Domain1 Flashcards
If its indicate best practices and it is discretionary
guideline
the attacker pulled several pieces of generic info to determine a specific sensitive value
Inference attack
siphon off minute of money to accumulate large amount of funds
Salami attack
the attacker laters or change the contents of database
Data Diddling attack
framework is broadly adopted by thread modeling and threat intelligence org and widely used in many software packages and tools
MITRE’s ATTACK
STRIDE
PASTA
MITRE’s ATTACK
an individual should have the minimum set of permission to carry out their work
Least Privilege
no single person should have the right to perform two distinct task
Separation of Duty
notifications posted at each door reminding employees to be careful in allowing people
Directive control
Used when controls like lock are not sufficient and people need to put another control like signs,alarms.
Compensating Control
__ rely on a preponderance of evidence
Civil case
must be proven beyond reasonable doubt
Criminal case
How many years?
Patents
Copyright
Trademarks
Trade secret
Patents has shortest duration which is 20years; Copyright last 70years; Trademarks renewable indefintely and trade secret no expiration
After risk acceptance strategy what is next?
After risk acceptance strategy
Requiring callback authorizations on voice only requests are sample of
social engineering attack
BCP training should be done
quarterly
semi annual
annually
is a counter terrorism that expand ability of US LAW enforcement to use electronic monitoring with less judicial oversight
USA Patriotic ACT
attempts to resolve dispute between two parties such as private individual or corporate entities
Civil investigation
Occurs when an individual who otherwise has no intention of commiting a crime is lured in doing so at urge of law enforcement
Entrapment
Occurs wen person is already planning to commit a crime is eventually lured into doing it
Enticement
defines the technical aspect of a security program including hardware and software and it is mandatory
Standard document
Policy should be review every
quarterly
semi annual
annually
Annually
Gleaning information in printed documents
Dumpster diving
registering a domain like well known domain(GOOOGEL.com) to make a mistake
Typosquating
enables company in US to process info of individuals in EU member nation
EU US Privacy Sheild Framwork
Usually supplements procedures and present more details on how to perform the procedures and it is mandatory
Standard
protects the expression of the idea of the resource
Copyright
Risk assessment methodology typically employed by small teams from IT and business areas to conduct risk analysis
and commonly used by private sector
OCTAVE
Is used to discover complex failure modes that maybe involved multiple systems or subsystems
Fault tree analysis
NIST 800-30 is use to?
to assess risk
is a DNS poisoning attack that attempt to modify a DNS cache by providing invalid information to a DNS server
Pharming attack
is using image; waterhole targets specific group of users infecting a website they like to visit
Clickjacking
Data at rest protection?
RSA
SHA-256
AES 256
D-H
AES256 and Data custodians backing up data or doing maintenance
