Unique Terms (Must-Know) Flashcards Preview

CISSP Prep - The Last Run > Unique Terms (Must-Know) > Flashcards

Flashcards in Unique Terms (Must-Know) Deck (61):
1

Confidentiality

seeks to prevent the unauthorized disclosure of information: it keeps data secret

2

Integrity

seeks to prevent unauthorized modification of information

3

Availability

ensures that information is available when needed

4

Subject

an active entity on an information system

5

Object

a passive data file

6

Annualized Loss Expectancy

the cost of loss due to risk over a year

7

Threat

a potentially negative occurrence

8

Vulnerability

a weakness in a system

9

Risk

a matched threat and vulnerability

10

Safeguard

a measure taken to reduce risk

11

Total Cost of Ownership

the cost of a safeguard

12

Return on Investment

money saved by deploying a safeguard

13

RAM

Random Access Memory, volatile hardware memory that loses integrity after loss of power

14

ROM

Read Only Memory, non volatile memory that maintains integrity after loss of power

15

Scoping

the process of determining which portions of a standard will be employed by an organization

16

SSD

Solid State Drive, a combination of flash memory (EEPROM) and (DRAM)

17

Tailoring

the process of customizing a stand for an organization

18

Asymmetric Encryption

encryption that uses two keys: if you encrypt with on you may decrypt with the other

19

Hash Function

one way function using an algorithm and no key

20

Hypervisor

allows multiple virtual operating system guests to run on one host

21

Mantrap

a preventive physical control with two doors. Each door requires a separate form of authentication to open

22

Tailgating

following an authorized person into a building without providing credentials

23

TCSEC

Trust Computer System Evaluation Criteria, also known as Orange Book

24

Symmetric Encryption

encryption that uses one key to encrypt and decrypt

25

The OSI Model

a network model with seven layer: physical, datalink, network, transport, session, presentation, and application

26

TCP/IP Model

a simpler network model with four layers: network access, Internet, transport, and application

27

Packed-switched network

a form of networking where bandwidth is shared and data is carried in units called packets

28

Switch

a layer 2 device that carries traffic on one LAN, based on MAC addresses

29

Router

a layer 3 device that routes traffic from one LAN to another, based on IP addresses

30

Pack Filter and Stateful Firewalls

devices that filter traffic based on OSI layers 3 (IP addresses) and 4 (ports)

31

Carrier Sense Multiple Access (CSMA)

a method used by Ethernet networks to allow shared usage of baseband (one-channel) network and avoid collisions (multiple interfering signals)

32

Remanence

data that persists beyond noninvasive means to delete it

33

Reference Monitor

mediates all access between subjects and objects

34

Crossover Error Rate (CER)

describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal

35

Discretionary Access Control (DAC)

gives subjects full control of objects they have created or been given access to, including sharing the objects with other subjects

36

False Accept Rate (FAR)

occurs when an unauthorized subject is accepted by the biometric system as valid. Also called Type II error

37

False Reject Rate (FRR)

occurs when an authorized subject is rejected by the biometric system as unauthorized. Also call a Type I error

38

Mandatory Access Control (MAC)

system-enforced access control based on subject's clearances and object's labels

39

Role-Based Access Controls (RBAC)

subjects are grouped into roles and each defined role has access permission based upon the role, not the individual

40

Dynamic Testing

tests code while executing it

41

Fuzzing

type of black box testing that submits random, malformed data as inputs into software programs to determine if they will crash

42

Penetration Testing

authorized attempt to break into an organization's physical or electronic perimeter (and sometime both)

43

Static Testing

tests code passively: the code is not running

44

Synthetic Transactions

also called synthetic monitoring: involves building scripts or tools that simulate activities normally performed in an application

45

Business Continuity Plan (BCP)

a long-term plan to ensure the continuity of business operations

46

Collusion

an agreement between two or more individuals to subvert the security of a system

47

Disaster

any disruptive event that interrupts normal system operations

48

Disaster Recovery Plan (DRP)

a short-term plan to recover from a disruptive event

49

Continuity of Operations Plan (COOP)

a plan to maintain operations during a disaster

50

Mean Time Between Failures (MTBF)

quantifies how long a new or repaired system will run on average before failing

51

Mean Time to Repair (MTTR)

describes how long it will take to recover a failed system

52

Mirroring

complete duplication of data to another disk, used by some levels of RAID

53

Redundant Array of Inexpensive Disks (RAID)

a method of using multiple disk drives to achieve greater data reliability, greater speed, or both

54

Striping

spreading data writes across multiple disks to achieve performance gains, used by some levels of RAID

55

Extreme Programming (XP)

an Agile development method that uses pairs of programmers who work off a detailed specification

56

Object

a "black box" that combines code and data, and sends and receives messages

57

Object-Oriented Programming

changes the older procedural programming methodology, and treats a program as a series of connected objects that communicate via messages

58

Procedural languages

programming languages that use subroutines, procedures and functions

59

Spiral Model

a software development model designed to control risk

60

Systems Development Life Cycle (SDLC)

a development model that focuses on security in every phase

61

Waterfall Model

an application development model that uses rigid phases; when one phase ends, the next begins