Download Official (ISC)² SSCP study guide key words rated A+ and more Exams Communication in PDF only on Docsity!
Access Control Object - A passive entity that typically receives or contains some form of data. Access Control Subject - An active entity and can be any user, program, or process that requests permission to cause data to flow from an access control object to the access control subject or between access control objects. Asynchronous Password Token - A one-time password is generated without the use of a clock, either from a one-time pad or cryptographic algorithm. Authorization - Determines whether a user is permitted to access a particular resource. Connected Tokens - Must be physically connected to the computer to which the user is authenticating. Contactless Tokens - Form a logical connection to the client computer but do not require a physical connection. Disconnected Tokens - Have neither a physical nor logical connection to the client computer. Entitlement - A set of rules, defined by the resource owner, for managing access to a resource (asset, service, or entity) and for what purpose. Identity Management - The task of controlling information about users on computers.
Official (ISC)² SSCP study guide key
words
Proof of Identity - Verify people's identities before the enterprise issues them accounts and credentials. Kerberos - A popular network authentication protocol for indirect (third-party) authentication services. Lightweight Directory Access Protocol (LDAP) - A client/server-based directory query protocol loosely based on X.500, commonly used to manage user information. LDAP is a front end and not used to manage or synchronize data per se as opposed to DNS. Single Sign-On (SSO) - Designed to provide strong authentication using secret-key cryptography, allowing a single identity to be shared across multiple applications.
Active attack - Attack where the attacker does interact with processing or communication activities. ActiveX - A Microsoft technology composed of a set of OOP technologies and tools based on COM and DCOM. It is a framework for defining reusable software components in a programming language-independent manner Address bus - Physical connections between processing components and memory segments used to communicate the physical memory addresses being used during processing procedures. Address resolution protocol (ARP) - A networking protocol used for resolution of network layer IP addresses into link layer MAC addresses.
Address space layout randomization (ASLR) - Memory protection mechanism used by some operating systems. The addresses used by components of a process are randomized so that it is harder for an attacker to exploit specific memory vulnerabilities. Algebraic attack - Cryptanalysis attack that exploits vulnerabilities within the intrinsic algebraic structure of mathematical functions. Algorithm - Set of mathematical and logic rules used in cryptographic functions. Analog signals - Continuously varying electromagnetic wave that represents and transmits data. Analytic attack - Cryptanalysis attack that exploits vulnerabilities within the algorithm structure. Annualized loss expectancy (ALE) - Annual expected loss if a specific vulnerability is exploited and how it affects a single asset. SLE × ARO = ALE. Application programming interface (API) - Software interface that enables process-to- process interaction. Common way to provide access to standard routines to a set of software programs. Arithmetic logic unit (ALU) - A component of the computer's processing unit, in which arithmetic and matching operations are performed. AS/NZS 4360 - Australia and New Zealand business risk management assessment approach. Assemblers - Tools that convert assembly code into the necessary machine-compatible binary language for processing activities to take place.
Asynchronous communication - Transmission sequencing technology that uses start and stop bits or similar encoding mechanism. Used in environments that transmit a variable amount of data in a periodic fashion. Asynchronous token generating method - Employs a challenge/response scheme to authenticate the user. Attack surface - Components available to be used by an attacker against the product itself. Attenuation - Gradual loss in intensity of any kind of flux through a medium. As an electrical signal travels down a cable, the signal can degrade and distort or corrupt the data it is carrying. Attribute - A column in a two-dimensional database. Authentication Header (AH) Protocol - Protocol within the IPSec suite used for integrity and authentication. Authenticode - A type of code signing, which is the process of digitally signing software components and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was digitally signed. Authenticode is Microsoft's implementation of code signing. Availability - Reliable and timely access to data and resources is provided to authorized individuals. Avalanche effect - Algorithm design requirement so that slight changes to the input result in drastic changes to the output. Base registers - Beginning of address space assigned to a process. Used to ensure a process does not make a request outside its assigned memory boundaries.
Baseband transmission - Uses the full bandwidth for only one communication channel and has a low data transfer rate compared to broadband. Bastion host - A highly exposed device that will most likely be targeted for attacks, and thus should be hardened. Behavior blocking - Allowing the suspicious code to execute within the operating system and watches its interactions with the operating system, looking for suspicious activities. Confidentiality - data is not disclosed to unauthorized users Integrity - prevents any unauthorized or unwanted modification of data
Nonrepudiation - A user cannot deny any particular act that he or she did on the IT system Least Privilege - Providing only the minimum amount of privileges necessary to perform a job or function. Separation of Duties - Distributing tasks and associated privileges among multiple people, primary objective to prevent fraud and errors Due Diligence - Necessary level of care and attention that is taken to investigate an action before it is taken. (Look before jumping)
Due Care - The requirement that a professional exercise reasonable ability and judgement in a specific circumstance, the absence of which constitutes negligence. Also called standard of care. Three Factors of Authentication - Something you... know, have and are False Reject Rate - The percentage or value associated with the rate at which authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device. False Accept Rate - The percentage of identification instances in which unauthorized users are allowed access to systems or areas as a result of a failure in the biometric device. Crossover Error Rate - The crossover error rate, also called the equal error rate, is the point at which the number of false positives matches the number of false negatives in a bio metric system. Select the system with the lowest crossover error rate within your budget. Multifactor Authentication - A form of authentication where a user must use two or more factors to prove his or her identity. Single Sign-on Authentication - Authenticate once to access multiple resources Centralized Authentication - Credentials for the users are stored on a central server. Any user is able to log on to the network once and then access any computer in the network (as long as the user has permissions). For example, if a computer is part of a Microsoft domain, the central server will be a domain controller and hold accounts for all users in the domain. Decentralized Authentication - Every computer has a separate database that stores credentials. If a user needed to log on to all four computers in this network, he or she would need to have four separate sets of credentials—one for each system.
Object - The resource being accessed (ex: data, hardware, applications, networks, facilities) Logical Access Control - A mechanism that limits access to computer systems and network resources. Access Control Lists - These lists are used to identify systems and specify which users, protocols, or services are allowed Security Kernel - Consists of several components including software, firmware, and hardware. They represent represents all the security functionality of the operating system. Physical Access Control - A mechanism that limits access to physical resources, such as buildings or rooms (ex: lock doors, alarm systems, cipher locks, CCTVs, guards) Access Control Models - Regulate the admission of users into trusted areas of the organization-both logical access to information systems and physical access to the organization's facilities Discretionary Access Control (DAC) - The least restrictive access control. Is an access policy determined by the owner of a file (or other resource). The owner decides who's allowed access to a file and what privileges they have. Non-Discretionary Access Control (Non-DAC) - Access rules are closely managed by the security administrator. Offers stronger security than DAC because it does not rely only on users compliance Mandatory Access Control (MAC) - The most restrictive access control. Users are assigned a security level or clearance, and when they try to access an object, their clearance level is compared to the objects sensitivity level. If they match the user can access the object, if not, the user is denied access
Bell-LaPadula Model - Security model that deals only with confidentiality. Two rules: simple security property rule, the star property rule Simple Security Property Rule - No read up. No subject can read information from an object with a security classification higher than that possessed by the subject itself. The * Property (Star-property) Rule - No write down. Subjects granted access to any security level may not write to any object at a lower security level. Biba Model - Security model that deals only with integrity. Simple Integrity Axiom - No read down. Subjects granted access to any security level may not read an object at a lower security level
Availability - Refers to the ability to access and use information systems when and as needed to support an organization's operations. Breach - The intentional or unintentional release of secure information to an untrusted environment. CMDB - A configuration management database (CMDB) is a repository that contains a collection of IT assets that are referred to as configuration items. Compensating Controls - Introduced when the existing capabilities of a system do not support the requirements of a policy. Confidentiality - Refers to the property of information in which it is only made available to those who have a legitimate need to know.
Configuration Management (CM) - A discipline that seeks to manage configuration changes so that they are appropriately approved and documented, so that the integrity of the security state is maintained, and so that disruptions to performance and availability are minimized. Corrective Control - These controls remedy the circumstances that enabled unwarranted activity, and/ or return conditions to where they were prior to the unwanted activity. COTS - A Federal Acquistion Regulation (FAR) term for commercial off-the-shelf (COTS) items, that can be purchased n the commercial marketplace and used under government contract. Deduplication - A process that scans the entire collection of information looking for similar chunks of data that can be consolidated. Defense-in-depth - Provision of several overlapping subsequent limiting barriers with no respect to one safety or security threshold, so that the threshold can only be surpassed if all barriers have failed. Degaussing - A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data. Deluge System - A fire suppression system with open sprinker heads, water is held back until a detector in the area is activated. Deterrent Control - Controls that prescribe some sort of punishment, randing from embarrassment to job termination or jail time for noncompliance. Their intent is to dissuade people from performing unwanted acts. Directive Control - Controls dictated by organizational and legal authorities.
Integrity - The property of information whereby it is recorded, used, and maintained in a way that ensures its completeness, accuracy, internal consistency, and usefulness for a stated purpose. IT Asset Management (ITAM) - Entails collecting inventory and financial and contractual data to manage the IT asset throughout its life cycle. Least Privilege - A security principle in which any user/process is given only the necessary, minimum level of access rights (privileges) explicitly, for the minimum amount of time, in order for it to complete its operation. Non-repudiation - A service that is used to provide assurance of the integrity and origin of data in such a way that the integrity and origin can be verified by a third party as having originated from a specific entity in possession of the private key of the claimed signatory. Pre-action System - A fire suppression system that contains water in the pipes but will not release the water until detectors in the area have been activated. This can eliminate concerns of water damage due to accidental or false activation. Preventive Control - Controls that block unwanted actions. Privacy - The rights and obligations of individuals and organizations with respect to the collection, use, retention, and disclosure of personal information. Procedures - Step-by-step instructions for performing a specific task or set of tasks. Release Management - A software engineering discipline that controls the release of applications, updates, and patches to the production environment. Release Management Policy - Specifies the conditions that must be met for an application or component to be released to production, roles and responsibilities for packaging, approving, moving, and testing code releases, and approval and documentation requirements.
Release Manager - Responsible for planning, coordination, implementation, and communication of all application releases. Separation of Duties - An operational security mechanism for preventing fraud and unauthorized use that requires two or more individuals to complete a task or perform a specific function. Systems Integrity - The maintenance of a known good configuration and expected operational function.
