Cyber

Documents

Security

Key Abbrevs

Attack!

Access Control

100

Public key certificate standard

What is X.509

100

defining security relations w/respect to the container, ex. security attributes in metadata

What is declarative security?

100

CIA

What is Confidentiality, Integrity, Availability - basic functions of any security system

100

SQL, OS, LDAP variants

What is injection attacks

100

process where user enters token to demonstrate who are

What is Authentication

200

EU Data protection regulation

What is GDPR

200

security implementation in code itself - best for business rules

what is imperative (programmatic) security

200

AAA

What is Authentication, Authorization, Accounting (Auditing)

200

MitM attack, hijack attack

What are types of session attacks?

200

owner of object decides which other subjects have what access. Linux default

What is DAC (Discretionary access control)

300

financial modernization, protect consumers PFI

What is Gramm-Leach-Bliley

300

defends against locality attacks

What is ASLR - Address space layout randomization

300

SMART

What is Specific, Measurable, Attainable, Realistic, Time bound - for software development

300

treat crypto algorithm as parameter data so it can be quickly changed

What is cryptographic agility?

300

subject's access to object is predetermined property of system rule. Secret, top secret etc. Based on sensitivity of data.

What is MAC (Mandatory access control)

400

Systems used for financial accounting must have some security control over integrity for confidence of numbers

What is Sarbanes-Oxley

400

security model, confidentiality, no-read-up, no-write down

What is Bell-LaPadula

400

DREAD

What is Threat modeling and bug classification: impact times probability - Damage potential, Reproducability, Exploitability, Affected users, Discoverability

400

reusable solutions to problems that happen regularly. support secure design principles.

What are security design patterns

400

Each user assigned roles, roles have permissions for tasks associated with role.

What is RBAC (Role-based access control)

500

Guidance for establishing quality software

What is ISO 9216

500

integrity, no-write-up (low-water-mark) and no-read-down (simple integrity)

Biba Security model

500

STRIDE

Threat modelling: Spoofing, Tampering, Repudiation, Information disclosure, DoS, Elevation of Privilege

500

attack against cryptosystem, take advantage of a byproduct

What is side-channel attack

500

Based on attributes associated with object and subject. Like medical records access for staff giving care.

What is ABAC (Attribute-based access control)