Vulnerability Assessment Tools
Give this one a try later!
Often include some portion of the feature set we might find in a tool such
as Nmap, are aimed specifically at the task of finding and reporting
network services on hosts that have known vulnerabilities.
,Risk Management Process
Give this one a try later!
Identify assets, identify threats, assess vulnerabilities, assess risks, mitigate
risks
Information Security
Give this one a try later!
Protecting an organization's information and information systems from
unauthorized access, use, disclosure, disruption, modification, or
destruction.
What is PGP (Pretty Good Privacy)?
Give this one a try later!
one of the first strong encryption tools to reach the eye of the general
public and the media. Created in the early 1990s, the original release of
PGP was based on a symmetric algorithm and could be put to use in
securing data such as communications and files. The original release of PGP
was given away as free software, including the source code. At the time of
its release, PGP was regulated as a munition under the US International
Traffic in Arms Regulations (ITAR) law. Zimmerman spent several years
under investigation for criminal activities, as he was suspected of exporting
PGP out of the country, which was then illegal and encryption systems
were included under arms trafficking regulations.
,Impact
Give this one a try later!
takes into account the value of the asset being threatened and uses it to
calculate risk
Honeypots
Give this one a try later!
can detect, monitor, and sometimes tamper with the activities of an
attacker. Honeypots are configured to deliberately display vulnerabilities or
materials that would make the system attractive to an attacker.
Hash Functions
Give this one a try later!
also known as "keyless cryptology," Accepts an input message of any
length and generates, through a one-way operation, a fixed-length output.
Used primarily to ensure integrity.
Why two broad categories of attacks occur in web security?
Give this one a try later!
, attacks can be (1) client-side or (2) server-side
FISMA (Federal Information Security Management Act)
Give this one a try later!
The Federal Information Security Modernization Act (FISMA) provides a
framework for ensuring the effectiveness of information security controls in
government. This legislation is intended to protect government information,
operations, and assets from any natural or manmade threat. FISMA requires
each federal agency to develop, document, and implement an information
security program to protect its information and information systems. Annual
reviews of these programs are required to maintain compliance and keep
security risks to an acceptable level.
a. Federal Information Security Management Act of 2002
b. applies to all US federal government agencies, all state agencies that
administer federal programs (such as Medicare), and all private companies
that support, sell to, or receive grant money from the federal government.
c. FISMA requires that an organization implement information security
controls that use a risk-based approach - one that handles security by
enumerating and compensating for specific risks.
d. FISMA compliance - granted Authority to operate (ATO) after passing an
audit from a particular federal agency
Incident Response Process
Give this one a try later!
Give this one a try later!
Often include some portion of the feature set we might find in a tool such
as Nmap, are aimed specifically at the task of finding and reporting
network services on hosts that have known vulnerabilities.
,Risk Management Process
Give this one a try later!
Identify assets, identify threats, assess vulnerabilities, assess risks, mitigate
risks
Information Security
Give this one a try later!
Protecting an organization's information and information systems from
unauthorized access, use, disclosure, disruption, modification, or
destruction.
What is PGP (Pretty Good Privacy)?
Give this one a try later!
one of the first strong encryption tools to reach the eye of the general
public and the media. Created in the early 1990s, the original release of
PGP was based on a symmetric algorithm and could be put to use in
securing data such as communications and files. The original release of PGP
was given away as free software, including the source code. At the time of
its release, PGP was regulated as a munition under the US International
Traffic in Arms Regulations (ITAR) law. Zimmerman spent several years
under investigation for criminal activities, as he was suspected of exporting
PGP out of the country, which was then illegal and encryption systems
were included under arms trafficking regulations.
,Impact
Give this one a try later!
takes into account the value of the asset being threatened and uses it to
calculate risk
Honeypots
Give this one a try later!
can detect, monitor, and sometimes tamper with the activities of an
attacker. Honeypots are configured to deliberately display vulnerabilities or
materials that would make the system attractive to an attacker.
Hash Functions
Give this one a try later!
also known as "keyless cryptology," Accepts an input message of any
length and generates, through a one-way operation, a fixed-length output.
Used primarily to ensure integrity.
Why two broad categories of attacks occur in web security?
Give this one a try later!
, attacks can be (1) client-side or (2) server-side
FISMA (Federal Information Security Management Act)
Give this one a try later!
The Federal Information Security Modernization Act (FISMA) provides a
framework for ensuring the effectiveness of information security controls in
government. This legislation is intended to protect government information,
operations, and assets from any natural or manmade threat. FISMA requires
each federal agency to develop, document, and implement an information
security program to protect its information and information systems. Annual
reviews of these programs are required to maintain compliance and keep
security risks to an acceptable level.
a. Federal Information Security Management Act of 2002
b. applies to all US federal government agencies, all state agencies that
administer federal programs (such as Medicare), and all private companies
that support, sell to, or receive grant money from the federal government.
c. FISMA requires that an organization implement information security
controls that use a risk-based approach - one that handles security by
enumerating and compensating for specific risks.
d. FISMA compliance - granted Authority to operate (ATO) after passing an
audit from a particular federal agency
Incident Response Process
Give this one a try later!
