Create
Learn
Share

Domain 3 Security Engineer

rename
klct555's version from 2017-06-11 21:07

Domain 3 Security Engineer

Question Answer
AbstractionInvolves the removal of characteristic from an entity in order to easily represent its essential properties.
Access Control MatrixA two-dimensional table that allows for individual subjects and objects to be related to each other.
Asymmetric AlgorithmsOne-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineer).
Address Space Layout Randomization (ASLR)Involves randomly arranging the position of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process’s memory address space.
AggregationCombining non-sensitive data from separate sources to create sensitive information.
AlgorithmA mathematical function that is used in the encryption and decryption processes.
Bell-La Padula ModelExplores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access.
Brewer-Nash (The Chinese Wall) ModelThis Model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.
Cable Plant ManagementThe design, documentation, and management of the lowest layer of the OSI network model - the physical layer.
Certification Authority (CA)An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Ciphertext or CryptogramThe altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients.
Cloud ComputingA model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Common CriteriaProvides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.
Community Cloud InfrastructureProvisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.
ConfusionProvided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides address complexity that the would encounter.
Control Objects for Information and Related Technology (COBIT)Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance.
Covert ChannelCommunications mechanisms hidden from the access control and standard monitoring systems of an information system.
CryptanalysisThe study of techniques for attempting to defeat cryptographic techniques and, more generally, information security service.
CryptologyThe science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communication intelligence.
Cyber-Physical System (CPS)Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.
Data HidingMaintains activities at different security levels to separate these levels from each other.
Data MiningA process of discovering information in data warehouses by running queries on the data.
Data WarehouseA repository for information collected from a variety of data sources.
DecodingThe reverse process from encoding - converting the encoded message back into its plain text format.
DiffusionProvided by mixing up the location of the plaintext throughout the ciphertext.
Digital CertificateAn electronic document that contains the name of an organization of individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date.
Digital Rights ManagementA broad range of technologies that grant control and protection to content providers over their own digital media.
Digital SignaturesProvide authentication of a sender and integrity of a sender's message.
DecryptionThe reverse process from encryption. It is the process of converting a ciphertext message into plaintext through the use of the cryptographic algorithm and key that was used to do the original encryption.
EncryptionThe process of converting the message for plaintext to ciphertext.
Enterprise Security Architecture (ESA)Focused on setting the long-term strategy for security services in the enterprise.
FirmwareThe storage of programs or instructions in ROM.
Generally Accepted Principles and Practices for Securing Information Technology System (NIST SP 800-14)Provide a foundation upon which organizations can establish and review information technology security programs.
Graham-DenningPrimarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership or objects is managed.
InferenceThe ability to deduce (infer) sensitive or restricted information from observing available information.
ISO/IEC 21827 2008 The Systems-Security Engineering - Capability Maturity Model (SSE-CMM)Describes the essential characteristics of an organization's security engineering process that must exist to ensure good security engineering.
Hash FunctionAccept an input message of any length and generates, through a one-way operations, a fixed-length output.
Industrial Control System (ISC)Used to control industrial processes such as manufacturing, products handling, production, and distribution.
IT Infrastructure Library (ITIL)Define the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.
Embedded SystemsUsed to provide computing services in a small form factor with limited processing power.
EncodingThe action of changing a message into another format though the use of a code.
Hybrid Cloud InfrastructureA composition of two or more distinct cloud infrastructures (private , community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
Initialization Vector (IV)A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.
Key ClusteringWhen different encryption keys generate the same ciphertext from the same plaintext message.
Key LengthThe size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.
Key SpaceThis represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Message Authentication Code (MAC)A small block of data that is generated using a secret key and then appended to the message.
Message DigestA small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.
MiddlewareA connectivity software that enables multiple processes running on one or more machines to interact.
Multilevel Lattice ModelsA security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.
Non-repudiationA service that ensures the sender cannot deny a message was sent and the integrity of the message is intact.
OpenID ConnectAn nonprofit organization focused on improving the security of software.
OWASPA nonprofit organization focused on improving the security of software.
PagingDivides the memory address space into equal-sized blocks called pages.
Payment Card Industry Data Security Standard (PCI-DSS)Provides the security architect with framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.
PlaintextThe message in its natural format.
Primary StorageStores data that has a high probability of being requested by the CPU.
Private CloudIn this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.
Protection KeyingDivides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key.
Public Cloud InfrastructureProvisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of the. It exists on the premises of the cloud provider.
Registration Authority (RA)This performs certificate registration services on behalf of a CA.
Secondary StorageHolds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Security Assertion Markup Language (SAML)An XML-based standard used to exchange authentication and authorization information.
Security Zone of ControlAn area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security.
SegmentationDividing a computer’s memory into segments.
Sherwood Applied Business Security Architecture (SABSA) FrameworkHolistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.
State AttacksAttempt to take advantage of how a system handles multiple requests.
State Machine ModelDescribes the behavior of a system as it moves between one state and another, from one moment to another.
Stream-based CiphersWhen a cryptosystem performs its encryption on a bit-by-bit basis.
Symmetric AlgorithmsOperate with a single cryptographic key that is used for both encryption and decryption of the message.
SubstitutionThe process of exchanging one letter or byte for another.
System KernelThe core of an OS, and one of its main functions is to provide access to system resources, which includes the system’s hardware and processes.
The Open Group Architecture Framework (TOGAF)An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models.
TranspositionThe process of reordering the plaintext to hide the message.
Work FactorThis represents the time and effort required to break a protective measure.
Zachman FrameworkAlogical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them.
memorize

Recent badges