|
|
 |
| Авторизация |
|
|
|
| Поиск по указателям |
|
|
|
|
|
|
|
 |
|
|
|
| Gregg M., Kim D. — Inside Network Security Assessment: Guarding your IT Infrastructure |
|
|
|
| Предметный указатель |
Certification
certification, defined
CERTs
CERTs (Computer Emergency Response Teams)
CERTs (Computer Emergency Response Teams), defined
CERTs, Carnagie Mellon, url for
change control boards
change control boards, defined
change management policies
change management policies, defined
CIA (confidentiality, integrity, and availability)
CIA (confidentiality, integrity, and availability), defined
Clark-Wilson model
classes of policy control, table of
classification systems
classification systems, Bell-LaPadula model
classification systems, commercial
classification systems, confidential information 2nd
classification systems, criteria for 2nd
classification systems, declassification criteria
classification systems, government system for
classification systems, private information
classification systems, public information
classification systems, purpose of
classification systems, secret information
classification systems, sensitive information
classification systems, steps for creating infrastructure for
classification systems, top secret information
classification systems, unclassified information
click kiddies
clipping levels
COBIT
COBIT (control objectives for information technology)
COBIT, level I assessment documentation review
COBIT, purpose of
COBIT, reviewing documentation
commercial classification systems
commercial classification systems, overview of
Common Criteria
Common Criteria (CC)
Common Criteria (CC), urls for
Common Criteria, system assurance aspect of
Common Vulnerabilities and Exposures list [See CVE list]
communication security
communication security, documentation review for
Compliance
compliance with laws as cause of vulnerability assessments
compliance, scope, as driver for
Computer Emergency Response Teams (CERTs)
Computer Emergency Response Teams (CERTs), defined
conclusions report sections
conclusionss sections of final reports
confidential information
confidential information, defined 2nd
confidential information, disclosure threat
confidential information, employee carelessness as threat
Confidentiality
confidentiality, cryptography for
confidentiality, defined
confidentiality, GLBA requirements
confidentiality, HIPPA rules for 2nd
confidentiality, importance of
confidentiality, individual finance records, of
confidentiality, medical record rules 2nd
Configuration Management
configuration management, AFSCM 375-1
configuration management, beta development
configuration management, defined
configuration management, NIST 800-14
configuration management, steps in process 2nd
consistency-based social engineering
consultants, procuring [See procurement]
contingency planning
contingency planning, defined
contingency planning, documentation contents
contingency planning, maximum tolerable downtimes
contingency planning, types of
control level, determining 2nd 3rd
Cookies
cookies, defined
cookies, threat from
coordinated attacks 2nd 3rd
Core IMPACT
corporate security law [See Sarbanes-Oxley Act]
correctness of information [See integrity]
countermeasures
countermeasures, banner minimalization
countermeasures, coordinated attacks, for 2nd
countermeasures, defined 2nd
countermeasures, ICMP echos
countermeasures, IDS
countermeasures, ingress filtering
countermeasures, malformed data attacks
countermeasures, OS fingerprinting
countermeasures, password protection 2nd
countermeasures, PING sweeps
countermeasures, port scanning
countermeasures, rate limiting
crackers
crackers, defined
criminal breaches
criticality
criticality matrices
criticality matrices, blank matrix for
criticality matrices, defining impact levels 2nd
criticality matrices, final assembly of 2nd 3rd
criticality matrices, information type identification 2nd
criticality matrices, listing impact attributes
criticality matrices, OICM 2nd 3rd 4th 5th
criticality matrices, resistance of owners
criticality matrices, steps for creating
criticality matrices, systems criticality matrices 2nd
criticality, defined 2nd
critics
crossover error rate (CER) 2nd
Cryptography [See encryption]
CVE (Common Vulnerabilities and Exposures) list
CVE (Common Vulnerabilities and Exposures) list, defined
CVE (Common Vulnerabilities and Exposures) list, risk assessment with
cyber crime
cyber crime, U.S. Code 1029
cyber terrorism
cyber terrorism, defined
cyber-terrorists/criminals
cyber-terrorists/criminals, defined
DAC (discretionary access control) 2nd
data classification standards
data classification standards, defined 2nd
data collection stage of attacks 2nd
data custodians
data custodians, defined 2nd
Data Encryption Standard (DES)
Data integrity
data integrity, threats to
data owners
data owners, defined 2nd
database attacks
DDoS (Distributed Denial of Service)
Defense in depth
defense in depth, defined 2nd
defense-in-depth approach
defense-in-depth approach, advantages of
defense-in-depth approach, application defenses
defense-in-depth approach, data defenses
defense-in-depth approach, defined
defense-in-depth approach, layers, list of
defense-in-depth approach, network defenses
defense-in-depth approach, operating system defenses
defense-in-depth approach, risk assessment using 2nd 3rd
defining impact levels 2nd
| definition of security 2nd
denial-of-service attacks [See DoS (denial-of-service) attacks]
deploying policies
deploying policies, overview 2nd
DES (Data Encryption Standard)
detection element of security as a process
dictionary attacks
direct attacks 2nd 3rd
Disaster recovery
Disaster Recovery Plans (DRPs)
Disaster Recovery Plans (DRPs), purpose of
disaster recovery, availability as
disclaimers of warranties
disclaimers of warranties, defined
disclosure threat
disclosure threat, disgruntled employees source of
Discretionary access control (DAC) 2nd
disgruntled employees
disgruntled employees, defined
disgruntled employees, destruction of data
disgruntled employees, disclosure threat
disgruntled employees, greatest threats
disgruntled employees, internal attackers as
disgruntled employees, malicious code release
disgruntled employees, privilege escalation
disgruntled employees, termination 2nd 3rd
disgruntled employees, unauthorized access
DMZs (demilitarized zones)
DMZs (demilitarized zones), defined
DNS (Domain Name System)
DNS (Domain Name System), defined
DNS (Domain Name System), DNS lookup
document tracking form template 2nd
Documentation
documentation systems
documentation systems, asset nature of
documentation, level I document review process [See reviewing documentation]
documentation, systemic [See IT security architecture and framework]
Documents
documents, advisory category 2nd
documents, compiling for assessment planning 2nd 3rd
documents, control forms for
documents, informative category
documents, infrastructure
documents, logical diagrams
documents, physical diagrams
documents, policy categories 2nd
documents, protocols for assessments
documents, regulatory category
documents, tracking system for
DoS (Denial of Service)
DoS (Denial of Service), DDoS
DoS (denial-of-service) attacks
DoS (denial-of-service) attacks, defined
DoS (denial-of-service) attacks, extortion with
DoS attacks
DoS attacks, defined
downloading files, threat from
driving events for defining scope 2nd 3rd
DRM
DRM, disaster recovery management
DRM, disaster recovery management, purpose of
DRPs [See Disaster Recovery Plans]
due care
due care, defined 2nd
Due diligence
due diligence, defined 2nd
due diligence, driver for defining scope
due diligence, mergers, for
DumpSec 2nd
EAP (Extensible Authentication Protocol)
eavesdropping [See data collection stage of attacks]
education training and awareness
education training and awareness, documentation review 2nd
EFs (Exposure Factors)
EFs (Exposure Factors), defined
EFs (Exposure Factors), scaling
Eligible Receiver
Email
email, threat from
employee awareness of policies 2nd
employee buy-in for policies 2nd 3rd 4th
employees
employees as threats
employees as threats, confidential information
employees as threats, emails
employees as threats, file downloads
employees as threats, importance of
employees as threats, insecure computing habits 2nd
employees as threats, sharing media
employees as threats, terminated employees 2nd 3rd
employees as threats, unauthorized software use
employees, Web leaks created by
Encryption
encryption, AES standard 2nd
encryption, authentication with
encryption, confidentiality role of
encryption, data encryption defined
encryption, defined 2nd
encryption, IPSec
encryption, Pretty Good Privacy
Encryption, public key
encryption, Rijndael 2nd
encryption, SSH
encryption, SSL
encryption, TLS
enterprise vulnerability managment
enterprise vulnerability managment, defined
enumeration tools
enumeration tools, defined
enumeration tools, DumpSec
enumeration tools, information obtained by
enumeration tools, NETBIOS names
enumeration tools, null sessions
enumeration tools, SolarWinds IP Network Browser
enumeration tools, urls for
enumeration tools, USE42
enumeration tools, Windows systems
equity
equity, defined
escalation stage of attacks 2nd 3rd
Ethereal
ethical hackers
ethical hackers, defined
ethical hacks
ethical hacks, defined
Ethics
ethics, defined
EULAs (End User License Agreements)
EULAs (End User License Agreements), defined
exclusion of damages
Executive Summary report sections 2nd
executive summary sections of final reports
Exposure
exposure factors
exposure factors, defined 2nd
exposure, defined
Extensible Authentication Protocol (EAP)
external attackers
external attackers, defined
false acceptance rate (FAR) 2nd
false rejection rate (FRR) 2nd
FAR (false acceptance rate) 2nd
Federal Information Security Management Act [See FISMA]
FIN scans
final reports
final reports, analysis sections 2nd 3rd 4th
final reports, analysis, preparing for 2nd
final reports, conclusions sections 2nd
final reports, contents, recommended
|
|
|
| Реклама |
|
|
|
|
|
О проекте