symmetric encryption
both parties use the same, shared, private key to encrypt and decrypt the message
asymmetric encryption
private key is not shared and the public key provides the other half necessary to encrypt/decrypt
decryption/decipherment
where intended recipients converts cipher text into plain text
public key infastructure
system and processes used to issue and manage asymmetric keys and digital certificate
Program-level policy
describes info security and assigns responsibility for achievement of security objectives to the IT department
Issue-specific policy
addresses specific issues of concern to the organization
program-framework policy
adds detail to the IT program by describing the elements and organization of the program and department that will carry out the security mission
System-specific polocy
focuses on policy issues that management has decided for a specific system
administrative controls examples
separation of duties, business continuity planning, proper hiring practices
logical controls
software safeguards for an entity’s computer systems identification and software access
firewall
allows private intranet users to access the Internet without allowing Internet users access to private intranet
general control
designed to ensure an organization’s control environment is stable and well managed:
- systems development standards
- security mgt controls
- change mgt controld
- software acquisition, development, operations and maintenance controls
application control
prevent, detect and correct transaction error and fraud and are application-specific, providing reasonable assurance as to a system accuracy, completeness and validity
processing controls
reconciliation of batch totals and similar procedures
What do factors are key in a disaster recovery plan?
Downtown (or complete lack thereof) and backup
cold site
off-site location that has all the electircal connections and other physical requirements for data processing, but does not have the actual equipment
hot site
off-site location that is equipped to take over a company’s data processing
Differential backup
copies all changes made since last full backup
incremental backup
involves copying only the data items that have been changed since last backup
closed loop verification
involves one party verifying the identity of another party
primary purpose of a disaster recovery plan
specify the steps required to resume operations
