DAC (Discretionary Access Control)

SLE (Single Loss Expectancy)

ARO (Annualized Rate of Occurrence)
Configuration Management
Deviation
ALE (Annualized Loss Expectancy)
Residual Risk
Quantitative Analysis
Threat
Risk
Mandatory Vacations
Authorizing Access Rights
Data Owner
Confidentiality
Integrity
Administrative Control
Technical Control
Physical Control
Vulnerability
Risk Analysis
Data Custodian
Senior Management
Risk Management
Baselines
Standards
Procedures
Guidelines
Information Owner
Operations Security “triples”
Policies
Threat Analysis
Availability
Operational Controls
Technical Security Controls
Separation of Duties
Job Rotation
System and Information Owners
IT Security Practitioners
Management
Add-on Security

Laws & Regulations

Victim Carelessness
Cybercrime Convention
1996 U.S Economic and Protection of Proprietary
Information Act.
Tripwire
Nessus
Saint
Nmap
Data Diddling
Masquerading
Best Evidence
Secondary Evidence
Direct Evidence
Conclusive Evidence
Opinion Evidence
Circumstantial Evidence
Corroborative Evidence
Hearsay Evidence
Red Box
Blue Box
Black Box
white Box
Patents
Utility Patents
Design Patents
Plant Patents
Trademarks
Copyrights
Trade Secret
Civil Law
Administrative/Regulatory Law
MOM (Motive, Opportunity, Means)
Motive
Opportunity
Means
Intent
Fourth Amendment
Documentary Evidence
Exclusionary Rule
Computer-Generated Evidence

Code of Ethics (ISC)²

Memory Dump
Business Attacks
Intelligence Attacks
Financial Attacks
Grudge Attacks
The 1991 U.S. Federal Sentencing Guidelines
Evidence Life Cycle
Enticement
Entrapment
Social Engineering
European Union’s Safe Harbor
Dumpster Diving
1994 U.S. Communications Assistance for Law
Enforcement Act
GAISSP (Generally Accepted Information System
Security Principles)
Exigent Circumstance Doctrine
Computer-Assisted Crime
Computer-Targeted Crime
Computer is Incidental
CoE (Council of Europe)
OECD (Organisation for Economic Co-operation
and Development)

WIPO (World Intellectual Property Organization)

SOX (Sarbanes-Oxley Act)

HIPAA (Health Insurance Portability and
Accountability Act)
GLBA (Gramm-Leach-Bliley Act)
PCI DSS (Payment Card Industry Data Security
Standards)
Computer Security Act of 1987
Economic Espionage Act of 1996
Methods of Privacy Protection
Government regulations
Self-regulation
Individual user

Network Analysis

Media Analysis
Media Analysis

Software Analysis

Primary Image
Working Image
Physical Surveillance
Computer Surveillance
Salami Attack
IP Spoofing
Wiretapping
IAB (Internet Architecture Board)
Active Attack
Passive Attacks
The user who creates a file is also considered the owner and has full control over the file including the ability to set permissions for that file.
Is the amount that could be lost if a specific threat agent exploited a vulnerability. Asset Value x Exposure Factor (EF).
ARO is an estimated possibility of a threat to an asset taking place in one year.
A major objective with Configuration Management is stability. The changes to the system are controlled so that they don’t lead to weaknesses or faults in the system.
A deviation from an organization-wide security policy requires you to manage the risk.
SLE x ARO.
The security risk that remains after controls have been implemented.
Provides formal cost/benefit analysis.
An event or activity that has the potential to cause harm to the information systems or networks.
The potential for harm or loss to an information system or network; the probability that a threat will materialize. Threats, impact and probabilities are all elements of risk.
In which someone other than the regular employee performs the job functionreduces the opportunity to commit improper or illegal acts, and it allows discoveringany fraudulent
This is usually the responsibility of user management/data owner.
The Data Owner (information owner) is usually a member of management who is in charge of a specific business unit, and who is ultimately responsible for the protection no use
Prevention of the intentional or unintentionalunauthorized disclosure of contents. Confidentiality is making sure that only those who are supposed to access the datacan access i
Guarantee that the message sent is the message received, and that the messagewas not intentionally or unintentionally altered.
Screening of Personnel, Development of Policies, Standards, Procedures and Guidelines, Change Control Procedures, Monitoring of System Activity, Supervisory Structure, Securit
Password and Resource Management, Identification and Authentication Methods, Intrusion Detection Systems, Logical Access Control Mechanisms, System Access, Network Arch
Environmental Controls, Network Segregation, Perimeter Security, Computer Controls, Work Area Separation, Data Backups, Cabling.
A vulnerability characterizes the absence or weakness of a safeguard that could be exploited.
A risk analysis has three main goals: identify risks, quantify the impact of potential threats, and provide an economic balance between the impact of the risk and the cost of the a
As it is usually responsible for maintaining and protecting the data and running regular backups and periodically testing the validity of the backup data.
As they are responsible for security of the organization and the protection of its assets.
The process of reducing risk to an acceptable level.
Provide the minimum level of security necessary throughout the organization.
Specify how hardware and software products should be used(mandatory) throughout the organization. 
Are detailed step-by-step instruction on how to achieve certain tasks. 
Are recommendation actions and operational guides to personnel when a specific standard does not apply.
Determine what level of classification the information requires, periodically review the classification assignments against business needs, delegates responsibility of maintenance
Threats, vulnerabilities and assets.
Policies are high-level statements, beliefs, goals and objectives and the general means for their attainment for a specific subject area.
is the examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment.  
Specifies that the information technology resourcemust be available on a timely basis to meet mission requirements or to avoid substantial losses. Availability also includes ensur
Personnel security, physical and environmental protection and documentation.
Are also called Logical Controls.
Ensure that a critical task would require more than one person to be completed.
Can reduce the risk of collusion of activites between individuals.
Are responsible for ensuring that proper controls are in place to address integrity, confidentiality, and availability of the IT systems and data they own.
Are responsible for proper implementation of security requirements in their IT systems.
Management is responsible for protectingall assets that are directly or indirectly under their control. 
As the retrofitting of protection mechanisms, implemented by hardware or software, after the [automatic data processing] system has become operational.

The biggest factor that makes Computer Crimes possible is Victim Carelessness.
On November 23, 2001, in Budapest, Hungary, the US and 29 other countries signed the Council of Europe Cybercrime Convention.

Industrial and Corporate Espionage.

As it is a data integrity assurance software aimed at detecting and reporting accidental or malicious changes to data.
Is a vulnerability scannerused by hackers in discovering vulnerabilities in a system.
Is a network vulnerability scanner likely to be used byhackers.
Is a port scanner for network exploration and likely to be used by hackers.
As it refers to the alteration of the existing data ,most often seen beforeit is entered into an application.
Is an example of an active attack where an attempt to gain access to a computer systemby posing as an authorized clientor host.
Original or primary evidence.
Is a copy of evidence or oral description of its contents.
Proves or disproves a specific act through oral testimony basedon information gathered through the witness’s five senses.
Incontrovertible; overrides all other evidence.
Two types: Expert — may offer an opinion based on personal expertiseand facts. Non-expert — may testifyonly as to facts.
Inference of information from other,immediate, relevant facts.
Supporting evidence used to help prove an idea or point; used as a supplementary tool to help prove a primary piece of evidence.
Oral or written evidence that is presented in court that is second handandhas no firsthand proofof accuracy or reliability. Most of the time, computer-related documents are cons
Is a phreaking device that generates tonesto simulate inserting coins in pay phones, thus fooling the system into completing free calls.
Is an electronic device that simulates a telephone operator’sdialing console.
In order to defeat long distancephone calltoll charges.
Is simply a portable Touch-Tone Keypad.
Provide rights for up to 20 yearsforinventions.
Protect useful processes, machines, articles of manufacture, and compositions of matter. Some examples: fiber optics, computer hardware, medications.
Guard the unauthorized use of new, original, and ornamental designs for articles of manufacture. The look of anathletic shoe, a bicycle helmet, the Star Warscharacters are all pro
Are the way we protect inventedor discovered, asexually reproduced plant varieties. Hybrid tea roses, Silver Queen corn, Better Boy tomatoes are all types of plant patents.
Protect words, names, symbols, sounds, or colors that distinguish products and services.
Protect works of authorship, such as writings,music, and works of art that have been tangibly expressed.
Are information that companies keep secret to give them an advantage over their competitors. The formula for Coca-Cola is the most famous trade secret.
also called Tort Law, deals with wrongs against individuals or companies that result in damages or loss. 
Deals with regulatory standards that regulate performance and conduct. Government agencies create these standards, which are usually appliedto companies and individuals wit
To understand the whys in crime, many times it is necessary to understand the Motive, Opportunity, and Means (MOM).
The reason to commit the crime.
Usually arise when certain vulnerabilities or weaknesses are present.
The ability to commit the crime.
Having malice premeditated.
Against unlawful search and seizure, so law enforcement agencies must have cause and request asearch warrant from a judge or court before conducting such a search.
Printed business records, manuals and printouts classify asdocumentary evidence.
Mentions that evidence must be gathered legallyor it can’t be used.
Normally falls under the category of hearsay evidence, or second-hand evidence, because it cannot be proven accurate andreliable.
1 – Protect society, the commonwealth, and the infrastructure.
2 – Act honorably, honestly, justly, responsibly, and legally.
3 – Provide diligent and competent service to principals.
4 – Advance and protect the profession.
Can be admitted as evidence if it acts merely as a statement of fact.
Concern information loss through competitive intelligence gathering andcomputer-related attacks.
Are aimed at sensitive military and law enforcement files containing military data and investigation reports.
Are concerned with frauds to banks and large corporations.
Are targeted at individuals and companies who have done something that the attacker doesn’t like.
These guidelines provided ways that companies and law enforcement should prevent, detect andreport computer crimes. It also outlined howsenior management are responsibl
Identification, Recording, Protection.
Deals with someone that isbreaking the law.
Encourages someone to commit a crimethat the individual may or many have had no intention of committing.
Is the act of tricking another personinto providing informationthat they otherwise would not.
Protection of personal data transfered between U.S and European companies.
Running through another person’s garbagefor discarded document, information and other previous items that could be used against that person or company.

Requires all communications carriersto make wiretaps possible.

GAISSP will collect information security principles which have been proven in practice and accepted by practitioners, and will document those principles in a single repository.

An exception to the search warrant requirementthat allows an officer to conduct a search without having the warrant in-hand if probable cause is present and destruction of the
Is where a computer was used as a tool tohelp carry out a crime. Are usually covered by regular criminal laws.
Is where a computer was the victim of anattack crafted to harm if (and its owners) specifically. Could not take place without a computer.
Is where a computer is not necessarily the attacker, but just happened to be involved when a crimewas carried out.
Convention on CyberCrime is one example of an attempt to create a standard international response to cybercrime.

Is an international organization that helps different governments come together and tackle the economic, social, and governance challenges of globalized economy.

International trademark law efforts and international registration are overseen by the WIPO, an agency ot the United Nations.

SOX provides requirementsforhow companies must track, manage, and report on financial information. Applies to any company that is publicly traded on United States markets.

A U.S. federal regulation, has been mandated toprovide national standards and procedures for the storage, use, and transmission of personal medical information and health car

Requires financial instituitions to develop privacy noticesand give their customers the option to prohibit financial instituitions from sharing their information with nonaffiliated th

Applies to any entity that processes, transmits, stores, or accepts credit card data.

Requires U.S. federal agencies to identify computer systems that contain sensitive information.
Provides the necessary structure when dealing with these types of cases and further definestrade secretsto be technical, business, engineering, scientific, or financial.

SOX, HIPAA, GLBA, BASEL.

PCI.
Passwords, encryption, awareness.
Communication analysis;
Log analysis;
Path tracing.
Disk imaging;
MAC time analysis (Modify, Access, Create);
Content analysis;
Slack space analysis;
Steganography.
Reverse engineering;
Malicious code review;
Exploit review.
A control copy that is stored in a library.
Used for analysis and evidence collection.
Pertains to security cameras, security guards, and closed-circuit TV (CCTV), which may capture evidence.
Pertains to auditing events, whichpassively monitors events by using network sniffers, keyboard monitors, wiretaps, and line monitoring.
Involves subtracting a small amount of funds from many accounts with the hope that such an insignificant amount would be overlooked.
Manually change the IP address within a packet toshow a different address or, more commonly, use a tool that isprogrammed to provide this functionality.
Is a passive attack that eavesdrops on communications.
Is the coordinating committee for Internet design, engineering, and management.
Masquerading is an example of an active attackwhere anattempt to gain accessto a computer system by posing as anauthorized clientor host.
Traffic analysis, eavesdropping and shoulder surfingare examples of passive attacks, where anattacker only listens to or watches for confidential information.
ults in the system.

are all elements of risk.

ws discoveringany fraudulent activity that could have been taking place.

sible for the protection no use of a specific subset of information.

to access the datacan access it.

Supervisory Structure, Security-Awareness Training, Testing.

, System Access, Network Architecture, Network Access, Encryption and Protocols, Control Zone, Auditing.

f the risk and the cost of the associated countermeasure.

ata.

responsibility of maintenance of the data protection mechanisms to the data custodian.

nment.  
Availability also includes ensuring that resources are used only for intended purposes.
wn.

rational.

er-related documents are considered hearsay.

tions.
Star Warscharacters are all protected by design patents.
ll types of plant patents.

secret.

companies and individuals within those companies.

ucting such a search.

r management are responsible for the computer and information security decisionsthat they make and what actually took place within their organizations.
 company.

iples in a single repository.

resent and destruction of the evidence is deemed imminent.

balized economy.

ed on United States markets.

cal information and health care data.

ormation with nonaffiliated third parties.

ntific, or financial.
onality.

ormation.
onfiguration Management
Disclosure of Residual Data
TCB (Trusted Computing Base)
Clipping Level
Sniffers
Hamming Code
Data Diddling
Input Controls
Media Viability Controls
Monitoring Techniques
Network Address Hijacking
Due Care
Due Diligence
Clearing Information
Mandatory Vacations
Rainbow Tables
Two-man Control
System Reboot
Emergency System Restart
System Cold Start
Rotation of Duties
Dual Control
Teardrop Attack
Browsing Attack
Separation of Duties
Double-blind Test
Operational Controls
SQA (Systems Quality Assurance)
Operational Assurance
Life-cycle Assurance
Failsafe Mode
Sanitization
Purging
Zeroization
Degaussing
Destruction

Five steps in a Penetration Test

Output Controls
Job Rotation
Data Remanence
Dumpster Diving
MTBF (Mean-Time-Between Failure)
MTTR (Mean-Time-To-Repair)
RAID 0 (Striping)
RAID 1 (Mirroring)
RAID 3 (Byte-level parity)
RAID 4 (Block-level parity)
RAID 5 (Interleave parity)

RAID 6 (Second parity data or double parity)

RAID 10 (Striping and mirroring)

RAID 15
Striping
Trusted Recovery
Eavesdropping
Padding Messages
Sending Noise
Faraday Cage
Operations Security Domain
Detective Control
Preventative Control
Recovery Control
Directive Controls
Operations Security “Triples”
B2
B3 and A1
Trusted Facility Management
Loki Attack
Traffic padding
System integrity
Is the process of tracking and approving changes to a system. It is only required for B2, B3 and A1 level systems.
Allowing objects to be used sequentially by multiple userswithout a refresh of the objects can lead to disclosure of residual da
Includes hardware, software and firmware.
Should be implemented to establish a baseline of user activityand acceptable errors.
Allow an attacker to monitor data passing across a network.
The parity information is created using a hamming code that detects errorsand establishes which part of which drive is in erro
As it involves changing data before, or as it is entered into the computeror in other words , it refers to the alteration of the exi
Areused to ensure that transactions are properly entered into the system once.
Include marking, handling and storage.
Include Intrusion detection, Penetration testing and Violation processing using clipping levels.
Enables theintruder re-route data traffic from anetwork device to a personal machine.
Involves carrying out responsible actions to reduce those risks.
Involves going through the necessary stepsto know what a company’s or individual’sactual risks are.
Rendering it unrecoverable by a keyboard attack.
Identify fraudulent activities and enabling job rotation to take place.
Consist of all possible passwords in hashed formats. This allows attackers to uncover passwords much more quickly than carry
Two operatorsreview and approve the work of each other.
Is performed after shutting down the system in a controlled mannerin response to aTCB (Trusted Computing Base) failure.
Is done after a system fails in an uncontrolled mannerbut consistency can be brought back automatically to the system.  
Takes place when unexpected TCB or media failures take place and the recovery procedurescannot bring the system to a cons
Is used to interrupt opportunity to create collusion to subvert operation for fraudulent purposes.
Requires two ormore entities working together to complete a task.
Involves sending malformed fragmented packets to a vulnerable system.
Occurs when an attacker looks for sensitive informationwithout knowing what format it is in.
Ensures that one person cannot perform ahigh-risk task alone.
Type of vulnerability assessment is more likely to demonstrate the success or failure of a possible attack.
Backup and Recovery, Contingency Planningand Operations Procedures.
Operational Assurance and Life-cycle Assurance.
Concentrates on the product’s architecture, embedded features, and functionality that enable a customer to continually obtai
Requirements specifiedin the Orange Book are: security testing, design specification and testing, configuration management a
Is the system when it automatically terminates the processesin response to a system failure, thereby ensuring the stabilityand
The process of wiping out data from the storage media to ensure that thedata cannot be either recovered or reused.
Means making information unrecoverable even with extraordinary effort such asphysical forensics in a laboratory.
Overwriting with a pattern designedto ensure that thedata formerly on the media are not practically recoverable.
Magnetic scrambling of thepatterns on a tape or disk that represent theinformation stored there.
Shredding, crushing, burning.
1 – Discovery – Footprinting and gathering information about the target.
2 – Enumeration – Performing port scans and resource identification methods.
3 –Vulnerability mapping – Identifying vulnerabilities in identified systems and resources.
4 –Exploitation – Attempting to gain unauthorized access by exploiting vulnerabilities.
5- Report to management – Delivering to management documentation of test findings along with suggested countermeasures
Verifying the integrity and protecting the confidentialityof an output.
Can uncover fraud and ensure that more than one person knows the tasks of a position.
Is the residual physical representationof information that was saved andthen erased in some fashion. This remanence may be
Running through another person’s garbagefor discarded document, information and other previous items that could be used a
Is the average length of time the hardware is functional without failure.
Is the amount of time it takes to repair and resume normal operation after afailure has occurred. 
Data striped over several drives. No redundancyor parity is involved. If one volume fails, the entire volume is unusable. It is us
Mirroring of drives. Data is writtento two drives at once. If one drive fails, the other drive has the exact same data available.
Data striping over all drivesand parity data heldon one drive. If a drive fails, it can be reconstructed from parity drive. Is implem
Same as level 3, except parity iscreated at the block level instead of the byte level.
Data is written in disk sectorunits to all drives. Parity is writtento all drives also, which ensures that there is no single point of f

Similar to level 5, but with added fault tolerance, which is asecond set of parity data written to all drivers.

Data are simultaneously mirrored and striped across several driversand can support multiple drive failures.
Is created by combining RAID Level 1and Level 5.
RAIDseparates thedata into multiple units and stores it on multiple disks.
Ensures that security is not breached when a system crash or other system failure occurs.Trusted Recovery is only required fo
It is atype of attack where you are collecting traffic and attempting to see what is being sendbetween entities communicating
it is considered a countermeasure you make messages uniform size.
It is considered a countermeasure, transmitting non-informational data elements to disguise real data.
It is a tool used to prevent emanation of electromagnetic waves. It is a very effective tool to prevent traffic analysis.
Physically securing the tapes from unauthorized accessis obviously a security concern and is considered a function of the Oper
These controls can be used to investigate what happen after the fact. Examples are: Motion detectors, Audit logs, IDS (Intrusio
Prevent eventsor actions that might compromise a system or cause a policy violation. An IPS (Intrusion Prevention System) wo
Include processes used toreturn the systemto a secure state after the occurrence of a security incident.   Backups and redunda
Are administrative instruments such as policies, procedures, guidelines, and aggreements.  An acceptable use policy is an exam
The Operations Security domain is concerned with triples: threats, vulnerabilities and assets.
Systems must support separate operator and system administrator roles.
Systems must clearly identify the functions of the security administrator to perform the security-related functions.
A single accounton thesystem has the administrative rights to all the security-related functionsof the system. (B2, B3 and A1).
Uses the ICMP protocol for communications between two systems.
Is a countermeasure to traffic analysis.
Is also defined in the Orange Book with an operational assurance requirement.
nd A1 level systems.
n lead to disclosure of residual data.

which part of which drive is in error.

refers to the alteration of the existing data.

s.

sks are.

rds much more quickly than carrying out a dictionary or brute force attack.

sted Computing Base) failure.

utomatically to the system.  
cannot bring the system to a consistent state.
oses.

sible attack.

le a customer to continually obtain the necessary level of protection when using the product.
ting, configuration management and trusted distribution.
thereby ensuring the stabilityand security of the system.
her recovered or reused.
ensics in a laboratory.
actically recoverable.
here.

with suggested countermeasures.

e fashion. This remanence may be enough toenable the datato be reconstructed and restored to a redable form.
revious items that could be used against that person or company.
rred. 
entire volume is unusable. It is used for performance only.
s the exact same data available.
ructed from parity drive. Is implemented at the byte level.

es that there is no single point of failure.

to all drivers.

drive failures.

usted Recovery is only required for B3 and A1 level systems.

between entities communicating with each other.

real data.
prevent traffic analysis.
considered a function of the Operations Security Domain.
detectors, Audit logs, IDS (Intrusion Detection Systems).
(Intrusion Prevention System) would be an example of a Preventative Control.
ty incident.   Backups and redundant components are examples of Recovery Controls.
An acceptable use policy is an example of a Directive Control.

rity-related functions.
nsof the system. (B2, B3 and A1).
orm.
Mandatory Protection
Orange Book
Reference Monitor
System Assurance
Auditing Mechanisms
Life-Cycle Assurance
Trusted Recovery
Trusted Facility Management
System Integrity
Trusted Distribution
Verified Design
Security Domains
Structured Protection
Labeled Security Protection
Controlled Access Protection
Information Labels
Dual Preventative Control
TCB (Trusted Computing Base)
Take-Grant model
Bell-LaPadula Model
Simple Security Rule
* (star) Property Rule
Strong Start Property Rule
Biba Security Model
Simple integrity axiom
* (star) integrity axiom
“Simple”
* or “Star”
Clark-Wilson Model
Access Control Matrix Model
Information Flow Model
Nointerference Model
Brewer and Nash Model (Chinese Wall Model)
Graham-Denning Model
Pipelining
EAL 1
EAL 2
EAL 3
EAL 4
EAL 5
EAL 6
EAL 7
Covert Channel
NIACAP (National Information Assurance Certification and
Accreditation Process)
Data Mining
Noninterference Model
TCSEC
D
C
C1
C2
B
B1
B2
B3
A
A1
Multilevel Security Mode
Process Isolation
Evaluation
Security Kernel
Fail Safe
Configuration Management
ITSEC
Dedicated Security Mode
System-high Security Mode
Compartmented Security Mode
Multi-level Mode
Protection Domain
Access Matrix model
Formal Covert Channel Analysis
Multiprogramming
Multitasking
Multithreading
Multiprocessing
Subjects
Object
NCSC (National Computer Security Center)
ITSEC
E0
F1 + E1
F2 + E2
F3 + E3
F4 + E4
F5 + E5
F6
F7
F8
F9
F10
Certification
Accreditation
Security Domain
TOC/TOU (Time-of-Check/Time-of-Use Attacks)
Level A and Level B require Mandatory Protection.
A goal of the Orange Book was to produce standards as to what security features for manufacturers to include when developi
Is an abstract machine which must mediate all access to subjects to objects, be protected from modification, be verifiable as c
Operational Assurance and Life-Cycle Assurance.
All levels from C2and above require Auditing mechanisms.
Security testing andtrusted distribution are required for Life-Cycle Assurance.
B3 and A1 levels. Means that if a system fails the security remains intactwhen it is restored anddoes not allow any security bre
A single accounton thesystem has the administrative rights to all the security-related functionsof the system. (B2, B3 and A1).
The Orange book requires Hardware and/or softwarefeatures shall be provided that can be used to periodically validate the co
To ensure that the Trusted Computing Base isnot tamperedwith during shipmentor installation.
Level A1.
Level B3.
Level B2.
Level B1.
Level C2.
Information Labels are similar to Sensitivity Labels, but in addition to the classification and the category set of the Sensitivity L
Two individuals are required to perform a taskto minimize errors and reduce fraud.
Includes hardware, software and firmware. The TCB is defined as the total combination of protection mechanisms within a com
The take-grant system models a protection system which consists of a set of states and state transitions. A directed graph sho
This confidentiality model describes theallowable information flows and formalizes themilitary security policy.
A subjectcannot read data at a highter security level (no read up).
A subject cannot write data to an object at a lower security level (no write down).
A subject can perform read and write functions only to the objects at its same security level.
This model protects the integrity of the information within a system and the activities that take place.
A subject cannot read data at a lower integrity level (no read down).
A subject cannot modify an object in a highter integrity level (no write up).
Is used the rule is talking about reading.
Is is talking about writing.
This integrity modelis implemented to protect the integrity of dataand to ensure thatproperly formatted transactions take pla
This is a model in which access decisions are based on objects’ ACLsand subjects’ capability tables.
This is a model in whichinformation is restricted in its flow to only go to and from entities in a way that does not negate thesec
This model states that commands and activities perfomed at one security level should not be seen by, or affect, subjects or ob
This model allows for dynamically changing access controls that protect against conflicts of interest.
This model shows how subjects and objects should be created and deleted. It also addresses how toassign specific access righ
Is used in processors to allow overlapping execution of multiple instructions within the same circuitry.
Functionally tested.
Structurally tested.
Methodically tested and checked.
Methodically designed, tested and reviewed.
Semifomally designed and tested.
Semifomally verified design and tested.
Fomally verified design and tested.
A type of attack that creates that transfers information between processes that are not allowed to communicate by the comp

Establishes the minimum national standards for certifying and accrediting national security systems.
Is used to reveal hidden relationships, patterns and trends by running queries onlarge data stores.
Is to strictly separate differing security levels to assure that higher-level actions do not determine what lower-level users can s
Focused on confidentiality.
Minimal Protection.
Discretionary Protection.
Discretionary Security Protection.
Controlled Access Protection.
Mandatory Protection.
Labeled Security Protection.
Structured Protection.
Security Domains
Verified Protection.
Verified Design.
Two or moreclassification levels of dataexist, some people are not cleared for all the data on the system.
Is where each process has its own distinct address space for its application code and data.
Is the process of independently assessing a system against a standard of comparison, such as evaluation criteria.
Is defined as the hardware, firmware and software elements of a TCB that implement the reference monitor concept. Is the so
As a mode of system terminationthat automatically leaves system processes and components in asecure state when a failure o
Auditing and controlling any changes to the Trusted Computing Base.
Added integrity and availability as security goals.
All users have a clearence andformal need to know for all information processedwithin the system.
Requires all users to have a clearencefor the level of information stored and processed by the system but all users have a need
Allows a system to havediffering levels of information and all usershave clearence toaccess all the information, but not all user
Thesystem stores and processes information of differing classifications but users are only required to have clearenceand need
Is toprotect programs from all unauthorized modification or executional interference.
Provides access rights to subjects for objects.
Only level A1 involves a formal covert channel analysis.
An operating system can load more than one program in memory at one time.
An operating system can handle requests from several different processes loaded into memory at the same time.
An application has the ability to run multiple threads simultaneously.
The computerhas more than one CPU.
Programs, users, processes.
File, program, resource.
Is an organization within theNSA (National Security Agency) that is responsible for evaluating computer systems and products.
TCSEC

Level A and Level B require Mandatory Protection.

A goal of the Orange Book was to produce standards as to what security features for manufacturers to include when developi
Mandatory Protection

= Systems that provide high confidentiality (like cryptographic devices).

Is a technical review that assesses the security mechanismsand evaluates their effectiveness.
Is management’s official acceptance of the information in the certification process findings.
Is a domain of trust that shares a single security policy and single management.
This type of attack takes advantageof the dependency on the timing of events that take place in a multitasking operating syste
on security systems.
salways invoked.

on of the on-site hardware and firmware elements of the TCB for System Integrity.

so have the necessary controls to be able to operate as a trusted computer.

m.
ections between the nodes of this system.

erent security level.

policy.
ponent that enforces access control for the operating system.
etected in the system.

only some of the data storedand processed by the system.

eed to know.
he information they need to access.

on security systems.
#NAME?
0
0

Err:509
Err:509
Err:509
Err:509
IDEA (International Data Encryption Algorithm)
RSA
Kerberos
DES (Data Encryption Standard)
DES key Sequence
DES key Effective
DES key Total

Symmetric Key Algorithm

Asymmetric Key Algorithm

One-Time Pad
Electronic Code Book mode of DES
Application Layer
ECC (Elliptic Curve Cryptography)
Digital Signature
PGP (Pretty Good Privacy)
Diffie-Hellman
Rijndael
Substitution
Authentication Header
SET (Secure Electronic Transaction)
Known-Plaintext attack
SHA-1 (Secure Hash Algorithm)
IKE (Internet Key Exchange)
FIPS-140
PKI
Ciphertext-only Attack
Message Digest
MAC (Message Authentication Code)
DSS (Digital Signature Standard)
Link Encryption
Steganography
Cesar Cipher
ROT13 Cipher
Polyalphabetic Cipher
Transposition Cipher
X.509
X.400
X.25
X.75
WTLS (Wireless Transport Layer Security)
OFB (Output Feedback)
Analytic Attack
Statistical Attack
Brute-force Attack
Codebook Attack
Split Knowledge
Class 1/Level 1
Class 2/Level 2
Class 3/Level 3
Class 4
Class 5
Stream Cipher
Block Ciphers
Digital Timestamp
 PPTP (Point-to-Point Tunneling Protocol)
Clipper Chip
Concealment Cipher
One-way Hash
RC2
SSL
ISAKMP (Internet Security Association Key Management
Protocol)
Symmetric Cryptography
Birthday Attack
LDAP servers
ARL (Authority Revocation List)
CRL (Certificate Revocation List)
Cross-certification
Digital watermarking
OAKLEY
SKIP
Key Encapsulation
Chosen-Ciphertext Attack
Hybrid Encryption Methods
S/MIME-standard
Certificate path validation
Blowfish
Cryptanalysis
Confidentiality
Integrity
Authentication
Authorization
Nonrepudiation
Access Control
Algorithm
Cipher
Cryptography
Cryptosystem
Cryptology
Data origin authentication
Encipher
Entity authentication
Decipher
Key
Key Clustering
Keyspace
Plaintext
Receipt
Work factor
Secure message format
Open message format
ECB (Electronic Code Book)
CBC (Cipher Block Chaing)
CFB (Cipher Feedback)
OFB (Output Feedback)
CTR (Counter)
3DES (Triple-DES)
DES-EEE3
DES-EDE3
DES-EEE2
DES-EDE2
AES (Advanced Encryption Standard)
10 Rounds
12 Rounds
14 Rounds
RC4
RC5
RC6
El Gamal
MD2
MD4
MD5
HTTPS
S-HTTP (Secure HTTP)
IPSec ( Internet Protocol Security)
Passive Attacks
Active Attacks
Trapdoor
Spread Spectrum
Is a block cipher and operates on 64-bit blocks of data. The 64-bit data block is divided into 16 smaller blocks, and each has 8 r
Asymmetric Key or Public Keycryptographicsystem. RSA can be used for encryption, key exchange, and digital signatures.
Kerberos depends on Secret Keysor Symmetric Key cryptography.
Symmetric Key or Secret Keyalgorithm.
8 Bytes.
56 Bytes.
64 Bytes.
Using the same key for encryption and decryption. Symmetric Keys also called secret keys. Can provide confidentiality.
DES (Data Encryption Standard), 3DES (Triple-DES), Blowfish, Twofish, IDEA (International Data Encryption Algorithm), RC4, RC
Uses both a Public Key and a Private Key. Can provide authentication and nonrepudiation.
RSA (Rivest-Shamir-Adleman), ECC (Elliptic Curve Cryptosystem), Diffie-Hellman, El Gamal, DSA (Digital Signature Algorithm), M
Uses akeystream string of bits that is generated completely at random key of the same size as the message and is used only on
A givenblock of plaintextand a given key will always produce the same ciphertext.
Determines the identity of the communication partners.
This type of cryptography is based on thecomplex mathematics of elliptic curves. These algorithms are advantageous for their
Directly addresses both confidentiality and integrity of the CIA triad. Provide Nonrepudiation, Authentication, Data Integrity.
Uses an symmetric key algorithm. Uses a “Web of Trust”, where users can certify each other in a mesh model, which is best ap
Asymmetric algorithm, but is used only forkey exchange. Is used for Key agreement (key distribution) and cannot be used to e
New approved method of encrypting sensitive(AES) but unclassified information for the U.S. government.
Is not a mode of DES.
Is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depe
Cryptographic protocol  and infrastructure developed to send encrypted credit card numbers over the Internet. SET was devel
The goal to this type of attack is to find the cryptographic key that was used to encrypt the message. Once the key has been fo
Computes a fixed length message digest from a variable length input message.
Protocol is a key management protocolstandard that is used in conjunction with the IPSec standard.
Hardware and software cryptographic modules.
It supports public key exchange and it is responsible for issuing, locating, trusting, renewing, and revoking certificates. Provide
The attacker has the ciphertext of several messages encryptedwith the same encryption algorithm. Its goal isto discover the pl
To detect any alteration of the message as the message digest is calculated and included in a digital signature to prove that th
Used for integrity protection. Is an authentication checksum derived by applying an authentication scheme, together with a se
Provides Integrity, digital signature and Authentication.
This mode doesnot provide protection if the nodes along the transmission path can be compromised.
Is a method of hiding data in another media.
Simple substitution cipher that involves shifting the alphabet three positions to the right.
Substitution cipher that shifts thealphabet by 13 places.
Using multiple alphabets at a time. 
Different type of cipher.
Used in digital certificates.
Used in e-mail as a message handling protocol.
Standard for the network and data link levelsof a communication network.
standard defining ways of connecting two X.25 networks.
Communication protocol that allows wireless devices to send and receive encrypted information over theInternet.
DES mode of operation.
Refers to using algorithm and algebraic manipulationweakness to reduce complexity.
Uses a statistical weaknessin the design.
Type of attack under which every possible combination of keysand passwords is tried.
 Attacker attempts tocreate a codebook of all possible transformationsbetween plaintext and ciphertext under a single key.
Involves encryption keys being separated intotwo components, each of whichdoes not reveal the other.
Certificates verify electronic mail addresses.
Certificates verify auser’s name, address, social security number, and other information against a credit bureau database.
Certificates are available to companies.  This level of certificate provides photo identification to accompany the other items of
Online businesstransactionsbetween companies.
Private organizations or governmental security.
Generates what is called a keystream (a sequence of bits used as a key).
Type of symmetric-key encryption algorithm that transforms a fixed-size block of plaintext (unencrypted text) data into a block
Binds a document to its creation at a particular time.
PPTP is an encapsulation protocol based on PPP that works atOSI layer 2 (Data Link) and that enables asingle point-to-point co
Is a NSA designed tamperproof chip for encrypting dataand it uses the SkipJack algorithm. It is based on a 80-bit key and a 16-
Every X number of words within a text, is apart of the real message. The message is within another message.
Is a function that takes a variable-length string a message, and compresses and transforms it into afixed length value referred
Proprietary, variable-key-length block cipher.
Provides security services at the Transport Layer of the OSI model.

Key management protocolused by IPSec. Internet IPsec protocol to negotiate, establish, modify, and delete security associatio

When using symmetric cryptography, both parties will be using the same key for encryption and decryption. Symmetric crypto
Usually applied to the probability of two different messagesusing thesame hash function producing a common message digest
The primary security concerns relative to LDAP servers are availability and integrity.
Data structure that enumerates digital certificates that were issued to CAs but have beeninvalidated by their issuerprior to wh
Mechanism for distributing noticesof certificate revocations.
Is the act or process by which two CAs eachcertifiy a public key of the other, issuing a public-key certificate to that other CA, e
Computing techniques for inseparably embedding unobtrusive marks or labels as bits indigital data-text, graphics, images, vide
Key establishment protocol(proposed for IPsec but superseded by IKE) based on the Diffie-Hellman algorithm and designed to
Key distribution protocol that uses hybrid encryption to convey session keys that are used to encrypt data in IP packets.
Is one class ofkey recovery techniques and is defined as a key recovery technique for storing knowledgeof a cryptographic key
Is one in which cryptanalyst may choose a piece of ciphertext and attempt to obtain the corresponding decrypted plaintext. Th
Use of public key encryption to secure a secret key, and message encryption using the secret key.
Encryption is realizedinPublic key based, Hybrid encryption scheme.
Verification of the validity of all certificates of the certificate chain to theroot certificate.
Symmetric block cipher that works on 64-bit blocks of data. The key length can be anywhere from 32 up 448 bits, and the data
Is the science of studying and breaking the secrecy of encryption processes, compromising authentication schemes, and rever
Renders the information unintelligible except by authorized entities.
Data has not been altered in an unauthorized manner since it was created, transmitted, or stored.
Verifies the identity of the user or system that created information.
Upon proving identity, the individual is then provided with the key or password that will allow access to some resource.
Ensures that the sender cannot deny sending the message.
Restricting and controllingsubject and objectaccess attempts.
Set of mathematical rules used in encryption and decryption.
Another name for algorithm.
Science of secret writing that enables you to store and transmit data in a form that is available only to the intended individual
Hardware or software implementation of cryptopgraphy that transforms a message to ciphertext and back to plaintext.
The study both cryptography and cryptanalysis.
Proving the source of a message (system-based authentication).
Act of transforming data into an unreadable format.
Providing the identity of the entity that sent a message.
Act of transforming data into an readable format.
Secret sequence of bits and instructions that governs the actof encryption and decryption.
Instance when two different keys generate the same ciphertext from the same plaintext.
A range of possible values used to construct keys.
Data in readable format, also referred to as cleartext.
Acknowledgment that a message has been received.
Estimated time, effort, and resources necessary to break a cryptosystem.
Sender encrypt the data the receiver’s public key.
Receiver encrypt the data with de sender’s private key.
ECB mode operates like a code book. A 64-bit data block is entered into the algorithm with a key, and a block of ciphertext is p
Each block of text, the key, and the value based on the previous block are processed in the algorithm and applied to the next b
A combination of a block cipher and a stream cipher. For the first block of 8 bits that needs to be encrypted, we do the same t
Makes a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plainte
Turns a block cipher into a stream cipher. It generates the next keystream block by encrypting successive values of a “counter
Is the common name for the Triple Data Encryption Algorithm (TDEA or Triple DEA) block cipher, which applies the DES (Data E
Uses three different keys for encryption, and the data are encrypted, encrypted, encrypted.
Uses three different keys for encryption, and the data are encrypted, dencrypted and encrypted.
The same as DES-EEE3 but uses only two keys, and the first and third encryption processes use the same key.
The same as DES-EDE3 but uses only two keys, and the first and third encryption processes use the same key.
Is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
If both the key and block size are 128 bits.
If both the key and block size are 192 bits.
If both the key and block size are 256 bits.
algorithm used for encryption and does not provide hashing functions, it is also commonly implemented Stream Ciphers.
Is a block cipher that has a variety of parameters it can use for block size, key size, and the number of rounds used. The block s
Is a block cipher that was built upon RC5, so it has all the same attributes as RC5. There were some modifications of the RC5 al
Is a public key algorithm that can be used for digital signatures, encryption, and key exchange.
Is a on-way hash function designed by Ron Rivest that creates a 128-bit message digest value. It is much slower.
Is a one-way hash function designed by Ron Rivest. It also produces a 128-bit message digest value. It is used for high-speed co
Generates a 128-bit digest from a message of any length.
Protects the communication channel between two computers. HTTPS uses SSL/TLS and HTTP to provide a protected circuit be
Is a technology that protects each message sent between two computers. Is used if an individual message needs to be encrypt
Is a widely accepted standard for providing network layer protection. IPSec has strong encryption and authentication methods
Eavesdropping and sniffing data as it passes over a network are considered passive attacks because the attacker is not affectin
Altering messages, modifying system files, and masquerading as another individual are acts that are considered active attacks
Is a means to bypass security by hiding an entry point into a system.
Spreads communication across differrent frequencies available for the wireless device.
of mathematical functions performed on it.

, AES (Advancend Encryption Standard), SAFER (Secure and Fast Encryption Routine), Serpent.

-Hellman Knapsack.

and strength.

to smaller groups.
and decrypt messages.

on which cryptographic algorithm is used and how keying is performed.

by a consortium including Visa and MasterCard.
he attacker would then be able to decrypt all messages that had been encrypted using that key.

fidentiality, access control, integrity, authentication and non-repudiation.

t of the messages by figuring out the key used in the encryption process.
sage has not been altered since the time it was created by the sender.
ey, to a message. There are four  unconditionally secure, hash function based, stream cipher-based and block cipher-based.
mation provided by a level 2 certificate.

phertext (encrypted text) data of the same length.

tion, usually between a client and a server.

ecksum.

a hash value. It provides integrity, but no confidentiality, availability or authentication.

d to exchange key generation and authentication data, independent of the details of any specific key generation technique, key establishm

y is generally fast and can be hard to break, but it offers limited overall security in the fact that it can only provide confidentiality.

ey were scheduled to expire.

g users that are certified under different certification hierarchies to validate each other’s certificate.
audio and for detecting or extracting the marks later.
ompatible component of ISAKMP.

crypting it with another key and ensuring that only certain third parties called “recovery agents” can perform the decryption operation to
e of attack is generally most applicable to public-key cryptosystems.

s go through 16 rounds of cryptographic functions.

gineering algorithms and keys.
 ed.
of text.
we did in CBC mode, which is to use an IV.
cks to get the ciphertext.

tion Standard) cipher algorithm three times to each data block.

sed in this algorithm are 32, 64, or 128 bits, and the key size goes up to 2,048 bits.
m to increase the overall speed, the result of which is RC6.

ation in software implementations and is optimized for microprocessors.

a client and server.

although it can be used to enable tunneled communication between two computers, it is usually employed to establish VPN among netwo
protocol, algorithm, key, message, or any parts of the encryption system.
se the attacker is actually doing something instead of sitting back and gathering data.
ck cipher-based.
 tion technique, key establishment protocol, encryption algorithm, or authentication mechanism.

ovide confidentiality.

m the decryption operation to retrieve the stored key.

to establish VPN among networks across the Internet.
Passwords
Badges
Locks
Guards
Retinal Scan Biometric Device
UPS (Uninterruptable Power Supply)
Wet Pipe
Dry Pipe
Preaction
Deluge

Class A

Class B

Class C

Class D

CO2
Soda Acid
Motion Detector
Power Line Conditioning
Reduce Static Electricity
Common-mode noise
EPA-approved replacement for Halon
Physical Controls
Administrative Controls
CPTED (Crime Prevention Through
Environmental Design)
Main Risks that Physical Security Components
Combat
Power Excess
Spike
Surge
Power Loss
Fault
Blackout
Power Degradation
Sag
Brownout
Positive Pressurization
Plenum Area
Administrative Security Controls
Technical Security Controls
(also called logical controls)
Physical Security Controls
Physical Access Systems
Physical Intrusion Detection Systems
Physical Protection Systems
Mantrap
Detective Security Controls
Preventive Security Controls
Corrective Security Controls
Recovery Security Controls
Directive Security Controls
Deterrent Security Controls
Compensating Security Controls
Capacitance Detectors
Wave Pattern Motion Detectors
Field-powered Devices
Audio Detectors
Countermeasures
100° F
150° F
175° F
350° F
Auxiliary Station Alarms
Central Station Alarms
Proprietary Alarms
Remote Station Alarm
Transponder
One-hour minimum fire rating
Two-hour minimum fire rating
Physical Theft
Fail Soft
Fail Safe
Fail Open
Fail Closed
Fail Secure
Natural environmental threats
Supply system threats
Manmade threats
Politically motivated threats
Vulnerability
Threat
Threat Agent
Natural Access Control
Natural Surveillance
Natural Territorial Reinforcement
Deterrence of criminal activity
Delay of intruders
Detection of Intruders
Assessment of situations
Response to intrusions and disruptions
Ground
Noise
Transient noise
Clean power
EMI (Electromagnetic Interference)
RFI (Radio Frequency Interference)
Humidity
Temperature
High Humidity
Low Humidity
Warded Lock
Tumbler Lock
Wafer Tumbler
Piggybacking
CCD
Are considered a Preventive/Technical (logical) control.
Are a physical controlused to identify an individual.
Are a Preventative Physical control.
Are a Preventative Physical control.
Blood vessels used for biometric identification are located along the neural retina, the outermost of retina’s four cell layers.
Use battery packs that range in size and capacity.
Always contain water in the pipes and are usually discharged by temperature control level sensors. One disadvantage is that t
The wateris not actually held in the pipes. The water is contained in a “holding tank” until it is released.
Combines both the dry and wet pipe systems and allows manual interventionbefore a full discharge of water on the equipmen
Has its sprinkler heads wide open to allow a larger volume of water to be released in a shorter period.
C = Combustible
– Type of Fire: Common Combustibles.
– Elements of Fire: wood products, paper, and laminates.
– Suppression Method: water, foam.
L = Liquid
– Type of Fire: Liquid.
– Elements of Fire: Petroleum products and coolants.
– Suppression Method: Gas, CO2, foam, dry powders.
E = Electrical
– Type of Fire: Electrical.
– Elements of Fire: Electrical equipment and wires.
– Suppression Method: Gas, CO2, dry powders.
M = Metals
– Type of Fire: Combustible Metals.
– Elements of Fire: Magnesium, sodium, potassium.
– Suppression Method: Dry powder.
Is preferred in aninformation centeris the agent isconsidered a clean agent, as well as non-conductive.
Removes fuel from the fire by discharging a thick foam thatmoves the fire away from the fuel supply.
Ultrasonic, Microwave, Passive infrared sensors.
Is a protective measureagainst noise. It helps to ensure the transmission of clean power.
Anti-static sprays, Anti-static flooring, Maintain proper humidity levels.
Is electrical noisebetween the hot and ground wire and between the neutral andground wire.
FM-200,NAF-S-III, CEA-410, FE-13, Water, Inergen, Argon and Argonite.
Includefences, lights, locks, and facility construction materials.
Include facility selection,construction, facility management, personnel controls,training, emergency responseandprocedures.

Is a discipline that outlines how the proper designof aphysical environmentcan reduce crimeby directly affecting human behav

Theft, interruptions to services, physical damage, compromised system integrity, and unauthorized disclosure of information.

Too much voltage for a short period of time.

Too much voltage for a long period of time.

A momentary power outage.

A long power interruption.
A momentary low voltage.
A prolonged power supply that is below normal voltage.
Means that when an employee opens a door, the air goes outand outside air does not come in.
Is a separate space provided for air circulation for heating,ventilation, and air-conditioning (sometimes referred to as HVAC) an
Are primarily policies and procedures put into placeto defineand guide employee actions in dealing with the organization’s sen

Are devices, processes, protocols, and other measuresused to protect the C.I.A.of sensitive information. Examples include logi

Are devices and means to control physical accessto sensitive informationand to protect the availability of the information.
fences, mantraps, guards.
motion detector, alarm system.
sprinklers, backup generator.
A double-door facility used for physical access control.
They detect and report an unauthorized or undesired event (or an attempted undesired event). Example detective security co
Are put into place to prevent intentionalor unintentional disclosure, alteration, or destruction (D.A.D.) of sensitive information
Are used to respond to and fix a security incident. Also limit or reduce further damagefroman attack.
Are those controlsthat put a system back into production after an incident. Most Disaster Recovery activities fall intothis categ
Are the equivalent of administrative controls. Directive controls direct that some action be taken toprotect sensitive organizati
Are controls that discourage security violations. For instance, “Unauthorized Access Prohibited” signage may deter a trespasse
Are controls that provide an alternative to normal controlsthat cannot be used for some reason.
Monitor an electrical fieldsurrounding the object being monitored. They are used for spot protection within a few inches of th
Generate a frequency wave patternand send an alarm if the pattern is disturbed as it is reflected back to itsreceiver.
Are a type of personnel access control devices.
Simply monitor a roomfor any abnormal sound wave generation and trigger an alarm.
Are used to mitigate therisks, threats, andvulnerabilities.
Magnetic media areaffected.
Disks are damaged.
Computer equipment areaffected.
Paper products are affected.
Automatically cause an alarm originating in a data centerto be transmitted over the local municipal fireor police alarm circuits
Are operatedbyprivate security organizations.
Are similar to central stations alarms except that monitoring isperformed directly on the protected property.
Is a direct connection between the signal-initiating device at theprotected property and the signal-receiving devicelocated at a
Is a proximity identification device that doesnot require action by theuser. 
The internal walls of your processing facility must be a floor to ceiling slab.
Any adjacent walls where records such as paper, media.
Would be themost likely to affect confidentiality, integrity and availability.
A system that experience a security issue would disable only the portion of the system being affected by the issue.
Afail-safe lock in the PHYSICAL security context will default to being unlocked in case of a power interruption.
Mean that the mechanism will default to being unlocked in case of a failure or problem.
Mean that the mechanism will defaultto being locked in case of a failure orproblem.
in the logical orphysical security context will default to being locked in case of a power interruption or a service that isnot func
Floods, earthquakes, storms and tornadoes, fires, extreme temperature conditions, and so forth.
Power distribution outgates, communications interruptions, andinterruption of other natural energy resources such as water,
Unauthorized access (both internal and external), explosions, damage by angry employees, employee errors and accidents, va
Strikes,riots,civil disobedience, terrorist attacks, bombings, and so forth.
Is a weakness.
is the potential that someonewill identify this weakness and use it against you.
Is the person or mechanism that actually exploits this identified vulnerability.
Is the guidance of people entering andleaving a space by the placement of doors, fences, lighting, and even landscaping.
Is to make criminals feel uncomfortable by providing many ways observers could potentially see them and to make all other p
Can be implemented through the use of walls, fences landscaping, light fixtures,flags, clearly marked addresses, and decorativ
Fences, Warnings signs, Security guards, Dogs.
Locks, Defense-indepth measures, Access controls.
External intruder sensors, internal intruder sensors.
Security guard procedures, Communication structure.
Response force, emergency response procedures, police, fire, medical personnel.
The pathway to the earth to enable excessive voltage to dissipate.
Electromagnetic or frequency interferencethat disrupts the power flow and can cause fluctuations.
A short durationof power line disruption.
Electrical current that does not fluctuate.
Can be caused by lightning, motors, and the current difference between wires.
Can be caused by electrical system mechanisms, fluorescent lighting, and electrical cables.
Should be kept between 40% and 60%.
Should be kept between 70° F and 74° F.
Can cause corrosion.
Can cause static electricity.
Is the basic padlock.
Has more pieces and parts than a ward lock.
Are the small, round locks you usually seeonfile cabinets. They use flat discs (wafers) instead of pins inside the locks.
An individualgains unauthorized access by using someone else’s legitimate credentials or access rights.
Is an electrical circuit that receives input lightfrom the lens and converts it into an electronic signal, which is then displayed on
eze in colder climates.
pace between the structural ceiling and a drop-down ceiling.

ns systems, antivirus systems, firewalls, and intrusion detection systems.

review, system audit, file integrity checkers, and motion detection.  

ve can be in the form of apolicy, procedure, orguideline.

police/fire station and the appropriate headquarters.

firehouse.

ers.
le, by providing an open and well-designed environment.
Bell-LaPadula Model
Biba Integrity Model
DAC (Discretionary Access Controls)
MAC (Mandatory Access Control)
RBAC (Role Based Access Control)
RuBAC (Rule Based Access Control)
NDAC (Non-Discretionary Access Control)
Sensitivity Label
Kerberos
Detection
Logical Control
Sniffing
Principle of Least Privilege
FRR (False Reject Rate)
FAR (False Accept Rate)
CER (Crossover Error Rate)
Identity-based Access Control
Lattice Model
Preventive/Administrative
Preventive/Technical Control
Callback Systems
Database Views
Preventive/Physical Control
Detective/Technical Control
Detective/Physical Control
SSO (Single Sign-On)
IDS (Intrusion Detection System)
NIDS (Network-Based IDS)
HIDS (Host-Based IDS)
ACL (Access Control List)
Access Control Matrix
Detective Control
Lattice-Based Access Control
Clark-Wilson Model
Technical Control
Synchronous Dynamic Password Tokens
Shoulder Surfing
Bell-LaPadula Model
Simple Security Rule
* (star) Property Rule
Strong Start Property Rule
Biba Security Model
Simple integrity axiom
* (star) integrity axiom
“Simple”
* or “Star”
Preventive Controls
Deterrent Controls
Detecting Controls
Compensating Controls
Corrective Controls
Continuous Authentication
KDC (Key Distribution Center)
AS (Authentication Service)
IPS (Intrusion Prevention System)
Hybrid Card
Emanation Attacks
Due Diligence
SSH protocol
Take-Grant Model
Static Password Tokens
Biometrics “one-to-many”
Biometrics “one-to-one”
Capability Tables
Physiological
Behavioral
Signature Dynamics
Keystroke Dynamics
Rainbow Tables
Password Checker
Password Cracker
Memory Card
Smart Card
Contact
Contactless
SESAME (Secure Eurpean System for Application in a Multi-vendor
Environment)
RADIUS (Remote Authentication Dial-In User Service)
TACACS (Terminal Access Controller Access Control System)
XTACACS
TACACS +
Diameter
Detective/Administrative
Iris pattern
Extensible Authentication Protocol
Port knocking
Authenticity
Data Mining
Focuses on data confidentiality and access to classified information. Created the first mathematical model of a multi-level secu
Which describes rules for the protection of data integrity.
Data owners decide who has access to resources, and ACLs are used to enforce the security policy.
Operating systems enforce the system’s security policy through the use of security labels.
Access decisions are based on each subject’s role and/or functional position.
A good example of a Rule Based Access Controldevice would be a Firewall. A single set of rules is imposed to all users attempti
Include Role Based Access Control (RBAC) and Rule Based Access Control (RBAC or RuBAC).  Central authority determines wha
Must contain at least one classification and one category set.
A trusted third-party authentication protocol that was developed under Project Athena at MIT. Kerberos depends on secret ke
By reviewing system logs you candetect events that have occured.
Userids, Access Profiles, Passwords.
A network sniffer captures a copy every packet that traverses thenetwork segment the sniffer is connect to.
Refers to allowing users to have only the access they need and not anything more. 
Type 1 Errors. When a biometric systemrejects an authorized individual. (False negative)
Type 2 Errors. When abiometric system acceptsimpostorswho should be rejected.(False positive)
The percentage at which the False Rejection Rate(FRR) equals the False Acceptance Rate (FAR).
Is a type of Discretionary Access Control that is based on an individual’s identity.
There are pairs of elements that have the least upper bound of values and greatest lower bound of values.
In this pairing, emphasis is placed on “soft” mechanisms that support theaccess control objectives. Mechanisms include organ
The preventive/technical pairinguses technology to enforce access control policies.
Provide access protection by calling back the number of a previously authorized location, but this control can be compromised
Are mechanisms that restrict accessto the information that a user can access in a database.
Measures also apply to areas that are used for storageof the backup data files.
Measures are intended to reveal the violations ofsecurity policy using technical means.
Usually require a human to evaluatethe input from sensors or cameras to determine if a real threat exists.
The advantages of SSO include having the ability to use stronger passwords, easier administration as far as changing or deletin
Is a system that is used tomonitor network trafficor to monitor host audit logs in order to determine if any violations of an org
Monitors network traffic in real time.
Is resident on a host and reviews the systemandevent logs in order to detect an attackon the host and to determine if the atta
Specifies a list of users [subjects] who are allowed access to each object.
The matrix lists the users, groups and roles down the left side and the resources and functions across the top.
These controls can be used to investigate what happen after the fact. Motion detectors, Audit logs, Intrusion Detection System
Users areassigned security clearences and the data is classified.  Access decisions are made based on the clearence of the user
The subjectno longer has direct access to objects but instead must access them through programs (well -formed transactions)
Logical or Technical Controls involve therestriction of accessto systems and the protection of information. Examples of these t
Generate a new unique password value at fixed time intervals, so the server and token need to be synchronized for the passw
Is a form of a passive attack involving stealing passwords, personal identification numbers or other confidential information by
This confidentiality model describes theallowable information flows and formalizes themilitary security policy.
A subjectcannot read data at a highter security level (no read up).
A subject cannot write data to an object at a lower security level (no write down).
A subject can perform read and write functions only to the objects at its same security level.
This model protects the integrity of the information within a system and the activities that take place.
A subject cannot read data at a lower integrity level (no read down).
A subject cannot modify an object in a highter integrity level (no write up).
Is used the rule is talking about reading.
Is is talking about writing.
Are concerned with avoiding occurrences of risks. Password management is an example of Preventive Control.
Are concerned with discouraging violations.
Identify occurrences.
Are alternative controls, used to compensate weaknesses in other controls.
Are concerned with remedying circumstances and restoring controls.
Is a type of authentication that provides protection against impostors who can see, alter, and insert informationpassed betwe
Holds all users’ and services’cryptographic keys. It provides authentication services, as well as key distribution functionality.
Is the part of the KDC that authenticates a principal.
IPS is a preventive and proactive mechanism.
This is a contactless smart card that has two chips with the capability of utilizing both contact and contactless formats.
Are the act of intercepting electrical signals that radiate from computing equipment.
Is the critical partof the information security that assess controls to seewhether or not they are implemented correctly, workin
Provides an encrypted terminal session to the remote firewalls. 
A protection system which consists of a set of statesandstate transitions. A directed graph shows the connections between th
The owner identityis authenticated by the token.
One to Manyis for Identification. In biometrics, identification is a “one-to-many” search of anindividual’s characteristics from a
One to One is for Authentication. Thismeans that you as a user would provide some biometric credentialsuch as your fingerpri
Bound to a subject and indicates what objects that subject can access.
Is what you are.
Is what you do.
When a person signs a signature, usually they do so in thesame mannerand speed each time.
Captures electrical signals when a person types a certain phrase.
Consist of all possible passwords in hashed formats.
It is a tool used by a security professional to test the strength of a password.
It is a tool used by a hacker.
Holds information.
Holds information and has the necessary hardware and software to actually process that information.
Smart card has a gold seal on the face of the card.
Smart card has an antenna wire that surrounds the perimeter of the card.

The project is a single sign-on technology developed to extend Kerberos functionality and improve upon its weaknesses. SESA

Is a network protocol and provides client/server authentication an authorization, and audits remote users.
Combines its authentication and authorization processes. For networked applications, the TACACS employs a user ID and a sta
Separates authentication, authorization, and auditing processes.
Is XTACACS with extended two-factor user authentication.
Is a protocol that has been develop to build upon the functionality of RADIUS and overcomemany of its limitations.
Controls are job rotation, the sharing of responsibilities, and reviews of audit records.
Biometric parameters is better suited for authentication use over a long period of time.
As a framework that supports multiple, optional authentication mechanisms for PPP, including cleartext passwords, challenge
Is where the client will attempt to connect to a predefined set of ports to identify him as an authorized client. The port knockin
Refers to the characteristic of a communication, document or any data that ensures the quality of being genuine or not corrup
Analyzing warehoused data with automated tools to find trends, correlations, and relationships.
 ecurity system.

mpting to connect through the firewall. RuBAC is a form of Non-Discretionary Access Control.
what subjects can have accessto certain objects based on the organizational securitypolicy.

t keys (symmetric ciphers). Kerberos addresses the confidentiality and integrity of information.

anizational policies and procedures, pre-employment background checks, strict hiring practices.

sed by call forwarding.

eting the passwords, minimize the risks of orphan accounts, and requiring less time to access resources.
organization’s security policy have taken place. IDS are complements to firewalls.

ttack was successful.  

tems.
ser and the classification of the object.
ns). The Clark-Wilson Model uses separation of duties.
e types of controls are encryption, smart cards, access lists, and transmission protocols.
sword to be accepted.
by looking over someone’s shoulder.
ween the claimant and verifier even after the claimant/verifier authentication is complete.
.

rking as intended and producing the desired results.

the nodes of this system.

m a database of stored images.

print.

SAME uses symmetric and asymmetric cryptographic techniques to autenticate subjects to network resources.

static password for network access.

ge-response, and arbitrary dialog sequences.

cking sequence is used to identify the client as a legitimate user.
rupted from the original.
es.
TCP SYN attack
TCP Wrappers
ICMP
IGMP
TCP
UDP
Class A Network Address
Class B Network Address
Class C Network Address
Packet-Switched Services
Signature-Based Detection
Gateway
Bridge
Router
Repeaters
Modem
Smurf Attack
Fraggle
Layer 1
Layer 2
Layer 3
Layer 4
Layer 5
Layer 6
Layer 7
Traffic Anomaly-Based
Protocol Anomaly-Based
Pattern Matching
Stateful Matching
Network Layer
RAID 0 (Striping)
RAID 1 (Mirroring)
RAID 3 (Byte-level parity)
RAID 4 (Block-level parity)
RAID 5 (Interleave parity)
RAID 6 (Second parity data or double parity)
RAID 10 (Striping and mirroring)
RAID 15
Striping
RAID Advisory Board
FRDS (Failure Resistand Disk System)
Full Backup
Differential Backup
Incremental Backup
DLT (Digital Linear Tape)
WORM (Write-Once, Read-Many)
HSM (Hierarchical Storage Management)
Alternative Routing
Diverse Routing
Last Mile Circuit Protection
Long Haul Network Diversity
FTP
Telnet
SMTP
DNS
POP3
Well Known Ports
Registered Ports
Dynamic and/or Private Ports
SSH-2 (Secure Shell)
TLS (Transport Layer Security)
Screening Router
Packet Filtering Firewall
Proxy Firewall
Stateful Firewall
Dynamic packet filtering firewall
Kernel Proxy Firewall
Knowledge-Based IDS
Behavior-Based IDS
Token Ring
FDDI (Fiber Distributed Data Interface)
Frame Relay
Logon Abuse
TCP sequence number attack
TCP and UDP
Pivoting Method
Basic Security Services defined by the OSI
Internet Layer
OSI Model
TCP/IP Protocol Model
Application Layer – TCP/IP Protocol Model
Host-to-Host Layer – TCP/IP Protocol Model
Internet Layer – TCP/IP Protocol Model
Network Access Layer – TCP/IP Protocol Model
ARP (Address Resolution Protocol)
RARP (Reverse Address Resolution Protocol)
BOOTP (Bootstrap Protocol)
PPTP (Point-to-Point Tunnelling Protocol)
Tunnel Mode
Transport Mode
Multicast
Unicast
Broadcast
SSL (Secure Socket Layer)
RSA
SET (Secure Electronic Transaction)
Spoofing Attack
Sniffing Attack
LAN Transmission Protocols
LAN Topologies
LAN Transmission Methods
LAN Media Access Methods
X.400
X.500
X.509
X.800
802.2
802.3
802.5
802.11
SLIP (Serial Line IP)
S-RPC (Secure RPC)
DS-0
DS-1
DS-3
Network Architecture
Ethernet Address
TFTP (Trivial File Transfer Protocol)
Land Attack
Link Encryption
Bastion
IMAP4 (Internet Message Access Protocol 4)
DAT (Digital Audio Tape)
10BASE-T
10BASE-2 (RG58)
10BASE-5 (RG8/RG11)
10BASE-FP
Application-Level Proxy
Circuit-Level Proxy
Teardrop Attack
SYN Attack
Buffer Overflow Attack
Category 2 UTP
Category 3 UTP
Category 5 UTP
Replay Attack
Infrared
AH (Authentication Headers)
PPP (Point-to-Point Protocol)
Dynamic Translation
Port Knocking
EAL 1
EAL 2
EAL 3
EAL 4
EAL 5
EAL 6
EAL 7
Failure Resistant Disk System
QIC (Quarter Inch Cartridge drives)
Screened-Subnet Firewall
NAT (Network Address Translation)
S/MIME-standard
Screened Host
Screened Subnet
IP Spoofing Attack
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Asynchronous Communication
Synchronous Communication
Dual-homed
Bluejacking Attack
(CSMA/CD) Carrier Sense Multiple Access with Collision
Detection
(CSMA/CA) Carrier Sense Multiple Access with Collision
Avoidance
Takes advantage of the way a TCP session is established.
Can control when a UDP server starts but has little control afterwards becauseUDP packets can be sent randomly.
Protocol field has avalue of 1.
Protocol field has a value of 2.
Protocol field has a value of 6.
Protocol field has a value of 17.
Has a 8-bit network prefix, with the one highest order bits set to 0. The addresses are 0.0.0.0 – 127.255.255.255.
Has a 16-bit network prefix, with the two highestorder bits set to 1-0.  The addresses are 128.0.0.0 – 191.255.255.255.
Has a 24-bit network prefix, with the three highest order bits set to 1-1-0. The addresses are 192.0.0.0 – 223.255.255.255.
Frame Relay and X.25 are both examples of packet-switching technologies.
As the patterns correspondingto known attacksare called signatures, misuse detection is sometimes called “signature-based d
Is used to connect two networks using dissimilar protocols at thelower layers or it could also be at the highest levelof the prot
Work at the data link layer are used to connect two separate networks toform a logical network. Filter frames based on MAC a
Work at the network layer and filter packets based on IP addresses.
Work at the physical layer and amplify transmission signalsto reach remote devices by taking asignal from a LAN.  
Is a device that translates data from digital formand then back to digitalfor communication over analog lines.
Attack where the attackerspoofs the source IP address in an ICMP ECHO broadcast packet so it seems to have originated at th
Is an attack similar to Smurf, but it uses UDP.
Physical Layer.
Data Link Layer.
Network Layer.
Transport Layer.
Session Layer.
Presentation Layer.
Applications Layer.
An anomaly based IDS can detect unknown attacks.
This type of system is more suited to identifying deviations from established protocol standardssuch as HTTP.
This type of system can only compare packetsagainst signatures of known attacks.
This type of system works by scanning traffic streams for patterns or signatures of attacks.
OSPF (Open Shortest Path First), IP (Internet Protocol), and RIP (Routing Information Protocol) are all protocols implemented i
Data striped over several drives. No redundancyor parity is involved. If one volume fails, the entire volume is unusable. It is us
Mirroring of drives. Data is writtento two drives at once. If one drive fails, the other drive has the exact same data available.
Data striping over all drivesand parity data heldon one drive. If a drive fails, it can be reconstructed from parity drive. Is implem
Same as level 3, except parity iscreated at the block level instead of the byte level.
Data is written in disk sectorunits to all drives. Parity is writtento all drives also, which ensures that there is no single point of f
Similar to level 5, but with added fault tolerance, which is asecond set of parity data written to all drivers.
Data are simultaneously mirrored and striped across several driversand can support multiple drive failures.
Is created by combining RAID Level 1and Level 5.
RAIDseparates thedata into multiple units and stores it on multiple disks.
Failure Resistant Disk Systems (FRDSs), Failure Tolerant Disk Systems, and Disaster Tolerant Disk Systems.
Is that it enables the continuous monitoringofthese parts and the alerting of their failure.
All data are backed up. The archive bitis cleared, which means that it is set to 0.
Backup the files that have been modified since the last Full Backup. Thearchive bit does not change. Take more time backup p
Backup all the files that have changed since the last Full Backup orIncremental Backup and sets the archive bit to 0. Take less ti
Is only 0.498 inches in size, yet the compression techniques and head scanning process make it a large capacity and fast tape.
Optical disk “jukeboxes” are used forarchiving data that does not change.
Iscommonly employed in very large data retrieval systems.
Is a method of routing information via an alternate medium such as copper cable or fiber optics.
Routes traffic through split cable facilities or duplicate cable facilities.
Is a redundant combination of local carrier T1s microwave and/orcoaxial cable access to the local communications loop.
Is a diverse long-distance network utilizingT1 circuits among the majorlong-distance carriers.
Port 21.
Port  23.
Port 25.
Port 53.
Port 110.
Are those from 0 through 1023.
Are those from 1024 through 49151.
Are those from 49152 through 65535.
SSH provides strong client authentication. Remote log-on, Command execution,Port forwarding.
Is atwo-layered socket layer security protocol that contains the TLS Record Protocoland the Handshake Protocol.
How the packet filtering capabilities of a router can be used to block trafficmuch like a packet filtering firewall.
It is a first-generation firewall. This filtering is based on network layer information. Takes place by using ACLs, which are develo
It is a second-geneation firewall. A proxy firewall is the middleman in communication. It does not allow anyone to connect dire
It is a third-generation firewall. Statefull inspection keeps track of each communication session. It must maintain a state table
It is a fourth-generation Firewall. Creates an ACL that allows the external entity to communicate with the internal system via t
It is a fifth-generation Firewall. Faster because processing is done in the kernel. One network stack is created for each packet.
Signature-Based IDS. Use a database of previous attacks and known system vulnerabilities to look for current attempts toexplo
Statistical Anomaly-Based IDS. Dynamically detect deviationsfrom the learned patterns of user behavior and an alarmis trigger
Was designed to be a more fault-tolerant topology than Ethernet, and can be a very resilient topology when properly impleme
FDDI is a token-passing ringschemelike a token ring, yet it also has a second ring that remains dormant untilan error condition
Uses a public switched network to provideWide Area Network (WAN) connectivity.
Unauthorized access of restricted network services by the circumvention ofsecurity access controls.
Exploits the communication session which was establishedbetween the target and thetrusted host thatinitiated the session.  
Are implemented at the Transport Layer (layer 4).
Pivoting refers to method used by penetration testers that uses compromised system to attack other systems on the same net
Authentication, access control, data confidentiality, data integrity, nonrepudiation and logging and monitoring.
TCP/IP protocol model, the Internet Layerdefines the IP datagram and handlesthe routing of data across networks.
Application, Presentation, Session, Transport, Network, Data Link, Physical.
Application, Host-to-Host, Internet and Network Access.
Contains protocols that implement user-level functions, such as mail delivery, file transfer and remote login.
Handles connection rendez vous,flow control, retransmission of lost data, and other generic data flow management between
Is responsible for delivering data across a series of different physical networks that interconnect a source and destination mac
Is responsible for delivering data over the particular hardware mediain use.
Is used to match an IP address to an Ethernet address so the packet can be sent to the appropriate node.
Is used to match an Ethernet address to an IP address.
Is a network protocol used by a network clientto obtain an IP address from a configuration server. BootP is an Internet Layer p
Operates at the Data Link Layer (layer 2)of the OSI model and uses native PPP authenticationand encryption services. Sets up a
The entire packet is encrypted and encased into an IPSec packet. Tunnel Mode is required for gateway services.
Only the datagram (payload) is encrypted, leaving the IP address visible within the IP header. Transport Mode is established w
A source packet is copied and sent to specific multiple destinations on thenetwork.
Sends a packet from asingle source to a single destination.
A packet is copied and then sent to all the stations on a network.
Protocol is used between a web serverand client andprovides entire session encryption, thus preventing from session hijackin
Is asymmetric encryption algorithmthat can be used in setting up a SSL session.
Is the protocol that was introduced by Visa and Mastercard to allow formore credit card transaction possibilities.
Is when an attempt is madeto gain accessto a computer system byposing as an authorized useror system.
Refers to observing packets passing on anetwork.
Are the rules for communicating betweencomputers on a LAN. CSMA/CD, polling,token-passing.
Bus, Ring, Star or Meshed.
Refer to the way packets are sent on the network and are either unicast, multicast or broadcast.
Control the use of a network (physical and data link layers). They can be Ethernet, ARCnet, Token Ringand FDDI.
Is used in e-mail as a message handling protocol.
Is used in directory services.
Is used in digital certificates.
Is used a network security standard.
Refers to the Logical Link Control.
refers to Ethernet’s CSMA/CD.
Standard defines theToken Ring Media Access Method.
Refers to Wireless communications.
Support TCP/IP networking over low-speed serial interfaces.
Provides authentication services.
Is theframing specification used intransmitting digital signalsover a single 64 Kbps channelover a T1 facility.
Is the framing specification used fortransmitting digital signalsat 1.544 Mbps on a T1 facility.
Is the framing specification used fortransmitting digital signalsat44.736 Mbps on a T3 facility.
Refers to the communications products and services, which ensure that the various components of a network (such as devices
Is a 48-bit address that is hard-wired into the Network Interface Cards (NIC) of the network node.
Is sometimes usedto transfer configuration filesfrom equipments such as routers but the primary difference between FTP and
Involves the perpetrator sending spoofed packet(s)with the SYN flag set to the victim’s machine on any open port that islisten
Encrypts the entire packet, including headers and trailers, and has to be decrypted ateach hop.
Host as a strongly protectedsystem that is in a network protected by a firewall.
Internet protocol by which a client workstation candynamically access a mailbox on a server host to manipulate and retrieve m
Can be used to backup data systems in addition to its original intended audio uses.
The maximum length is 100 meters.
The maximum length is 185 meters.
The maximum length is 500 meters.
The maximum length is 1000 meters.
Application proxy Firewalls provide good security and have full application-layer awareness, but they have poor performance,
Circuit-level firewalls also use proxies but at a lower layer. Circuit-level firewalls do not look as deep within the packet as appli
Consists of modifying the length andfragmentation offset fields in sequential IP packetsso the target system becomes confuse
Is when an attacker floods a system with connection requestsbut does not respond when thetarget system replies to those req
Occurs when a process receives much more data than expected.
Can handle data ratesof 4 Mbps.
Wasoften usedfor phone lines and is used in 10Base-T networks. It is specified to handle speeds up to 10 Mbps.
Is the current UTP standard for networksrunning at 100 Mbps.
Refers to the recordingand retransmission of packets on the network. Kerberos uses time stamps, whichprotect againstthis typ
Is generally considered to be more secure to eavesdropping than multidirectional radio transmissionsbecause infrared require
Providesintegrity, authentication, and non-repudiation.
Was designed to support multiple network types over the same serial link.
A large group of internal clients share a single orsmall group of internal IP addresses for the purpose of hiding their identities o
is where the client will attempt to connect to a predefined set of portsto identify himas an authorized client.
Functionally tested.
Structurally tested.
Methodically tested and checked.
Methodically designed, tested, and reviewed.
Semiformally designed and tested.
Semiformally verified design and tested.
Formally verified design and tested.
Provides the ability toreconstruct the contents of a failed disk onto a replacement diskand provides the added protection agai
This format is mostly used forhome/small office backups, has a small capacity, and is slow, but inexpensive.
One the most secure implementations of firewall architecturesis the screened-subnet firewall.
Is concerned with IP address translation between two networks and operates at the network layer (Layer 3).
Public key based, hybrid encryption scheme.
Router filters (screens) traffic before it is passed to the firewall.
External router filters (screens) traffic before it enters the subnet. Traffic headed toward the internal network then goes throu
Is used to convince a system that it is communication with a known entity that gives an intruder access.
The Layer 7. Provides file transmissions, message exchanges, terminal sessions and much more. Protocols working at this layer
The Layer 6. Receives information from the application layer protocols and puts it in a format all computers following the OSI m
The Layer 5. Is responsible for establishing a connection between the two applications, maintaining it during the transfer of da
The Layer 4. Receives data from many different applications and assembles the data into a stream to be properly transmitted
The Layer 3. Insert information into the packet’s header so it can be properly addressed and routed, and then to actually route
The Layer 2. Establishes the communications link between individual devices over a physical link or channel. Protocols working
The Layer 1. Converts bits into voltage for transmission.
Is used when the two devices are not synchronized in any way.
Takes place between two devices that are synchronized, usually via a clocking mechanism.
A single computer with separte NICs connected to each network. Used to divide an internal trusted network from an external
A bluejacking occurs when someone sends an unsolicited message to a device that is Bluetooth is enabled.

Ethernet uses CSMA/CD to minimize the effect of broadcast collisions.

Used by AppleTalk and Wireless - 802.11i.

in order to flood it with REPLY packets.

er.
e only.

e level.

time to restore.
and take more time to restore.
o a device.
d host within the internal network.
about each connection.

ities, and trigger an alarm if an attempt is found.

ty is considered intrusive (outside of normal system use) occurs.

eprimary ring.

trictions such as firewall configurations, which may prohibit direct access to all machines.

es a workstationto boot without requiring a hard or floppy disk drive.

oint connection between two computers.

a host.
urity services at the Transport Layer of the OSI model.

ccess methods) work together.

does not require authentication.

the serverhasreceived and is holding for the client.

n support, and poor scalability.

r it receives contradictory instructions onhow the fragments are offset on these packets.
ht paths.

ternal network address space.

o the failure ofmany hardware parts of the server.

LPD, FTP, Telnet, TFTP.

tand.
g the release of this connection. Protocols working at this layer are: NFS, SQL, NETBIOS, RPC.
Protocols working ath this layer are: TCP, UDP, SPX.
eir proper destination. Protocols working at this layer are: ICMP, RIP, OSPF, BGP, IGMP.
SLIP, PPP, RARP, L2F, L2TP, FDDI, ISDN.

k.
Hot Site

Hot Site Advantages

Hot Site Disadvantages

Warm Site
Cold Site

Warm and Cold Site Advantages

Warm and Cold Site Disadvantages

Redundant Sites
Disaster Recovery Manager
Reciprocal Agreement
Transaction Redundancy Implementation
Electronic Vaulting
Remote Journaling
Database Shadowing
Data Clustering
RPO (Recovery Point Objective)
RTO (Recovery Time Objective)
ACV (Actual Cash Value)
RCV (Replacement Cost Value)
MTD (Maximum Tolerable Downtime)
Nonessential
Normal
Important
Urgent
Critical
Salvage Team
BIA (Business Impact Analysis)
Parity Information
Diverse Routing
DRP (Disaster Recovery Plan)
BCP (Business Continuity Plan)
BRP (Business Recovery Plan)
Restoration Team
Incident Response Plan
OEP (Occupant Emergency Plan)
RA (Risk Assessment)
BIA (Business Impact Analysis)
MTBF (Mean-Time-Between Failure)
MTTR (Mean-Time-To-Repair)
Parallel Test
Full-Interruption Test
Checklist Test
Structured Walk-Through Test
Dual Data Center
Peril Policy
All-Risk Policy
Criticality Survey
Nondisaster
Disaster
Catastrophe
Software escrow
Full Backup
Differential Backup
Incremental Backup
Tape Vaulting
Corrective control
Recovery Team
Damage Assessment Team
RAID 0 (Striping)
RAID 1 (Mirroring)
RAID 3 (Byte-level parity)
RAID 4 (Block-level parity)
RAID 5 (Interleave parity)
RAID 6 (Second parity data or double parity)
RAID 10 (Striping and mirroring)
RAID 15
Contains everything needed tobecome operationalin the shortest amount of time. Computers, climate control, cables and per
Ready within hours for operation;
Highly available;
Usually used for short-term solutions, but available for longer stays;
Annual testing available.
Very expensive;
Limited on hardware and software choices.
Hassome basic equipmentor in some case almost all of the equipment but it is not sufficientto be operational.
Has basically power, HVAC, basic cabling, but no or little as far as processing equipment is concerned.
Less expensive;
Available for longer timeframes because of the reduced costs;
Pratical for proprietary hardware or software use;
Not immediately available;
Operational testing not usually available;
Resources for operations not immediately available.
Are owned by the company and are mirrors of the original production environment.
Should also be amember of the team that assisted in the development of theDisaster Recovery Plan.
Is where two or more organizationsmutually agree to provide facilities to the other if a disaster occurs.
Electronic vaulting, remote journaling and database shadowing.
Is the process of transfering backup data to off-site location through communication lines. Takes place in batches and moves t
Refers to the parallel processing of transactions to an alternate site. Takes place in real time and transmits only thefile deltas.
Uses the live processing of remote journaling, but creates even more redundancy by duplicating the database sets to multiple
Refers to the classification of data into groups (clusters).
Describes the age of the data you want the ability to restore in the event of a disaster. Point to which application data must be
Is a period of time within which business and / or technology capabilities must be restored following anunplanned event or dis
The ACV is the default valuation clause for commercial property insurance. Value of item on the date of loss.
RCV is the maximum amount yourinsurance companywillpay you for damageto covered property before deducting for deprec
It is maximum delay businesses can tolerate and still remain viable.
30 days.
7 days.
72 hours.
24 hours.
Minutes to hours.
Should be responsible for starting the recoveryof the original site.
As part of a disaster recovery plan, BIA is likely to identify costs linked to failures. One of the first stepsof a BIA is to evaluate a
Is created using a hamming code that detects errors andestablishes which partof which drive is in error.
As it routes traffic through split cable facilities orduplicate cable facilities.
DRP refers to an IT-focused plan designed to restore operability of the target system, application, or computer facility at an alt
The BCPfocuses on sustaining an organization’s businessfunctions during and after a disruption.
The BRP addresses the restoration of business processes after an emergency.
Should be responsible for getting the alternative site into a working and functioning environment.
Focuses on information security responses to incidents affecting systems and/or networks.
Provides the response procedures for occupants of a facility in the event of a situation posing a potential threat to the health a
Is designed to evaluate existing exposures from the organization’s environment.
Assesses potential loss that could be caused by a disaster.
Is the average length of time the hardware is functional without failure.
Is the amount of time it takes to repair and resume normal operation after afailure has occurred. 
Is a full testof therecovery plan, utilizing all personnel.
Activates the total disaster recovery plan. This testis costly and could disrupt normal operations.
Is onlyconsidered a preliminary step to a real test.
Business unit management representatives meet towalk through the plan, ensuring it accurately reflects the organization’s ab
Strategy also called redunded siteor alternate site would be employed for applications, which cannot accept any downtimewit
is often a good choice for thosebusiness ownerswhose business is located in an area frequently hit by natural disasterssuch as
covers your business from damages caused by any type of disasterwith the exception of those specifically excludedin the polic
Isimplemented through a standard questionnaire to gather input from the most knowledgeable people.
Is a disruption in service due to a device malfunction or failure.
Is an event that causes the entire facility to be unusable for a day orlonger.
Is a major disruption that destroys the facility altogether.
Third party holds the source code, backups of the compiled code, manuals, and other supporting materials.
All data are backed up. The archive bitis cleared, which means that it is set to 0.
Backup the files that have been modified since the last Full Backup. Thearchive bit does not change. Take more time backup p
Backup all the files that have changed since the last Full Backup orIncremental Backup and sets the archive bit to 0. Take less ti
The data are sent over a serial line to abackup tape system at the offsite facility.
BCP are designed to minimize the damage done by the event, and facilitate rapid restorationof the organization to its full oper
Is responsible for restoring critical business functions at an alternate site in the event of disruption.
Is responsible for assessing the damage at the primary site when a disaster occurs.
Data striped over several drives. No redundancyor parity is involved. If one volume fails, the entire volume is unusable. It is us
Mirroring of drives. Data is writtento two drives at once. If one drive fails, the other drive has the exact same data available.
Data striping over all drivesand parity data heldon one drive. If a drive fails, it can be reconstructed from parity drive. Is implem
Same as level 3, except parity iscreated at the block level instead of the byte level.
Data is written in disk sectorunits to all drives. Parity is writtento all drives also, which ensures that there is no single point of f
Similar to level 5, but with added fault tolerance, which is asecond set of parity data written to all drivers.
Data are simultaneously mirrored and striped across several driversand can support multiple drive failures.
Is created by combining RAID Level 1and Level 5.
ls, butdoes not include data.

tire filethat has been updated.

s.

vered to resume business transactions.

RTO is one of the results of BIA.

nization’s business functions and associated systems, applications, and technology to determine how critical those functions are to the org

e site after an emergency.

fety of personnel, the environment, orproperty.

 recover successfully, at least on paper.
mpacting business.
anes, tornados, or floods. Such apolicy spells outthe specific eventsfor which you are covered.
ods and earthquakes are two events that aretypically excluded, but coverage for thesetypes of disasters can beadded to the policyfor an a

nd take less time to restore.

ackup phase and take more time to restore.

al capacity. They are for use “after the fact“, thus are examples of Corrective controls.

performance only.

d at the byte level.

those functions are to the organization.
beadded to the policyfor an additional fee.