Terms Deck 6 Flashcards

1
Q

password cracker

A

A software utility that allows direct testing of user logon password strength by conducting brute-force password tests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

MITRE ATT&CK

A

A knowledge base and framework of different attack techniques to understand and defend against an attacker.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

cyber kill chain

A

A framework that is used to track the steps or phases that an attacker goes through as part of an intrusion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

disaster recovery planning (DRP)

A

A plan that spells out actions to be taken in case a business is hit with a natural or human-caused disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

business continuity planning (BCP)

A

A plan that describes a long-term systems and services replacement and recovery strategy, designed for when a complete loss of facilities occurs. A business continuity plan prepares for automatic failover of critical services to redundant offsite systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

continuity of operations planning (COOP)

A

An initiative issued to ensure that government departments and agencies are able to continue operation in case of natural, human-caused, or technological threats and national security emergencies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

SIEM dashboard

A

A set of tools that collects, correlates, and displays data feeds that support response activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

syslog

A

A system logging protocol used to send logs or messaging events to a server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

chain of custody

A

The documentation of all transfers of evidence from one person to another, showing the date, time, reason for transfer, and signatures of both parties involved in the transfer. Chain of custody also refers to the process of tracking evidence from a crime scene to the courtroom.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

order of volatility

A

In the evidence collection process, collection that occurs from the most volatile component to the least volatile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

e-discovery

A

The discovery process for electronically stored information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

preventive control

A

A control that attempts to prevent unwanted events by inhibiting the free use of computing resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

detective control

A

A control that warns that physical security measures are being violated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

corrective control

A

A control that is reactive and provides measures to reduce harmful effects or restore the system being impacted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

deterrent control

A

A control that is intended to discourage individuals from intentionally violating information security policies or procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

compensating control

A

An alternative control that is intended to reduce the risk of an existing or potential control weakness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

physical control

A

A control that forms the outer line of physical defense against direct access to data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

General Data Protection Regulation (GDPR)

A

A regulation intended to strengthen data protection for all individuals within the European Union (EU).

19
Q

Payment Card Industry Data Security Standard (PCI DSS)

A

A standard that governs the use and storage of credit card data.

20
Q

National Institute of Standards and Technology (NIST)

A

An agency within the U.S. Department of Commerce that is responsible for developing measurement standards, including standards for cybersecurity best practices, monitoring, and validation.

21
Q

International Organization for Standardization (ISO)

A

A body that provides best practice recommendations on information security management.

22
Q

Cloud Security Alliance (CSA)

A

A nonprofit organization that provides security best practices for cloud-based services and computing.

23
Q

acceptable use policy (AUP)

A

An organization’s policy that provides specific detail about what users may do with their network access, including email and instant messaging usage for personal purposes, limitations on access times, and the storage space available to each user.

24
Q

least privilege

A

An access control practice in which a logon is given only minimal access to resources required to perform its tasks.

25
Q

nondisclosure agreement (NDA)

A

A legally binding document that organizations might require of their employees and other people who come into contact with confidential information.

26
Q

service-level agreement (SLA)

A

A contract between two companies or a company and an individual that specifies, by contract, a level of service to be provided. Supplying replacement equipment within 24 hours of loss is a simple example of something an SLA might specify.

27
Q

memorandum of understanding (MOU)

A

A binding, collaborative agreement entered into by two or more parties.

28
Q

business partnership agreement (BPA)

A

A type of contract that establishes the responsibilities of each partner.

29
Q

interconnection security agreement (ISA)

A

An agreement between organizations that have connected or shared IT systems.

30
Q

risk acceptance

A

The process of recognizing a risk, identifying it, and then accepting that it is sufficiently unlikely or of such limited impact that corrective controls are not warranted.

31
Q

risk avoidance

A

A solution for eliminating a vulnerability that gives rise to a particular risk so that it is avoided altogether.

32
Q

risk transference

A

A strategy that involves moving risk to hosted providers who assume the responsibility for recovery and restoration or acquiring insurance to cover the costs of equipment theft or data exposure.

33
Q

risk mitigation

A

The reduction in likelihood or impact of a risk’s exposure.

34
Q

risk register

A

A specialized software program, cloud service, or master document that provides a method to record information about identified risks.

35
Q

single loss expectancy (SLE)

A

The expected cost per instance arising from the occurrence of a risk. The SLE is calculated as the product of the asset value and the risk’s exposure factor (a percentage of loss if a risk occurs).

36
Q

annualized loss expectancy (ALE)

A

The expected cost per year arising from a risk’s occurrence. It is calculated as the product of the single loss expectancy (SLE) and the annualized rate of occurrence (ARO).

37
Q

annualized rate of occurrence (ARO)

A

The number of times a given risk will occur within a single year.

38
Q

business impact analysis (BIA)

A

The process of determining the impacts that might result from the interruption of time-sensitive or critical business processes.

39
Q

recovery time objective (RTO)

A

A measure of the time in which a service should be restored during disaster recovery operations.

40
Q

recovery point objective (RPO)

A

The amount of time that can elapse during a disruption before the quantity of data lost during that period exceeds the business continuity plan’s maximum allowable threshold.

41
Q

mean time to repair (MTTR)

A

The average time that a device will take to recover from any failure.

42
Q

mean time between failures (MTBF)

A

The point in time at which a device will still be operational, denoting the average time a device will function before failing.

43
Q

personally identifiable information (PII)

A

Broadly, any data that can be used to identify an individual.

44
Q

privacy impact assessment (PIA)

A

An assessment needed for any organization that collects, uses, stores, or processes personal information such as PII or PHI.