Immediate Attention Flashcards Preview

CISSP > Immediate Attention > Flashcards

Flashcards in Immediate Attention Deck (36):

What is Differential cryptanalysis?

seeks to find the difference between related plaintexts that are encrypted.

The plaintexts may differ by a few bits.

It is usually launched as an adaptive chosen plaintext attack; the attacker chooses the plaintext to be encrypted (but does not know the key) and then encrypts related plaintexts.


What is Linear cryptanalysis?

is a known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key. The pairs are studied to derive information about the key used to create them. Both differential and linear analysis can be combined as differential linear analysis.


What is Side-channel attacks?

use physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.


What security principle can be used to help detect fraud coming from users becoming comfortable in their position?

rotation of duties


What is the purpose of rotation of duties?

to detect fraudulent behavior, which increases detection capabilities. the fact that responsibilities are routinely rotated deters fraud. Collusion prevention


What is the purpose of Separation of duties?

multiple people are required to complete critical or sensitive transactions. Minimize collusion


which plan provides strategies to detect, respond to, and limit consequences of malicious cyber incident

Cyber Incident Response Plan


Graham-Denning Model

concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed. It has three parts: objects, subjects, and rules. It provides a more granular approach for interaction between subjects and objects. There are eight rules: Create object, create subject, delete object, delete subject, read access right, grant access right, delete access right, and transfer access right.


Harrison–Ruzzo–Ullman (HRU) Model

maps subjects, objects, and access rights to an access matrix. It is considered a variation to the Graham–Denning Model. It differs from Graham–Denning because it considers subjects to be also objects.



only backup files that have changed since the last backup of any kind was performed and will reset archive bit. The time to perform the incremental backup is greatly reduced but it requires quite a few tapes. The most time in restoration.


Differential backups

differential backup records every piece of data in a file that has changed since the last full backup.



means the order of the plaintext should be spread out in the ciphertext.



means that the relationship between the plaintext and ciphertext should be as random as possible.


What is terminology used to describe the data in data-link?



What is terminology used to describe the data in network layer?



What is terminology used to describe the data in transport?



The core principles of PCI-DSS are

• Build and maintain a secure network. • Protect cardholder data. • Maintain a vulnerability management program. • Implement strong access control measures. • Regularly monitor and test networks. • Maintain an information security policy.


Configuration management

is a process of identifying and documenting hardware components, software, and the associated settings.

o It involves the development of a security-oriented baseline configuration.

o It involves tasks such as disabling unnecessary services; removing unnecessary programs;


Change Management

the purpose is to understand, communicate, and document any changes with the primary goal of being able to understand, control, and avoid direct or indirect negative impact that the changes might impose.

The general flow of the change management process:

o Identifying a change

o Proposing a change

o Assessing the risk associated with the change

o Testing the change

o Scheduling the change

o Notifying impacted parties of the change o Implementing the change


Publication 800-30

Risk Management Guide for IT Systems


Publication 800-12

discusses three specific policy types: program policy, issue-specific policy, and system-specific policy.


Publication 800-37

a four-step Certification and Accreditation process


Publication 800-34

Business continuity planning


Publication 800-64



Publication 800-61

incident response life cycle


Internet Activities Board’s (IAB) published as

RFC 1087 in 1987 code of ethics, Ethics and the Internet.



a formal method for determining how a disruption to the IT systems of an organization will impact the organization’s requirements, processes, and interdependencies with respect the business mission.

It an analysis to identify and prioritize critical IT systems and components.

It enables the BCP/DRP project manager to fully characterize the IT contingency requirements and priorities.

The objective is to correlate the IT system components with the critical service it supports.

It also aims to quantify the consequence of a disruption to the system component and how that will affect the organization.

The primary goal of the BIA is to determine the maximum tolerable downtime (MTD) for a specific IT asset.


Collection Limitation Principle

Personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individual’s knowledge and approval.


Data Quality Principle—

Personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection.


Purpose Specification Principle

the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.


Use Limitation Principle

Personal data should never be disclosed without either the consent of the individual or legal requirement.


Security Safeguards Principle

Personal data should be reasonably protected against unauthorized use, disclosure, or alteration.


Cipher Block Chaining (CBC)

a block mode that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted.

The first encrypted block is an initialization vector. This “chaining” the result of encrypting one block of data is fed back into the process to encrypt the next block of data.

This “chaining” destroys patterns. One limitation is that encryption errors will propagate due to the chaining, destroying their integrity.

A image thumb

Cipher Feedback (CFB)

a stream mode (usually 8-bits).

The first 8 bits that come from the algorithm are then XORed with the first 8 bits of the plaintext (the first segment).

Each 8-bit segment is then transmitted to the receiver and also fed back into the shift register.

It uses feedback (the name for chaining when used in stream modes) to destroy patterns.

Like CBC, CFB uses an initialization vector and destroys patterns, and errors propagate. Best suited for communication between a terminal and a host.

A image thumb

Output Feedback (OFB)

the keystream itself is chained, but there is no chaining of the ciphertext not affected by encryption errors, errors will not propagate.

A image thumb

Counter (CTR) mode

a 64-bit random data block—is used as the first IV. A requirement of CTR is that the counter must be different for every block of plaintext, so for each subsequent block, the counter is incremented by 1.

used in high-speed applications such as IPSec and ATM.

A image thumb