Professional Documents
Culture Documents
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
Information
security
management
system (ISMS)
Information
security
steering
committee
Executive
management
Security
advisory
group
Chief Privacy
Officer (CPO)
Chief
Information
Security
Officer (CISO)
Process
owners
Information
assets owners
and data
owners
Users
External
parties
Security
administrator
Security
specialists/advisors
13.
IT developers
14.
IS auditors
4 layers of logical
security
Mandatory access
controls (MACs)
Discretionary
access controls
(DACs)
Hackers
Denial of service
(DoS)
20.
Social engineering
21.
Phishing
Peer-to-peer
computing
Logical access
controls
12.
15.
16.
17.
18.
19.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
Technical
exposures
Identification
and
authentication
(I&A)
Two-factor
authenication
Biometrics
Falserejection rate
(FRR)
Failure-toenroll rate
(FER)
Falseacceptance
rate (FAR)
Single sign-on
(SSO)
Access control
naming
conventions
Virtualization
Passive
attacks
36.
Active attacks
37.
Firewall
3 categories
of firewalls
Packet
filtering
IP spoofing
Miniature
fragment
attack
Applicationlevel gateway
firewall
Circuit-level
firewalls
Stateful
inspection
Demilitarized
zone (DMZ)
Application
firewall
systems
35.
38.
39.
40.
41.
42.
43.
44.
45.
46.
Intrusion
detection
system (IDS)
Intrusion
prevention
system (IPS)
49.
Honeypot
50.
Honeynet
47.
48.
51.
52.
53.
54.
55.
56.
57.
58.
Encryption
Encryption
key
Symmetric key
encryption
Asymmetric
key
encryption
Digital
signature
Digital
envelope
Public key
infrastructure
(PKI)
Secure sockets
layer (SSL)
59.
Virus
60.
Worm
61.
Scanners
Active
monitors
Integrity
CRC
checkers
Behavior
blockers
IP
telephony
Voice-over
IP (VoIP)
Private
branch
exchange
(PBX)
Data
ownership
Access
path
Bypass
label
processing
(BLP)
System
exit
Computer
forensics
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
Extraction
a process that consists of identification and selection of data from the imaged data set
74.
Chain of custody
a term that refers to documenting, in detail, how evidence is handled and maintained, including its ownership,
transfer and modification
75.
External testing
refers to attacks and control circumvention attempts on the target's network perimeter from outside the target's
system
76.
Internal testing
refers to attacks and control circumvention attempts on the target from within the perimeter
77.
Blind testing
refers to the condition of testing when the penetration tester is provided with limited or no knowledge of the target's
information systems
Double blind
testing
refers to the condition of testing when the penetration tester has little or no knowledge of the target's information
systems AND the administrator and staff at the target are not aware of the test
Targeted testing
refers to attacks and control circumvention attempt on the target, while both the target's IT team and penetration
testers are aware of the testing activities; penetration testers are provided with information related to the target and
network design
Total failure
(blackout)
a complete loss of electrical power often caused by weather conditions or inability of electrical utility companies to
meet demands
Severely reduced
voltage
(brownout)
the failure of an electrical utility company to supply power within an acceptable range
Sags / spikes /
surges
Electromagnetic
interference
(EMI)
Uninterruptible
power supply /
generator
consists of a battery or gasoline powered generator that interfaces with the electrical power entering the facility and
the electrical power entering the computer; cleanses the power to ensure that voltage into the computer is consistent;
continues power in the event of an electrical failure
78.
79.
80.
81.
82.
83.
84.