CISSP - Certified Information Systems Security Professional Study Guide, 2nd Edition (2004)

HIPAA (Health Insurance Portability and Accountability Act) of 1996, 522, 614

hiring practices, 151–152, 408

HMAC (Hashed Message Authentication Code),

295–296, 614 hoaxes, 225–226

honey pots, 36, 242–243, 614 hookup composition theory, 349 host-based IDSs, 33–34, 614 Host-to-Host layer, 63

hostile applets, 228, 614 hot sites, 487–488, 615 hot-swappable RAID, 90

HSSI (High Speed Serial Interface) protocol, 87, 108, 614

HTTP (Hypertext Transfer Protocol), 63 HTTPS (Hypertext Transfer Protocol over Secure

Sockets Layer), 303, 615 hubs, 81

defined, 615

in Physical layer, 60 humidity, 577 hurricanes, 479 hyperlink spoofing, 118

Hypertext Transfer Protocol (HTTP), 63 Hypertext Transfer Protocol over Secure Sockets

Layer (HTTPS), 303, 615

I

I Love You virus, 223

IAB (Internet Advisory Board), 553

ICMP (Internet Control Message Protocol) in Network layer, 61, 76

pings of death in, 238 Smurf attacks in, 234

IDEA (International Data Encryption Algorithm),

273–274, 616 IDEAL model, 204, 205 identification, 133–134

in access control, 5 defined, 615 techniques, 7

biometrics, 10–13, 11–12 passwords, 7–10

tickets, 14–15 tokens, 13–14

identification cards, 570, 615

Identity Theft and Assumption Deterrence Act, 524, 615

IDL (Interface Definition Language), 185 IDSs (intrusion detection systems), 33–36,

573–574, 616

IGMP (Internet Group Management Protocol), 61,

76

ignore risk, 165, 615

IKE (Internet Key Exchange) protocol, 306, 616 illegal activities, 402

IMAP (Internet Message Access Protocol), 63, 109, 616

immediate addressing, 332, 615 impact assessment, 455–456

impact assessment phase, 457–458 likelihood assessment, 457 priority identification, 456 resource prioritization, 458–459 risk identification, 456–457

impersonation attacks, 117, 615 implementation phase in business continuity

planning, 453, 462 import laws, 520–521

inappropriate activities, 434, 615 incidents, 546

abnormal and suspicious activity, 549–550 confiscation in, 550

data integrity and retention in, 551 defined, 615

reporting, 551–552 response teams for, 549 types of, 547–548

incremental attacks, 383–384 incremental backups, 493–494, 615 indirect addressing, 332, 615

indistinct threats and countermeasures, 434–437 industrial espionage, 544, 615

inference attacks, 190–191, 616 inference engines, 194, 616

information flow in security models, 350 information flow models, 348, 616 information hiding, 136, 208, 339–340, 616

Information Technology Security Evaluation and Certification (ITSEC), 156, 375

informative policies, 155, 616 infrared motion detectors, 571 infrastructure

in business continuity planning, 461 failures in, 482–483

inheritance, 197, 616

initial phase in Capability Maturity Model, 204 initial program load (IPL) vulnerabilities, 437 initialization and failure states, 381–382 initiating phase in IDEAL model, 205

input and output controls, 408 input checking, 382

input devices, 335–336 input/output structures, 337–338 inrush power, 576, 616 instances, 197, 616

Integrated Services Digital Network (ISDN) in Data Link layer, 60

defined, 616

in WANs, 88, 106 integrity, 131–132

in access control, 2–3 cryptography for, 256 defined, 616

in European Union privacy law, 525 in incidents, 551

in security models, 351, 367–368 software for, 229

* (star) Integrity Axiom, 345, 347, 365, 592 intellectual property, 514–515

copyrights, 515–516 defined, 616 patents, 517–518

trade secrets, 518–519 trademarks, 517

intelligence attacks, 543 intent to use applications, 517

Interface Definition Language (IDL), 185 internal audits, 423

International Data Encryption Algorithm (IDEA),

273–274, 616

International Information Systems Security Certification Consortium (ISC) code of ethics,

552–553

International Organization for Standardization (ISO), 56, 616

Internet Advisory Board (IAB), 553 Internet components, 78–82

Internet Control Message Protocol (ICMP) in Network layer, 61, 76

pings of death in, 238 Smurf attacks in, 234

Internet Group Management Protocol (IGMP), 61, 76

Internet Key Exchange (IKE) protocol, 306, 616 Internet layer, 63

Internet Message Access Protocol (IMAP), 63, 109, 616

Internet Protocol (IP), 61

Internet Security Association and Key Management Protocol (ISAKMP), 306, 616

Internet service providers (ISPs), 523 Internet Worm, 182, 227–228 Internetwork Packet Exchange (IPX), 61 interpreted languages, 197, 617 interrupt requests (IRQs), 337, 617 intranets, 78–82, 617

intrusion, 617

intrusion detection, 33, 422 defined, 617

host-based and network-based IDSs, 33–35 knowledge-based and behavior-based, 35 penetration testing, 37

tools for, 36

intrusion detection systems (IDSs), 33–36,

573–574, 617 inventions, 517–518 investigations, 526

evidence in, 526–528 process of, 528–530 IP (Internet Protocol), 61

IP addresses, NAT for, 103–104

IP Payload Compression (IPcomp) protocol, 306, 617

IP probes, 240, 617

IP spoofing, 241–242, 617

IPL (initial program load) vulnerabilities, 437 IPSec (IP Security), 369–370

for cryptography, 306 defined, 617

for L2TP, 102 for TCP/IP, 83–84

IPX (Internetwork Packet Exchange), 61 iris scans, 10, 617

IRQs (interrupt requests), 337, 617

ISAKMP (Internet Security Association and Key Management Protocol), 306, 616

ISC (International Information Systems Security Certification Consortium) code of ethics,

552–553

ISDN (Integrated Services Digital Network) in Data Link layer, 60

defined, 616

in WANs, 88, 106

ISO (International Organization for Standardization), 56, 616

isolation, 368

in ACID model, 188–189 defined, 617

process, 206

ISPs (Internet service providers), 523

conceptual definition, 198–199 design review in, 200

functional requirements determination, 199 maintenance in, 201

models, 201–202 IDEAL, 204, 205

software capability maturity model,

203–204

spiral model, 203, 203 waterfall model, 202–203, 202

protection specifications development, 199 system test review in, 200

life safety, 575–580 lighting, 568–569 lightning, 619

likelihood assessment, 457

Line Print Daemon (LPD), 63, 77 linear topology, 72, 72

link encryption, 305, 619

LLC (Logical Link Control) sublayer, 61 local alarm systems, 571, 573, 619 local application security, 180–182 local area networks (LANs)

defined, 619 vs. WANs, 64

working with, 68–71 lockout, account, 9, 39 locks, 570

logic bombs, 182, 226, 620 logical access controls, 4, 620 logical bounds, 368

Logical Link Control (LLC) sublayer, 61 logical operations in cryptography, 259–261 logical reasoning in expert systems, 194 logical security boundaries, 115–116 logistics in disaster recovery planning, 495 logon credentials, 6, 620

logs and logging, 32, 422–423 analysis of, 422, 620 defined, 620

integrity of, 551 monitoring, 21 transmission, 109

look and feel copyrights, 515 loss of support, 435–436 low-pressure water mists, 580 LPD (Line Print Daemon), 63, 77

M

MAAs (Mutual Assistance Agreements), 489, 623 MAC (Media Access Control) addresses, 61, 621

MAC sublayer in Network layer, 61 machine language, 196, 620

macro viruses, 222–223, 620 mailbombing attacks, 111, 620 maintenance

in business continuity planning, 452, 465 defined, 620

in disaster recovery planning, 496–498 in system development, 201

maintenance accounts, 408 maintenance hooks, 383, 620 malicious code, 220, 436, 548

active content, 228 countermeasures, 229 defined, 620

laws against, 512 logic bombs, 226 sources of, 220–221 Trojan horses, 226 viruses, 221–226 worms, 227–228

man-in-the-middle attacks, 43–44 on cryptography, 308 defined, 621

man-made disasters, 481–484, 621 man-made risks, 456

managed phase in Capability Maturity Model, 204 management planning, 167

mandatory access controls, 16, 369, 620 mandatory protection systems, 372 mandatory vacations, 152, 620 mantraps, 568, 569, 621

manual recovery, 400 marking of media, 403 Marzia virus, 225

masquerading attacks, 117, 241–242, 573, 621 massively parallel processing (MPP), 320, 621 Master Boot Record (MBR) viruses, 221–222, 621 Master Boot Records (MBRs), 621

material evidence, 526

mathematics in cryptography, 258–262 MAX function, 190

maximum tolerable downtime (MTD)

in business impact assessment, 456, 459 defined, 621

MBR (Master Boot Record) viruses, 221–222, 621 MBRs (Master Boot Records), defined, 621

MD2 (Message Digest 2), 293–294, 621 MD4 (Message Digest 4), 294, 621 MD5 (Message Digest 5), 294, 621 MDs (message digests), 292, 621

mean time to failure (MTTF), 404, 580, 621 mean time to repair (MTTR), 580

Media Access Control (MAC) addresses, 61, 621

media controls, 408

media in record retention, 427 meet-in-the-middle attacks, 307–308, 621–622 Melissa virus, 223

memory, 192 addressing, 332–333 defined, 622

RAM, 330–331 registers, 332 ROM, 329–330 secondary, 332–333

security issues with, 333–334 memory-mapped I/O, 337, 622 memory pages, 622

mesh topology, 73, 74

Message Digest 2 (MD2), 293–294, 621 Message Digest 4 (MD4), 294, 621 Message Digest 5 (MD5), 294, 621 message digests, 292, 622

metadata, 191, 622 metamodels, 203, 622 methods in OOP, 197 mice, 336

microcode, 338, 622

Microsoft Challenge Handshake Authentication Protocol (MS-CHAP), 102

middle management, 167

MIDI (musical instrument digital interface), 63 military attacks, 543, 622

Miller, Victor, 291

MIME Object Security Services (MOSS), 111, 302, 622

MIN function, 190

MIPS (million instructions per second), 320 mirroring, remote, 490–491

mitigated risks, 158, 622 mobile sites, 488–489, 622 modems, 336 modification attacks, 117

modulo operation, 261, 622 MONDEX payment system, 305, 622 monitoring, 21, 32, 135, 422–423, 428

defined, 622

exam essentials for, 439–442 inappropriate activities, 434

indistinct threats and countermeasures,

434–437

penetration testing techniques, 430–433 review questions, 443–448

summary, 438–439

tools and techniques in, 428–430 monitors, 335–336

Moore's Law, 290

Morris, Robert Tappan, 227

MOSS (MIME Object Security Services), 111, 302, 622

motion detectors, 571, 622 mount command, 438

Moving Picture Experts Group (MPEG), 63 MPP (massively parallel processing), 320, 621 MS-CHAP (Microsoft Challenge Handshake

Authentication Protocol), 102 MTD (maximum tolerable downtime)

in business impact assessment, 456, 459 defined, 621

MTTF (mean time to failure), 404, 580, 621 MTTR (mean time to repair), 580

multicast communications, 70, 623 multihomed firewalls, 80

multilevel security mode, 189, 208, 327–328, 623 multipartite viruses, 225, 623

multiprocessing, 320, 623 multiprogramming, 321, 623 multistate processing systems, 322, 623 multitasking, 320, 623

multithreading, 321, 623

musical instrument digital interface (MIDI), 63 Mutual Assistance Agreements (MAAs), 489, 623 Myer, Albert, 255

N

NAT (Network Address Translation), 103–104 defined, 624

in Network layer, 61, 76

National Computer Crime Squad, 528 National Flood Insurance Program, 479

National Information Assurance Certification and Accreditation Process (NIACAP), 201

National Information Infrastructure Protection Act of 1996, 513

National Institute of Standards and Technology (NIST), 512

National Interagency Fire Center, 480 National Security Agency (NSA), 512 natural disasters, 477, 566

defined, 623 earthquakes, 477–478 fires, 480

floods, 478–479 regional events, 480 storms, 479–480

natural risks, 456

NDAs (nondisclosure agreements), 152, 518, 624 need to know axiom, 399, 623

negligence, 513, 623

666 NetSP product – Orange Book

NetSP product, 624 Network Access layer, 63

Network Address Translation (NAT), 103–104 defined, 624

in Network layer, 61, 76 network-based IDSs, 34–35, 624 Network File System (NFS), 62, 77 network interface cards (NICs), 60 Network layer, 61, 624

Network layer protocols, 75–76

Network News Transport Protocol (NNTP), 63 networks

attacks and countermeasures, 116–118 cabling in

baseband and broadband, 65 coaxial, 65

conductors, 67 twisted-pair, 66–67 wireless, 68

cryptography for, 305 devices on, 81–82

exam essentials for, 91–92 firewalls on, 78–81

OSI model. See OSI (Open Systems Interconnection) model

remote access security management, 82–83 review questions, 93–98

security mechanisms, 83–86 services for, 86–88

single points of failure, 88–90 summary, 91

topologies in, 71–73, 72–73 wireless, 68, 306–307

neural networks, 195, 624 Next-Generation Intrusion Detection Expert

System (NIDES), 195

NFS (Network File System), 62, 77 NIACAP (National Information Assurance

Certification and Accreditation Process), 201 NICs (network interface cards), 60

NIST (National Institute of Standards and Technology), 512

NNTP (Network News Transport Protocol), 63 no lockout policies, 488

noise, electrical, 577–578, 624 nondedicated lines, 106

nondisclosure agreements (NDAs), 152, 518, 624 nondiscretionary access controls, 16–17, 624 nondistributed application security, 180–182 noninterference models, 348, 624 nonrepudiation

in asymmetric key algorithms, 270 cryptography for, 257

defined, 624

in security management, 135

in symmetric key algorithms, 268 nonstatistical sampling in auditing, 426 nonvolatile storage, 193, 334, 624 normalization, database, 187, 624 NOT operations, 260, 624

notice requirements in European Union privacy law, 525

NSA (National Security Agency), 512

O

object evidence, 527

object linking and embedding (OLE), 185, 624 Object Management Group (OMG), 184–185 object-oriented programming (OOP), 197–198, 625 Object Request Brokers (ORBs), 184–186, 185 objects

in access, 2 defined, 624 in OOP, 197

in secure systems, 366–367

OCSP (Online Certificate Status Protocol), 300 OFB (Output Feedback) mode, 272, 625 offline key distribution, 276

offsite storage, 493–494

OLE (object linking and embedding), 185, 624 OMG (Object Management Group), 184–185 One-Click Shopping patent, 518

100Base-T cable, 65–66, 592 1000Base-T cable, 66, 592 one-time pads, 264–265, 625 one-time passwords, 8, 625 one-way encryption, 9, 625 one-way functions, 261–262, 625

Online Certificate Status Protocol (OCSP), 300 onward transfer requirements in European Union

privacy law, 525

OOP (object-oriented programming), 197–198, 625 Open Shortest Path First (OSPF) protocol, 61 open systems, 367

Open Systems Interconnection model. See OSI (Open Systems Interconnection) model

operating modes for processors, 328–329 operational assurance, 397–398 operational plans, 167, 625

operations controls, 406–408 operations security. See administrative

management

optimizing phase in Capability Maturity Model, 204 OR operations, 259–260, 625

Orange Book, 371–373

ORBs (Object Request Brokers), 184–186, 185 organization analysis in business continuity

planning, 451 organizational owners, 153

OSI (Open Systems Interconnection) model, 57,

58–59

Application layer, 63 Data Link layer, 60–61 defined, 625

encapsulation in, 58–59, 58–59 functionality, 57

history of, 56–57 Network layer, 61 Physical layer, 60 Presentation layer, 62–63 Session layer, 62 Transport layer, 61–62

OSPF (Open Shortest Path First) protocol, 61 output devices, 335–336

Output Feedback (OFB) mode, 272, 625 overwriting media, 405

owners

in access control, 16, 21 of data, 154, 605 defined, 625 organizational, 153

P

packet-filtering firewalls, 79 packet switching, 104–105 packets, 625

padded cell systems, 36, 626 palm geography, 626

palm scans, 10

palm topography, 626

PAP (Password Authentication Protocol), 85, 102, 626

parallel layering, 136 parallel tests, 497, 626 parameter checking, 382 parol evidence rule, 528, 626

partial knowledge teams, 430–431 partitions, 567

pass phrases, 8, 626

passive audio motion detectors, 571 passive proximity readers, 572 passwd file, 231–232

Password Authentication Protocol (PAP), 85, 102, 626

password tokens, 13–14

passwords, 7–8

in access control, 5 attacks on, 227, 230

brute force, 38–39 countermeasures, 232 dictionary attacks, 231 password guessing, 230–231 social engineering, 231

defined, 626 policies for, 39

defined, 626

with new employees, 19 restrictions on, 8–9, 626 securing, 9–10

selecting, 8–9

in Unix systems, 437

Patent and Trademark Office, 517 patents, 517–518, 626 pattern-matching detection, 35

PBX (private branch exchange), 113, 629 PDUs (protocol data units), 59, 59

PEM (Private Enhanced Mail) encryption, 84, 112, 301–302, 305, 629

penetration, 158

penetration testing, 37, 430–431 defined, 626

dumpster diving, 432–433 problem management, 433 radiation monitoring, 432

sniffing and eavesdropping, 431–432 social engineering, 433

war dialing, 431

people in business continuity planning, 460 performance, cache RAM for, 331

permanent virtual circuits (PVCs), 87, 105, 627 personal identification numbers (PINs), 5, 627 personnel

controls on, 408–409 managing, 627 safety of, 575

personnel notification in disaster recovery planning, 492–493

PGP (Pretty Good Privacy), 85, 112, 274, 301, 628 phone phreaking, 114–115, 544, 627 photoelectric motion detectors, 571

phreakers, 114–115, 544 physical access, 4, 39

physical intrusion detection systems, 573 Physical layer, 60, 627

physical security, 115–116

environment and life safety in, 575–580 equipment failure in, 580

exam essentials for, 581–583

facility requirements in, 564–567

physical controls in, 4, 565, 567–572, 569, 627 review questions, 584–589

summary, 581

technical controls in, 4, 565, 572–575, 642 threats to, 564

physically bounded processes, 368 piggybacking, 573, 627

ping function, 234, 627

ping of death attacks, 42, 238, 627

PINs (personal identification numbers), 5, 627 PKI (public key infrastructure), 297

certificates in, 297–298 certificate authorities for, 298

generation and destruction of, 298–300 defined, 630

key management in, 300

plain old telephone service (POTS), 113, 627 plaintext messages, 257, 627

planning goals, 463 platforms for viruses, 223 playback attacks, 44 plumbing leaks, 577

Point-to-Point Protocol (PPP), 60, 83, 108, 627 Point-to-Point Tunneling Protocol (PPTP), 74, 83,

102, 627 policies

and architecture, 340–341 employment, 154–156 password, 39

policy protection mechanisms, 341–342 polling in CSMA/CD, 71 polyalphabetic substitution, 264, 627 polyinstantiation, 191, 628 polymorphic viruses, 225, 628

POP3 (Post Office Protocol, version 3), 63, 77, 109, 628

Porras, Philip, 195 port scans, 240, 628 ports

defined, 628

in Physical layer, 60 in TCP, 74–75

post accreditation phase, 201

Post Office Protocol, version 3 (POP3), 63, 77, 109, 628

postmortem reviews, 628

POTS (plain old telephone service), 113, 627 power

outages, 482

problems with, 575–576 power-on self-test (POST), 329

PPP (Point-to-Point Protocol), 60, 83, 108, 627

PPTP (Point-to-Point Tunneling Protocol), 74, 83, 102, 627

preaction systems, 579 Presentation layer, 62–63, 628

Pretty Good Privacy (PGP), 85, 112, 274, 301, 628 preventative control, 3, 406, 628

PRI (Primary Rate Interface) ISDN, 88, 106, 628 primary keys for databases, 187

primary memory, 192, 628 primary storage, 192, 334, 628

principle of least privilege, 20–21, 341, 399, 628 printers, 336

priorities

in business continuity planning, 458–459 in business impact assessment, 456

in protection rings, 323 in recovery strategy, 485

privacy, 133, 402, 521 defined, 629

European Union privacy law, 525–526 U.S. privacy laws, 521–524

in workplace, 524

Privacy Act of 1974, 522, 629

private branch exchange (PBX), 113, 629 Private classification, 139, 629

Private Enhanced Mail (PEM) encryption, 84, 112, 301–302, 305, 629

private IP addresses, 103 private keys, 288–289, 288, 629 privileged entity controls, 407 privileged mode, 207, 329, 629

privileged operations functions, 399–400, 629 privileged programs, 383

privileges in protection rings, 323 problem states, 324–325, 629 procedures, 156, 629

process confinement, 368 process isolation, 206, 340, 629 process states, 324–326, 326

processes phase in business continuity planning,

460–461 processors, 319

defined, 629

execution types, 319–320 operating modes for, 328–329 processing types, 321–322

protection mechanisms, 322–328, 324, 326 security modes for, 326–328

programmable read-only memory (PROM),

329–330, 629 programming

languages for, 196–197 security flaws in, 384

proprietary alarm systems, 573 proprietary data, 139, 630 protection mechanisms, 322

in computer design, 338–341 operating modes, 328–329 process states, 324–326, 326 rings, 323–324, 324

in security management, 135–137 security modes, 326–328

protection of personal information, 402 protection rings, 206–207, 207

protection specifications development, 199 protection systems, 628

protocol data units (PDUs), 59, 59 protocol security mechanisms, 83–86 protocol services, 86–88

protocols, 56, 630

provisions in business continuity planning, 460–461 proxies, 82, 630

proximity readers, 572, 630 proxy firewalls, 79

prudent man rule, 513, 630 pseudo-flaws, 243, 630 Public classification, 139, 630

public IP addresses, 102–103, 630 public key infrastructure (PKI), 297

certificates in, 297–298 certificate authorities for, 298

generation and destruction of, 298–300 defined, 630

key management in, 300 public keys, 261, 268

in asymmetric cryptography, 288–289, 288 defined, 630

distribution of, 276 purging media, 404–405, 630

PVCs (permanent virtual circuits), 87, 105, 627

Q

qualitative decision making, 455, 630 qualitative risk analysis, 163–165, 630 quantitative decision making, 455, 631 quantitative risk analysis, 161–163, 631

R

racial harassment, 434

radiation monitoring, 335–336, 432, 574–575, 631 radio frequency interference (RFI), 577, 631

radio frequency (RF) radiation, 432, 574–575 RADIUS (Remote Authentication Dial-In User

Service), 18, 86, 632

RAID (Redundant Array of Independent Disks),

89–90

rainbow series, 370, 373–375

RAM (random access memory), 330–331, 631 random access storage, 192, 334–335, 631 RARP (Reverse Address Resolution Protocol), 60 RAs (registration authorities), 298, 632 RDBMSs (relational database management

systems), 186

read-only memory (ROM), 329–330, 631 ready state, 325, 631

real evidence, 527, 631 real memory, 192, 330, 631 realized risk, 161–162, 631

reconnaissance attacks, 240–241 record retention

in administrative management, 403 in auditing, 426–427

defined, 631

record sequence checking, 109, 631 records, 186–187, 631

recovery controls, 3–4, 406, 632 recovery strategy, 485

alternative processing sites in, 486–489 business unit priorities in, 485

crisis management in, 485–486 database recovery, 489–490 emergency communications in, 486 Mutual Assistance Agreements in, 489 recovery vs. restoration, 495 workgroup recovery in, 486

Red Book, 373 red boxes, 115

reducing risk, 165, 632 redundancy

for failover servers, 484 knowledge, 151

Redundant Array of Independent Disks (RAID),

89–90

redundant servers, 88–89 reference monitors, 207

defined, 632

in TCB, 363–364 referential integrity, 187, 632 refreshing RAM, 331 regenerated keys

asymmetric, 270 symmetric, 268

register addressing, 332, 632 registers, 332, 632

registration authorities (RAs), 298, 632 registration with biometric devices, 11 regulatory policies, 155, 632 regulatory requirements, 453–455 reject risk, 165, 632

relational database management systems (RDBMSs), 186

relational databases, 186, 632 relationships, 187, 227, 632 release control, 206

relevant evidence, 526, 632 remote access, 82–83

Remote Authentication Dial-In User Service (RADIUS), 18, 86, 632

remote backup locations, 490 remote control technique, 86 remote journaling, 490, 632 remote mirroring, 490–491, 632 remote node operation, 86 Remote Procedure Call (RPC), 62

repeatable phase in Capability Maturity Model, 204 repeaters, 68

defined, 632

in Physical layer, 60

replay attacks, 44, 117, 308, 632 reporting

in auditing, 425–426 incidents, 551–552

request control, 205 residual risk, 166, 633

resources in business continuity planning prioritizing, 458–459

requirements, 452–453 response teams for incidents, 549 restoration vs. recovery, 495 restricted interface model, 348, 633 retention in incidents, 551

retina scans, 10, 633

Reverse Address Resolution Protocol (RARP), 60 review questions

access control, 24–29

administrative management, 414–419 applied cryptography, 311–316 attacks, 49–54, 246–251

auditing, 443–448

Business Continuity Planning (BCP), 468–473 communications security, 122–127

computer crime, 557–562 computer design, 355–360 cryptography, 280–285

Disaster Recovery Planning (DRP), 500–505 employment policies and practices, 172–177 laws, 533–538

monitoring, 443–448

networks, 93–98

physical security, 584–589 security management, 143–148 security models, 388–393

system development controls, 212–217 revocation for certificates, 299–300, 633

RF (radio frequency) radiation, 432, 574–575 RFC 1918, 633

RFI (radio frequency interference), 577, 631 Rijndael cipher, 275, 633

ring topology, 71, 72

rings, protection, 323–324, 324

RIP (Routing Information Protocol), 61 risk

in business continuity planning acceptance and mitigation, 464 assessment, 463

identification, 456–457 defined, 633

risk analysis, 157, 633 risk management, 157

defined, 633

handling risk, 165–166 methodologies, 159–161 qualitative analysis, 163–165 quantitative analysis, 161–163 terminology, 157–158, 159

risk mitigation, 165 risk tolerance, 165, 633

Rivest, Ronald, 289, 294

Rivest, Shamir, and Adleman (RSA) encryption,

289–290, 633 Rogier, Nathalie, 294

role-based access controls, 15–16, 633 roles, security, 153–154

ROLLBACK command, 188

ROM (read-only memory), 329–330, 631 root accounts, 438

root level, 633 rootkits, 239, 633 Rosenberger, Rob, 226

ROT3 (Rotate 3) cipher, 254, 263 routers, 81

defined, 633

in Network layer, 61

Routing Information Protocol (RIP), 61 rows in databases, 186

Royce, Winston, 202

RPC (Remote Procedure Call), 62

RSA (Rivest, Shamir, and Adleman) encryption,

289–290, 633

rule-based access controls, 16, 634 running key ciphers, 265–266, 634 running state, 325, 634