Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
52 Cards in this Set
- Front
- Back
|
Acceptable use policy
|
A policy that defines the actions users may perform while accessing systems and networking equipment.
|
|
|
Asymmetric Encryption
|
uses two mathematically related keys
|
|
|
asymmetric key
|
one of a pair of keys used with an asymmetric cryptographic algorithm
a public key and a private key |
|
|
Authenticity
|
provides proof of genuineness of the user
|
|
|
Availability
|
security actions that ensure that data is accessible to authorized users
|
|
|
bridge trust model
|
A trust model with one CA that acts as a facilitator to interconnect all other CAs.
|
|
|
Certificate Authority
|
A trusted third-party agency that is responsible for issuing the digital certificates.
|
|
|
Chain of custody
|
A process of documentation that shows that the evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence.
|
|
|
Cleartext
|
Unencrypted data.
|
|
|
Cold Site
|
A remote site that provides office space; the customer must provide and install all the equipment needed to continue operations.
|
|
|
Computer forensics
|
Using technology to search for computer evidence of a crime.
|
|
|
Confidentiality
|
security action that ensure only authorized parties can view information
|
|
|
Cryptography
|
The science of transforming information into a secure form while it is being transmitted or stored so that unauthorized persons cannot access it.
|
|
|
Decryption
|
The process of changing ciphertext into plaintext.
|
|
|
Digital certificate
|
A technology used to associate a user's identity to a public key, in which the user's public key is "digitally signed" by a trusted third party.
|
|
|
digital signature
|
An electronic verification of the sender.
|
|
|
Disaster recovery
|
The procedures and processes for restoring an organization's IT operations following a disaster.
|
|
|
distributed trust
|
a type of trust model in which a relationship exists between two individuals because they know each other
|
|
|
EFS(Encrypting File System)
|
cryptography system for Windows that use NTFS file system-tightly integrated with the file system-any file created in encrypted folder or added to encrypted folder is auto encrypted. when authorized user open file it is auto decrypted
|
|
|
Encryption
|
The process of changing plaintext into ciphertext.
|
|
|
Faraday cage
|
A metallic enclosure that prevents the entry or escape of an electromagnetic field.
|
|
|
Hashing
|
The process for creating a unique digital fingerprint signature for a set of data.
|
|
|
hierarchical trust model
|
A trust model that has a single hierarchy with one master CA.
|
|
|
Hot Site
|
A duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link.
|
|
|
Integrity
|
security actions that ensure that the information is correct and no unauthorized persons or malicious software have altered the data
|
|
|
IPsec
|
A set of protocols developed to support the secure exchange of packets.
|
|
|
key recovery agent (KRA)
|
A highly trusted person responsible for recovering lost or damaged digital certificates.
|
|
|
Nonrepudiation
|
The process of proving that a user performed an action.
|
|
|
Penetration testing
|
a test by an outsider to actually exploit any weaknesses in systems that are vulnerable
|
|
|
prime number
|
essential to most of the algorithms used in public key cryptography
|
|
|
Privacy policy
|
A policy that outlines how the organization uses personal information it collects.
|
|
|
private key
|
An asymmetric encryption key that does have to be protected.
|
|
|
public key
|
An asymmetric encryption key that does not have to be protected.
|
|
|
public key infrastructure (PKI)
|
A framework for all of the entities involved in digital certificates for digital certificate management.
|
|
|
Registration Authority
|
A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
|
|
|
Risk
|
the likelihood that a threat agent will exploit the vulnerability
|
|
|
Risk management
|
is the identification, assessment,and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability/impact of unfortunate events
|
|
|
security policy
|
a document or series of documents that clearly defines the defense mechanisms an organizations will employ to keep information secure
|
|
|
social engineering
|
a means of gathering information for an attack by relying on the weakness of individuals
|
|
|
social networking
|
Grouping individuals and organizations into clusters or groups based on a like affiliation.
|
|
|
SSH
|
A UNIX-based command interface and protocol for securely accessing a remote computer.
|
|
|
Steganography
|
Hiding the existence of data within a text, audio, image, or video file.
|
|
|
Succession planning
|
determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees
|
|
|
Symmetric Encryption
|
Encryption that uses a single key to encrypt and decrypt a message.??????
|
|
|
symmetric key
|
s single and used with the operations of a symmetric encryption scheme
|
|
|
third-party trust
|
A trust model in which two individuals trust each other because each individually trusts a third party.
|
|
|
Threat
|
a type of action that has the potential to cause harm
|
|
|
Trusted Platform Module
|
A chip on the motherboard of the computer that provides cryptographic services.
|
|
|
uninterruptible power supply
|
a device that maintains power to equipment in the event of an interruption in the primary electrical power source
|
|
|
Van Eck phreaking
|
the use of sophisticated tools to pick up electromagnetic fields and read the data that is producing them to eavesdrop on telecommunication signals or data within a computer device
|
|
|
Vulnerability
|
a flaw or weakness that allows a threat agent to bypass security
|
|
|
Warm Site
|
A remote site that contains computer equipment but does not have active Internet or telecommunication facilities, and does not have backups of data.
|
