Busy. Please wait.
or

show password
Forgot Password?

Don't have an account?  Sign up 
or

Username is available taken
show password

why


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account.
We do not share your email address with others. It is only used to allow you to reset your password. For details read our Privacy Policy and Terms of Service.


Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

Remove ads
Don't know
Know
remaining cards
Save
0:01
To flip the current card, click it or press the Spacebar key.  To move the current card to one of the three colored boxes, click on the box.  You may also press the UP ARROW key to move the card to the "Know" box, the DOWN ARROW key to move the card to the "Don't know" box, or the RIGHT ARROW key to move the card to the Remaining box.  You may also click on the card displayed in any of the three boxes to bring that card back to the center.

Pass complete!

"Know" box contains:
Time elapsed:
Retries:
restart all cards




share
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how

Winters Exam 3

TermDefinition
Cryptography the process of making and using codes to secure the transmission of information
Cryptanalysis the process of obtaining the original message from an encrypted message without knowing the algorithm and keys used to perform the encryption
Encryption the process of converting an original message into a form that is unreadable to unauthorized individuals
Decryption the process of converting ciphertext message back into plaintext
Cipher/Cryptosystem an encryption method
Ciphertext/Cryptogram the encoded message resulting for an encryption
Decipher to decrypt, decode, or convert, ciphertext into the equivalent plaintext
Encipher to encrypt, encode, or convert, plaintext into the equivalent ciphertext
Steganography the hiding of messages
Work factor the amount of effort required to perform cryptanalysis
Substitution cipher the encryption technique that substitutes one value for another
Monoalphabetic ______________ substitution uses one alphabet
Polyalphabetic ______________ substitution uses more than one alphabet
Transposition ______________ cipher simply rearranges the values with a block to create the ciphertext
Vernam ______________ cipher uses a set of characters only one time for each encryption process
Book/Running Key ______________ cipher uses the text in a book as the key to decrypt a message
Hash functions mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes made to it
Message authentication code allows only specific recipients (symmetric key holders) to access the message digest
Secure Hash Standard a secure algorithm for computing a condensed representation of a message of a data file
Symmetric (private key) Encryption methodologies that require the same secret key to encipher and decipher the message is considered ______________ encryption
Asymmetric (public key) Encryption methodologies that require to different but related keys, and either key can be used to encrypt or decrypt the message is ______________ encryption
Public Key Infrastructure an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely
Digital certificates public-key container files that allow computer programs to validate the key and identify to whom it belongs
Certificate authority ______________ issue, manages, authenticates, signs and revokes user’s digital certificates
Registration authority operates under the trusted collaboration of the certificated authority and can handle day-to-day certification functions
Nonrepudiation Digital signature can be used to verify that the message was sent by the sender. This process is known as ______________
Digital signatures ______________ help authenticate the origin of a message
Digital certificates ______________ authenticate the cryptographic key is embedded in the certificate.
Steganography the process of hiding information within a file is a modern version
man-in-the-middle A/n ______________ attack attempt to intercept a public key or even to insert a known key structure in place of the requested public key
Correlation ______________ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the cipertext
Dictionary A/n ______________ attack encrypts every word in a dictionary using the same cryptosystem as used by the target in an attempt to locate a match between the target ciphertext and the list of encrypted words
Timing attacks A/n ______________ uses statistical analysis of patterns and inter-keystroke timings to discern session information.
secure facility a physical location that has in place controls to minimize the risk of attacks from physical threats
ID card - typically concealed Badge - typically visible What is the major difference between ID cards and badges?
tailgating ______________ occurs when an authorized person present a key to open a door and other people with or without authorization may enter
fail-safe If a door lock fails and the door becomes unlocked
fail-secure If a door lock fails and the door becomes locked
mantrap a small enclosure that has a separate entry and exit points
1. thermal detection systems 2. fixed temperature sensors 3. rate of rise sensors What are the three basic types of fire detection system?
1. photoelectric sensors 2. ionization sensors 3. air-aspirating detection Smoke detectors operate in one of three ways. Name them.
dry pipe A/n ______________ fire suppression system is designed to work in areas where electrical equipment is used.
1. temperature 2. filtration 3. humidity 4. static elctricity What are the four environmental variables controlled by HVAC that can cause damage to information systems?
1. stand by or offline 2. ferroresonant standby 3. line-interactive 4. true online What are the four basic configurations of UPS?
TEMPEST a technology that prevents the loss of data that may result from the emission of electromagnetic radiation
1. direct observation 2. interception of data transmission 3. electromagnetic interception What are the three methods of data interception?
project A/n ______________ plan instructs individuals who are executing the implementation of an information security plan.
1. planning the project 2. supervising tasks and action steps 3. wrapping up What are the major steps in executing a project plan?
1)list of major task 2)work to be accomplish 3)individuals assigned to perform da task 4)start and end dates for the task 5)amount of effort to complete task 6)estimated capital expenses 7)estimated non-capital expenses 8)dependencies between tasks What goes into a work breakdown structure?
Measured results are compared to expected results. When significant deviation occurs, corrective action is taken to bring the task back into compliance or the project is revised. What is a negative feedback loop?
1. effort and money allocated 2. elapsed time or schedule impact 3. quality or quantity of the deliverable When executing a plan a project manager can adjust one of three planning parameters, what are they?
direct A/n ______________ changeover involves stopping the old method and beginning the new.
phased A/n ______________ implementation involves a measured rollout of the planned system.
pilot In ______________ implementation, the entire security system is put in a single office as a test.
parallel The ______________ operations strategy involves running the new methods alongside the old
CHECK STICKY NOTES Describe the Bull's Eye Method
Technology governance ______________ is a complex process that organizations use to manage the effects and costs of technology implementation, innovation, and obsolescence
accreditation the authorization of an IT system to process, store or transmit information assuring that systems are of adequate quality
information technology When positioning the information security department within an organization, the model commonly used by large organizations places the information security department within the ______________ department
CIO the executive in charge of the organization’s information
CISO this person must direct the information security department
security managers they are accountable for the day-to-day operations of the information security program
security technicians they configure firewalls, deploy IDPS, implement security software, etc
CISSP CISM SSCP CAP CISA SCP CCE Name 5 of the certifications for information security
consultants Individuals hired for a specific one time purpose and are not employees are considered ______________
contract employees Individuals hired for a specific one time purpose and are employees are considered ______________
separation of duties ______________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity or availability of information
two-person control the requirement that two individuals review and approve each other’s work before the work is categorized as finished
job rotation the requirement that every employee be able to perform the work of another
least privilege The principle that employees should be provided access to the minimum amount of information for the minimum amount of time necessary for them to perform their duties is ______________
Created by: cclugston