WGU C836 CHAPTER 1-6
FISMA (Federal Information Security Modernization Act) - ✔this law provides a
framework for ensuring the effectiveness of information security controls in federal
government
- changed from Management (2002) to Modernization in 2014
HIPAA (Health Insurance Portability and Accountability Act) - ✔this law improves the
efficiency and effectiveness of the health care system and protects patient privacy
FERPA (Family Educational Rights and Privacy Act) - ✔this law protects the privacy of
students and their parents
SOX (Sarbanes-Oxley Act) - ✔this law regulates the financial practice and governance
of corporations
GLBA (Gramm-Leach-Bliley Act) - ✔this law protects the customers of financial
institutions
compliance - ✔relating to an organization's adherence to laws, regulations, and
standards
regulatory compliance - ✔Regulations mandated by law usually requiring regular audits
and assessments
industry compliance - ✔Regulations or standards designed for specific industries that
may impact ability to conduct business (e.g. PCI DSS)
privacy - ✔the state or condition of being free from being observed or disturbed by
other people
The Federal Privacy Act of 1974 - ✔This act safeguards privacy through the
establishment of procedural and substantive rights in personal data
privacy rights - ✔Rights relating to the protection of an individual's personal information
PII (Personally Identifiable Information) - ✔Information that can be used to identify an
individual, and should be protected as sensitive data and monitored for compliance
cryptography - ✔the science of keeping information secure
Cryptanalysis - ✔The science of breaking through the encryption used to create
ciphertext
cryptology - ✔The overarching field of study that covers cryptography and cryptanalysis
, WGU C836 CHAPTER 1-6
cryptographic algorithm (cipher) - ✔The specifics of the process used to encrypt
plaintext or decrypt ciphertext
plaintext (cleartext) - ✔unencrypted data
ciphertext - ✔encrypted data
Caesar cipher - ✔an ancient cryptographic technique based on transposition; involves
shifting each letter of a plaintext message by a certain number of letters (historically 3)
ROT13 cipher - ✔a more recent cipher that uses the same mechanism as the Caesar
cipher but moves each letter 13 places forward
symmetric key cryptography (private key cryptography) - ✔uses a single key for both
encryption of the plaintext and decryption of the ciphertext
block cipher - ✔A type of cipher that takes a predetermined number of bits in the
plaintext message (commonly 64 bits) and encrypts that block
stream cipher - ✔A type of cipher that encrypts each bit in the plaintext message, 1 bit
at a time
AES (Advanced Encryption Standard) - ✔A set of symmetric block ciphers endorsed by
the US government through NIST. Shares the same block modes that DES uses and
also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode
asymmetric key cryptography (public key cryptography) - ✔this method uses 2 keys, a
public key and a private key
SSL (secure sockets layer) - ✔a protocol that uses the RSA algorithm (an asymmetric
algorithm) to secure web and email traffic
hash function (message digest) - ✔keyless cryptography that creates a largely unique
and fixed-length hash value based on the original mesage
hash - ✔used to determine whether the message has changed;
provides integrity (but not confidentiality)
digital signature - ✔a method of securing a message that involves generating a hash
and encrypting it using a private key
certificate - ✔created to link a public key to a particular individual;
used as a form of electronic identification for that person
FISMA (Federal Information Security Modernization Act) - ✔this law provides a
framework for ensuring the effectiveness of information security controls in federal
government
- changed from Management (2002) to Modernization in 2014
HIPAA (Health Insurance Portability and Accountability Act) - ✔this law improves the
efficiency and effectiveness of the health care system and protects patient privacy
FERPA (Family Educational Rights and Privacy Act) - ✔this law protects the privacy of
students and their parents
SOX (Sarbanes-Oxley Act) - ✔this law regulates the financial practice and governance
of corporations
GLBA (Gramm-Leach-Bliley Act) - ✔this law protects the customers of financial
institutions
compliance - ✔relating to an organization's adherence to laws, regulations, and
standards
regulatory compliance - ✔Regulations mandated by law usually requiring regular audits
and assessments
industry compliance - ✔Regulations or standards designed for specific industries that
may impact ability to conduct business (e.g. PCI DSS)
privacy - ✔the state or condition of being free from being observed or disturbed by
other people
The Federal Privacy Act of 1974 - ✔This act safeguards privacy through the
establishment of procedural and substantive rights in personal data
privacy rights - ✔Rights relating to the protection of an individual's personal information
PII (Personally Identifiable Information) - ✔Information that can be used to identify an
individual, and should be protected as sensitive data and monitored for compliance
cryptography - ✔the science of keeping information secure
Cryptanalysis - ✔The science of breaking through the encryption used to create
ciphertext
cryptology - ✔The overarching field of study that covers cryptography and cryptanalysis
, WGU C836 CHAPTER 1-6
cryptographic algorithm (cipher) - ✔The specifics of the process used to encrypt
plaintext or decrypt ciphertext
plaintext (cleartext) - ✔unencrypted data
ciphertext - ✔encrypted data
Caesar cipher - ✔an ancient cryptographic technique based on transposition; involves
shifting each letter of a plaintext message by a certain number of letters (historically 3)
ROT13 cipher - ✔a more recent cipher that uses the same mechanism as the Caesar
cipher but moves each letter 13 places forward
symmetric key cryptography (private key cryptography) - ✔uses a single key for both
encryption of the plaintext and decryption of the ciphertext
block cipher - ✔A type of cipher that takes a predetermined number of bits in the
plaintext message (commonly 64 bits) and encrypts that block
stream cipher - ✔A type of cipher that encrypts each bit in the plaintext message, 1 bit
at a time
AES (Advanced Encryption Standard) - ✔A set of symmetric block ciphers endorsed by
the US government through NIST. Shares the same block modes that DES uses and
also includes other modes such as XEX-based Tweaked CodeBook (TCB) mode
asymmetric key cryptography (public key cryptography) - ✔this method uses 2 keys, a
public key and a private key
SSL (secure sockets layer) - ✔a protocol that uses the RSA algorithm (an asymmetric
algorithm) to secure web and email traffic
hash function (message digest) - ✔keyless cryptography that creates a largely unique
and fixed-length hash value based on the original mesage
hash - ✔used to determine whether the message has changed;
provides integrity (but not confidentiality)
digital signature - ✔a method of securing a message that involves generating a hash
and encrypting it using a private key
certificate - ✔created to link a public key to a particular individual;
used as a form of electronic identification for that person
