Means That An example of a nondiscretionary
control where privileges are tied to a task a user performs in an organization and are
inherited when a user is assigned to that task. TRUE FALSE. accountability Means That An integration of access control lists (focusing on assets)
and capabilities tables (focusing on users) that results in a matrixwith organizational
assets listed in the column headings and users listed in the row headings. TRUE FALSE. access control matrix Means That The access control mechanism that ensures all
actions ona system—authorized or unauthorized—can be attributed to
anauthenticated identity. Also known as auditability.
TRUE FALSE. authentication Means That The access control mechanism that requires the
validation and verification of an unauthenticated entity’s purportedidentity. TRUE FALSE. authorization Means That The access control mechanism that represents the
matching of an authenticated entity to a list of information assets and corresponding
access levels.
TRUE FALSE. Access control Means That It is the method by which systems determine whether and
how to admit a user into a trusted area of the organization—that is-information
systems- restricted areas such as computer rooms- and the entire physical location. TRUE FALSE. identification Means That An authentication card that contains digital user data- such
as a personal identification number (PIN)- against which user input is compared.
TRUE FALSE. dumb card Means That The access control mechanism whereby unverified or
unauthenticated entities who seek access to a resource provide a label by which they
are known to the system. TRUE FALSE. passphrase Means That A plain-language phrase- typically longer than a passwordfrom which a virtual password is derived. TRUE FALSE. password Means That A secret word or combination of characters that only the user
should know- a password is used to authenticate the user TRUE FALSE. biometric access control Means That An authentication component similar to a dumb
card that contains a computer chip to verify and validate several pieces of information
instead of just a PIN. TRUE FALSE. smart card Means That The use of physiological characteristics to provide
authentication for a provided identification TRUE FALSE. minutiae Means That In biometric access controls- unique points of reference that
are digitized and stored in an encrypted format when the user’s system access
credentials are created TRUE FALSE. address restrictions Means That Firewall rules designed to prohibit packets with
certain addresses or partial addresses from passing through the device.
TRUE FALSE. dynamic packet-filtering firewall Means That A firewall type that can react to network
traffic and create or modify configuration rules to adapt. TRUE FALSE. firewall Means That In information security- a combination of hardware and software
that filters or prevents specific information from moving between the outside network
and the inside network. TRUE FALSE. application layer proxy firewall Means That A device capable of functioning both as a
firewall and an application layer proxy server TRUE FALSE. demilitarized zone (DMZ) Means That An intermediate area between two networks
designed to provide servers and firewall filtering between a trusted internal network
and the outside- untrusted network. TRUE FALSE. proxy server Means That A server that exists to intercept requests for information
from external users and provide the requested information by retrieving it from an
internal server- thus protecting and minimizing the demand on internal servers. Some
proxy servers are also cache servers. TRUE FALSE. content filter Means That A software program or hardware/software appliance that
allows administrators to restrict content that comes into or leaves a network—for
example- restricting user access to Web sites from material that is not related to
business- such as pornography or entertainment. TRUE FALSE. data loss prevention Means That A strategy to gain assurance that the users of a
network do not send high value information or other critical information outside the
network. TRUE FALSE. virtual private network (VPN) Means That A private- secure network operated over a
public and insecure network. TRUE FALSE. In authentication factors - Something You Know Means That This factor of
authentication relies on what the unverified user or system knows and can recall—for
example- a assword- passphrase- or other unique authentication code- such as a
personal identification number (PIN). TRUE FALSE. In authentication factors - Something You Have Means That This authentication
factor relies on something an unverified user or system has and can produce when
necessary.
TRUE FALSE. In authentication factors - Something You Are or Can Produce Means That This relies
on individual characteristics- such as fingerprints- palm or prints TRUE FALSE. intrusion Means That An adverse event in which an attacker attempts to gain entry
into an information system or disrupt its normal operations- almost always with the
intent to do harm TRUE FALSE. intrusion detection and prevention system (IDPS) Means That The general term for a
system that can both detect and modify its configuration and environment to prevent. TRUE FALSE. IDPS response technique Means That A system capable of automatically detecting an
intrusion into an organization’s networks or host systems and notifying a designated
authority. TRUE FALSE. intrusion detection system (IDS) Means That Terminating- Blocking- and Blocking all
access TRUE FALSE. Alarm filtering Means That A process of grouping almost identical alarms that occur
nearly at the same time into a single higher-level alarm. TRUE FALSE. Alarm clustering and compaction Means That The process of classifying IDPS alerts so
they can be more effectively managed. TRUE FALSE. Confidence value Means That The measure of an IDPS’s ability to correctly detect and
identify certain types of attacks which is based on fuzzy logic. TRUE FALSE. False attack stimulus Means That The process by which attackers change the format
and/or timing of their activities to avoid being detected by an IDPS. TRUE FALSE. Evasion Means That An event that triggers an alarm when no actual attack is in
progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to
determine if the IDPSs can distinguish between these stimuli and real attacks TRUE FALSE. False negative Means That The failure of an IDPS to react to an actual attack event. TRUE FALSE. False positive Means That An alert or alarm that occurs in the absence of an actual
attack. TRUE FALSE. Tuning Means That The process of adjusting an IDPS to maximize its efficiency in
detecting true positives while minimizing false positives and false negatives. TRUE FALSE. Noise Means That Alarm events that are accurate and noteworthy but do not pose
significant threats to information security. TRUE FALSE. Site policy Means That The rules and configuration guidelines governing the
implementation and operation of IDPSs within the organization. TRUE FALSE. Data Collection Means That In the process of analyzing data and network activityIDPSs can be configured to log data for later analysis. TRUE FALSE. Attack Deterrence Means That Another reason to install an IDPS is that it serves as a
deterrent by increasing the fear of detection among would be attackers. TRUE FALSE. application protocol verification Means That The process of examining and verifying
the higher-order protocols (HTTP- FTP- and Telnet) in network traffic for unexpected
packet behavior or improper use TRUE FALSE. host-based IDPS (HIDPS) Means That An IDPS that resides on a particular computer or
server- known as the host- and monitors activity only on that system. TRUE FALSE. monitoring port Means That Also known as a switched port analysis (SPAN) port or
mirror port- a specially configured connection on a network device that can view all
the traffic that moves through the device. TRUE FALSE. protocol stack verification Means That The process of examining and verifying
network traffic for invalid data packets—that is- packets that are malformed under the
rules of the TCP/IP protocol. TRUE FALSE. sensor Means That A hardware and/or software component deployed on a remote
computer or network segment and designed to monitor network or system traffic for
suspicious activities and report back to the host application. TRUE FALSE. Intrusion detection and prevention typically includes Means That Source IP addresses
- Source and destination TCP - Number of packets and bytes transmitted in the session -
Starting and ending timestamps for the session. TRUE FALSE. anomaly-based detection Means That Also known as behavior-based detection- an
IDPS detection method that compares current data and traffic patterns to an
established baseline of normalcy TRUE FALSE. clipping level Means That A predefined assessment level that triggers a
predetermined response when surpassed. TRUE FALSE. signature-based detection Means That Also known as knowledge-based detection or
misuse detection- the examination of system or network data in search of patterns
that match known attack signatures. TRUE FALSE. stateful protocol analysis (SPA) Means That The comparison of vendorsupplied
profiles of protocol use and behavior against observed data and network patterns in
an effort to detect misuse and attacks. TRUE FALSE. log file monitor (LFM) Means That An attack detection method that reviews the log
files generated by computer systems- looking for patterns and signatures that may
indicate an attack or intrusion is in process or has already occurred TRUE FALSE. security information and event management (SIEM) Means That A software-enabled
approach to aggregating- filtering- and managing the reaction to events- many of
which are collected by logging activities of IDPSs and network management devices TRUE FALSE. honeynet Means That A monitored network or network segment that contains
multiple honeypot systems. TRUE FALSE. honeypot Means That An application that entices people who are illegally perusing
the internal areas of a network by providing simulated rich content while the software
notifies the administrator of the intrusion. TRUE FALSE. padded cell system Means That A protected honeypot that cannot be easily
compromised. TRUE FALSE. back hack Means That The process of illegally attempting to determine the source of
an intrusion by tracing it and trying to gain access to the originating system. TRUE FALSE. enticement Means That The act of attracting attention to a system by placing
tantalizing information in key locations. TRUE FALSE. pen register Means That The act of luring a person into committing a crime in order
to get a conviction. TRUE FALSE. entrapment Means That An application that records information about outbound
communications TRUE FALSE. attack protocol Means That An application that combines the function of honeypots
or honeynets with the capability to track the attacker back through the network. TRUE FALSE. trap-and-trace application Means That A logical sequence of steps or processes used
by anattacker to launch an attack against a target system or network.
TRUE FALSE. fingerprinting Means That The systematic survey of a targeted organization’s Internet
addresses collected during the footprinting phase to identify the network services
offered by the hosts in that range.
TRUE FALSE. footprinting Means That The organized research and investigation of Internet
addresses owned or controlled by a target organization. TRUE FALSE. port scanners Means That It used both by attackers and defenders to identify
orfingerprint active computers on a network- the active ports and serviceson those
computers- the functions and roles of the machines- and other useful information. TRUE FALSE.