ISC2 - Study Notes 24 Flashcards
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
ISC2 Code of Ethics :
is a politically motivated attack on entities in another country. The goal is typically sabotage to disrupt the capabilities of an entity in the target country or espionage to gather intelligence on the target.
Cyberwarfare
used as a security practice can reduce the risk of fraud within a company. It is commonly combined with the security practice of separation of duties.
Job Rotation
Any person in possession of personal information of another person shall safeguard the data, computer files, and documents containing the information from misuse by third parties.
Connecticut’s Public Act No. 08-167 :
(COPPA) is a U.S. federal law that applies to the collection of information on children under the age of 13. The goal is to protect the privacy of these children by preventing websites or online services from collecting information on them without parental consent.
(OPPA). It requires operators of commercial websites to conspicuously post and comply with a privacy policy if they collect PII on any visitors who reside in California.
Info
Jurisdiction refers to the legal authority that a legal body has over an organization. If an organization is operating in Maryland, for example, it must comply both with the laws in Maryland and with U.S. laws. However, the jurisdiction can easily extend to other legal entities if the organization conducts interstate or international business.
However, if an organization chooses to store data in the cloud, the jurisdiction for this data might be different. Imagine that some of an organization’s data is stored in a data center in Virginia and some of its data is backed up in a data center in Canada. The organization now must comply with laws in Virginia and Canada.
Info
Cryptographic system A system that includes the algorithms needed to support a particular method of encryption or decryption.
Cryptanalysis The science of studying cryptographic methods. Security experts and attackers often use cryptanalysis methods to discover weaknesses in existing algorithms. Attackers attempt to use cryptanalysis to defeat a cryptosystem with the goal of compromising the confidentiality or integrity of protected data.
Info
works with other hashing algorithms such as MD5 and SHA versions. It uses a shared secret key that adds some randomness to the hash. Only the sender and the receiver know the shared secret key. A primary benefit of ??? over other hashing protocols is that it adds authenticity to the message. This also provides nonrepudiation because it verifies to the recipient that the message was sent by the other entity that knows the secret key.
HMAC Algorithm
applications that use digital signatures will automatically check the hash to verify the integrity of a message and report the results to the user.
block cipher encrypts fixed-length groups of bits, or blocks of data, individually. It starts by dividing the plaintext data into fixed-length sizes, such as 128-bit blocks of text. It then encrypts each block individually.
Symmetric Algorithms : AES, DES, 3DES, Blowfish, Bcrypt, PBKDF2, IDEA, RC4
Info
uses large prime numbers. Its strength lies in the fact that factoring the composite number created from these prime numbers is computationally infeasible as long as the prime numbers are sufficiently large. Privately shares symmetric keys (key exchange) and digital sign.’s.
RSA
