C836 CHAPTER 1-6 WGU, With Complete Verified
Solution. 2024.
FISMA (Federal Information Security Modernization Act)
this law provides a framework for ensuring the effectiveness of information security
controls in federal government
- changed from Management (2002) to Modernization in 2014
HIPAA (Health Insurance Portability and Accountability Act)
this law improves the efficiency and effectiveness of the health care system and
protects patient privacy
FERPA (Family Educational Rights and Privacy Act)
this law protects the privacy of students and their parents
SOX (Sarbanes-Oxley Act)
this law regulates the financial practice and governance of corporations
GLBA (Gramm-Leach-Bliley Act)
this law protects the customers of financial institutions
compliance
relating to an organization's adherence to laws, regulations, and standards
regulatory compliance
Regulations mandated by law usually requiring regular audits and assessments
industry compliance
Regulations or standards designed for specific industries that may impact ability to
conduct business (e.g. PCI DSS)
privacy
the state or condition of being free from being observed or disturbed by other people
The Federal Privacy Act of 1974
This act safeguards privacy through the establishment of procedural and substantive
rights in personal data
privacy rights
Rights relating to the protection of an individual's personal information
PII (Personally Identifiable Information)
Information that can be used to identify an individual, and should be protected as
sensitive data and monitored for compliance
cryptography
the science of keeping information secure
Cryptanalysis
The science of breaking through the encryption used to create ciphertext
cryptology
The overarching field of study that covers cryptography and cryptanalysis
cryptographic algorithm (cipher)
The specifics of the process used to encrypt plaintext or decrypt ciphertext
plaintext (cleartext)
unencrypted data
ciphertext
encrypted data
, Caesar cipher
an ancient cryptographic technique based on transposition; involves shifting each letter
of a plaintext message by a certain number of letters (historically 3)
ROT13 cipher
a more recent cipher that uses the same mechanism as the Caesar cipher but moves
each letter 13 places forward
symmetric key cryptography (private key cryptography)
uses a single key for both encryption of the plaintext and decryption of the ciphertext
block cipher
A type of cipher that takes a predetermined number of bits in the plaintext message
(commonly 64 bits) and encrypts that block
stream cipher
A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time
AES (Advanced Encryption Standard)
A set of symmetric block ciphers endorsed by the US government through NIST. Shares
the same block modes that DES uses and also includes other modes such as XEX-
based Tweaked CodeBook (TCB) mode
asymmetric key cryptography (public key cryptography)
this method uses 2 keys, a public key and a private key
SSL (secure sockets layer)
a protocol that uses the RSA algorithm (an asymmetric algorithm) to secure web and
email traffic
hash function (message digest)
keyless cryptography that creates a largely unique and fixed-length hash value based
on the original mesage
hash
used to determine whether the message has changed;
provides integrity (but not confidentiality)
digital signature
a method of securing a message that involves generating a hash and encrypting it using
a private key
certificate
created to link a public key to a particular individual;
used as a form of electronic identification for that person
CA (certificate authority)
a trusted entity that handles digital certificates
PKI (public key infrastructure)
infrastructure that includes the CAs that issue and verify certificates and the RAs that
verify the identity of the individuals associated with the certificates
RA (registration authority)
An authority in a PKI that verifies the identity of the individual associated with the
certificate
CRL (Certificate Revocation List)
a public list that holds all the revoked certifications for a certain period of time
data at rest
Data that is on a storage device of some kind and is not moving
Solution. 2024.
FISMA (Federal Information Security Modernization Act)
this law provides a framework for ensuring the effectiveness of information security
controls in federal government
- changed from Management (2002) to Modernization in 2014
HIPAA (Health Insurance Portability and Accountability Act)
this law improves the efficiency and effectiveness of the health care system and
protects patient privacy
FERPA (Family Educational Rights and Privacy Act)
this law protects the privacy of students and their parents
SOX (Sarbanes-Oxley Act)
this law regulates the financial practice and governance of corporations
GLBA (Gramm-Leach-Bliley Act)
this law protects the customers of financial institutions
compliance
relating to an organization's adherence to laws, regulations, and standards
regulatory compliance
Regulations mandated by law usually requiring regular audits and assessments
industry compliance
Regulations or standards designed for specific industries that may impact ability to
conduct business (e.g. PCI DSS)
privacy
the state or condition of being free from being observed or disturbed by other people
The Federal Privacy Act of 1974
This act safeguards privacy through the establishment of procedural and substantive
rights in personal data
privacy rights
Rights relating to the protection of an individual's personal information
PII (Personally Identifiable Information)
Information that can be used to identify an individual, and should be protected as
sensitive data and monitored for compliance
cryptography
the science of keeping information secure
Cryptanalysis
The science of breaking through the encryption used to create ciphertext
cryptology
The overarching field of study that covers cryptography and cryptanalysis
cryptographic algorithm (cipher)
The specifics of the process used to encrypt plaintext or decrypt ciphertext
plaintext (cleartext)
unencrypted data
ciphertext
encrypted data
, Caesar cipher
an ancient cryptographic technique based on transposition; involves shifting each letter
of a plaintext message by a certain number of letters (historically 3)
ROT13 cipher
a more recent cipher that uses the same mechanism as the Caesar cipher but moves
each letter 13 places forward
symmetric key cryptography (private key cryptography)
uses a single key for both encryption of the plaintext and decryption of the ciphertext
block cipher
A type of cipher that takes a predetermined number of bits in the plaintext message
(commonly 64 bits) and encrypts that block
stream cipher
A type of cipher that encrypts each bit in the plaintext message, 1 bit at a time
AES (Advanced Encryption Standard)
A set of symmetric block ciphers endorsed by the US government through NIST. Shares
the same block modes that DES uses and also includes other modes such as XEX-
based Tweaked CodeBook (TCB) mode
asymmetric key cryptography (public key cryptography)
this method uses 2 keys, a public key and a private key
SSL (secure sockets layer)
a protocol that uses the RSA algorithm (an asymmetric algorithm) to secure web and
email traffic
hash function (message digest)
keyless cryptography that creates a largely unique and fixed-length hash value based
on the original mesage
hash
used to determine whether the message has changed;
provides integrity (but not confidentiality)
digital signature
a method of securing a message that involves generating a hash and encrypting it using
a private key
certificate
created to link a public key to a particular individual;
used as a form of electronic identification for that person
CA (certificate authority)
a trusted entity that handles digital certificates
PKI (public key infrastructure)
infrastructure that includes the CAs that issue and verify certificates and the RAs that
verify the identity of the individuals associated with the certificates
RA (registration authority)
An authority in a PKI that verifies the identity of the individual associated with the
certificate
CRL (Certificate Revocation List)
a public list that holds all the revoked certifications for a certain period of time
data at rest
Data that is on a storage device of some kind and is not moving
