Index
A
Acceptable use policy (AUP)
Access controls
Acquired software security impact
Administrative controls
Advanced Encryption Standard (AES)
Advisory, informational, and regulatory (AIR)
Agile model
Alpha testing
Alternative site
Annualized rate of occurrence (ARO)
Annual loss expectancy (ALE)
Application programming interface (API)
Asset security
classification
analysis
cloud computing
Private Sector
review questions
statement
US government’s information
data and system ownership
classification/management
review questions
rules/regulations
data handling requirements
data security controls, protection
intellectual properties/properties
PKI/CA
Asset value (AV)
Assurance level
Asymmetric algorithms
Audit functions
Auditing file/record/database
Authentication Header (AH)
Authentication methods
Authentication server (AS)
B
Bell–LaPadula security model
Bet/acceptance test
Biba model
Big bang model
Biometrics
Botnets
Breach
Brewer–Nash model
Business continuity plan (BCP)
Business impact analysis (BIA)
C
Caesar cipher
Certificate authority (CA)
Certificate revocation list (CRL)
Chain of custody (COC)
Change advisory board (CAB)
Change management (CM) process
CIA/DDA triads
Civil law
Clark–Wilson model
Clipping level
Coercion
Cohesion
Cold site
Committee of Sponsoring Organizations (COSO)
Common access cards (CACs)
Compensating controls
Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA)
Computerized assessment test (CAT)
Computer malware
Confidentiality, Integrity and Availability (CIA)
Control frameworks
COBIT
COSO
ITIL
SOX Act
Control Objectives for Information and Related Technology (COBIT)
Corrective controls
Coupling
Crime prevention through environmental design (CPTED)
Crossover error rate (CER)
Cryptanalysis
Cryptic Data Inc. (CDI)
Customer service representatives (CSRs)
Cyberattacks
D
Database administrator (DBA)
Database architectures and security
Database group (DBG)
Data diddle attack
Data Encryption Algorithm (DEA)
Data Encryption Standard (DES)
Data loss prevention (DLP)
Data protection officer (DPO)
Data remanence
Data retention
memory types
review questions
two options
DB administrator (DBA)
Decryption
DELETE, INSERT, UPDATE, and SELECT (DIUS)
Department of Defense (DoD)
Derived class
Detective controls
Deterrent controls
Digital Encryption Standard (DES)
Direct access storage device (DASD)
Disaster recovery plan (DRP)
Discretionary Access Control (DAC)
Distributed/dedicated denial-of-service (DDoS) attack
Driveby downloads
Due care
Due diligence
Dynamic link library (DLL)
E
eDiscovery
Encapsulated Security Payload (ESP)
Encryption
Enterprise risk management framework (ERMF)
Enticement
Entrapment
Environmental Protection Agency (EPA)
European Economic Area (EEA)
Evaluation assurance level (EAL)
Exigent circumstances
Exposure factor (EF)
Extensible Authentication Protocol (EAP)
F
FaceTime
False acceptance rate (FAR)
False rejection rate (FRR)
File Transfer Protocol (FTP)
Firewalls
Forensic investigation
Forensics
Full protection proof (FPP)
Full test
Fuzz testing
G
General Data Protection Regulation (GDPR)
Gigabyte per second (Gbps)
Global access list (GAL)
Government Risk Management and Compliance (GRMC)
Graham Denning model
Graphic user interface (GUI)
H
Hacking
Hard disk drives (HDDs)
Harrison-Ruzzo-Ullman (HRU) model
Hot site
I, J
Identifiable information (PII)
Identification Authentication and Authorization
access control management
markup languages
Identification, authentication, authorization, and accountability (IAAAA) process
Incremental attacks
Indexed addressing
Information security legal issues
baselines
CISSP certification holders
guidelines
policies
procedures
regulatory auditor
security breach
standards
Information Technology Infrastructure Library (ITIL)
Information technology (IT)
Information Technology Security Evaluation Criteria (ITSEC)
Instantiation
Integration test
Interface test
Internet control message protocol (ICMP)
Internet Corporation for Assigned Names and Numbers (ICANN)
Internet Engineering Task Force (IETF)
Internet Key Exchange (IKE)
Internet Protocol Security Standard (IPSec)
Internet provider service (IPS)
Internet Security Association and Key Management Protocol (ISAKMP)
Internet service provider (ISP)
Investigation
Iterative model
K
Kerberos
L
LAN, WAN, wireless, Network security
network/software/person
standards
Law enforcement officials (LEOs)
Layer 2 Tunneling Protocol (L2TP)
Legal/investigation regulatory compliance
CISSP
civil law
Coercion
product liability
search warrant
subpoena
tort law
writ petition
Lightweight Directory Access Protocol (LDAP)
Lipner model
Locard’s principle
Logical/technical controls
Logic bombs
M
Macros
Maintenance test
Mandatory access control (MAC)
Mandatory vacation
Maximum period time of disruption (MPTD)
Maximum tolerable downtime (MTD)
Maximum tolerable outage (MTO)
Mean time between failures (MTBF)
Meme virus
Memory management
memory addressing schemes
RAID
Message Protocol for Computer Service (MPCS)
Mirror site
Multipart virus
N
National Assurance Institute (NAI)
Network attacks
classes
denial-of-service
IPSec protocol/AH/ESP
Network interface card (NIC)
Network intrusion detection system (NIDS)
Nondisclosure agreement (NDA)
Noninterference model
No service during outage (NSDO)
Nxt-generation addressing (IPng)
O
Object-oriented programming (OOP)
Occupational Safety and Health Administration (OSHA)
Offset addressing
One-time password (OTP)
Online Certificate Status Protocol (OCSP)
Open Web Application Security Project (OWASP)
Oracle Data Components (ODC)
Organization security policy (OSP)
Ozzie Ozone
P, Q
Parallel test
Personally identifiable information (PII)
Physical access controls
Physical security
access cards
biometric access
CAC
CAT
electricity
environmental design
fires
identity card
mantrap
manual access
piggybacking/tailgating
revolving door
transponder card
Polyinstantiation
Polymorphic virus
Polymorphism
Preventive controls
Privacy, protecting
DPO
GDPR
Prolific & Visionary Backups (PVB)
Proximate causation
Public key certificate (PKC)
Public Key Infrastructure (PKI)
R
Read-through test
Reciprocal agreement
Recovery controls
Recovery point objective (RPO)
Recovery strategies
Recovery team
Recovery time objective (RTO)
Redundant Array or Independent Disks (RAID)
Register direct addressing
Regression test
Requests for code changes (RFC)
Requirements traceability matrix (RTM)
Restoration team
Risk management concepts
CAPTCHA
FIRST step
plans, IT security
reCAPTCHA
Role-based access control (RBAC)
Rootkit
Rotation of duty
Rule-based access control (RuBAC)
S
Salami attack
Salting
Salvage team
Sandbox testing
Sanity test
Sarbanes–Oxley (SOX) Act
Script viruses
Search warrant
Secure network architecture
IPv6 address, validating/invalid
private/public IP addresses
TCP/IP and OSI models and layers
Secure network components
Security and Risk Management
Security policies/standards/procedures/guidelines
Vendor/Consultant/Contractor Security
Security assessment
risk
threats
vulnerabilities
Security engineering
CISSP exam
CPU
models
Security evaluation models
EAL
Security governance principles
ITSEC
Rainbow series
security levels/meaning
TCSEC
Security process data
Security target
Service And Network Protocol (SANP)
Service bureau
Service level agreement (SLA)
Signature-based virus detection system
Simple Internet Message Protocol (SIMP)
Simple Object Access Protocol (SOAP)
Simulation test
Single loss expectancy (SLE)
Single sign-on (SSO)
Slack space
Smoke test
Social Security numbers (SSNs)
Software development lifecycle (SDLC)
Software development models
Software testing
Spiral model
Spyware/adware
Standard operating procedures (SOPs)
Stealth virus
Steganography
Storage Networking Industry Association (SNIA)
Structure Query Language (SQL)
Stuxnet
Subpoena
Symmetric algorithms
Symmetric cryptographic system
System development lifecycle (SDLC)
System test
T
Tabletop test
Telephone denial of service (TDoS)
Threat agent
Threat vector
Time-of-check, time-of-use attack (TOCTOU)
Time of check (TOC)
Time of use (TOU)
Tort law
Transmission Control Protocol (TCP)
Trojan horses
Trusted Computer System Evaluation Criteria (TCSEC)
U
Unbreakable Cryptography Inc. (UCI)
Uninterrupted power supply (UPS)
Unit test
V
VERT-WOLD
V-model
Voice over Internet Protocol (VoIP)
Vulnerability
W, X, Y, Z
Warm site
Waterfall model
Work recovery time (WRT)
Worms
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.109.30