My Questions Flashcards
Protect Documents that can be used in evidence from being altered
Legal Hold
Authentication Header (AH)
provides a mechanism for authentication only. Because AH does not perform
encryption, it is faster than ESP.
Encapsulation Security Payload ESP
provides data confidentiality (encryption) and authentication (data integrity, data
origin authentication, and replay protection). ESP can be used with confidentiality only,
authentication only, or both confidentiality and authentication.
Data owner
Usually a member of senior management. Can delegate some day-to-day duties.
Cannot delegate total responsibility.
Data Controller
Manages the purposes and means by which
personal data is processed
Data processor
Processes data on behalf of the data controller
Data custodian/steward
Responsible for data accuracy, privacy, and security
– Associates sensitivity labels to the data
– Ensures compliance with any applicable laws and standards
– Manages the access rights to the data
– Implements security controls
Data protection officer (DPO)
Responsible for the organization’s data privacy
– Sets policies, implements processes and procedures
Incident Response Lifecycle
- Preparation
- Detection & Analysis
- Containment, Eradication and Recovery
- Post Incident Activity
Cyber Kill Chain
- Recon
- Weaponisation
- Delivery
- Exploitation
- Installation
- Command & Control
- Action on Objectives
Diamond Model
This is an analysis framework
1. Adversary Develops Capability
2. Adversary Uses Infrastructure
3. Infrastructure Connects To Victim
4. Capability Exploits Victim and deployed via Infrastructure
Managerial Control
Address security design and implementation through policies and SOP’s
Operational Control
Implemented by People e.g. security guards and awareness programs
Technical Control
Implemented using systems
Physical Security
Deter - Deny - Detect - Delay
DER Cert Format
Distinguished Encoding Rules
- Binary Format
- Common Format used in Java Certs
PEM Cert Format
Privacy Enhanced Mail
- Base 64 encoded DER (ASCII)
- Format Provided by CA’s
PKCS#12 Cert Format
Public Key Cryptography Standard #12
- Personal Information Exchange (PFX) syntax standard
- Often used in transfer of public and private key pairs
- p12 or pfx file ecxtension
CER Cert Format
Certificate
- Encoded as binary DER or ASCII PEM
- Common format for windows
PKCS#7 Cert Format
- p7b file
- ASCII format
- Private keys not included in p7b file
- Used in Windows and Java Tomcat
Policy
Formal Statement produced & supported by management. The why
Standard
Mandatory course of action or rules giving formal policies support or direction. The what
Procedure
Step by the step instructions. The how
Guidelines
Recommendation of what to do when standards do not exist. The when
Symmetric Algorithms
AES -DES - 3DES
RC4
Blowfish - Twofish
Asymmetric Algorithms
RSA
DSA - Digital Signature Algorithm
Diffie-Hellman Ephemeral (DHE)
ECDHE - Elliptic Curve DHE
Elliptic Curve Cryptography (ECC)
Pretty Good Privacy (PGP)
GNU Privacy Gaurd (GPG)
Key Stretching
Bcrypt
CBC
Cipher Block Chaining
- Depends on block before and therefore slow. Uses IV for randomisation
GCM
Galois Counter Mode
- provides authentication/integrity and hashes
ECB
Electronic Code Book
- simplest Cipher Each block is encrypted with the same key
CTR
Counter
- Block cipher mode / acts like a stream cipher. Encrypts successive values of a “counter” - XOR
FERPA
Family Educational Rights and Privacy Act - requires that educational institutions implement security and privacy controls for student educational records
GLBA
Gramm-Leach-Bliley Act - focused on services of banks,
lenders, and insurance severely limited services they could provide and the information they could
share with each other
FISMA
Federal Information Security Management Act (FISMA) Required formal infosec operations for
federal gov’t. Requires that government agencies include the activities of contractors in their
security management programs.
HIPPA
Health Insurance Portability and Accountability Act
COPPA
Children’s Online Privacy Protection Act was designed to protect children under age 13
ECPA
Electronic Communications Privacy Act (ECPA) prohibits a third party from intercepting or disclosing
communications without authorization
ISO 27001
Standards for an Information Security Management System (ISMS)
ISO 27002
Code of Practice for information security controls
ISO 27701
Privacy
Information Management System (PIMS).
ISO 31000
Risk Management Framework
SSAE
Statements on Standards for Attestation Engagements (SSAE) SSAE 18 is an audit standard to
enhance the quality and usefulness of System and Organization Control (SOC) reports.
CAC
Common Access Card
PIV
personal identity verification
CRL
Certificate revocation list (CRL) Contains information about any certificates that have been revoked
by a subordinate CA due to compromises to the certificate or PKI hierarchy
OCSP
Online Certificate Status Protocol Offers a faster way to check a certificate’s status compared to downloading a CRL. With OCSP, the consumer of a certificate can submit a request to the issuing CA to obtain the status of a specific certificate.
CSR
Certificate signing request cords identifying information for a person or device that owns a
private key as well as information on the corresponding public key.
Stapling
method used with OCSP, which allows a web server to provide information on the validity
of its own certificate.
Pinning
method designed to mitigate the use of fraudulent certificates. Once a public key or certificate has been seen for a specific host, that key or certificate is pinned to the host
Tracks the movement of evidence through its collection, safeguarding, and analysis
lifecycle.
Chain of Custody