Terms Flashcards
(20 cards)
Bidirectional Network
A bidirectional network is a network appliance or device allowing data to travel in two, usually opposite, directions.
Enterprise Password Vault
A repository where multiple user passwords are protected behind one master password
Personal Identifiable Information (PII)
First name or first initial AND last name in combination of one of the following: SS#, DL, or State ID Card #, account #, credit or debit card # in combination with security code, access code or password that would permit access to a person’s financial account.
Personal Health Information (PHI)
Individually identifiable information (including demographics) that relates to health condition, the provision of healthcare, or payment for such care.
Individual Identifiable Information (III)
Information unique to an individual, which could connect an individual to a unique set of information. Can be in any medium (hard copy, oral, electronic).
Protected Information
Subject to state, federal or other laws which typically place legal restrictions on what can or cannot be done with the information.
Confidential Information
Non-public information owned by a business or an entity where the business owes confidentiality.
Public Information
Information in the public domain and available for anyone with an interest to see.
De-Militarized Zone (DMZ)
A collection of hardware and services made available to outside, I trusted sources through a multi-layered tiered system.
Presentation Zone –> Web Application Zone –> Database Zone (only excepts traffic from web application zone servers)
The Golden Rule
The rules that are currently in the firewall and are permanent.
Ask
Application Service Knowledgebase
Transmission Control Protocol (TCP)
A core protocol of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore the entire suite is commonly referred to as TCP/IP.
Security Policy Intake Form (SPIF)
Form to add a (permanent) standard to the rules.
PEX
Policy Exception - one time exception to the policy
REM
Remediation
RSK
Risk Decision (Risk Register) - permanent policy exception
Unidirectional Network
A unidirectional network (also referred to as a unidirectional security gateway or data diode) is a network appliance or device allowing data to travel only in one direction, used in guaranteeing information security. They are most commonly found in high security environments such as defense, where they serve as connections between two or more networks of differing security classifications.
Pen Test
A penetration test simulates the actions of an internal or external attacker attempting to breach the security of the organization. Pen testing uses tools and techniques similar to those used by hackers to answer the question “Can someone break into the app or network and what can they get to if they succeed?”
Static Code Analysis
Analysis of native, uncompiled source code. This activity is performed b the application team, as part of the software development lifecycle (SDLC).
Dynamic Web Scanning
Web application vulnerability scans designed to connect to live Web applications, crawl/spider through the application, and test for known security vulnerabilities.
