An adverse event in which an attacker attempts to gain entry into an information
system or disrupt its normal operations- almost always with the intent to do harm. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique. The general term for a system that can both detect and modify its configuration and
environment to prevent intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique. A system capable of automatically detecting an intrusion into an organization’s
networks or host systems and notifying a designated authority. intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique. Terminating- Blocking- and Blocking all access intrusion intrusion detection and prevention system (IDPS) intrusion detection system (IDS) IDPS response technique. A process of grouping almost identical alarms that occur nearly at the same time into a
single higher-level alarm. Alarm clustering and compaction Alarm filtering Confidence value Evasion. The process of classifying IDPS alerts so they can be more effectively managed. Alarm clustering and compaction Alarm filtering Confidence value Evasion. The measure of an IDPS’s ability to correctly detect and identify certain types of
attacks which is based on fuzzy logic. Alarm clustering and compaction Alarm filtering Confidence value Evasion. The process by which attackers change the format and/or timing of their activities to
avoid being detected by an IDPS Alarm clustering and compaction Alarm filtering Confidence value Evasion. An event that triggers an alarm when no actual attack is in progress. Scenarios that
test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs
can distinguish between these stimuli and real attacks. False attack stimulus False negative False positive Tuning. The failure of an IDPS to react to an actual attack event False attack stimulus False negative False positive Tuning. An alert or alarm that occurs in the absence of an actual attack. False attack stimulus False negative False positive Tuning. The process of adjusting an IDPS to maximize its efficiency in detecting true positives
while minimizing false positives and false negatives. False attack stimulus False negative False positive Tuning. Alarm events that are accurate and noteworthy but do not pose significant threats to
information security. Noise Site policy Data Collection Attack Deterrence. The rules and configuration guidelines governing the implementation and operation of
IDPSs within the organization. Noise Site policy Data Collection Attack Deterrence. In the process of analyzing data and network activity- IDPSs can be configured to log
data for later analysis. Noise Site policy Data Collection Attack Deterrence. Another reason to install an IDPS is that it serves as a deterrent by increasing the fear
of detection among would be attackers Noise Site policy Data Collection Attack Deterrence. The process of examining and verifying the higher-order protocols (HTTP- FTP- and
Telnet) in network traffic for unexpected packet behavior or improper use. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification. An IDPS that resides on a particular computer or server- known as the host- and
monitors activity only on that system application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification. Also known as a switched port analysis (SPAN) port or mirror port- a specially
configured connection on a network device that can view all the traffic that moves
through the device. application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification. The process of examining and verifying network traffic for invalid data packets—that ispackets
that are malformed under the rules of the TCP/IP protocol application protocol verification host-based IDPS (HIDPS) monitoring port protocol stack verification. A hardware and/or software component deployed on a remote computer or network
segment and designed to monitor network or system traffic for suspicious activities
and report back to the host application.
sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. Source IP addresses - Source and destination TCP - Number of packets and bytes
transmitted in the session - Starting and ending timestamps for the session sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. Also known as behavior-based detection- an IDPS detection method that compares
current data and traffic patterns to an established baseline of normalcy. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. A predefined assessment level that triggers a predetermined response when
surpassed. sensor Intrusion detection and prevention typically includes anomaly-based detection clipping level. Also known as knowledAlso known as knowledge-based detection or misuse detection- the examination of
system or network data in search of patterns that match known attack signatures. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM. The comparison of vendor-supplied profiles of protocol use and behavior against
observed data and network patterns in an effort to detect misuse and attacks. signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM. An attack detection method that reviews the log files generated by computer systems looking
for patterns and signatures that may indicate an attack or intrusion is in signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM. A software-enabled approach to aggregating- filtering- and managing the reaction to
events- many of which are collected by logging activities of IDPSs and network
management devices signature-based detection stateful protocol analysis (SPA) log file monitor (LFM) security information and event management (SIEM. A monitored network or network segment that contains multiple honeypot systems. honeynet honeypot padded cell system back hack. An application that entices people who are illegally perusing the internal areas of a
network by providing simulated rich content while the software notifies the
the administrator of the intrusion. honeynet honeypot padded cell system back hack. A protected honeypot that cannot be easily compromised. honeynet honeypot padded cell system back hack. The process of illegally attempting to determine the source of an intrusion by tracing it
and trying to gain access to the originating system honeynet honeypot padded cell system back hack. The act of attracting attention to a system by placing tantalizing information in key
locations. enticement entrapment pen register trap-and-trace application. The act of luring a person into committing a crime in order to get a conviction. enticement entrapment pen register trap-and-trace application. An application that records information about outbound communications enticement entrapment pen register trap-and-trace application. An application that combines the function of honeypots or honeynets with the
capability to track the attacker back through the network enticement entrapment pen register trap-and-trace application. A logical sequence of steps or processes used by an attacker to launch an attack against
a target system or network. attack protocol fingerprinting footprinting port scanners. The systematic survey of a targeted organization’s Internet addresses collected during
the footprinting phase to identify the network services offered by the hosts in that
range. attack protocol fingerprinting footprinting port scanners. The organized research and investigation of Internet addresses owned or controlled by
a target organization attack protocol fingerprinting footprinting port scanners. It used both by attackers and defenders to identify or fingerprint active computers on a
network- the active ports and services on those computers- the functions and roles of
the machines- and other useful information attack protocol fingerprinting footprinting port scanners. Computer security Means The need to secure the physical location of computer
technology from outside threats. TRUE FALSE. Security Means A state of being secure and free from danger or harm. Also; the
actions taken to make someone or something secure. TRUE FALSE. Communications security Means The protection of all communications media;
technology; and content TRUE FALSE. Network security Means Protection of confidentiality; integrity; and
availability of information assets; whether in storage; processing; or transmission; via
the application of policy; education; training and awareness; and technology. TRUE FALSE. information security Means A subset of communications security; the protection
of voice and data; Networking components; connections; and content. TRUE FALSE. C.I.A. triad Means The industry standard for computer security since the
development of the mainframe. The standard is based on three characteristics that
describe the utility of information - confidentiality; integrity; and availability. TRUE FALSE. Access Means Authorized users have legal access to a system; whereas hackers
must gain illegal access to a system. TRUE FALSE. A direct attack Means An intentional or unintentional act that can damage or
compromise information and the systems that support it. Attacks can be active or
passive; intentional or unintentional; and direct or indirect. TRUE FALSE. Indirect attack Means Security mechanisms; policies; or procedures that can
successfully counter-attacks; reduce risk; resolve vulnerabilities TRUE FALSE. Control; safeguard; or countermeasure Means It is originated from a
compromised system or resource that is malfunctioning or working under the control
of a threat. TRUE FALSE. Exploit Means A technique used to compromise a system. This term can be a
verb or a noun. Threat agents may attempt to exploit a system or other information
asset by using it illegally for their personal gain.. TRUE FALSE. Exposure Means A condition or state of being exposed; in information security;
exposure exists when a vulnerability is known to an attacker TRUE FALSE. Threat agent Means An occurrence of an event caused by a threat agent TRUE FALSE. Threat event Means The specific instance or a component of a threat. TRUE FALSE. Threat source Means A category of objects; people; or other entities that
represents the origin of danger to an asset—in other words; can be purposeful or
undirected - threat source known as “acts of God/acts of nature.” TRUE FALSE. Vulnerability Means A potential weakness in an asset or its defensive control
system(s). Some examples of vulnerabilities are a flaw in a software package; an
unprotected system TRUE FALSE. Accuracy Means An attribute of information that describes how data is genuine
or original rather than reproduced or fabricated. TRUE FALSE. Authenticity Means An attribute of information that describes how data is free
of errors and has the value that the user expects. TRUE FALSE. Availability Means An attribute of information that describes how data is
protected from disclosure or exposure to unauthorized individuals or systems. TRUE FALSE. Confidentiality Means An attribute of information that describes how data is
accessible and correctly formatted for use without interference or obstruction TRUE FALSE. Integrity Means A set of information that could uniquely identify an individual TRUE FALSE. Personally Identifiable Information (PII) Means An attribute of information that
describes how data is whole; complete, and uncorrupted. TRUE FALSE. Utility Means An attribute of information that describes how data has value or
usefulness for an end purpose. TRUE FALSE. Information System (IS) Means The entire set of software; hardware; data;
people; procedures; and networks that enable the use of information resources in the
organization. physical security The protection of physical items; objects; or areas from
unauthorized access and misuse TRUE FALSE. Hardware Means It is the physical technology that houses and executes the
software; stores and transports the data; and provides interfaces for the entry and
removal of information from the system. Physical security policies deal with hardware
as a physical asset and with the protection of physical assets – such as locks and keys -
from harm or theft. Ex: passed it through the conveyor scanning devices. TRUE FALSE. Data Means Data stored; processed; and transmitted by a computer system
must be protected. Data is often the most valuable asset of an organization and
therefore is the main target of intentional attacks. Information was originally defined
as data with meaning we will use the term information to represent both unprocessed
data and actual information. TRUE FALSE. People Means Though often overlooked in computer security considerations;
people have always been a threat to information security. In the end; the Khan simply
bribed the gatekeeper - and the rest is history. Whether this event actually occurred or
not; the moral of the story is that people can be the weakest link in an organization’s
information security program. TRUE FALSE. Procedures Means Networking is the IS component that created much of the
need for increased computer and information security. When information systems are
connected to each other to form LANs; and these LANs are connected to other
networks such as the Internet; new security challenges rapidly emerge. However;
when computer systems are networked; this approach (locks and keys) is no longer
enough. Steps to provide network security such as installing and configuring firewalls
are essential TRUE FALSE. Networks Means They are written instructions for accomplishing a specific task.
should be disseminated among members of an organization on a need-to-know basis. TRUE FALSE. Bottom-up approach Means A method of establishing security policies and/or
practices that begins as a grassroots effort in which systems administrators attempt to
improve the security of their systems. TRUE FALSE. Top-down approach Means A methodology of establishing security policies
and/or practices that is initiated by upper management. It has a higher probability of
success. TRUE FALSE. Methodology Means A formal approach to solving a problem based on a
structured sequence of procedures. TRUE FALSE. Systems Development Life Cycle (SDLC) Means A methodology for the design
and implementation of an information system. The SDLC contains different phases
depending on the methodology deployed; but generally the phases address the
investigation; analysis; design; implementation; and maintenance of an information
system. TRUE FALSE. Waterfall SDLC Means A type of SDLC in which each phase of the process “flows
from” the information gained in the previous phase; with multiple opportunities to
return to previous phases and make adjustments. TRUE FALSE. Logical Design Means In the logical design phase; the information gained from
the analysis phase is used to begin creating a systems solution for a business problem. TRUE FALSE. Implementation Means In the implementation phase; any needed software is
created TRUE FALSE. Software Assurance (SA) Means A methodological approach to the development
of software that seeks to build security into the development life cycle rather than
address it at later stages. TRUE FALSE. Fail-safe defaults Means Base access decisions on permission rather than
exclusion. TRUE FALSE. Complete mediation Means Every access to every object must be checked for
authority. TRUE FALSE. Open design Means Where feasible; a protection mechanism should require
two keys to unlock; rather than one. TRUE FALSE. Separation of privilege Means The design should not be secret; but rather
depend on the possession of keys or passwords. TRUE FALSE. Least privilege Means Every program and every user of the system should
operate using the least set of privileges necessary to complete the job. TRUE FALSE. Least common mechanism Means Minimize mechanisms (or shared variables)
common to more than one user and depended on by all users. TRUE FALSE. chief information security officer (CISO) Means Typically considered the top
information security officer in an organization. TRUE FALSE. Project team Means A small functional team of people who are experienced in
one or multiple facets of the required technical and nontechnical areas for the project
to which they are assigned TRUE FALSE. Champion Means A senior executive who promotes the project and ensures its
support; both financially and administratively; at the highest levels of the organization TRUE FALSE. Team leader Means A project manager who may also be a departmental line
manager or staff unit manager; and who understands project management; personnel
management; and information security technical requirements TRUE FALSE. Security policy developers Means People who understand the organizational
culture; existing policies; and requirements for developing and implementing
successful policies. TRUE FALSE. Security professionals Means Dedicated; trained; and well-educated specialists
in all aspects of information security from both a technical and nontechnical
standpoint. TRUE FALSE. Systems administrators Means People with the primary responsibility for
administering systems that house the information used by the organization TRUE FALSE. End users Means Individuals who work directly with data owners and are
responsible for storage; maintenance; and protection of information TRUE FALSE. data custDdians Means Those whom the new system will most directly affect.
Ideally; a selection of users from various departments; levels; and degrees of technical
knowledge assist the team in focusing on the application of realistic controls that do
not disrupt the essential business activities they seek to safeguard TRUE FALSE. Security as Art Means The administrators and technicians who implement
security can be compared to a painter applying oils to canvas. A touch of color here; a
brush stroke there; just enough to represent the image the artist wants to convey
without overwhelming the viewer—or in security terms; without overly restricting
user access. TRUE FALSE. Ethics Means They carry the authority of a governing body. TRUE FALSE. laws Means They are based on cultural mores. TRUE FALSE. Information aggregation Means Collective data that relates to a group or category
of people and that has been altered to remove characteristics or components that
make it possible to identify individuals within the group. TRUE FALSE. Privacy Means Pieces of nonprivate data that- when combined- may create
information that violates privacy. Not to be confused with aggregate information. TRUE FALSE. Aggregate information Means In the context of information security- the right of
individuals or groups to protect themselves and their information from unauthorized
access- providing confidentiality. TRUE FALSE. Association of Computing Machinery (ACM) Means It is a respected professional
society that was established in 1947 as “the world’s first educational and scientific
computing society.” TRUE FALSE. Federal Bureau of Investigation (FBI) Means It investigates both traditional crimes
and cybercrimes- and works with the U.S. TRUE FALSE. Payment Card Industry Data Security Standards (PCI DSS) Means It is organization
that process payment cards- such as credit cards- debit cards- ATM cards- store-value
cards- gift cards- or other related items TRUE FALSE. goals Means The desired end of a planning cycle. TRUE FALSE. strategic plan Means The intermediate states obtained to achieve progress toward
a goal or goals. TRUE FALSE. objectives Means A plan for the organization’s intended strategic efforts over the
next several years. TRUE FALSE. Tactical planning Means The process of defining and specifying the long-term
direction (strategy). TRUE FALSE. Policies Means The process of tactical planning breaks each strategic goal into a
series of incremental objectives TRUE FALSE. strategic planning Means They direct how issues should be addressed and how
technologies should be used. TRUE FALSE. Practice Means A detailed statement of what must be done to comply with policysometimes
viewed as the rules governing policy compliance. TRUE FALSE. Standard Means recommendations TRUE FALSE. guidelines Means recommendations the employee may use as a reference in
complying with a policy. TRUE FALSE. Compliance (agreement) Means Step-by-step instructions designed to assist
employees in following policies- standards- and dissemination (distribution) - The
organization must be able to demonstrate that the policy has been made readily
available for review by the employee (eg.- hard copy and electronic distribution). TRUE FALSE. Uniform enforcement (fairness in application) Means The organization must be
able to demonstrate that the employee understands the requirements and content of
the policy (eg.- quizzes and other assessments). TRUE FALSE. procedures Means The organization must be able to demonstrate that the
employee agrees to comply with the policy through act or affirmation (eg.- logon
banners- which require a specific action to acknowledge agreement). TRUE FALSE. Comprehension (understanding) Means The organization must be able to
demonstrate that the policy has been uniformly enforced- regardless of employee
status or assignment. TRUE FALSE. Information security policy Means Written instructions provided by management
that inform employees and others in the workplace about proper behavior regarding
the use of information and information assets. TRUE FALSE. Access control list (ACL) Means Specifications of authorization that govern the
rights and privileges of users to a particular information asset. TRUE FALSE. Access control matrix Means An integration of access control lists (focusing on
assets) and capability tables (focusing on users) that results in a matrix with
organizational assets listed in the column headings and users listed in the row
headings. TRUE FALSE. Capabilities table Means A lattice-based access control with rows of attributes
associated with a particular subject (such as a user). TRUE FALSE. Configuration Rule Policies Means Configuring firewalls- intrusion detection and
prevention systems (IDPSs)- and proxy servers—use specific configuration scripts that
represent the configuration rule policy . TRUE FALSE. Information security blueprint Means A framework or security model customized
to an organization- including implementation details. TRUE FALSE. Information security framework Means A specification of a model to be followed
during the design- selection- and initial and ongoing implementation of all subsequent
security controls- including information security policies- security education and
training programs- and technological controls. TRUE FALSE. Spheres of Security Means It illustrate how information is under attack from a
variety of sources. It illustrates the ways in which people access information. TRUE FALSE. Design of Security Architecture (Layers PPT) Means It is designed and implemented
policies- people (education- training- and awareness programs)- and technology. TRUE FALSE. Defense in depth Means A strategy for the protection of information assets that
uses multiple layers and different types of controls (managerial- operational- and
technical) to provide optimal protection. TRUE FALSE. operational controls Means Information security safeguards that focus on
administrative planning- organizing- leading- and controlling- and that are designed by
strategic planners and implemented by the organization’s security administration.
These safeguards include governance and risk management. TRUE FALSE. managerial controls Means Information security safeguards focusing on lower level
planning that deals with the functionality of the organization’s security. These
safeguards include disaster recovery and incident response planning. TRUE FALSE. Security Education- Training- and Awareness (SETA) Program Means Information
security safeguards that focus on the application of modern technologies- systemsand
processes to protect information assets. These safeguards include firewalls- virtual
private networks- and IDPSs TRUE FALSE. technical controls Means It is a managerial program designed to improve the
security of information assets by providing targeted knowledge- skills- and guidance
for an organization’s employees TRUE FALSE. Business continuity planning (BCP) Means The documented product of business
continuity planning. Occurs concurrently with the DR plan when the damage is major
or ongoing. TRUE FALSE. Business continuity plan (BC plan) Means The actions taken to develop and
implement the BC policy. TRUE FALSE. Business resumption planning (BRP) Means The actions taken to implement a
combined DR and BC policy- and plan. TRUE FALSE. Contingency planning (CP) Means The actions taken to incident response- disaster
recovery- and business continuity efforts- as well as preparatory business impact
analysis. It includes incident response planning (IRP)- disaster recovery planning (DRP)-
and business continuity planning (BCP) TRUE FALSE. Contingency planning management team (CPMT) Means It leads all CP efforts. TRUE FALSE.
