Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
41 Cards in this Set
- Front
- Back
|
Healthcare Industry |
HIPPA/HITECHPAYMENT |
|
|
Payment Card Industry |
PCI-DSS |
|
|
Federal Government Agencies |
FISMA |
|
|
Attack that allows unauthorized users to access our data, applications, or environments, and are primarily an attack against confidentiality. |
Interception |
|
|
Attacks that cause our assets to become unusable or unavailable for our use, on a temporary or permanent basis. Often affects availability but can be an attack on integrity as well. |
Interruption |
|
|
Attacks that involve tampering with our asset. Such attacks might primarily be considered an integrity attack but could also represent an availability attack. |
Modification |
|
|
Attacks that involve generating data, processes, communications, or other similar activities with a system. These primarily affect integrity but could be considered an availability attack as well. |
Fabrication |
|
|
The likelihood that an event will occur. |
Risk |
|
|
Any events that are being man-made, natural or environmental that could cause damage to assets. |
Threats |
|
|
A weakness that a threat event or the threat agent can take advantage of. |
Vulnerability |
|
|
An additional step that is taking into account then asset’s cost. |
Impact |
|
|
Vulnerability scanning tool. Scans target systems to discover which ports are open on them, and then interrogating each open port to find out exactly which service is listening on the port in question. |
Nessus |
|
|
Often used to protect information sent over networks and over the internet. |
SSL & TLS |
|
|
Also known as private key cryptography, utilizes a single key for both encryption of the plain text and decryption of the ciphertext. |
Symmetric cryptography |
|
|
Also known as public key cryptography, utilities two keys: a public key and a private key. The public key is used to encrypt data from the sender to the receiver and is shared with everyone. |
Asymmetric cryptography |
|
|
Represents a third cryptography type alongside symmetric and asymmetric cryptography, what we might call keyless cryptography. These are also referred to as message digests. They do not use a key. |
Hash Functions |
|
|
Makes use of two types of ciphers: block ciphers and steam ciphers. |
Symmetric key |
|
|
Takes a predetermined number of bits, known as a block. Blocks are commonly composed of 64 bits but can be larger or smaller depending on the particular algorithm being used and the various modes in which the algorithm might be capable of operating. |
Block cipher |
|
|
Encrypts each bit in the plaintext message, one bit at a time. |
Stream cipher |
|
|
a block cipher based on symmetric key cryptography and uses a 56 bit key. Was considered to be very secure for some period of time. It is no longer considered to be so. |
DES |
|
|
Simply DES used to encrypt each block 3 times, each time with a different key. |
3DES |
|
|
A set of symmetric block ciphers endorsed by the US government through NIST, and now used by a variety of other organizations, and is the replacement for DES as the standard encryption algorithm for the US federal government. Uses 3 different ciphers. One with a 128-bit key. One with a 192-bit key. One with 256-bit key. All having a block length of 128 bits. Shares the same block modes that DES uses and also includes other modes. |
AES |
|
|
Can be used to determine whether the message has changed. Cannot be used to discover the original content of a message. Keyless cryptography. |
Hash functions |
|
|
Provides a framework for ensuring the effectiveness of information security controls in government. |
FISMA |
|
|
Protects the privacy of students and their parents. |
FERPA |
|
|
Regulates the financial practice and governance of corporations. Protects investors and the general public. |
SOX |
|
|
Protects the customers of financial institutions. |
GLBA |
|
|
Imposes certain requirements on operators of websites or online services directed to children under 13 years of age. |
COPPA |
|
|
When you pretend to be manager, customer, reporter, or even a coworkers family member, using a fake identity and creating a fake scenario to get the target to give sensitive information or do something they wouldn’t normally do for a stranger. |
Pretexting |
|
|
Network mapper. Can scan ports but can also search for hosts on a network, identify the OS those hosts are running, detect the versions of the services running on any open ports, etc. |
NMAP |
|
|
Commonly used to detects wireless access points and can find them even when attempts have been made to make doing so difficult. |
Kismet |
|
|
Graphical interface tool for packet analyzer. |
Wireshark |
|
|
Command-line packet sniffing tool. Runs on Linux and Unix operating systems. |
Tcpdump |
|
|
Can detect, monitor, and sometimes tamper with the activities of an attacker. They are configured to deliberately display vulnerabilities or materials that would make the system attractive to an attacker. |
Honeypots 🍯 |
|
|
Used to test firewall vulnerabilities. |
Hping3 |
|
|
Which Web attack is possible, due to a lack of input validation? |
SQL injection |
|
|
Which two principles of the CIA triad can be violated by a fabrication attack? |
Integrity and availability |
|
|
Which two principles of the CIA triad can be violated by an interruption attack? |
Integrity and availability |
|
|
A company developing and distributing open source applications, realizes that attackers are copying the publicly available open source code, and inserting malware into the code. which type of cryptographic tool should the company use to protect the integrity of its open source applications? |
Hash Functions |
|
|
What is an example of symmetric key encryption? |
AES |
|
|
Which asymmetric cryptographic algorithm can provide confidentiality for data in motion? |
RSA |
