09102017_Wiley_Test3 Flashcards
______is used to sufficiently cleanse remnants of data on a magnetic storage drive so that it can be reused in unsecure environments.
Purging
The _______ model enforces separation of duties to further protect the integrity of data.
Clark-Wilson
In a _______ ______, all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment
trusted system
telephone network) requires the use of a modem to support digital computer communications over an otherwise analog link
POTS (plain old telephone system) or PSTN (public switched
Which form of physical security control focuses on facility construction and selection, site management, personnel controls, awareness training, and emergency response and procedures?
Administrative
________ access controls are the policies and procedures defined by an organizations security policy to implement and enforce overall access control. These focus on two areas: personnel and business practices (e.g., people and policies). Examples of administrative access controls include policies, procedures, hiring practices, background checks, data classification, security training, vacation history, reviews, work supervision, personnel controls, and testing.
Administrative access controls
_______ access controls are the hardware or software mechanisms used to manage access to resources and systems and provide protection for those resources and systems. Examples of logical or technical access controls include encryption, smart cards, passwords, biometrics, constrained interfaces, access control lists (ACLs), protocols, firewalls, routers, intrusion detection systems, and clipping levels.
Logical/technical
_____access controls Physical access controls are the physical barriers deployed to prevent direct contact with systems or portions of a facility. Examples of physical access controls include guards, fences, motion detectors, locked doors, sealed windows, lights, cable protections, laptop locks, swipe cards, guard dogs, video cameras, mantraps, and alarms.
Physical
The second phase of the IDEAL software development model is the Diagnosing stage.
Diagnosing
IDEAL
Software Development Tool
Initiate- reason for change outlined Diagnose - troubleshoot and analyze Establish - plan of attack based on dx Act - walk the walk Learn - QI
CMM
Initiate Repeatable Defined Manage Optimize
What software development technique includes as a basic principle that it values responding to change over following a plan?
Agile
_____logging provides a nonmodifiable repository for system logs, preventing an attacker from destroying evidence of an attack.
Centralized
Technology ________ is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time
Technology convergence is the tendency for various technologies, solutions, utilities, and systems to evolve and merge over time
____ evidence must be either uniquely identified by a witness or authenticated through a documented chain of custody
Real
Chain of evidence or chain of custody has ___ ____ ___ ____of the evidence…
WHO, WHAT, WHERE and WHEN
Chain of Custody. Must track and ______
Record all evidence.
Real evidence must by ______ _____ ____
relevant,
materiality,
competent
Parol Evidence
“Escrow”. Agreement put into writing
Who is responsible for authoring the principle that can be summed up as “the enemy knows the system”?
Kerckchoff
______ ________ specify the claims of security from the vendor that are built into a TOE.
Security targets (STs)
Common Criteria purpose?
testing confirmation of system security capabilities. The number indicates what testing has been performed
two key elements of common criteria
Target and Protection Policy
Three Common Criteria guidelines
Part 1) Introduction.
Part 2) Security Functional Requirements.
Part 3) Security Assurance.
CC Evaluation Assurance Levels
0 Fuction 1 Structure 2 Methodically - Tested 3 Methodically -Desinged 4 Semiformal - Design 5 Semiformal - Design, verified 6 Formal
Which process ensures that you close the loop of incident response to improve the effectiveness of your response to future incidents?
Lessons Learned
What type of system is authorized to process data at different classification levels only when all users have authorized access to those classification levels?
System High
System High Mode
Systems running in system-high mode are authorized to process data at different classification levels only if all system users have access to the highest level of classification processed.
The two goals of the identification phase are
identifying incidents
notifying the appropriate personnel