217 MT prep

Key Terms: Chapter 1 • Acceptable use policy (AUP) o An organization-wide policy that defines what is allowed and disallowed regarding use of IT assets by employees and authorized contractors. • Application gateway firewalls (proxy firewalls) o A network device or computer that serves as a firewall and an intermediary between internal computers and computers on the Internet. • Availability o is a mathematical calculation where A = (Total Uptime) / (Total Uptime + Total Downtime). • Biometrics o A physiological or behavioral human-recognition system (e.g., fingerprint reader, a retina scanner, a voice-recognition reader, etc.). • Blackberry o Phone brand • Business continuity plan (BCP) o A plan for how to handle outages to IT systems, applications, and data access in order to maintain business operations. • Business impact analysis (BIA) o A prerequisite analysis for a business continuity plan that prioritizes business operations and functions and their associated IT systems, applications, and data and the impact of an outage or downtime. • Carrier Sense Multiple Access/Collision Detection (CSMA/CD) o The IEEE 802.3 Local Area Network standard for access and collision detection on an Ethernet Local Area Network segment. • Certified Information Systems Security Professional CISSP® o A globally recognized information systems security professional certification offered by (ISC)2. o certification for more experienced professionals. Obtaining the CISSP® professional certification requires the following: passing a certification exam, having at least five years of experience working in the information system security field, adhering to a code of ethics, and submitting continuing professional education (CPE) credits to maintain your certification. • Children’s Internet Protection Act (CIPA) o A federal law enacted by Congress to address concerns about access to offensive content over the Internet on school and library computers where children and minors have access. • Ciphertext o Encrypted data, the opposite of cleartext. Data sent as ciphertext is not intelligible or decipherable. • Cleartext o Unencrypted data, the opposite of ciphertext. Data sent as cleartext is readable and understandable. • Confidentiality

o The requirement to keep information private or secret. • Content filtering o The blocking of specific keywords or phrases in domain-name and URL lookups. Specific URLs and domain names can be prevented from being accessed with web content filtering enabled. • Cryptogram o A small encrypted message. • Cybersecurity o The act of securing and protecting individuals, businesses, organizations, and governments that are connected to the Internet and the Web. • Cyberspace o The global online virtual world created by the Internet where individuals, businesses, organizations, and governments connect to one another. • Data breach o An incident in which sensitive data is accessed and stolen. • Data classification standard o A definition of different data types with respect to security sensitivity. • Defense in depth o Also named the Castle Approach, the implementation of multiple layers of security (defense) throughout the IT infrastructure (depth). • Demilitarized zone (DMZ) o An exterior network that acts as a buffer zone between the public Internet and an organization’s IT infrastructure (i.e., LAN -to-WAN Domain). • Disaster recovery plan (DRP) o A written plan for how to handle major disasters or outages and recover mission-critical systems, applications, and data. • Downtime o The amount of time that an IT system, application, or data is not available to users. • E-commerce o The buying and selling of goods and services online through a secure website, with payment by credit card or direct debit from a checking account. • Encryption o The act of transforming cleartext data into undecipherable ciphertext. • Ethernet o An IEEE 802.3 CSMA/CD standard for Ethernet networking supporting speeds from 10 Mbps to over 10 Gbps. • Family Educational Rights and Privacy Act (FERPA) o A U.S. federal law that protects the private data of students, including their transcripts and grades, with which K – 12 and higher-education institutions must comply. • Federal Information Security Management Act 2002 (FISMA) o A U.S. federal law that requires U.S. government agencies to protect citizens’ private data and have proper security controls in place. • Federal Information Security Modernization Act 2014 (FISMA)

o A U.S. federal law enacted to bring the requirements of the Federal Information Security Management Act 2002 up to date with modern threats and security practices. • FICO o A publicly traded company that provides information used by the consumer credit reporting agencies Equifax, Experian, and TransUnion. • File Transfer Protocol (FTP) o A non-secure file-transfer application that uses connection-oriented TCP transmissions with acknowledgments. • Generation Y o The generation composed of those born between 1980 and 2000 in the United States. Members of Generation Y grew up with technologies that baby boomers did not have (i.e., cell phones, cable TV, Internet, iPods, etc.). • Gramm-Leach-Bliley Act (GLBA) o A U.S. federal law requiring banking and financial institutions to protect customers’ private data and have proper security controls in place. • Hardening o A process of changing hardware and software configurations to make computers and devices as secure as possible. • Health Insurance Portability and Accountability Act (HIPAA) o A U.S. federal law requiring health care institutions and insurance providers to protect patients’ private data and have proper security controls in place. • Hypertext Transfer Protocol (HTTP) o An application layer protocol that allows users to communicate and access content via web pages and browsers. • Hypertext Transfer Protocol Secure (HTTPS) o The combination of HTTP and SSL/TLS encryption to provide security for data entry by users entering information on secure web pages, like those found on online banking websites. • Identity theft o The act of stealing personally identifiable information with the intent to open new accounts, make purchases, or commit fraud. • IEEE 802.3 CSMA/CD o An IEEE standard for local area networking that allows multiple computers to communicate using the same cabling. This is also known as Ethernet. • Information security o The protection of data itself. • Information systems o The servers and application software on which information and data reside. • Information systems security o The protection of information systems, applications, and data. • Instant messaging (IM) chat o A session initiation protocol (SIP) application supporting one-to-one or one-to-many real-time chat. Examples include AOL IM, Yahoo! Messenger, and Google Talk. • Institute of Electrical and Electronics Engineers (IEEE)

o A standards body that defines specifications and standards for electronic technology. • Integrity o The validity of information or data. Data with high integrity has not been altered or modified. • International Information Systems Security Certification Consortium (ISC)^2 o The International Information Systems Security Certification Consortium. A nonprofit organization dedicated to certifying information systems security professionals. • Internet o A global network of computer networks that uses the TCP/IP family of protocols and applications to connect nearly 2 billion users. • Internet of Things (IoT) o A term used to refer to the large number of networked devices (e.g., personal items, home appliances, cloud services, vehicles, etc.) that can now connect to the Internet. • Intrusion detection system/intrusion prevention system (IDS/IPS) o Network security appliances typically installed within the LAN-to-WAN Domain at the Internet ingress/egress point to monitor and block unwanted IP traffic. • IP default gateway router o The router interface’s IP address that acts as your LAN’s ingress/egress device. • IP stateful firewall o A device that examines the IP, TCP, and UDP layers within a packet to make blocking or forwarding decisions. Firewalls are placed at the ingress/egress points where networks interconnect. • IT security policy framework o A set of rules for security. The framework is hierarchical and includes policies, standards, procedures, and guidelines. • Layer 2 switch o A network switch that examines the MAC layer address of an IP packet to determine where to send it. A Layer 2 switch supports LAN connectivity, typically via unshielded twisted-pair cabling at 10/100/1000 or 10 Gbps Ethernet speeds. • Layer 3 switch o A network switch that examines the network layer address of an Ethernet frame to determine where to route it. A Layer 3 switch supports LAN connectivity, typically via unshielded twisted-pair cabling at 10/100/1000 or 10 Gbps Ethernet speeds and is the same thing as a router. • Local area network (LAN) o A collection of computers that are connected to one another or to a common medium. Computers on a LAN are generally within an area no larger than a building. • Malicious code o Software written with malicious intent — for example, a computer virus • Malicious software o Software designed to infiltrate one or more target computers and follow an attacker’s instructions. Also called malware. • Mean time between failures (MTBF)

o MTBF is the predicted amount of time between failures of an IT system during production operation. • Mean time to failure (MTTF) o The average amount of time a device is expected to operate before encountering a failure. • Mean time to repair (MTTR) o The average amount of time required to repair a device. • Multiprotocol Label Switching (MPLS) o A wide area network technology that operates at Layer 2 by inserting labels or tags in the packet header for creating virtual paths between endpoints in a WAN infrastructure. This is a faster method of transporting IP packets through the WAN without requiring routing and switching of IP packets. • Honestly over it, just use the textbook (this will prob bite me in the ass in the future) Assessment 1) Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information. a) A. True 2) Software manufacturers limit their liability when selling software using which of the following? a) A. End-User License Agreements 3) The __________ tenet of information systems security is concerned with the recovery time objective. a) C. Availability 4) If you are a publicly traded company or U.S. federal government agency, you must go public and announce that you have had a data breach and must inform the impacted individuals of that data breach. a) A. True 5) Organizations that require customer service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by using which of the following security controls? a) B. Blocking out customer private data details and allowing access only to the last four digits of Social Security numbers or account numbers 6) The __________ is the weakest link in an IT infrastructure. a) E. User Domain 7) Which of the following security controls can help mitigate malicious email attachments? a) Email filtering and quarantining b) Email attachment antivirus scanning c) Verifying with users that email source is reputable d) Holding all inbound emails with unknown attachments e) E. All of the above 8) You can help ensure confidentiality by implementing __________. a) D. A virtual private network for remote access