MIDTERMS - IAS - PART 2

Security Policy

A document describing a company's security controls and activities, outlining the protection of physical and information assets.

Policy Makers

Individuals or groups involved in creating security policies, including the board, IT team, legal team, and HR team.

Policy Audience

All senior management, employees, stockholders, consultants, and service providers who interact with company assets.

Policy Classification

Security policies are categorized as physical security, personnel management, and hardware/software controls.

Physical Security

Policies safeguarding physical assets through measures like surveillance, entry control, and alarms.

Personnel Management

Guidelines for employees to ensure secure handling of passwords and confidential information.

Hardware and Software

Policies specifying the technology and configuration used by system and network administrators.

Policy Audit

The process of comparing security policies with actual practices to identify internal and external vulnerabilities.

Policy Enforcement

Ensuring compliance with security policies to prevent accidental or deliberate violations.

Policy Awareness

Educating employees on security policies through regular training to reduce the risk of information leakage.

Privileged Password Management

A process to protect sensitive data by limiting access to specific individuals.

Network Administrator Daily Tasks

A checklist of essential daily duties for network administrators to maintain system security.

Network Security Audit Checklist

A comprehensive audit covering hardware, software, and human processes to identify risks.

Firewall Audit Checklist

A thorough review of firewall configurations and rules, ensuring all changes are documented.

Virtual Private Network (VPN) Configuration

Setting up remote access for employees while ensuring proper documentation and security.

Apache Server Setup

Guidelines for configuring the Apache server using various command methods.

E-mail Server Security

Protecting email systems from phishing and malicious attacks through technical and professional measures.

Penetration Testing

Simulating cyberattacks to identify vulnerabilities and assess potential system damage.

Network Compliance

Ensuring systems meet regulatory standards through monitoring, auditing, and maintaining documentation.

Cryptography

The science of secret writing, ensuring secure communication and data protection.

Symmetric Key Cryptography

Encryption method using a single secret key for both encryption and decryption.

Asymmetric Key Cryptography

Also called public-key cryptography, using separate public and private keys for encryption and decryption.

Hashing

Transforming plaintext into a fixed-size hash value to ensure data integrity.

Cryptanalysis

The study and practice of breaking cryptosystems and analyzing ciphers to discover vulnerabilities.

Classical Attack

Cryptanalysis methods using mathematical analysis and brute-force approaches to break encryption.

Social Engineering Attack

Manipulating people into revealing confidential information or granting unauthorized access.

Implementation Attack

Using side-channel analysis to exploit weaknesses when physical access to a system is available.