info sec part3

An adverse event in which an attacker attempts to gain entry into an information system or disrupt its normal operations- almost always with the intent to do harm. intrusion. intrusion detection and prevention system (IDPS). intrusion detection system (IDS). IDPS response technique.

The general term for a system that can both detect and modify its configuration and environment to prevent. intrusion. intrusion detection and prevention system (IDPS). intrusion detection system (IDS). IDPS response technique.

A system capable of automatically detecting an intrusion into an organization’s networks or host systems and notifying a designated authority. intrusion. intrusion detection and prevention system (IDPS). intrusion detection system (IDS). IDPS response technique.

Terminating- Blocking- and Blocking all access. intrusion. intrusion detection and prevention system (IDPS). intrusion detection system (IDS). IDPS response technique.

A process of grouping almost identical alarms that occur nearly at the same time into a single higher-level alarm. Alarm clustering and compaction. Alarm filtering. Confidence value. Evasion.

The process of classifying IDPS alerts so they can be more effectively managed. Alarm clustering and compaction. Alarm filtering. Confidence value. Evasion.

The measure of an IDPS’s ability to correctly detect and identify certain types of attacks which is based on fuzzy logic. Alarm clustering and compaction. Alarm filtering. Confidence value. Evasion.

The process by which attackers change the format and/or timing of their activities to avoid being detected by an IDPS. Alarm clustering and compaction. Alarm filtering. Confidence value. Evasion.

An event that triggers an alarm when no actual attack is in progress. Scenarios that test the configuration of IDPSs may use false attack stimuli to determine if the IDPSs can distinguish between these stimuli and real attacks. False attack stimulus. False negative. False positive. Tuning.

The failure of an IDPS to react to an actual attack event. False attack stimulus. False negative. False positive. Tuning.

An alert or alarm that occurs in the absence of an actual attack. False attack stimulus. False negative. False positive. Tuning.

The process of adjusting an IDPS to maximize its efficiency in detecting true positives while minimizing false positives and false negatives. False attack stimulus. False negative. False positive. Tuning.

Alarm events that are accurate and noteworthy but do not pose significant threats to information security. Noise. Site policy. Data Collection. Attack Deterrence.

The rules and configuration guidelines governing the implementation and operation of IDPSs within the organization. Noise. Site policy. Data Collection. Attack Deterrence.

In the process of analyzing data and network activity- IDPSs can be configured to log data for later analysis. Noise. Site policy. Data Collection. Attack Deterrence.

Another reason to install an IDPS is that it serves as a deterrent by increasing the fear of detection among would be attackers. Noise. Site policy. Data Collection. Attack Deterrence.

The process of examining and verifying the higher-order protocols (HTTP- FTP- and Telnet) in network traffic for unexpected packet behavior or improper use. application protocol verification. host-based IDPS (HIDPS). monitoring port. protocol stack verification.

An IDPS that resides on a particular computer or server- known as the host- and monitors activity only on that system. application protocol verification. host-based IDPS (HIDPS). monitoring port. protocol stack verification.

Also known as a switched port analysis (SPAN) port or mirror port- a specially configured connection on a network device that can view all the traffic that moves through the device. application protocol verification. host-based IDPS (HIDPS). monitoring port. protocol stack verification.

The process of examining and verifying network traffic for invalid data packets—that ispackets that are malformed under the rules of the TCP/IP protocol. application protocol verification. host-based IDPS (HIDPS). monitoring port. protocol stack verification.

A hardware and/or software component deployed on a remote computer or network segment and designed to monitor network or system traffic for suspicious activities and report back to the host application. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

Source IP addresses - Source and destination TCP - Number of packets and bytes transmitted in the session - Starting and ending timestamps for the session. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

Also known as behavior-based detection- an IDPS detection method that compares current data and traffic patterns to an established baseline of normalcy. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

A predefined assessment level that triggers a predetermined response when surpassed. sensor. Intrusion detection and prevention typically includes. anomaly-based detection. clipping level.

Also known as knowledAlso known as knowledge-based detection or misuse detection- the examination of system or network data in search of patterns that match known attack signatures. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM.

The comparison of vendor-supplied profiles of protocol use and behavior against observed data and network patterns in an effort to detect misuse and attacks. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM.

An attack detection method that reviews the log files generated by computer systems looking for patterns and signatures that may indicate an attack or intrusion is in. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM.

A software-enabled approach to aggregating- filtering- and managing the reaction to events- many of which are collected by logging activities of IDPSs and network management devices. signature-based detection. stateful protocol analysis (SPA). log file monitor (LFM). security information and event management (SIEM.

A monitored network or network segment that contains multiple honeypot systems. honeynet. honeypot. padded cell system. back hack.

An application that entices people who are illegally perusing the internal areas of a network by providing simulated rich content while the software notifies the the administrator of the intrusion. honeynet. honeypot. padded cell system. back hack.

A protected honeypot that cannot be easily compromised. honeynet. honeypot. padded cell system. back hack.

The process of illegally attempting to determine the source of an intrusion by tracing it and trying to gain access to the originating system. honeynet. honeypot. padded cell system. back hack.

The act of attracting attention to a system by placing tantalizing information in key locations. enticement. entrapment. pen register. trap-and-trace application.

The act of luring a person into committing a crime in order to get a conviction. enticement. entrapment. pen register. trap-and-trace application.

An application that records information about outbound communications. enticement. entrapment. pen register. trap-and-trace application.

An application that combines the function of honeypots or honeynets with the capability to track the attacker back through the network. enticement. entrapment. pen register. trap-and-trace application.

A logical sequence of steps or processes used by an attacker to launch an attack against a target system or network. attack protocol. fingerprinting. footprinting. port scanners.

The systematic survey of a targeted organization’s Internet addresses collected during the footprinting phase to identify the network services offered by the hosts in that range. attack protocol. fingerprinting. footprinting. port scanners.

The organized research and investigation of Internet addresses owned or controlled by a target organization. attack protocol. fingerprinting. footprinting. port scanners.

It used both by attackers and defenders to identify or fingerprint active computers on a network- the active ports and services on those computers- the functions and roles of the machines- and other useful information. attack protocol. fingerprinting. footprinting. port scanners.

Computer security Means The need to secure the physical location of computer technology from outside threats. TRUE. FALSE.

Security Means A state of being secure and free from danger or harm. Also; the actions taken to make someone or something secure. TRUE. FALSE.

Communications security Means The protection of all communications media; technology; and content. TRUE. FALSE.

Network security Means Protection of confidentiality; integrity; and availability of information assets; whether in storage; processing; or transmission; via the application of policy; education; training and awareness; and technology. TRUE. FALSE.

information security Means A subset of communications security; the protection of voice and data; Networking components; connections; and content. TRUE. FALSE.

C.I.A. triad Means The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information - confidentiality; integrity; and availability. TRUE. FALSE.

Access Means Authorized users have legal access to a system; whereas hackers must gain illegal access to a system. TRUE. FALSE.

A direct attack Means An intentional or unintentional act that can damage or compromise information and the systems that support it. Attacks can be active or passive; intentional or unintentional; and direct or indirect. TRUE. FALSE.

Indirect attack Means Security mechanisms; policies; or procedures that can successfully counter-attacks; reduce risk; resolve vulnerabilities. TRUE. FALSE.

Control; safeguard; or countermeasure Means It is originated from a compromised system or resource that is malfunctioning or working under the control of a threat. TRUE. FALSE.

Exploit Means A technique used to compromise a system. This term can be a verb or a noun. Threat agents may attempt to exploit a system or other information asset by using it illegally for their personal gain.. TRUE. FALSE.

Exposure Means A condition or state of being exposed; in information security; exposure exists when a vulnerability is known to an attacker. TRUE. FALSE.

Threat agent Means An occurrence of an event caused by a threat agent. TRUE. FALSE.

Threat event Means The specific instance or a component of a threat. TRUE. FALSE.

Threat source Means A category of objects; people; or other entities that represents the origin of danger to an asset—in other words; can be purposeful or undirected - threat source known as “acts of God/acts of nature.”. TRUE. FALSE.

Vulnerability Means A potential weakness in an asset or its defensive control system(s). Some examples of vulnerabilities are a flaw in a software package; an unprotected system. TRUE. FALSE.

Accuracy Means An attribute of information that describes how data is genuine or original rather than reproduced or fabricated. TRUE. FALSE.

Authenticity Means An attribute of information that describes how data is free of errors and has the value that the user expects. TRUE. FALSE.

Availability Means An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems. TRUE. FALSE.

Confidentiality Means An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction. TRUE. FALSE.

Integrity Means A set of information that could uniquely identify an individual. TRUE. FALSE.

Personally Identifiable Information (PII) Means An attribute of information that describes how data is whole; complete, and uncorrupted. TRUE. FALSE.

Utility Means An attribute of information that describes how data has value or usefulness for an end purpose. TRUE. FALSE.

Information System (IS) Means The entire set of software; hardware; data; people; procedures; and networks that enable the use of information resources in the organization. physical security The protection of physical items; objects; or areas from unauthorized access and misuse. TRUE. FALSE.

Hardware Means It is the physical technology that houses and executes the software; stores and transports the data; and provides interfaces for the entry and removal of information from the system. Physical security policies deal with hardware as a physical asset and with the protection of physical assets – such as locks and keys - from harm or theft. Ex: passed it through the conveyor scanning devices. TRUE. FALSE.

Data Means Data stored; processed; and transmitted by a computer system must be protected. Data is often the most valuable asset of an organization and therefore is the main target of intentional attacks. Information was originally defined as data with meaning we will use the term information to represent both unprocessed data and actual information. TRUE. FALSE.

People Means Though often overlooked in computer security considerations; people have always been a threat to information security. In the end; the Khan simply bribed the gatekeeper - and the rest is history. Whether this event actually occurred or not; the moral of the story is that people can be the weakest link in an organization’s information security program. TRUE. FALSE.

Procedures Means Networking is the IS component that created much of the need for increased computer and information security. When information systems are connected to each other to form LANs; and these LANs are connected to other networks such as the Internet; new security challenges rapidly emerge. However; when computer systems are networked; this approach (locks and keys) is no longer enough. Steps to provide network security such as installing and configuring firewalls are essential. TRUE. FALSE.

Networks Means They are written instructions for accomplishing a specific task. should be disseminated among members of an organization on a need-to-know basis. TRUE. FALSE.

Bottom-up approach Means A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems. TRUE. FALSE.

Top-down approach Means A methodology of establishing security policies and/or practices that is initiated by upper management. It has a higher probability of success. TRUE. FALSE.

Methodology Means A formal approach to solving a problem based on a structured sequence of procedures. TRUE. FALSE.

Systems Development Life Cycle (SDLC) Means A methodology for the design and implementation of an information system. The SDLC contains different phases depending on the methodology deployed; but generally the phases address the investigation; analysis; design; implementation; and maintenance of an information system. TRUE. FALSE.

Waterfall SDLC Means A type of SDLC in which each phase of the process “flows from” the information gained in the previous phase; with multiple opportunities to return to previous phases and make adjustments. TRUE. FALSE.

Logical Design Means In the logical design phase; the information gained from the analysis phase is used to begin creating a systems solution for a business problem. TRUE. FALSE.

Implementation Means In the implementation phase; any needed software is created. TRUE. FALSE.

Software Assurance (SA) Means A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. TRUE. FALSE.

Fail-safe defaults Means Base access decisions on permission rather than exclusion. TRUE. FALSE.

Complete mediation Means Every access to every object must be checked for authority. TRUE. FALSE.

Open design Means Where feasible; a protection mechanism should require two keys to unlock; rather than one. TRUE. FALSE.

Separation of privilege Means The design should not be secret; but rather depend on the possession of keys or passwords. TRUE. FALSE.

Least privilege Means Every program and every user of the system should operate using the least set of privileges necessary to complete the job. TRUE. FALSE.

Least common mechanism Means Minimize mechanisms (or shared variables) common to more than one user and depended on by all users. TRUE. FALSE.

chief information security officer (CISO) Means Typically considered the top information security officer in an organization. TRUE. FALSE.

Project team Means A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned. TRUE. FALSE.

Champion Means A senior executive who promotes the project and ensures its support; both financially and administratively; at the highest levels of the organization. TRUE. FALSE.

Team leader Means A project manager who may also be a departmental line manager or staff unit manager; and who understands project management; personnel management; and information security technical requirements. TRUE. FALSE.

Security policy developers Means People who understand the organizational culture; existing policies; and requirements for developing and implementing successful policies. TRUE. FALSE.

Security professionals Means Dedicated; trained; and well-educated specialists in all aspects of information security from both a technical and nontechnical standpoint. TRUE. FALSE.

Systems administrators Means People with the primary responsibility for administering systems that house the information used by the organization. TRUE. FALSE.

End users Means Individuals who work directly with data owners and are responsible for storage; maintenance; and protection of information. TRUE. FALSE.

data custDdians Means Those whom the new system will most directly affect. Ideally; a selection of users from various departments; levels; and degrees of technical knowledge assist the team in focusing on the application of realistic controls that do not disrupt the essential business activities they seek to safeguard. TRUE. FALSE.

Security as Art Means The administrators and technicians who implement security can be compared to a painter applying oils to canvas. A touch of color here; a brush stroke there; just enough to represent the image the artist wants to convey without overwhelming the viewer—or in security terms; without overly restricting user access. TRUE. FALSE.

Ethics Means They carry the authority of a governing body. TRUE. FALSE.

laws Means They are based on cultural mores. TRUE. FALSE.

Information aggregation Means Collective data that relates to a group or category of people and that has been altered to remove characteristics or components that make it possible to identify individuals within the group. TRUE. FALSE.

Privacy Means Pieces of nonprivate data that- when combined- may create information that violates privacy. Not to be confused with aggregate information. TRUE. FALSE.

Aggregate information Means In the context of information security- the right of individuals or groups to protect themselves and their information from unauthorized access- providing confidentiality. TRUE. FALSE.

Association of Computing Machinery (ACM) Means It is a respected professional society that was established in 1947 as “the world’s first educational and scientific computing society.”. TRUE. FALSE.

Federal Bureau of Investigation (FBI) Means It investigates both traditional crimes and cybercrimes- and works with the U.S. TRUE. FALSE.

Payment Card Industry Data Security Standards (PCI DSS) Means It is organization that process payment cards- such as credit cards- debit cards- ATM cards- store-value cards- gift cards- or other related items. TRUE. FALSE.

goals Means The desired end of a planning cycle. TRUE. FALSE.

strategic plan Means The intermediate states obtained to achieve progress toward a goal or goals. TRUE. FALSE.

objectives Means A plan for the organization’s intended strategic efforts over the next several years. TRUE. FALSE.

Tactical planning Means The process of defining and specifying the long-term direction (strategy). TRUE. FALSE.

Policies Means The process of tactical planning breaks each strategic goal into a series of incremental objectives. TRUE. FALSE.

strategic planning Means They direct how issues should be addressed and how technologies should be used. TRUE. FALSE.

Practice Means A detailed statement of what must be done to comply with policysometimes viewed as the rules governing policy compliance. TRUE. FALSE.

Standard Means recommendations. TRUE. FALSE.

guidelines Means recommendations the employee may use as a reference in complying with a policy. TRUE. FALSE.

Compliance (agreement) Means Step-by-step instructions designed to assist employees in following policies- standards- and dissemination (distribution) - The organization must be able to demonstrate that the policy has been made readily available for review by the employee (eg.- hard copy and electronic distribution). TRUE. FALSE.

Uniform enforcement (fairness in application) Means The organization must be able to demonstrate that the employee understands the requirements and content of the policy (eg.- quizzes and other assessments). TRUE. FALSE.

procedures Means The organization must be able to demonstrate that the employee agrees to comply with the policy through act or affirmation (eg.- logon banners- which require a specific action to acknowledge agreement). TRUE. FALSE.

Comprehension (understanding) Means The organization must be able to demonstrate that the policy has been uniformly enforced- regardless of employee status or assignment. TRUE. FALSE.

Information security policy Means Written instructions provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets. TRUE. FALSE.

Access control list (ACL) Means Specifications of authorization that govern the rights and privileges of users to a particular information asset. TRUE. FALSE.

Access control matrix Means An integration of access control lists (focusing on assets) and capability tables (focusing on users) that results in a matrix with organizational assets listed in the column headings and users listed in the row headings. TRUE. FALSE.

Capabilities table Means A lattice-based access control with rows of attributes associated with a particular subject (such as a user). TRUE. FALSE.

Configuration Rule Policies Means Configuring firewalls- intrusion detection and prevention systems (IDPSs)- and proxy servers—use specific configuration scripts that represent the configuration rule policy . TRUE. FALSE.

Information security blueprint Means A framework or security model customized to an organization- including implementation details. TRUE. FALSE.

Information security framework Means A specification of a model to be followed during the design- selection- and initial and ongoing implementation of all subsequent security controls- including information security policies- security education and training programs- and technological controls. TRUE. FALSE.

Spheres of Security Means It illustrate how information is under attack from a variety of sources. It illustrates the ways in which people access information. TRUE. FALSE.

Design of Security Architecture (Layers PPT) Means It is designed and implemented policies- people (education- training- and awareness programs)- and technology. TRUE. FALSE.

Defense in depth Means A strategy for the protection of information assets that uses multiple layers and different types of controls (managerial- operational- and technical) to provide optimal protection. TRUE. FALSE.

operational controls Means Information security safeguards that focus on administrative planning- organizing- leading- and controlling- and that are designed by strategic planners and implemented by the organization’s security administration. These safeguards include governance and risk management. TRUE. FALSE.

managerial controls Means Information security safeguards focusing on lower level planning that deals with the functionality of the organization’s security. These safeguards include disaster recovery and incident response planning. TRUE. FALSE.

Security Education- Training- and Awareness (SETA) Program Means Information security safeguards that focus on the application of modern technologies- systemsand processes to protect information assets. These safeguards include firewalls- virtual private networks- and IDPSs. TRUE. FALSE.

technical controls Means It is a managerial program designed to improve the security of information assets by providing targeted knowledge- skills- and guidance for an organization’s employees. TRUE. FALSE.

Business continuity planning (BCP) Means The documented product of business continuity planning. Occurs concurrently with the DR plan when the damage is major or ongoing. TRUE. FALSE.

Business continuity plan (BC plan) Means The actions taken to develop and implement the BC policy. TRUE. FALSE.

Business resumption planning (BRP) Means The actions taken to implement a combined DR and BC policy- and plan. TRUE. FALSE.

Contingency planning (CP) Means The actions taken to incident response- disaster recovery- and business continuity efforts- as well as preparatory business impact analysis. It includes incident response planning (IRP)- disaster recovery planning (DRP)- and business continuity planning (BCP). TRUE. FALSE.

Contingency planning management team (CPMT) Means It leads all CP efforts. TRUE. FALSE.