Sec+ Acronyms Flashcards
Aup
Agreed-upon principal set forth by a company to go over and help and please of that company may use resources such as computers and Internet access.
ALE
Annual Los expectancy calculation used we didn’t buy risks and calculate the expected loss each year.
ARO
Annualized rate of occurrence – I calculation of how often he threat will occur. For example, the threat that occurs once every five years has an annualized rate of occurrence of 1/5, or 0.2 .
AV
Asset. Value – the assessed value of an item (server, property, and so on) associated with cash flow.
BIA
Business impact analysis dash study of the possible impact of a disruption to a businesses vital resources were to occur.
BPA
Business Partners agreement Dash an agreement between partners any business that outlines the responsibilities, obligation, and sharing of profits and losses.
EF
Exposure factor– The potential percentage of lost to an asset if a threat is realized.
ISA
Interconnection security agreement – as defined by nist and publication 800 Dash 27, it is an agreement established with tween organizations that are not reconnected IT systems. The I SA also supports a memorandum of understanding or agreement between the mou /A between the organizations
MTD
Maximum Callabell downtown – the maximum period of time that a business process can be down for the survival of the organization is at risk.
MTBF
Mean Time between failures – the measurement of anticipated lifetime of a system or component.
MTTF
Mean Time to failure – the measurement of the average of how long it takes a system or component to fail.
MTTR
Mean what time to restore that the measurement of how long it takes to repair a system or component want to feel your occurs.
MOA
Memorandum of understanding am all you/memorandum of agreement MOE – most commonly known as an MOU rather than MOA, this is the document between two or more parties finding their respective responsibilities in accomplishing a particular goal and mission, such as security system.
RPO
Recovery point objective – the point last known good data prior to an outage that is used to recover.
RTO
Recovery time objective – the maximum amount of time that a process or service is allowed to go down and still to be considered acceptable
RAID
Redundant array of independent disks that configuration of multiple hard disk used to provide fault tolerance should a disk feel. Different levels of our RAID exist
Risk
The probability that a particular thread will occur, either accidentally or intentionally, leaving a system Bonable and the impact of this occurring.
Risk analysis
And I valuation of each risk that can be identified. Each of us should be outlined, describe, and evaluated on the likelihood of it occurring.
Risk assessment
And a valuation of the possibility of a threat level and ability existing. And assessment must be performed before any other actions – such as how much to spend on a security system in terms of dollars and manpower – can be decided.
Risk avoidance
Strategy of dealing with risk in which it is decided that the best approach is to avoid the risk
Risk calculation
The process of calculating the risks that exist in terms of cost, number, frequency, and so forth.
Risk deterrence
It strategy of dealing with my skin which it is decided that the best approach is to discourage potential attackers from engaging in behavior that leads to the risk
Risk mitigation
A strategy of dealing with risking which it is decided that the best approach is to lessen the risk
Risk transference
Your strategy of dealing with risk in with you just decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility.
SLA
Service – level agreement – an agreement that specifies performance requirements for the ender. This agreement may use meantime before failure and me time to repair as performance measures in the SLA.
SLE
Single life expectancy – the cost of single last one of occurs. This loss can be a critical value, but can be the result of the attack
SPOF
Single point of failure – I think a weakness that is capable of bringing an entire system down.
vulnerability
If law or weakness in some part of the system security procedures, design, implementation, or internal controls that could expose it to danger (accidental or intentional) and result in violation of the security policy.
Three types of control
Management operational and technical
Management types of control
With assessment, planning, system and services acquisition, certification, accreditation, and security assessment
Operational type of control
Personal security, physical and environmental protection, contingency planning, configuration management, maintenance, system and information integrity, Mia protection, incident response, awareness in training
Technical types of control
Identification authentication, axis control, audit in accountability, system and communication protection
Error types
Type one errors are those with false positive’s – that is, you think that evil is present when it is not
Type two errors are those with false negative, will you fail to notice a problem even though it is there – that is, you were looking directly at the evil and didn’t recognize it.
Type three errors are those in which you become to the right conclusion for all of the wrong reasons. You made that someone broke into your system is because users are having trouble logging in. Someone did indeed break into the system, but you should have noticed it because all of the valuable that is gone.
Business continuity plans
Automation/scripting the days of relying on someone in the server room to see a problem and push a button to head it off or coming to a close. Thanks to sophisticated monitors and sensors, it is possible to use automation 4/scripting in a wide variety of scenarios to preplan automated course of action.
Frameworks in templates. Templates can be helpful in the risk assessment process by providing a means to summarize and document results of threats towards identification, characterization, Bonnaroo bill Ites, and in packs. Typical templates include skills of evaluating the threats in deciding the best responses to them.
Master image – most yours operating systems allow you to create a model use your system as a disk image on a server, the disk images downloaded and installed want to feel your occurs. This is a method that makes it easier for administrators to restore system and it would be to do it manually.
Ninepersistence – persistent images are those that stay the same, while nonpersistent are those that are temporary. They can exist only in the ram or be changes that are over in on a reboot by a persistent/frozen image
Elasticity Dash left yesterday is a major feature of cloud computing meaning the ability to scale of resources as needed
Scalability – speaking of scaling both up and down, scalability is always a desired attribute of any system.
Distributive allocation – commonly known as load-balancing, just to be with allocation allows for distributing the load open print to see’s file request, dad about it, and so on) so that no device is overly burdensome. This can help with the redundancy, availability and fault tolerance
Hi availability – high avail. refers to the measures, such as redundancy, failover, mirroring, used to keep services in systems operational during an outage.
Planning for resiliency – is the capacity to recover quickly from difficulties.
Redundancy – the first two systems that you didn’t repeated or fail over to other systems in the event of a malfunction. Fell over refers to the process of re-constructing a system with switching over to other systems want to feel your detected. In the case of a server when I thought is detected. This vanity allow Service to continue on and craft in until the primary server can be restored. In the case of a network, this means passing switches to another network path in the event of an ortho year in the primary path. Oh 33
Fail over Systems can be expensive to implement. In a large corporate network or e-commerce and environment. I feel over my entail switching our processing to a remote location until your primary facility is operational. The primary site and the remote sight Would you synchronize data to answer that information is as up-to-date as possible.
Clustering to appreciate the beauty of class III, the fact that this is the technology I would go who is built. Not only does questioning allow you to have a weekend and see but it also offers you scale as demand increases.
Fault tolerance – is the ability of assistance in operations me vent. And continue operations even do a critical component, such as a disk drive, I feel. Capability involves over – engineering systems by adding redundant components and subsystems.
Cont
DMZ
A network segment between two firewalls. When is that we’re facing, connected to the outside world other than wood, internal network. Public facing servers, such as Web servers are often placed in a Dmz.
Honey pot
If existing design to divert attackers from your real systems it is often replete with logging and tracking to give evidence
Honeynet
A network that functions in the same manner as a honeypot
ISMS
Information security management system – never turn their place to hide range used to manage information security
IDS
Intrusion detection system if system that monitors the network for possible intrusion from Loggs that activity
IPS
Intrusion Prevention system – a system that monitors the network for possible intrusions and logs that activity and then blocks for traffic at a suspected of being an attack
PII
Any information that could identify a particular individual
SDN
Software defined network – the entire network, including of, is virtualized.
SPI
Seat full packet inspection – a firewall that not only examine each packet but also remembers the recent previous packets.
I SA/IEC – 62443
It’s a series of standards that define procedures for implementing electronically secure industrial automation and control systems (IACS).The guidance in this document is divided into four total category; general, policies, system, and component.
PCI – DSS
Payment card industry data security standards – is the one used by Visa, MasterCard etc. Though there are in fact a great man parts to the standard, we were only briefly summarize general standard details of the penetration testing portion.
PCI – DSS control objectives
One build and maintain a secure network
2 Protect Card holder data
- Maintain a vulnerability management program
- Regularly monitor and Test networks
- Maintain a vulnerability management program
Page 53
SNa concepts
Zones – one of the most elementary aspects of network security is to segregate your network into zones
- Security zone this is the most sensitive systems with mission-critical data
- General work zone – these are standard workstations and servers with typical business data and functionality
- Low security zone – is your computers and networks I went and systems that have no highly sensitive information and the breach of the systems would have minimal impact
ACL
Access control list data table of data file that specifies the weather or user or group has access to a specific resource on a computer or network
AP
AccessPoint – the point at which axis to a network is Publix. This term is often used in relation to a wireless access point
AR
Active response – a response generating in real time
Alarm
A notification that an usual condition existing should be investigated
Alert
And indication that any new condition could exist and should be investigated
All in one appliance
An appliance that performs multiple functions
Analyzer
Component a process that analyzes the data collected by the sensor
Anomalies
Variations from normal operations
Anomaly detection IDS (AD – IPS)
And anomaly detection system works by looking for deviations from a pattern of normal network traffic
Appliace
A freestanding device that freaking a self-contained manner
Application level proxy
Advice or software that recognizes application-specific Commands and offers granular control over them
AH
Authentication header and IPSec hasheader provide connection with integrity and got it working off Acacian for IP data Graham And to provide protection against replays
Compensating controls
Gap controls that fill-in coverage between other types of honor ability medications taken in (where there are holes in coverage, wecompensate for them.
DLP
Dallas prevention – any sisters that identify, Monitor, and protect data to be vented from, clarification, instruction,, or extrifilation from the location
ESP
Encapsulation security payload – an IPS header used to provide a mix of security services in IPV four and IPv6. ESP can be used alone or in combination with the IP authentication header
Encapsulation
The process of enclosing out in a packet
False negative
And event that should be flag but is it
False positive
The flag event It has been flagged and has been falsely triggered
Firewall
A combination of hardware and software filters place between trusted and I’m twisted networks intended to protect a network from attacked by hackers who could gain access through public networks, including the Internet
HOST BASED IDS (HIDS)
And intrusion detection system that is hostess. And alternative is an intrusion detection system that is network based
HSM
Hardware security module – a software or appliance standalone used to enhance security in a commonly used with PKI systems
Implicit deny
Implicit that a condition that states that unless otherwise given, the permission will be denied
Ipsec
Internet protocol security Dash if there are protocols to enable encryption, I didn’t Acacian, and integrity over IP. Internet protocol security is commonly use with virtual private network‘s and operates at layer three
