Читаем CISSP Practice полностью

Four phases exist in a computer security incident investigation process: initiating the investigation (phase 1), testing and validating the incident hypothesis (phase 2), analyzing the incident (phase 3), and presenting the evidence (phase 4). The correct order of the investigation process is: gather facts (phase 1); interview witnesses (phase 1); develop incident hypothesis (phase 1); test and validate the hypothesis (phase 2); analyze (phase 3); and report the results to management and others (phase 4).

Inward-facing

It refers to a system that is connected on the interior of a network behind a firewall.

IP address

An Internet Protocol (IP) address is a unique number for a computer that is used to determine where messages transmitted on the Internet should be delivered. The IP address is analogous to a house number for ordinary postal mail.

IP payload compression (IPComp) protocol

Protocol used to perform lossless compression for packet payloads.

IP spoofing

Refers to sending a network packet that appears to come from a source other than its actual source.

Isolation

The containment of subjects and objects in a system in such a way that they are separated from one another, as well as from the protection controls of the operating system.

ISO (International Organization for Standardization)

An organization established to develop and define data processing standards to be used throughout participating countries.

IT-related risk

The net mission/business impact considering (1) the likelihood that a particular threat source will exploit, or trigger, particular information system vulnerability, and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to (i) unauthorized (malicious, nonmalicious, or accidental) disclosure, modification, or destruction of information, (ii) nonmalicious errors and omissions, (iii) IT disruptions due to natural or man-made disasters, (iv) failure to exercise due care and due diligence in the implementation and operation of the IT function.

IT security awareness and training program

Explains proper rules of behavior for the use of organization’s IT systems and information. The program communicates IT security policies and procedures that need to be followed.

IT security education

IT security education seeks to integrate all of the security skills and competencies of the various functional specialists into a common body of knowledge, adds a multi-discipline study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and proactive response.

IT security goal

The five security goals are confidentiality, availability, integrity, accountability, and assurance.

IT security investment

An IT application or system that is solely devoted to security. For instance, intrusion detection system (IDS) and public key infrastructure (PKI) are examples of IT security investments.

IT security metrics

Metrics based on IT security performance goals and objectives.

IT security policy

The documentation of IT security decisions in an organization. Three basic types of policy exist (1) Program policy high-level policy used to create an organization’s IT security program, define its scope within the organization, assign implementation responsibilities, establish strategic direction, and assign resources for implementation. (2) Issue-specific policies address specific issues of concern to the organization, such as contingency planning, the use of a particular methodology for systems risk management, and implementation of new regulations or law. These policies are likely to require more frequent revision as changes in technology and related factors take place. (3) System-specific policies address individual systems, such as establishing an access control list or in training users as to what system actions are permitted. These policies may vary from system to system within the same organization. In addition, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization’s electronic mail policy or fax security policy.

IT security training