UAB Information Security IS 413 DI Gangi

Early Computing Threats

The primary security threats were physical theft of equipment, espionage against system products, and sabotage.

Role of System Administrator

Individuals primarily responsible for administering the systems that house the organization's information.

ARPA 'Protection Analysis: Final Report' Focus

A study undertaken by ARPA to understand and detect vulnerabilities in operating systems security.

InfoSec Professional Role

Focuses on protecting the organization's information systems and stored information from attacks.

RAND Report R-609 Significance

The first widely recognized document to identify the role of management and policy issues in computer security.

Hardware System Definition (False Statement)

This statement is false; the concept described (entire set of people, procedures, and technology) is typically an information system, not merely a hardware system.

Organizational Asset

An organizational resource being protected, which can be logical (like a Web site or data) or physical (like hardware or a person).

ARPANET

A network project that preceded the Internet.

Information Security (InfoSec)

The protection of the confidentiality, integrity, and availability (CIA) of information assets using policy, education, awareness, and technology.

Possession vs. Confidentiality Breach

A breach of possession may not always result in a breach of confidentiality.

MULTICS

The first operating system to integrate security as one of its core functions.

InfoSec History Start

The history of information security begins with the concept of communications security.

Trojan Horse

Malware programs that hide their true nature, revealing their designed behavior only when activated.

Brownout

A short-term interruption in electrical power availability.

Distributed Denial-of-Service (DDoS)

An attack where a coordinated stream of requests is launched against a target from many locations simultaneously.

Preventing Human Error

Human error or failure can often be prevented using training, ongoing awareness activities, and controls.

Cyberterrorism

Premeditated, politically motivated attacks against information, computer systems, programs, and data that result in violence against noncombatant targets.

Mean Time Between Failure (MTBF)

The average amount of time until the next hardware failure.

Sniffer Program Function

A program that can reveal data transmitted on a network segment, including passwords, files, and sensitive data.

InfoSec Function Purpose

The information security function is responsible for safeguarding an organization's technology assets.

Pharming

The redirection of legitimate user Web traffic to illegitimate Web sites to collect personal information.

Primary Mission of InfoSec

This is false. InfoSec protects confidentiality, integrity, and availability (CIA); it is not focused on confidentiality at any cost.

Cyberterrorists

Individuals who hack systems to conduct terrorist activities using network or Internet pathways.

Separation of Duties

A cornerstone in protecting information assets and preventing financial loss.

Security Manager vs. CISO Scope

This is false. The CISO (Chief Information Security Officer) usually holds the higher-level, more general/strategic role.

Security Manager Role

Accomplish objectives identified by the CISO and resolve issues identified by technicians.

InfoSec Technical Professionals

Technical professionals often entering InfoSec include database administrators, programmers, and networking experts or systems administrators.

InfoSec Function Placement

This is false. The information security function can be structured as a peer of physical security or protective services within the organization.

SSCP Certification Focus

More applicable to the security technician than to the security manager.

Security Administrator Role

Provides day-to-day systems monitoring to support an organization's goals and objectives.

ISSEP Concentration Exclusions

ISSEP demonstrates expert knowledge in areas except technical management.

(ISC)2 Certification Concentrations

(ISC)2 has added concentrations to demonstrate advanced knowledge beyond the basic certification's common body of knowledge.

Contractors (Workforce Supplement)

Hired by the organization for a temporary position or to supplement the existing workforce.

Preferred InfoSec Candidate

Organizations typically seek a technically qualified information security specialist who understands organizational operations.

Standardized Job Descriptions Benefit

They can increase the degree of professionalism in the information security field.

Upper Management InfoSec Knowledge

Upper management should learn about the budgetary needs of the InfoSec function and its positions.

Incident Requiring Law Enforcement

This is false. An attack or breach does not always constitute a violation of law requiring law enforcement notification.

Hot Site

A fully configured computer facility that can establish operations at a moment's notice.

BIA vs. Risk Management (Assumption)

The Business Impact Analysis (BIA) assumes that controls have been bypassed, proven ineffective, or failed.

Damage Assessment

The rapid determination of the scope of the breach in confidentiality, integrity, and availability of assets during or just following an incident.

Alert Message

A description of an incident or disaster containing minimal information needed for personnel to implement their portion of the IR or DR plan quickly.

Disaster Classification

The process of examining an adverse event or incident and determining whether it constitutes an actual disaster.

Business Impact Analysis (BIA)

A preparatory activity common to both Contingency Planning (CP) and risk management.

Total Recovery Time vs. MTD

This is false. The total time needed to place the business function back in service should be less than the maximum tolerable downtime (MTD).

Recovery Point Objective (RPO)

The point in time prior to a disruption or outage to which business process data can be recovered after an outage.

Digital Malfeasance

A crime involving digital media, computer technology, or related components.

Risk Acceptance Strategy

The choice to do nothing to protect a vulnerability and accept the outcome of its exploitation.

Identifying Non-Tangible Assets

This is false. Identifying human resources, documentation, and data assets is typically more challenging than identifying hardware and software assets.

Risk Mitigation

The application of security mechanisms to reduce the risks to an organization's data and information systems.

Weighted Table Analysis

A method where assets or threats are prioritized by assigning scores to criteria of differing importance, summing, and ranking the results.

Exposure Factor (EF)

The expected percentage of loss that would occur from a particular attack.

Asset Importance Determination

Refer to the organization's mission statement or objectives to classify assets as essential, supportive, or adjunct.

Information Asset Categories (Exclusion)

Firmware is not typically listed as one of the recommended high-level categories for classifying information assets.

Firmware

Not typically listed as one of the recommended high-level categories for classifying information assets.

Likelihood (Risk)

The probability that a specific vulnerability within an organization will be the target of an attack.

First Phase of Risk Management

The initial phase of the process is risk identification.

Information Value Assessment

Some experts argue that determining the true value of information and information-bearing assets is virtually impossible.

Access Control

The method systems use to determine whether and how to admit a user into a trusted area (system or physical location).

Dynamic Filtering Firewall

A firewall that can react to an emergent event and update or create rules to handle the situation.

Lattice-based Access Control

A form of nondiscretionary access control where users are assigned a matrix of authorizations for particular areas of access.

VPN Tunnel Mode Benefit

The key benefit is that an intercepted packet reveals nothing about the true destination system.

ICMP (Ping Service)

A common method for hacker reconnaissance that should be turned off to prevent snooping.

DMZ Configuration

The DMZ can be configured as a dedicated port on the firewall device linking a single bastion host.

False Reject Rate (FRR)

The number of legitimate users who are denied access due to a failure in the biometric device.

Kerberos Resilience to DoS

Even when Kerberos servers face DoS attacks, a client can typically still request additional services.

Destructive Vulnerability Attacks

A class of attacks featured in some vulnerability scanners that are so dangerous they should only be used in a lab environment.

HIDPS (Host-based IDPS) Function

An HIDPS is focused on a single host and is not optimized to detect multihost scanning or non-host network devices.

IDPS Effectiveness Against New Attacks

IDPS generally cannot deal effectively with newly published attacks or variants of existing attacks.

Honeynet

A collection of honeypots connected together on a subnet.

Unused TCP/IP Port

Port 0 is not used in TCP/IP networking.

Intrusion Detection

Procedures and systems that identify system intrusions and take steps to limit the intrusion and return operations to a normal state.

Passive Scanner Advantage

They can find client-side vulnerabilities that are usually missed by active scanners.

HTTP Default Port

Port 80 is commonly used for the HTTP protocol.

IDPS (Burglar Alarm Analogy)

Works like a burglar alarm; it detects a violation (system activities) and activates an alarm.

Honeypots

Decoy systems designed to lure potential attackers away from critical systems.

HIDPS (Host-based IDPS) Monitoring

Benchmark and monitor the status of key system files to detect when an intruder creates, modifies, or deletes monitored files.

Nonrepudiation

The ability to hold customers or partners accountable for transactions which they cannot later deny.

Encryption

The process of converting an original message into a form that is unreadable to unauthorized individuals.

Hash Algorithms

Mathematical functions that create a message digest by converting variable-length messages into a single fixed-length value.

Symmetric Key Encryption

Methodologies requiring the same secret key to encipher and decipher are using symmetric (or private-key) encryption.

Encapsulating Security Payload (ESP)

Provides secrecy for network communication contents, plus system-to-system authentication and data integrity verification.

IPSec (Internet Protocol Security)

Designed to protect data integrity, user confidentiality, and authenticity at the IP packet level.

3DES (Triple DES)

The current federal information processing standard cryptographic algorithm used by the U.S. government (non-defense) to protect information.

Certificate Revocation List (CRL)

Periodically distributed by the CA in PKI to all users, identifying all revoked certificates.

S/MIME

Builds on the MIME protocol encoding format and uses digital signatures based on public-key cryptosystems to secure e-mail.

Work Breakdown Structure (WBS)

A simple project management tool used to break the project plan into smaller steps.

Logical Design Phase (SDLC)

The phase of SDLC that is implementation independent, meaning it has no reference to specific technologies, vendors, or products.

Longest/Most Expensive SDLC Phase

The maintenance and change phase is typically considered the longest and most expensive phase of the systems development life cycle.

Direct Changeover Drawback

The primary disadvantage is that if the new system fails, users may be without services during modification/fixing.

Project Planning Effort Estimation

Planners must estimate the effort required to complete every task, subtask, or action step.

Personnel Constraints

The necessity of having qualified, trained, and available personnel serves as a constraint on the project plan.

Pilot Implementation

Implementation where the entire security system is placed in a single, small organizational segment before enterprise-wide expansion.

Correcting Flawed Estimates

If the number of effort-hours is underestimated, the plan must be corrected, and downstream tasks must be updated.

Technology Governance

Guides technical system update frequency, update approval/funding, and communication about technical advances/issues across the organization.

Successors (Project Tasks)

Tasks or action steps that come after the task currently being addressed.

SecOps

An emerging methodology integrating development and operations teams to improve application functionality and security.

Implementation Planning Requirement

The creation of a detailed project plan is required when planning the implementation phase of a security project.

Policy Obsolescence

Policies and procedures can become inadequate due to changes in mission, operational requirements, threats, or the environment.

Vulnerability Assessment (VA)

The process of identifying and documenting specific and provable flaws in the organization's information asset environment.

Vulnerability Analyst Tasks (Screening)

The analyst classifies the test level, validates the vulnerability's existence, and documents the results when screening test results.