Shared Flashcard Set

Details

CISSP Domain 3 2017
Domain 3
73
Other
Not Applicable
04/09/2017

Additional Other Flashcards

 


 

Cards

Term
Involves the removal of characteristics from an entity in order to easily represent its essential properties.
Definition
Abstraction
Term
A two-dimensional table that allows for individual subjects and objects to be related to each other.
Definition
Access Control Matrix
Term
One-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineering).
Definition
Asymmetric Algorithms
Term
Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process's memory address space.
Definition
Address Space Layout Randomization (ASLR)
Term
Combining non-sensitive data from separate sources to create sensitive information.
Definition
Aggregation
Term
A mathematical function that is used in the encryption and decryption processes.
Definition
Algorithm
Term
Explores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access.
Definition
Bell-La Padula Model
Term
This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.
Definition
Brewer-Nash (The Chinese Wall) Model
Term
The design, documentation, and management of the lowest layer of the OSI network model - the physical layer.
Definition
Cable Plant Management
Term
An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Definition
Certificate Authority (CA)
Term
The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients.
Definition
Ciphertext or Cryptogram
Term
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management.
Definition
Cloud Computing
Term
model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management.




















Cloud Computing





















Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.
Definition
Common Criteria
Term
Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.
Definition
Community Cloud Infrastructure
Term
Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.
Definition
Confusion
Term
Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance
Definition
Control Objects for Information and Related Technology (COBIT)
Term
Communications mechanisms hidden from the access control and standard monitoring systems of an information system.
Definition
Covert Channels
Term
The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.
Definition
Cryptanalysis
Term
The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence.
Definition
Cryptology
Term
Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.
Definition
Cyber-Physical Systems (CPS)
Term
Maintains activities at different security levels to separate these levels from each other.
Definition
Data Hiding
Term
A repository for information collected from a variety of data sources.
Definition
Data Warehouse
Term
The reverse process from encoding - converting the encoded message back into its plaintext format.
Definition
Decoding
Term
Provided by mixing up the location of the plaintext throughout the ciphertext.
Definition
Diffusion
Term
An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder's public key, a serial number, and the expiration date
Definition
Digital Certificate
Term
A broad range of technologies that grant control and protection to content providers over their own digital media.
Definition
Digital Rights Management (DRM)
Term
Provide authentication of a sender and integrity of a sender's message.
Definition
Digital Signatures
Term
Focused on setting the long-term strategy for security services in the enterprise.
Definition
Enterprise Security Architecture (ESA)
Term
The storage of programs or instructions in ROM.
Definition
Firmware
Term
Provides a foundation upon which organizations can establish and review information technology security programs.
Definition
"Generally Accepted Principles and Practices for Securing Information Technology Systems" (NIST SP 800-14)
Term
Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.
Definition
Graham-Denning
Term
The ability to deduce (infer) sensitive or restricted information from observing available information.
Definition
Inference
Term
Describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering.
Definition
ISO/IEC 21827:2008, The Systems Security Engineering - Capability Maturity Model (SSE-CMM)
Term
Accepts an input message of any length and generates, through a one-way operation, a fixed-length output.
Definition
Hash Function
Term
Used to control industrial processes such as manufacturing, product handling, production, and distribution.
Definition
Industrial Control Systems (ICS)
Term
Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.
Definition
IT Infrastructure Library (ITIL)
Term
Used to provide computing services in a small form factor with limited processing power.
Definition
Embedded Systems
Term
The action of changing a message into another format through the use of a code.
Definition
Encoding
Term
A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
Definition
Hybrid Cloud Infrastructure
Term
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.
Definition
Initialization Vector (IV)
Term
When different encryption keys generate the same ciphertext from the same plaintext message.
Definition
Key Clustering
Term
The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.
Definition
Key Length
Term
This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Definition
Key Space
Term
A small block of data that is generated using a secret key and then appended to the message.
Definition
Message Authentication Code (MAC)
Term
A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality
Definition
Message Digest
Term
A connectivity software that enables multiple processes running on one or more machines to interact.
Definition
Middleware
Term
A security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.
Definition
Multilevel Lattice Models
Term
A service that ensures the sender cannot deny a message was sent and the integrity of the message is intact.
Definition
Non-repudiation
Term
An interoperable authentication protocol based on the OAuth 2.0 family of specifications.
Definition
OpenID Connect
Term
A nonprofit organization focused on improving the security of software.
Definition
OWASP
Term
Divides the memory address space into equal-sized blocks called pages.
Definition
Paging
Term
Provides the security architect with a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.
Definition
Payment Card Industry Data Security Standard (PCI-DSS)
Term
The message in its natural format
Definition
Plaintext
Term
Stores data that has a high probability of being requested by the CPU.
Definition
Primary Storage
Term
In this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.
Definition
Private Cloud
Term
Divides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key.
Definition
Protection Keying
Term
Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
Definition
Public Cloud Infrastructure
Term
This performs certificate registration services on behalf of a CA.
Definition
Registration Authority (RA)
Term
Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Definition
Secondary Storage
Term
An XML-based standard used to exchange authentication and authorization information.
Definition
Security Assertion Markup Language (SAML)
Term
An area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security.
Definition
Security Zone of Control
Term
Dividing a computer's memory into segments.
Definition
Segmentation
Term
Holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a "chain of traceability" through the phases of strategy, concept, design, implementation, and metrics.
Definition
Sherwood Applied Business Security Architecture (SABSA) Framework
Term
Attempt to take advantage of how a system handles multiple requests.
Definition
State Attacks
Term
Describes the behavior of a system as it moves between one state and another, from one moment to another.
Definition
State Machine Model
Term
When a cryptosystem performs its encryption on a bit-by-bit basis
Definition
Stream-based Ciphers
Term
Operate with a single cryptographic key that is used for both encryption and decryption of the message.
Definition
Symmetric Algorithms
Term
The process of exchanging one letter or byte for another.




















Substitution





















The core of an OS, and one of its main functions is to provide access to system resources, which includes the system's hardware and processes.
Definition
Substitution
Term
The core of an OS, and one of its main functions is to provide access to system resources, which includes the system's hardware and processes.
Definition
System Kernel
Term
An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models.
Definition
The Open Group Architecture Framework (TOGAF)
Term
The process of reordering the plaintext to hide the message
Definition
Transposition
Term
This represents the time and effort required to break a protective measure.
Definition
Work Factor
Term
A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them.
Definition
Zachman Framework
Supporting users have an ad free experience!