Chapter 1
The property of information whereby it is recorded, used, and maintained in a way that ensures its completeness, accuracy, internal consistency, and usefulness (1.1)
What is integrity?
An event that actually or potentially jeopardizes the confidentiality, integrity, or availability of an information system or the info it processes (2.1)
What is an incident?
Ensures that a process cannot be completed by a single person, forcing collusion as a means to reduce insider threats (3.1)
The secure alternative port to DNS's port 53 (4.1)
What is port 853? (DNS over TLS, or DoT)
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data (5.1)
What is a checksum?
Trade secrets, research, business plans, and intellectual property are all examples of this (1.1)
What is classified (or sensitive) information?
The loss of control, compromise, unauthorized disclosure, or any occurrence where someone wrongfully accesses personally identifiable information (2.1)
What is a breach?
An information system account with approved authorizations of a privileged user (3.1)
What is a privileged account?
An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data travelling between them (4.1)
What is a man-in-the-middle (or on-path) attack?
One who performs cryptanalysis, the study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security (5.1)
What is a cryptanalyst?
The level of risk an entity is willing to assume in order to achieve a potential desired result (1.2)
What is risk tolerance?
A security event that constitutes a deliberate security incident in which an intruder gains, or attempts to gain, access to a system or resource without authorization (2.1)
What is an intrustion?
The process of creating, maintaining, and deactivating user identities on a system (3.1)
What is user provisioning?
A passive, non-invasive attack to observe the operation of a device, with methods including power monitoring, timing, and fault analysis attacks (4.2)
What is a side-channel attack?
A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated (5.2)
What is configuration managament?
Management, operational, and technical controls prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information (1.3)
What are security controls?
A component of an IR plan that involves training staff, implementing an IR team, planning communication between stakeholders, and developing a policy (2.1)
What is preparation?
An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time (3.2)
What is a mantrap?
A cloud model in which the cloud provides network access to traditional computing resources such as processing power and storage (4.3)
What is infrastructure as a service? (IaaS)
A security policy that addresses employees' personally owned equipment being used for both business and personal matters (5.3)
What is a Bring Your Own Device policy? (BYOD)
An organization that develops voluntary international standards in collaboration with its partners in international standardization, the IEC and the ITV (1.4)
What is the International Organization for Standardization? (ISO)
A centralized organizational function fulfilled by an information security team that monitors and analyzes network/system events to resolve or prevent issues (2.1)
What is a security operations center? (SOC)
These controls are implemented through a tangible mechanism, like walls, locks, fences, or guards (3.2)
What are physical access controls?
An agreement between a cloud service provider and a cloud service customer based on cloud-specific terms to set the quality of services delivered (4.3)
What is a cloud-level service agreement? (cloud SLA)
A request for your password or login credentials in exchange for some compensation (5.4)
What is a quid pro quo?