Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
14 Cards in this Set
- Front
- Back
|
Security controls that depend on secrecy.
|
Security through obcurity
|
|
|
Controls that exist in a layered fashion.
|
Defense in depth
|
|
|
Controls that aim to stop an attack from succeeding.
|
Preventive controls
|
|
|
Controls that aim to identify malicious activity on the network.
|
Detective controls.
|
|
|
Controls that aim to restore a resource to its pre-attack state.
|
Corrective controls
|
|
|
Focuses on the features and system architecture used to ensure that the security policy is enforced during system operations.
|
Operational assurance
|
|
|
Four types of recover under the common criteria.
|
Manual, automated, automated without undue loss, function
|
|
|
Mechanisms that require human intervention to retore the system to a secure state.
|
Manual recovery
|
|
|
Provides for at least one type of service discontinuity recovery to a secure state without human intervention. May require human intervention for recovery from other discontinuities.
|
Automated recovery
|
|
|
Provides for automated recovery but strengthens the requirements by disallowing undue loss of protected objects.
|
Automated recovery without undue loss
|
|
|
Provides for recovery at the level of particular security functions ensuring either successful completion or rollback of data to a secure state.
|
Function recovery
|
|
|
Steps taken by an organization to ensure that a system is designed developed and maintained using formalized and rigorous controls and standards.
|
Lifecycle assurance
|
|
|
Three parts of lifecycle assurance
|
Security testing, design specification and verification, configuration management
|
|
|
Five steps of the change control process.
|
Applying, cataloging, scheduling, implementing, reporting
|
