Term | Definition |
Cryptography | the process of making and using codes to secure the transmission of information |
Cryptanalysis | the process of obtaining the original message from an encrypted message without knowing the algorithm and keys used to perform the encryption |
Encryption | the process of converting an original message into a form that is unreadable to unauthorized individuals |
Decryption | the process of converting ciphertext message back into plaintext |
Cipher/Cryptosystem | an encryption method |
Ciphertext/Cryptogram | the encoded message resulting for an encryption |
Decipher | to decrypt, decode, or convert, ciphertext into the equivalent plaintext |
Encipher | to encrypt, encode, or convert, plaintext into the equivalent ciphertext |
Steganography | the hiding of messages |
Work factor | the amount of effort required to perform cryptanalysis |
Substitution cipher | the encryption technique that substitutes one value for another |
Monoalphabetic | ______________ substitution uses one alphabet |
Polyalphabetic | ______________ substitution uses more than one alphabet |
Transposition | ______________ cipher simply rearranges the values with a block to create the ciphertext |
Vernam | ______________ cipher uses a set of characters only one time for each encryption process |
Book/Running Key | ______________ cipher uses the text in a book as the key to decrypt a message |
Hash functions | mathematical algorithms that generate a message summary or digest to confirm the identity of a specific message and to confirm that there have not been any changes made to it |
Message authentication code | allows only specific recipients (symmetric key holders) to access the message digest |
Secure Hash Standard | a secure algorithm for computing a condensed representation of a message of a data file |
Symmetric (private key) | Encryption methodologies that require the same secret key to encipher and decipher the message is considered ______________ encryption |
Asymmetric (public key) | Encryption methodologies that require to different but related keys, and either key can be used to encrypt or decrypt the message is ______________ encryption |
Public Key Infrastructure | an integrated system of software, encryption methodologies, protocols, legal agreements, and third-party services that enables users to communicate securely |
Digital certificates | public-key container files that allow computer programs to validate the key and identify to whom it belongs |
Certificate authority | ______________ issue, manages, authenticates, signs and revokes user’s digital certificates |
Registration authority | operates under the trusted collaboration of the certificated authority and can handle day-to-day certification functions |
Nonrepudiation | Digital signature can be used to verify that the message was sent by the sender. This process is known as ______________ |
Digital signatures | ______________ help authenticate the origin of a message |
Digital certificates | ______________ authenticate the cryptographic key is embedded in the certificate. |
Steganography | the process of hiding information within a file is a modern version |
man-in-the-middle | A/n ______________ attack attempt to intercept a public key or even to insert a known key structure in place of the requested public key |
Correlation | ______________ attacks are a collection of brute-force methods that attempt to deduce statistical relationships between the structure of the unknown key and the cipertext |
Dictionary | A/n ______________ attack encrypts every word in a dictionary using the same cryptosystem as used by the target in an attempt to locate a match between the target ciphertext and the list of encrypted words |
Timing attacks | A/n ______________ uses statistical analysis of patterns and inter-keystroke timings to discern session information. |
secure facility | a physical location that has in place controls to minimize the risk of attacks from physical threats |
ID card - typically concealed
Badge - typically visible | What is the major difference between ID cards and badges? |
tailgating | ______________ occurs when an authorized person present a key to open a door and other people with or without authorization may enter |
fail-safe | If a door lock fails and the door becomes unlocked |
fail-secure | If a door lock fails and the door becomes locked |
mantrap | a small enclosure that has a separate entry and exit points |
1. thermal detection systems
2. fixed temperature sensors
3. rate of rise sensors | What are the three basic types of fire detection system? |
1. photoelectric sensors
2. ionization sensors
3. air-aspirating detection | Smoke detectors operate in one of three ways. Name them. |
dry pipe | A/n ______________ fire suppression system is designed to work in areas where electrical equipment is used. |
1. temperature
2. filtration
3. humidity
4. static elctricity | What are the four environmental variables controlled by HVAC that can cause damage to information systems? |
1. stand by or offline
2. ferroresonant standby
3. line-interactive
4. true online | What are the four basic configurations of UPS? |
TEMPEST | a technology that prevents the loss of data that may result from the emission of electromagnetic radiation |
1. direct observation
2. interception of data transmission
3. electromagnetic interception | What are the three methods of data interception? |
project | A/n ______________ plan instructs individuals who are executing the implementation of an information security plan. |
1. planning the project
2. supervising tasks and action steps
3. wrapping up | What are the major steps in executing a project plan? |
1)list of major task
2)work to be accomplish
3)individuals assigned to perform da task
4)start and end dates for the task
5)amount of effort to complete task
6)estimated capital expenses
7)estimated non-capital expenses
8)dependencies between tasks | What goes into a work breakdown structure? |
Measured results are compared to expected results. When significant deviation occurs, corrective action is taken to bring the task back into compliance or the project is revised. | What is a negative feedback loop? |
1. effort and money allocated
2. elapsed time or schedule impact
3. quality or quantity of the deliverable | When executing a plan a project manager can adjust one of three planning parameters, what are they? |
direct | A/n ______________ changeover involves stopping the old method and beginning the new. |
phased | A/n ______________ implementation involves a measured rollout of the planned system. |
pilot | In ______________ implementation, the entire security system is put in a single office as a test. |
parallel | The ______________ operations strategy involves running the new methods alongside the old |
CHECK STICKY NOTES | Describe the Bull's Eye Method |
Technology governance | ______________ is a complex process that organizations use to manage the effects and costs of technology implementation, innovation, and obsolescence |
accreditation | the authorization of an IT system to process, store or transmit information assuring that systems are of adequate quality |
information technology | When positioning the information security department within an organization, the model commonly used by large organizations places the information security department within the ______________ department |
CIO | the executive in charge of the organization’s information |
CISO | this person must direct the information security department |
security managers | they are accountable for the day-to-day operations of the information security program |
security technicians | they configure firewalls, deploy IDPS, implement security software, etc |
CISSP CISM SSCP CAP CISA SCP CCE | Name 5 of the certifications for information security |
consultants | Individuals hired for a specific one time purpose and are not employees are considered ______________ |
contract employees | Individuals hired for a specific one time purpose and are employees are considered ______________ |
separation of duties | ______________ is used to reduce the chance of an individual violating information security and breaching the confidentiality, integrity or availability of information |
two-person control | the requirement that two individuals review and approve each other’s work before the work is categorized as finished |
job rotation | the requirement that every employee be able to perform the work of another |
least privilege | The principle that employees should be provided access to the minimum amount of information for the minimum amount of time necessary for them to perform their duties is ______________ |