![](/user_photo/_userpic.png)
CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)
.pdf![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef701x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef702x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef703x1.jpg)
ITSEC – life cycles in system development |
663 |
||
ITSEC (Information Technology Security |
|
|
|
|
L |
|
|
Evaluation and Certification), 156, 375 |
|
|
|
IVPs (integrity verification procedures), 366 |
|
|
|
|
|
|
|
|
|
L2F (Layer 2 Forwarding) protocol, 60, 102, 619 |
|
|
|
L2TP (Layer 2 Tunneling Protocol), 60, 74, 83, |
|
J |
102, 619 |
|
|
|
labeled security (B1) systems, 372 |
|
|
Java applets, 184, 228 |
|
labels, 139 |
|
|
defined, 636 |
|
|
Java programming language, 617 |
|
|
|
|
in mandatory access controls, 16 |
|
|
Java Virtual Machine (JVM), 184 |
|
|
|
|
for media, 403 |
|
|
job descriptions, 150–151, 408, 617 |
|
|
|
|
in security models, 364 |
|
|
job responsibilities, 151, 618 |
|
|
|
|
land attacks, 42, 237, 619 |
|
|
job rotation, 151, 618 |
|
|
|
|
LANs (local area networks) |
|
|
Joint Photographic Experts Group (JPEG), 63 |
|
|
|
|
defined, 619 |
|
|
journals, monitoring, 21 |
|
|
|
|
vs. WANs, 64 |
|
|
JVM (Java Virtual Machine), 184 |
|
|
|
|
working with, 68–71 |
|
|
|
|
|
|
|
|
lattice-based access control, 17, 17, 346, 619 |
|
|
|
law enforcement agencies, 528–529 |
|
|
|
||
K |
|
laws, 508 |
|
|
administrative, 510 |
|
|
KDCs (Key Distribution Centers), 15, 618 |
|
civil, 509–510 |
|
|
computer crime, 511–514 |
|
|
Kerberos authentication, 14–15, 618 |
|
|
|
|
criminal, 508–509 |
|
|
kernel operating mode, 329 |
|
|
|
|
exam essentials for, 530–531 |
|
|
kernel proxy firewalls, 618 |
|
|
|
|
import/export, 520–521 |
|
|
kernels |
|
|
|
|
intellectual property, 514–519 |
|
|
in protection rings, 323 |
|
|
|
|
licensing, 519–520 |
|
|
security, 363–364 |
|
|
|
|
privacy, 521–526 |
|
|
key ciphers, 265–266 |
|
|
|
|
review questions, 533–538 |
|
|
Key Distribution Centers (KDCs), 15, 618 |
|
|
|
|
summary, 530 |
|
|
keyboard logging, 10 |
|
|
|
|
written lab for, 532, 539 |
|
|
keyboards, 336 |
|
|
|
|
Layer 2 Forwarding (L2F) protocol, 60, 102, 619 |
||
keys, 570 |
|
||
in cryptography, 13, 266–267, 603 |
|
Layer 2 Tunneling Protocol (L2TP), 60, 74, 83, |
|
asymmetric, 268–270, 288–289, 288, 595 |
102, 619 |
|
|
distributing, 268, 275–277 |
|
layered environment, access control in, 4–5 |
|
|
layering, 136, 339, 619 |
|
|
escrow system, 277, 618 |
|
|
|
|
layers |
|
|
length of, 267 |
|
|
|
for databases, 187 |
|
OSI. See OSI (Open Systems Interconnection) |
|
|
model |
|
|
defined, 618 |
|
|
|
|
TCP/IP. See TCP/IP protocol |
|
|
in PKI, 300 |
|
|
|
keystroke monitoring, 428–429, 618 |
|
learning phase in IDEAL model, 205 |
|
keystroke patterns, 10, 618 |
|
legal personnel, 552 |
|
|
legal requirements. See also laws |
|
|
knowledge-based intrusion detection, 35, 618 |
|
|
|
knowledge-based systems, 193 |
|
in administrative management, 402 |
|
|
in business continuity planning, 453–455 |
|
|
expert systems, 194 |
|
|
|
|
length of keys, 290 |
|
|
neural networks, 195 |
|
|
|
|
Library of Congress, 515 |
|
|
security applications, 195 |
|
|
|
knowledge bases, 194, 618 |
|
licensing, 519–520, 619 |
|
|
|
|
knowledge redundancy, 151 |
life cycle assurance, 397–398 |
|
life cycles in system development, 198 |
||
known plaintext attacks, 307, 618 |
||
certification and accreditation in, 200–201 |
||
Koblitz, Neil, 291 |
||
code review walk-through in, 200 |
||
KryptoKnight authentication mechanism, 618 |
||
|
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef704x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef705x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef706x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef707x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef708x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef709x1.jpg)
![](/html/611/317/html_i4_1YnkZEF.NhXJ/htmlconvd-UHfAef710x1.jpg)