Definition 1 of 273
ensures data is available when needed to authorized users
Exposure factor (ef)
quantitative decision making
Cascading (composition Theory)
Availability (CIA Triangle)
Definition 2 of 273
used to establish communication sessions between trusted partners; operate on the session layer
(layer 5); known as circuit proxies; manage comms based on the circuit, not the content of the
traffic
qualitative decision making
discretionary access controls
circuit level gateway firewalls
secure sockets layer (SSL)
,Definition 3 of 273
allows systems to support multicasting - the transition of data to multiple specific recipients; used
by IP hosts to register their dynamic multicast group membership; via IGMP a server can transmit
data for an entire group rather than a separate signal for each recipient; IP protocol field value is
2 (0x02)
ISC2 Code of Ethics Canons (4)
Internet Group Management Protocol (IGMP)
infrastructure as a service (IaaS)
policy
Definition 4 of 273
verification that a person is who they say they are; ex: entering a password or PIN, biometrics, etc
- always a two step process with identifying
authorization
authentication
identification
non-repudiation
Definition 5 of 273
establishing, maintaining, and terminating communication sessions between two PCs; manages
dialogue control:
simplex: one way communication
half-duplex: two way communication but only one direction can send data at a time
full-duplex: two way communication - data can be sent both directions simultaneously
session layer (layer 5)
senior manager role
denial of service (DoS)
legally defensible security
,Definition 6 of 273
supports only a single communication to a specific recipient
unicast transmission
infrastructure as a service (IaaS)
baseband
security token
Definition 7 of 273
Category A: Verified protection, the highest level of security
Category B: Mandatory protection
Category C: Discretionary protection
Category D: Minimal protection
network layer (layer 3)
TCSEC categories
process isolation
change management
Term 8 of 273
direct sequence spread spectrum (DSSS)
responsible for adding routing and addressing information to the data; accepts the
segment from the transport layer and adds information to it to create a packet
CPU supplied with the memory location address but indirect involves addresses who are
not on the same page as the current instruction running; may be used as an operand
counting the number of times each letter appears in the ciphertext
employs all available freq's in parallel (simultaneously); higher rate of throughput than
FHSS; uses an encoding mechanism (chipping code) to help reconstruct distorted data
, Term 9 of 273
statistical attack
long term plan that is fairly stable; defines the org's security purpose; useful to forecast
about 5 years and serves as a planning horizon - long term goals and vision (high level)
exploits statistical weakness such as floating point errors and inability to produce truly
random numbers; vulnerability in hardware
describes a system that is always secure no matter what state it is in; boots into a secure
state, maintains a secure state through all transitions, and allows subjects to access
resources only in a secure manner
required whenever industry or legal standards are applicable to your organization (NERC
CIP, FISMA)
Term 10 of 273
digital certificate standard X.509
certificates contain the following:
- version of X.509
- serial number
- signature algorithm identifier
- issuer name (the CA)
- validity period
- subject's name
- subject's public key
secure sockets layer (SSL) - VPN like security protocol that operates at the transport layer;
designed to support HTTPS but is capable fo securing any application layer protocol
derivative of PaaS; provides on demand online access to specific software applications or
suites without the need for local installation
to obtain legal restitution a company must demonstrate a crime was committed, suspect
committed that crime, and took reasonable efforts to prevent the crime
files are accurate, policy in place, proper authentication, compliance with laws and
regulation
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller stuuviaa. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.99. You're not tied to anything after your purchase.