What is Differential cryptanalysis?
seeks to find the difference between related plaintexts that are encrypted.
The plaintexts may differ by a few bits.
It is usually launched as an adaptive chosen plaintext attack; the attacker chooses the plaintext to be encrypted (but does not know the key) and then encrypts related plaintexts.
What is Linear cryptanalysis?
is a known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key. The pairs are studied to derive information about the key used to create them. Both differential and linear analysis can be combined as differential linear analysis.
What is Side-channel attacks?
use physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.
What security principle can be used to help detect fraud coming from users becoming comfortable in their position?
rotation of duties
What is the purpose of rotation of duties?
to detect fraudulent behavior, which increases detection capabilities. the fact that responsibilities are routinely rotated deters fraud. Collusion prevention
What is the purpose of Separation of duties?
multiple people are required to complete critical or sensitive transactions. Minimize collusion
which plan provides strategies to detect, respond to, and limit consequences of malicious cyber incident
Cyber Incident Response Plan
concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed. It has three parts: objects, subjects, and rules. It provides a more granular approach for interaction between subjects and objects. There are eight rules: Create object, create subject, delete object, delete subject, read access right, grant access right, delete access right, and transfer access right.
Harrison–Ruzzo–Ullman (HRU) Model
maps subjects, objects, and access rights to an access matrix. It is considered a variation to the Graham–Denning Model. It differs from Graham–Denning because it considers subjects to be also objects.
only backup files that have changed since the last backup of any kind was performed and will reset archive bit. The time to perform the incremental backup is greatly reduced but it requires quite a few tapes. The most time in restoration.
differential backup records every piece of data in a file that has changed since the last full backup.
means the order of the plaintext should be spread out in the ciphertext.
means that the relationship between the plaintext and ciphertext should be as random as possible.
What is terminology used to describe the data in data-link?
What is terminology used to describe the data in network layer?
What is terminology used to describe the data in transport?
The core principles of PCI-DSS are
• Build and maintain a secure network. • Protect cardholder data. • Maintain a vulnerability management program. • Implement strong access control measures. • Regularly monitor and test networks. • Maintain an information security policy.
is a process of identifying and documenting hardware components, software, and the associated settings.
o It involves the development of a security-oriented baseline configuration.
o It involves tasks such as disabling unnecessary services; removing unnecessary programs;
the purpose is to understand, communicate, and document any changes with the primary goal of being able to understand, control, and avoid direct or indirect negative impact that the changes might impose.
The general flow of the change management process:
o Identifying a change
o Proposing a change
o Assessing the risk associated with the change
o Testing the change
o Scheduling the change
o Notifying impacted parties of the change o Implementing the change
Risk Management Guide for IT Systems
discusses three specific policy types: program policy, issue-specific policy, and system-specific policy.
a four-step Certification and Accreditation process
Business continuity planning
incident response life cycle
Internet Activities Board’s (IAB) published as
RFC 1087 in 1987 code of ethics, Ethics and the Internet.
a formal method for determining how a disruption to the IT systems of an organization will impact the organization’s requirements, processes, and interdependencies with respect the business mission.
It an analysis to identify and prioritize critical IT systems and components.
It enables the BCP/DRP project manager to fully characterize the IT contingency requirements and priorities.
The objective is to correlate the IT system components with the critical service it supports.
It also aims to quantify the consequence of a disruption to the system component and how that will affect the organization.
The primary goal of the BIA is to determine the maximum tolerable downtime (MTD) for a specific IT asset.
Collection Limitation Principle
Personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individual’s knowledge and approval.
Data Quality Principle—
Personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection.
Purpose Specification Principle
the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.
Use Limitation Principle
Personal data should never be disclosed without either the consent of the individual or legal requirement.
Security Safeguards Principle
Personal data should be reasonably protected against unauthorized use, disclosure, or alteration.
Cipher Block Chaining (CBC)
a block mode that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted.
The first encrypted block is an initialization vector. This “chaining” the result of encrypting one block of data is fed back into the process to encrypt the next block of data.
This “chaining” destroys patterns. One limitation is that encryption errors will propagate due to the chaining, destroying their integrity.
Cipher Feedback (CFB)
a stream mode (usually 8-bits).
The first 8 bits that come from the algorithm are then XORed with the first 8 bits of the plaintext (the first segment).
Each 8-bit segment is then transmitted to the receiver and also fed back into the shift register.
It uses feedback (the name for chaining when used in stream modes) to destroy patterns.
Like CBC, CFB uses an initialization vector and destroys patterns, and errors propagate. Best suited for communication between a terminal and a host.
Output Feedback (OFB)
the keystream itself is chained, but there is no chaining of the ciphertext not affected by encryption errors, errors will not propagate.
Counter (CTR) mode
a 64-bit random data block—is used as the first IV. A requirement of CTR is that the counter must be different for every block of plaintext, so for each subsequent block, the counter is incremented by 1.
used in high-speed applications such as IPSec and ATM.