Flashcards in Security Engineering Deck (48):
Ability to deduce (infer) sensitive or restricted information from observing available information.
Primarily concerned with how subjects and objects are created, assigned rights or privileges, and how ownership is managed.
Defines the organizational structure and skill requirements of an IT Org as well as the set of operational procedures & practices that direct IT operations & infrastructure, including information Security operations
IT Infrastructure Library (ITIL)
Represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password
Formula to determine how many keys in PKI environment
The size of the key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.
Performs certificate registration services on behalf of a CA
Registration Authority (RA)
Involves the removal of characteristics from an entity in order to easily represent its essential properties
The study of techniques for attempting to defeat cryptography techniques and information security services
Smart networked systems with embedded sensors, processors, & actuators that are designed to sense & interact with the physical world & support real-time, guaranteed performance in safety-critical apps
Maintains activities at different security levels to separate these levels from each other
The science that deals with hidden, disguised, or encrypted communications. It embraces communications security & communications intelligence
A repository for information collected from a variety of data sources.
Electronic document that contains the name of an Org or individual, business address, digital signature of the CA issuing the certificate, the certificate holder's public key, a serial number, & expiration date
Provided by mixing up the location of the plaintext throughout the ciphertext
The reverse process from encoding-converting the encoded message back into its plaintext format
Attempt to take advantage of how a system handles multiple requests
Holistic life cycle for developing security architecture that begins with assessing business requirements & subsequently creating a "chain of traceability" through the phases of strategy, concept, design, implementation, & metrics
Sherwood Applied Business Security Architecture Framework (SABSA)
Diving a computer's memory into segments
An area or grouping within which a defined set of security policies & measures are applied to achieve a specific level of security
Security Zone of Control
An XML-based standard used to exchange authentication & authorization information.
Security Assertion Markup Language (SAML)
Holds data not currently being used by the CPU & is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Provides a structured methodology for documenting security requirements, documenting & validating security capabilities, & promoting international cooperation in the area of IT Security
Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.
Community Cloud Infrastructure
Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.
Provides a set of generally accepted processes to assist in maximizing the benefits derived using IT & developing appropriate IT governance
Control Objectives for Information and Related Technology (COBIT)
Communications mechanisms hidden from the access control & standard monitoring system of an information system.
Logical structure for identifying & organizing the descriptive representations (models) that are important in the management of enterprises & to the development of the systems, both automated & manual, that comprise them.
Represents the time & effort required to break a protective measure.
Process of reordering the plaintext to hide the message.
Architecture content framework (ACF) to describe standard building blocks & components as well as numerous references models.
The Open Group Architecture Framework (TOGAF)
Core of an OS, & one of its main functions is to provide access to system resources, which includes the system's hardware & processes.
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance & to synchronize cryptographic equipment.
Composition of two or more distinct cloud infrastructures (private, community, cloud, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data & application portability.
Hybrid Cloud Infrastructure
Action of changing a message into another format through the use of a code.
Used to provide computing services in a small form factor with limited processing power.
Provide authentication of a sender & integrity of a sender's message.
A broad range of technologies that grant control & protection to content providers over their own digital media
Digital Rights Management (DRM)
Provides a foundation upon which organizations can establish & review information technology security programs.
"Generally Accepted Principles & Practices for Securing Information Technology Systems" (NIST SP 800-14)
The storage of programs or instructions in ROM.
Focused on setting the long-term strategy for security services in the enterprise.
Enterprise Security Architecture (ESA)
Used to control industrial processes such as manufacturing, product handling, production, & distribution.
Industrial Control Systems (ICS)
Accepts an input message of any length & generates, through a one-way operation, a fixed-length output.
Describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering.
ISO/IEC 21827:2008, The Systems Security Engineering - Capability Maturity Model (SSE-CMM)
Process of exchanging one letter or byte for another.
Operate with a single cryptographic key that is used for both encryption & decryption of the message.
When a cryptosystem performs its encryption on a bit-by-bit basis.