Lesson 9

The elements of security module discussed the practices and principles that compose an effective security infrastructure.
Now that you have completed this module, you should be able to:

1. Identify the most important security elements
2. Describe security standards in current use
3. Increase security effectiveness by establishing organizational training
4. Identify key authentication techniques
5. Understand the need for access control methods
6. Describe the three main encryption methods
7. Describe the application of encryption to security

Organizational training is vital for increasing security effectiveness, as it equips employees with the knowledge and skills necessary to protect critical assets and mitigate potential threats. By implementing a comprehensive and tailored training program, organizations can foster a security-aware culture, reduce the likelihood of security incidents, and ensure compliance with relevant regulations. This article discusses the various types of organizational training required to enhance security effectiveness, covering security awareness, role-specific training, incident response, and ongoing education.

1. Access control list (ACL) : A list of individual users and groups of users associated with an object, and the rights that the user or group has when accessing that object.
2. Algorithm:A computable set of steps to achieve a desired result.
3. Asymmetric encryption: A type of encryption that uses one key to encrypt a message and another to decrypt the message. (Also, public-key encryption)
4. Authentication: The process of identifying an individual, usually based on a username and password.
5. Back door: An intentional hole in a firewall or security apparatus that allows access around security measures.
6. Ciphertext: Text which has been encrypted by some encryption system.
7. Data confidentiality: The degree of confidentiality required for data transmitted, correlating to the security measures required to maintain confidentiality. Data confidentiality is provided by encryption.
8. Encryption: The process of disguising a message to make it unreadable by humans. The resulting data is called ciphertext.
9. Execution control list (ECL): A list of the resources and actions which a program can access/perform while it is executing.
10. Hash algorithm: A numeric function which mixes the ordering of input values to hopefully get an even distribution. (Also, hash function)
11. Key: A method of opening an encryption. A key can be as simple as a string of text characters, or a series of hexadecimal digits.
12. Non-repudiation: The ability to demonstrate that an information exchange or financial transaction took place.
13. One-way encryption: A type of encryption where information is encrypted once and cannot be decrypted. One-way encryption is typically used for creating message digests.
14. Plaintext: A message before encryption or after decryption, i.e. in its usual form which anyone can read, as opposed to its encrypted form, ciphertext.
15. Secure HTTP (SHTTP): A form of encryption that takes place at the hypertext markup language level. This allows a Web browser to transfer sensitive information across the Internet.
16. Secure Multipurpose Internet Mail Extension (S/MIME): A specification for secure electronic mail. S/MIME was designed to add security to e-mail messages in MIME format. The security services offered are authentication (using digital signatures) and privacy (using encryption).
17. Secure Sockets Layer (SSL): A technology embedded in Web servers and browsers that encrypts traffic.
18. Security mechanism: The systems and software that provide the different security services (access control, authentication, data integrity, data confidentiality, and nonrepudiation).
19. Security service: A basic method for providing data security. Security services include authentication, access control, data integrity, data confidentiality, and nonrepudiation.
20. Symmetric encryption: A type of encryption where the same key is used to encrypt and decrypt the message.
21. Virtual Private Network (VPN): An extended local area network (LAN) that enables an organization to conduct secure, real-time communication.

Security Elements - Quiz