- Shuffle
Toggle OnToggle Off
- Alphabetize
Toggle OnToggle Off
- Front First
Toggle OnToggle Off
- Both Sides
Toggle OnToggle Off
Front
How to study your flashcards.
Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key
Up/Down arrow keys: Flip the card between the front and back.down keyup key
H key: Show hint (3rd side).h key
PLAY BUTTON
PLAY BUTTON
14 Cards in this Set
- Front
- Back
|
Security controls that depend on secrecy.
|
Security through obcurity
|
|
Controls that exist in a layered fashion.
|
Defense in depth
|
|
Controls that aim to stop an attack from succeeding.
|
Preventive controls
|
|
Controls that aim to identify malicious activity on the network.
|
Detective controls.
|
|
Controls that aim to restore a resource to its pre-attack state.
|
Corrective controls
|
|
Focuses on the features and system architecture used to ensure that the security policy is enforced during system operations.
|
Operational assurance
|
|
Four types of recover under the common criteria.
|
Manual, automated, automated without undue loss, function
|
|
Mechanisms that require human intervention to retore the system to a secure state.
|
Manual recovery
|
|
Provides for at least one type of service discontinuity recovery to a secure state without human intervention. May require human intervention for recovery from other discontinuities.
|
Automated recovery
|
|
Provides for automated recovery but strengthens the requirements by disallowing undue loss of protected objects.
|
Automated recovery without undue loss
|
|
Provides for recovery at the level of particular security functions ensuring either successful completion or rollback of data to a secure state.
|
Function recovery
|
|
Steps taken by an organization to ensure that a system is designed developed and maintained using formalized and rigorous controls and standards.
|
Lifecycle assurance
|
|
Three parts of lifecycle assurance
|
Security testing, design specification and verification, configuration management
|
|
Five steps of the change control process.
|
Applying, cataloging, scheduling, implementing, reporting
|
