Physical & Information Security Flashcards
Process by which an organization protects the creation, collection, storage, use, transmission and disposal of information.
Information Security
Process of verifying the identity of an individual user, machine, software component or any other entity.
Authentication
Something a person is, something a person knows or something a person has.
Authentication Factor
Method to verify an identity using one type of authentication factor.
Single-Factor Authentication
Method to verify an identity using two or more types of authentication factors.
Multifactor Authentication
Use of different controls at different points in a transaction process.
Layered Security
Name the authentication factor represented by a biometric characteristic, such as a fingerprint or iris pattern.
Something a Person Is
Name the authentication factor represented by a password or PIN.
Something a Person Knows
Name the authentication factor represented by an ATM/debit card, smart card or token.
Something a Person Has
Challenge questions that do not rely on information that is publicly available.
Out-of-Wallet Questions
Technique used to establish a “fingerprint identity” of a user’s computer or other web access device.
Device Identification
Authentication technique that uses one-time cookies, PC configuration, IP address, geo-location and other factors.
Complex Device Identification
A data security technique that encodes information so that data appears as a meaningless string of letters and symbols during delivery or transmission.
Encryption
Disposal technique used to destroy sensitive, electronic data on devices by replacing it with new, random data.
Overwriting
Disposal technique using powerful, varying magnetic fields to scramble data recorded on media.
Degaussing
Two main types of access control.
(1) Physical access control, (2) Logical access control
Access control that limits access to buildings, rooms and physical IT assets.
Physical Access Control
Access control that limits connections to computer networks, system files and data.
Logical Access Control
Security technique used to regulate who or what can view or use resources in a computing environment.
User Access Controls
A weakness in automated system security procedures, administrative controls, physical layout, internal controls, etc., that could be exploited to gain unauthorized access to information or to disrupt critical processing.
Vulnerability
Systematic examination of an information system or product to determine the adequacy of security measures and identify security deficiencies.
Vulnerability Analysis
Systematic examination of systems to identify, quantify and prioritize the security deficiencies of the systems.
Vulnerability Assessment