chapter1b Flashcards
Change Management
Process of making sure changes are made smoothly and efficiently and do not negatively affect systems reliability, security, confidentiality, integrity, and availability.
Impact Analysis
The identification of all work products affected by a change, including an estimate of the resources needed to accomplish the change.
Sandbox Testing
Isolated testing environment; no connection to the real world or production system; a technological safe space; use before making a change to production; try the upgrade, apply the patch; test and confirm before deployment; confirm the rollback plan; move everything back to the original; a sandbox can’t consider every possibility
Maintenance Window
The time period in which a change is expected to be implemented.
Technical Change Management
Put the change management process into action.; Execute the plan; There’s no such thing as a simple upgrade; Can have many moving parts; Separate events may be required; Change management is often concerned with ‘what’ needs to change; The technical team is concerned with ‘how’ to change it
Allow/Deny list
A list of applications that can or cannot be used on the network. Applications can have known vulnerabilities and introduce security risks.
Downtime
Refers to a period of time when a system is unavailable
Legacy Applications
Some applications were here before you arrived; They’ll be here when you leave; Often no longer supported by the developer; You’re now the support team; Fear of the unknown; Face your fears and document the system; It may not be as bad as you think; May be quirky; Create specific processes and procedures; Become the expert
Dependencies
The relationship between project activities. Changing one thing may affect many other processes.
Version Control
Track changes to a file or configuration over time
Public Key Infrastructure
Policies and procedures that are responsible for creating, distributing, managing, storing, and revoking as well as performing other processes associated with digital certificates.
Symmetric Encryption
An encryption method whereby the same key is used to encode and to decode the message
Asymmetric Encryption
Used in public key encryption, it is a scheme in which the key to encrypt data is different from the key to decrypt.
Transparent Encryption
Encrypt all database information with a symmetric key
Record level Encryption
Used when not all of the data is sensitive. Encrypting individual columns. Use separate symmetric keys for each column
Transport Encryption
Protecting data traversing the network.
Virtual Private Network (VPN)
A private data network that creates secure connections, or ‘tunnels,’ over regular Internet lines
Key Stretching
A technique that is used to mitigate a weaker key by increasing the time needed to crack it. Uses Hashing, salting, and further encryption
Key Exchange
Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.
Out of Band Key exchange
Sending an encryption key to someone through telephone, courier, in person. Not over the web
In band key exchange
Sending an encryption key through the network. The key must be protected with additional encryption.
Session Key
A key that is used for a short period of time
Trusted Platform Module (TPM)
A standardized piece of hardware designed to perform cryptographic operations. Found on most modern motherboards. Can be used to generate random numbers and cryptographic keys. Has keys that were created and burned into the persistent memory of the device.
Hardware Security Module (HSM)
A device used to securely store thousands of cryptographic keys. Often used in clusters with power redundancies. Used in large environments like data centers.
