UPDATED 2024 Fundamentals of Information Security – C836 Quizlets

FISMA (Federal Information Security Modernization Act) - This law provides a framework for ensuring the effectiveness of information security controls in the federal government - changed from management (2002) to Modernization in 2014 2. HIPAA (Health Insurance Portability and Accountability Act) - This law improves the efficiency and effectiveness of the healthcare system and protects patient privacy. 3. FERPA (Family Educational Rights and Privacy Act) - This law protects the privacy of students and their parents. 4. SOX (Sarbanes-Oxley Act) - This law regulates the financial practice and governance of corporations. 5. GLBA (Gramm-Leach-Bliley Act) - This law protects the customers of financial institutions. 6. Compliance - Relating to an organization’s adherence to laws, regulations, and standards. 7. Regulatory compliance - Regulations mandated by law usually require regular audits and assessments. 8. Industry compliance - Regulations or standards designed for specific industries that may impact the ability to conduct business 9. Privacy - the state or condition of being free from being observed or disturbed by other people. 10. The Federal Act of 1974 - This act safeguards privacy through the establishment of procedural and substantive rights in personal data. 11. Privacy rights - Rights relating to the protection of an individual’s personal information. Downloaded by denis munene () lOMoARcPSD| 12. PII (Personally Identifiable Information) - Information that can be used to identify an individual, and should be protected as sensitive data and monitored for compliance. 13. Cryptography - the science of keeping information secure 14. Cryptanalysis - The science of breaking through the encryption used to create ciphertext. 15. Cryptology - The overarching field of study that covers cryptography and cryptanalysis. 16. Cryptographic algorithm (cipher) - The specifics of the process used to encrypt plaintext or decrypt the ciphertext. 17. Plaintext (cleartext) - unencrypted data 18. Ciphertext - encrypted data 19. Caesar cipher - an ancient cryptographic technique based on transposition; involves shifting each letter of a plaintext message by a certain number of letters (historically 3) 20. ROT13 cipher - a more recent cipher that uses the same mechanism as the Caesar cipher but moves each letter 13 places forward. 21. Symmetric key cryptography (private key cryptography) - uses a single key for both encryption of the plaintext and the decryption of the ciphertext. 22. Block cipher - A type of cipher that takes a predetermined number of bits in the plaintext message (commonly 64 bits) and encrypts the block. 23. Stream cipher - A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time. 24. AES (Advanced Encryption Standard) - A set of symmetric block ciphers endorsed by the US government through NIST. Shares the same block modes that DES uses and also includes other modes such as XEX-based tweaked CodeBook (TCB) mode. Downloaded by denis munene () lOMoARcPSD| 25. Asymmetric key cryptography (public key cryptography) - This method uses 2 keys, a public key, and a private key. 26. SSL (secure sockets layer) - a protocol that uses the RSA algorithm (and asymmetric algorithm) to secure web and email traffic. 27. Hash function (message digest) - Keyless cryptography that creates a largely unique and fixed-length hash value based on the original message. 28. Hash - used to determine whether the message has changed; provides integrity (but not confidentiality) 29. Digital signature - a method of securing a message that involves generating a hash and encrypting it using a private key. 30. Certificate - created to link a public key to a particular individual; used as a form of electronic identification for that person. 31. CA (certificate authority) - a trusted entity that handles digital certificates. 32. PKI (Public Key Infrastructure) - Infrastructure that includes the CAs that issue and verify certificates and the RAs that verify the identity of the individuals associated with the certificates. 33. RA (registration authority) - An authority in a PKI that verifies the identity of the individual associated with the certificate. 34. CRL (Certificate Revocation List) - a public list that holds all the revoked certifications for a certain period of time. 35. Data at rest - Data that is on a storage device of some kind and is not moving 36. Data in motion - Data that is moving over a WAN or LAN, a wireless network, over the internet, or in other ways. 37. Data at rest - This type of data is protected using data security (encryption) and physical security. 38. Data in motion - This type of data is best protected by protecting the data itself (using SSL, TLS) and protecting the connection (using IPsec VPN, SSL VPN) Downloaded by denis munene () lOMoARcPSD|