__An alert or intrusion is an indication that a system has just been attacked

1.  
2. __An alert or intrusion is an indication that a system has just been attacked or is under attack. ____
3.  
4.  
5. F
6. alarm
7.  
8.  
9. List and describe at least four reasons to acquire and use an IDPS (Intrusion Detection Prevention System)
10. Picking Double Doorknobs Does Apply
11.  
12.  
13.  
14.  
15. To prevent problem behaviors by increasing the perceived risk of discovery and punishment for those who would attack or otherwise abuse the system.
16. To detect attacks and other security violations that are not prevented by other security measures.
17. To detect and deal with preambles to attacks (commonly experienced as network probes and other "doorknob rattling" activities).
18. To document the existing threat to an organization.
19. To act as quality control for security design and administration, especially in large and complex enterprises.
20. To provide useful information about intrusions that do take place, allowing improved diagnsis, recovery, and correction of causative factors.
21.  
22.  
23.  
24. Describe how hash functions work and what they are used for.
25.  
26.  
27. Hash functions are mathematical algorithms that generate a message summary or digest (sometimes called a fingerprint) to confirm the identity of a specific message and to confirm that there have not beeen any changes to the content. While they do not create a cipherteext, hash functions confirm message identity and integrity, both of which are critical functions in e-commerce. Hash algorithms sre public functions that create a hash value, also known as a message digest, by converting variable-length messages into a single fixed length value. The message digest is a fingerprint of the author's message. If both hashes are identical after transmission, the message always provides the same hash value, but the hash value itself cannot be used to determine the contents of the message. Hashing functions so not require the use of keys, but it is possible to attach a message suthentication code (MAC)- a key-dependent, one-way hash function-that allows only specific recipients (symmetric key holders) to access the message digest. Because hash functions are one-wy, they are used in password verification systems to confirm the identity of the user.. In such systems, the hash value, or message digest is stored for later comparison. When the user logs on for the next session, the system calculates a hash value based on the user's password input, and this value is compared against the stored value to confirm identity.
28.  
29.  
30. Describe symmetric and asymmetric encryptions.
31.  
32.  
33. Symmetric and asymmetric algorithms are distinguised by the types of keys they use for encryption and decryption operations.
34. Symmetric encryption methodologies require the same secret key to encipher and decipher the messages- also call private key encryption. They use mathematical operations that can be programmed into extremely fast computing algorithms so that the encryption and decryption processes are executed quickly even by small computers. Bothn sender and receiver must have the secret key. passage of key must be out of band to avoid interception.
35. Asymmetric encryption systems use two different but related keys, and either can be used to encrypt or decrypt the message, but in only one direction...A to B or B to A. Usually one key is private and one is public, hence the other name of public-key encryption
36.  
37.  
38. Identify the "Seven Major Sources of Physical Loss”
39.  
40.  
41. 1. Extreme temperature: heat, cold.
42. 2. Gases: war gases, commercial vapors, humid or dry air, suspended particles
43. 3. Liquids: water, chemicals
44. 4. Living organisms: viruses, bacteria, people, animals,insects
45. 5. Projectiles: tangible objects in motion, powered objects
46. 6. Movement: collapse, shearing, shaking, vibration, liquefaction, flow waves, separation, slide
47. 7. Energy anomalies: electrical surge or failure, magnetism, static electricity, aging circuitry; radiation, sound, light, radio, microwave, electromagnetic, atomic
48.  
49.  
50. What are the major steps in executing the project plan?
51.  
52.  
53. Planning the project
54. Suoervising tasks and action steps
55. Wrapping up
56. The project plan can be developed in any number of ways. Each organization has to determine its own project management methodology for IT and information security projects. Whenever possible, information security projects should follow the organization's project management practices.
57.  
58.  
59. What major project tasks does the WBS document? (Work Breakdown Structure)
60.  
61.  
62. Work to be accomlished (activities and deliverables)
63. Individuals (or skill set) assigned to perform the task
64. Start and end dates for the task (when known)
65. Amount of effort required for completeion in hours or work days
66. Estimated capital expenses for the task
67. Estimated noncapital expenses for the task
68. Identification of dependencies between and among tasks
69.  
70.  
71.  
72. What tasks must be performed when an employee prepares to leave an organization?
73.  
74.  
75. Access to the organization's systems must be disabled
76. Removable media must be returned
77. Hard drives must be secured
78. File cabinet locks must be changed
79. Office door locks must be changed
80. Keycard access must be revoked
81. Personal effects must be removed from the organization's premises.
82.  
83.  
84.  
85. Describe the concept of separation of duties.
86.  
87.  
88. Separation of duties is used to reduce the chance of an individual violating informtion security and breaching confidentiality, integrity, or availability of information. The control stipulates that the completion of a significant task that involves sensitive information should require at leats two people. idea, if only one person had the authorization to access certain information, there may be nothing the org can do to prevent this individual from copying the info and removing it from the premises.
89.  
90.  
91. List the five domains of the recommended maintenance model.
92.  
93.  
94. External monitoring
95. Internal monitoring
96. Planning and risk assessment
97. Vulnerability assessment and remediation
98. Readiness and review