Thor - ISC2 CC Domain 5

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/50

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

51 Terms

1
New cards

Patch Management

This is done in a regular basis order to keep our network secure especially when a vulnerability is discovered

2
New cards

Change Management

A formalized process on how we handle changes to our environments.

3
New cards

Cryptographic method done by switching Letters by a certain number of spots in the alphabet.

4
New cards

Cryptology

The science of securing communications.

5
New cards

Cryptography

Method of creating messages where the meaning is hidden.

6
New cards

Cryptanalysis

The science of breaking encrypted communication.

7
New cards

Plaintext

This is an unencrypted message

8
New cards

Ciphertext

What do we call an encrypted message?

9
New cards

Encryption

A method that converts the plaintext to a ciphertext.

10
New cards

Decryption

Method of turning a ciphertext back into a plaintext.

11
New cards

Asymmetric

This encryption doesn't not need a pre-shared key

12
New cards

Public Key

Key used by others to encrypt messages sent to you.

13
New cards

Private Key

A key used to decrypt messages sent with your public key.

14
New cards

Hybrid Encryption

Uses Asymmetric encryption to share a Symmetric Key

15
New cards

Hash Functions

One-way functions that are used for Integrity

16
New cards

Hash

It is used to prove the Integrity of the data has not changed.

17
New cards

Collision

When 2 hashes of different data provide the same hash

18
New cards

MitM Attack

The attacker secretly relays and may alter communication between two parties, who believe they are directly communicating with each other.

19
New cards

Side Channel Attacks

Attackers use physical data to break a crypto system. This can be CPU cycles, power consumption while encrypting/decrypting,

20
New cards

Data Handling

This is done by having policies on how, where, when, and why the data was handled. Logs should be in place to show these metrics.

21
New cards

Data storage

This is where data is kept in a secure. A climate-controlled facility, preferably geographically distant or at least far enough away that potential incidents will not affect that facility too.

22
New cards

Data Retention

Data should not be kept beyond the period of usefulness or beyond the legal requirements (whichever is greater).

23
New cards

Deleting

A action where file if just removed; everything is still recoverable.

24
New cards

Formatting

Removing of files, but it also puts a new file structure over the old one. Still recoverable in most cases.

25
New cards

Overwriting

Done by writing 0s or random characters over the data.

26
New cards

sanitation

a process of rendering target data on the media infeasible for a given level of recovery effort.

27
New cards

Degaussing

destroys magnetic media by exposing it to a very strong magnetic field. This will also most likely destroy the media integrity

28
New cards

Part of the Information life cycle where the information is either created or copied from another location.

29
New cards

Data Use

Part of the Information life cycle we ensure the data is kept confidential, the integrity is intact, and it is available when needed (The CIA triad).

30
New cards

Data Archival

Part of the Information life cycle where retention required by law, or the data will be used later.

31
New cards

Data Disposal

Part of the Information life cycle we dispose properly of the data once it is no longer useful and required.

32
New cards

AUP (Acceptable Use Policy)

A policy that provides a structure on proper use of the network, data, resource

33
New cards

BYOD (bring your own device)

Policy that allows employees to bring their own devices within certain parameters.

34
New cards

Privacy policy

Policy on how we gather, use, disclose, and manage private data.

35
New cards

Data handling policy

A policy that classify, categorize, label, encrypt, store, backup, disposal/destroy.

36
New cards

Sate where data is stored

37
New cards

Data in Motion

Data state where it is being transferred on a network.

38
New cards

Data in Use

Data state where we are actively using the files/data, it cannot be encrypted

39
New cards

Training

This is done to provide users with a skillset

40
New cards

Awareness

That to encourage users to change their behavior

41
New cards

Social Engineering

Uses people skills to bypass security controls

42
New cards

Authority

Way of social engineering by looking and sounding like an authority figure, be in charge, this can be in a uniform or a suit. Most effective with impersonation, whaling, and vishing attacks.

43
New cards

Intimidation

A social engineering premise rooted on: "If you don't bad thing happens"

44
New cards

Consensus

An act of social engineering where you are following the crowd, everyone else was doing it

45
New cards

Scarcity

A social engineering attack where in if you don't act now, it is too late.

46
New cards

Urgency

Social engineering attack where in action has to happen now or else something bad may happen

47
New cards

Phishing

Social engineering email attack

48
New cards

Spear Phishing

Targeted phishing, not just random spam, but targeted at specific individuals.

49
New cards

Whaling

Spear phishing targeted at senior leadership of an organization.

50
New cards

Vishing

Attacks over automated VOIP (Voice over IP) systems, bulk spam similar to phishing.

51
New cards

acqusition

use

archival

disposal

Steps in data handling

Explore top notes

Explore top flashcards