1.

Access Controls and their three types: Physical / Administrative / Logical-Technical

 a. Detective
 b. Directive
 c. Deter
 d. Compensating
 e. Control
 f. Preventative
 g. Recovery

1. Incident Response Procedure

 a. Detect
 b. Respond
 c. Mitigate
 d. Report
 e. Remediate
 f. Recover
 g. Lessons Learned

1. Data Lifecycle

 a. Create
 b. Store
 c. Use
 d. Share
 e. Archive
 f. Destroy

1. Capability Maturity Modeling Integration (CMMI) Process

 a. Initial
 b. Repeatable
 c. Defined
 d. Managed
 e. Optimized

1. OSI Model / TCP/IP Model / Data Types

 a. PDNTSPA = Please Do Not Throw Sausage Pizza Away

1. i. Physical – Hubs / Repeaters

2. ii. Data – Switches / ARP / ICMP / IGMP
3. iii. Nework - Routers
4. iv. Transport – TCP/IP
5. v. Session – RPC / PPP
6. vi. Presentation – jpeg / mpeg
7. vii. Application – ftp / dns

 b. NITA = Network / Internet / Transport / Application

 c. Data Types

1. i. DataGram
2. ii. DataStream
3. iii. Session
4. iv. Packets
5. v. Frames
6. vi. Bits
7. Microsoft Threat Model

 a. Spoofing
 b. Tampering
 c. Repudiation
 d. Information Disclosure
 e. DDoS
 f. Elevation of Privileges

1. System Development Lifecycle (SDLC) and Systems Lifecycle (SLC)

 a. Plan and Initiate

 b. Functional Requirements
 c. System Architecture
 d. Acceptance
 e. Development
 f. Documentation
 g. Certification
 h. Accreditation
 i. Test
 j. Transition
 k. Operations – SLC only
 l. Disposal – SLC only

1. Evaluation Assurance Levels 1 – 7

 a. 1 is weak; functionally only

 b. 3 is in the middle; methodically tested
 c. 7 is strongest; formally verified

1. Identity Assurance Level 1-3

 a. 1 is Something you Know

 b. 2 is Something you Have
 c. 3 is Something you Are

1. Language Generations 1 – 5

 a. 1 is CPU language
 b. 3 is .NET / C++ / C / etc
 c. 5 is Natural Linguistics
1. Security Assertion Markup Language

 a. Identity Provider
 b. User Principals
 c. Service Provider
 d. Attributes
 e. Bindings
 f. Profile
 g. Protocol
 h. Authorization
 i. Authentication

1. OAuth

 a. User Resource
 b. Relay Resource
 c. Application Client
 d. No Credentials

1. Fire Extinguisher Types

 a. Ashes – Material
 b. Boils – Liquids
 c. Charge (E for UK) - Electrical
 d. Dense - Metals
 e. Kitchen

1. Security Modes

 a. Dedicated – All
 b. System High
 c. Compartmented
 d. Multilevel – Only

1. Biometric Accept/Reject

 a. False Acceptance Rate – Type II

 b. False Rejection Rate – Type I
 c. Crossover Error Rate – Equal Error Rate; When FAR/FRR are Equal

1. Single Lost Expectancy is Asset Value x Exposure Factor

2. Annualized Loss Expectancy is SLE x ARO (Annual Rate of Occurrence)
3. Change Management

 a. Request
 b. Review
 c. Authorize
 d. Test
 e. Schedule
 f. Deploy
1. Security Access Controls

 a. Discretionary Access Control – Ex NTFS

 b. Attribute Role Based Access Control – Ex Location
 c. Mandatory Access Control – Labels and Categories
 d. Nondiscretionary Access Controls – Centralized
 e. Role Based Access Controls – Groups
 f. Rule Based Access Controls – Firewalls; Globally applied to everyone Equally

1. Risk Assessment doc from NIST

2. Risk Management Framework doc from NIST
3. Security Controls doc from NIST