CISSP (Glossary) Flashcards

1
Q

access

A

A subject’s ability to view, modify, or communicate with an object. Access
enables the flow of information between the subject and the object.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

access control

A

Mechanisms, controls, and methods of limiting access to resources
to authorized subjects only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

access control list (ACL)

A

A list of subjects that are authorized to access a particular
object. Typically, the types of access are read, write, execute, append, modify,
delete, and create.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

access control mechanism

A

Administrative, physical, or technical control that is

designed to detect and prevent unauthorized access to a resource or environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

accountability

A

A security principle indicating that individuals must be identifiable
and must be held responsible for their actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

accredited

A

A computer system or network that has received official authorization
and approval to process sensitive data in a specific operational environment. There
must be a security evaluation of the system’s hardware, software, configurations, and
controls by technical personnel.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

add-on security

A

Security protection mechanisms that are hardware or software

retrofitted to a system to increase that system’s protection level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

administrative controls

A

Security mechanisms that are management’s responsibility
and referred to as “soft” controls. These controls include the development and publication
of policies, standards, procedures, and guidelines; the screening of personnel; security-
awareness training; the monitoring of system activity; and change control procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

AIC triad

A

The three security principles: availability, integrity, and confidentiality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

annualized loss expectancy (ALE)

A

A dollar amount that estimates the loss
potential from a risk in a span of a year.
single loss expectancy (SLE) × annualized rate of occurrence (ARO) = ALE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

annualized rate of occurrence (ARO)

A

The value that represents the estimated

possibility of a specific threat taking place within a one-year timeframe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

assurance

A

A measurement of confidence in the level of protection that a specific
security control delivers and the degree to which it enforces the security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

attack

A

An attempt to bypass security controls in a system with the mission of using
that system or compromising it. An attack is usually accomplished by exploiting a current
vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

audit trail

A

A chronological set of logs and records used to provide evidence of a
system’s performance or activity that took place on the system. These logs and records
can be used to attempt to reconstruct past events and track the activities that took place,
and possibly detect and identify intruders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

authenticate

A

To verify the identity of a subject requesting the use of a system and/
or access to network resources. The steps to giving a subject access to an object should
be identification, authentication, and authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

authorization

A

Granting access to an object after the subject has been properly
identified and authenticated.

17
Q

automated information system (AIS)

A

A computer system that is used to process
and transmit data. It is a collection of hardware, software, and firmware that works
together to accept, compute, communicate, store, process, transmit, and control dataprocessing
functions.

18
Q

availability

A

The reliability and accessibility of data and resources to authorized individuals
in a timely manner.

19
Q

audit trail

A

A chronological set of logs and records used to provide evidence of a
system’s performance or activity that took place on the system. These logs and records
can be used to attempt to reconstruct past events and track the activities that took place,
and possibly detect and identify intruders.

20
Q

authenticate

A

To verify the identity of a subject requesting the use of a system and/
or access to network resources. The steps to giving a subject access to an object should
be identification, authentication, and authorization.

21
Q

authorization

A

Granting access to an object after the subject has been properly
identified and authenticated.

22
Q

automated information system (AIS)

A

A computer system that is used to process
and transmit data. It is a collection of hardware, software, and firmware that works
together to accept, compute, communicate, store, process, transmit, and control dataprocessing
functions.

23
Q

availability

A

The reliability and accessibility of data and resources to authorized individuals
in a timely manner.

24
Q

back up

A

Copy and move data to a medium so that it may be restored if the original
data is corrupted or destroyed. A full backup copies all the data from the system to the
backup medium. An incremental backup copies only the files that have been modified
since the previous backup. A differential backup backs up all files since the last full backup.

25
Q

backdoor

A

An undocumented way of gaining access to a computer system. After a
system is compromised, an attacker may load a program that listens on a port (backdoor)
so that the attacker can enter the system at any time. A backdoor is also referred
to as a trapdoor.

26
Q

baseline

A

The minimum level of security necessary to support and enforce a security
policy.

27
Q

Bell-LaPadula model

A

The model uses a formal state transition model that describes
its access controls and how they should perform. When the system must transition
from one state to another, the security of the system should never be lowered or
compromised. See also multilevel security, simple security property, and star property
(*-property).