Chapter 2 - Architecture and Design Flashcards
Configuration Management
The process of maintaining systems, such as computer hardware and software, in a desired state
Network Diagram
Documentation of physical wire and device
Device Diagram
Documentation of individual cabling
Baseline Configuration
A documented set of specifications for an information system; security and integrity
Standard Naming Conventions
A set of rules for choosing the character sequence to be used for identifiers which denote variables, types, functions, and other entities in source code and documentation
Internet Protocol (IP) Schema
A plan or model used for addressing for network devices and avoiding duplicated IP addressing
Data Sovereignty
The idea that a country or jurisdiction has the authority and right to govern and control the data generated within its borders
Data Loss Prevention (DLP)
The practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data
Data Masking
Data obfuscation is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel
Example: number on a receipt - Bank card: **687
Data Encryption
Encoding information into unreadable data
Data at Rest
Data on a storage device
Data in Transit/ Motion
Data transmitted over the network
Data in Use
Data actively processing in memory
Tokenization
Replacing sensitive data with a non-sensitive placeholder
Example: SSN 266-12-1112 is now 691-61-8539
Information Rights Management (IRM)
Control how data is used by specific people
Geographical Considerations
Legal implications, offsite backup, offsite recovery
Incident Response and Recovery Controls
The handling of how respond and recover from a disaster
Secure Sockets Layer (SSL)/ Transport Layer Security (TLS) Inspection
Used to examine outgoing data that is using the SSL/ TLS protocols
Hashing
Representing data as a short string of text
Site Resiliency
A network or system’s ability to adapt and to protect data and services from disruptions and disasters by having a second data center
Hot Site
An exact replica of the original data center
Cold Site
No hardware, data, or people
Will take a long time to get back up and running
Warm Site
Just enough resources to get back up and running again
Honeypots
A computer security mechanism set to lure in attackers that attempts an unauthorized use of information systems