Chapter 11 Flashcards
risk management
The identification, assessment, and prioritization of risks, and the
mitigation and monitoring of those risks.
information assurance
The practice of managing risks that are related to computer
hardware and software systems.
risk transference
The transfer or outsourcing of risk to a third party. Also known as
risk sharing.
risk avoidance
When an organization avoids risk because the risk factor is too great.
residual risk
The risk that is left over after a security plan and a disaster recovery plan
have been implemented.
quantitative risk
assessment An assessment that measures risk by using exact monetary
values.
qualitative risk assessment
An assessment that assigns numeric values to the probability
of a risk and the impact it can have on the system or network.
mean time between failures
Defi nes the average number of failures per million hours
for a product in question.
Open Vulnerability and Assessment Language (OVAL)
A standard and a programming
language designed to standardize the transfer of secure public information across networks
and the Internet utilizing any security tools and services available.
banner grabbing
A technique used to gain information about servers and take inventory
of systems and services.
protocol analyzer
Software tool used to capture and analyze packets.
proxy server Acts as an intermediary between clients, usually located on
dictionary attack
A password attack that uses a prearranged list of likely words, trying
each of them one at a time.
cryptanalysis attack
A password attack that uses a considerable set of precalculated
encrypted passwords located in a lookup table.
rainbow table
In password cracking, a set of precalculated encrypted passwords located
in a lookup table.
salting
The randomization of the hashing process to defend against cryptanalysis password
attacks and rainbow tables.