The document defines several key terms related to access control and information security accreditation. It provides definitions for terms such as access, access authority, access control, user account management, accountability, accreditation, accreditation boundary, and accrediting authority. For each term, it concisely explains the core concept in 1-2 sentences.
The PROCESS of Social Media [Lissa Duty | Advice Interactive Group]Lissa Duty
Lissa Duty, Brand Development Manger at Advice Interactive Group in McKinney, Texas presents to a group of SMBs on How To Create a A Social Media Strategy, Create Social Media Content and Influence the Influencers in this presentation on September 22, 2015.
A Pattern Language for semi-automatic generation of Digital Animation through hand-drawn Storyboards
Pedro Henrique Braga*, UPM; Ismar Silveira, UPM
Presented at Workshop of Works in Progress at SIBGRAPI 2015 - Salvador, BA - Brazil
The purpose of this monthly report is to provide you with an opportunity to better understand recent news at both a macro & micro level, to understand topical trends covered in the media around the economy and the contingent workforce - both locally & globally, and to discuss how these may impact business in Australia and New Zealand.
The PROCESS of Social Media [Lissa Duty | Advice Interactive Group]Lissa Duty
Lissa Duty, Brand Development Manger at Advice Interactive Group in McKinney, Texas presents to a group of SMBs on How To Create a A Social Media Strategy, Create Social Media Content and Influence the Influencers in this presentation on September 22, 2015.
A Pattern Language for semi-automatic generation of Digital Animation through hand-drawn Storyboards
Pedro Henrique Braga*, UPM; Ismar Silveira, UPM
Presented at Workshop of Works in Progress at SIBGRAPI 2015 - Salvador, BA - Brazil
The purpose of this monthly report is to provide you with an opportunity to better understand recent news at both a macro & micro level, to understand topical trends covered in the media around the economy and the contingent workforce - both locally & globally, and to discuss how these may impact business in Australia and New Zealand.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
2024 State of Marketing Report – by HubspotMarius Sescu
https://www.hubspot.com/state-of-marketing
· Scaling relationships and proving ROI
· Social media is the place for search, sales, and service
· Authentic influencer partnerships fuel brand growth
· The strongest connections happen via call, click, chat, and camera.
· Time saved with AI leads to more creative work
· Seeking: A single source of truth
· TLDR; Get on social, try AI, and align your systems.
· More human marketing, powered by robots
ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
The realm of product design is a constantly changing environment where technology and style intersect. Every year introduces fresh challenges and exciting trends that mold the future of this captivating art form. In this piece, we delve into the significant trends set to influence the look and functionality of product design in the year 2024.
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits.
To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups.
Technology
For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did.
While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis.
Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad.
Age and Gender
When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same.
Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers.
Race Affects Attitudes
As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
This article is all about what AI trends will emerge in the field of creative operations in 2024. All the marketers and brand builders should be aware of these trends for their further use and save themselves some time!
A report by thenetworkone and Kurio.
The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands.
It’s important that you’re ready to implement new strategies in 2024.
Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024.
You’ll learn:
- The latest trends in AI and automation, and what this means for an evolving paid search ecosystem.
- New developments in privacy and data regulation.
- Emerging ad formats that are expected to make an impact next year.
Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape.
If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.
5 Public speaking tips from TED - Visualized summarySpeakerHub
From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world.
With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively.
The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage.
Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience.
See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers
See the original article on Forbes here:
http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world.
Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance.
For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age.
Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.
A brief introduction to DataScience with explaining of the concepts, algorithms, machine learning, supervised and unsupervised learning, clustering, statistics, data preprocessing, real-world applications etc.
It's part of a Data Science Corner Campaign where I will be discussing the fundamentals of DataScience, AIML, Statistics etc.
Time Management & Productivity - Best PracticesVit Horky
Here's my presentation on by proven best practices how to manage your work time effectively and how to improve your productivity. It includes practical tips and how to use tools such as Slack, Google Apps, Hubspot, Google Calendar, Gmail and others.
The six step guide to practical project managementMindGenius
The six step guide to practical project management
If you think managing projects is too difficult, think again.
We’ve stripped back project management processes to the
basics – to make it quicker and easier, without sacrificing
the vital ingredients for success.
“If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.”
Dr Andrew Makar, Tactical Project Management
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
مفاهيم
1. Term حٌّقطٍق Definition طؼش٠ف حٌّقطٍق
Ability to make use of any حٌمذسس ػٍٝ ح٨عظفخدس
Access حٌٛفٛي / حٌذخٛي information system (IS) ِٓ أٞ ِٛسد ِٓ ِٛحسد
resource. .ٓ١ٔظخَ ِؼٍِٛخص ِؼ
An entity responsible for ٓحٌى١خْ حٌّغئٚي ػ
monitoring and granting ِشحلزش ِٕٚق ف٩ك١خص
Access Authority ٘١جش حٌٛفٛي
access privileges for other حٌٛفٛي ٌٍـٙخص حٌُّقشَّف
authorized entities. .ٌٙخ
لزٛي أٚ سفل هٍزخص
The process of granting or
ِؼ١ٕش طخظـ رـ
denying specific requests:
ٍٝ1) حٌلقٛي ػ
1) for obtaining and using
(ك١خصس) ِؼٍِٛخص
information and related
ٚحعظخذحِٙخ ٚ وزٌه
information processing
ٟحٌظلىُ ف حٌلقٛي ػٍٝ خذِخص
Access Control services; and
حٌٛفٛي طظؼٍك رّؼخٌـظٙخ
2) to enter specific physical
2) حٌذخٛي اٌٝ ِٕؾآص
facilities (e.g., Federal
ًِخد٠ش ِلذدس ِؼ
buildings, military
حٌّزخٟٔ حٌلىِٛ١ش
establishments, and border
ٚحٌّئعغخص حٌؼغىش٠ش
crossing entrances).
.ٚٔمخه حٌؼزٛس حٌلذٚد٠ش
: ُعـً ٠ن
A register of:
ٓ١ِ1) ر١خٔخص حٌّغظخذ
1) users (including groups,
( ؽخٍِشً حٌّـّٛػخص
machines, processes) who
)ٚحٌّؼذحص ٚحٌؼٍّ١خص
Access Control ُلٛحثُ حٌظلى have been given permission
ْحٌّّٕٛك١ٓ ار
Lists - (ACLs) فٟ حٌٛفٛي to use a particular system
َرخعظخذحَ ِٛسد ٔظخ
resource, and
ٚ ٓ١ِؼ
2) the types of access they
2) أٔٛحع حٌٛفٛي حٌُّقشَّف
have been permitted.
.ٌُٙ
Involves ّٓطظن
1) the process of requesting, 1) ػٍّ١ش هٍذ ٚأؾخء
establishing, issuing, and ٚافذحس ٚاغ٩ق كغخرخص
User Account ادحسس كغخد closing user accounts; َحٌّغظخذ
Management َحٌّغظخذ 2) tracking users and their ٓ١ِ2) طظزغ حٌّغظخذ
respective access ٚطقخس٠ق حٌٛفٛي حٌخخفش
authorizations; and ُٙر
3) managing these functions. .3) ادحسس ٘زٖ حٌٛظخثف
The security goal that حٌٙذف ح٤ِٕٟ حٌزٞ ٠ٌٛذ
generates the requirement حٌلخؿش ٌظظزغ أػّخي
for actions of an entity to be ؿٙش رؼ١ٕٙخ. ٠ذػُ رٌه
Accountability – حٌّغئٌٚ١ش traced uniquely to that entity. ، ػذَ ح٦ٔىخس ، حٌشدع
This supports non- ، طؾخ١ـ حٌخهؤ
repudiation, deterrence, fault حوظؾخف ِٕٚغ ح٨خظشحق
isolation, intrusion detection ٍٝ، حٌمذسس ػ
2. and prevention, and after- ح٨عظشؿخع رؼذ طٕف١ز
action recovery and legal حٌفؼً ، ح٦ؿشحء
action. .ٟٔٛٔحٌمخ
لشحس ح٦دحسس حٌشعّ١ش
فخدس ِٓ أكذ حٌىٛحدس
The official management
حٌؼٍ١خ ٌٙ١جش ِخ ٌٍظقش٠ق
decision given by a senior
ً١رخٌّٛحفمش ػٍٝ طؾغ
agency official to authorize
ٔظخَ ِؼٍِٛخص ٚحٌمزٛي
operation of an system and
فشحكشً رظؼش٠ل ػٍّ١خص
to explicitly accept the risk to
افذحس/حػظّخد طٍه حٌٙ١جش ٌٍّخخهشس
Accreditation – agency operations (including
ِٛحفمشحي ٚ(رّخ فٟ رٌه سعخٌظٙخ أ
mission, functions, image, or
ٚٚظخثفٙخ أٚ ِقذحل١ظٙخ أ
reputation), agency assets, or
ٚعّؼظٙخ) أٚ أفٌٛٙخ أ
individuals, based on the
ٍِٕٝغٛر١ٙخ رٕخءً ػ
implementation of an agreed-
ططز١ك ِـّٛػش ػٕخفش
upon set of security controls.
حٌظلىُ ح٤ِٕٟ حٌّظفك
ػٍ١ٙخ
All components of an وً ِخ ٠مَٛ "ِٛظف
information system to be "افذحس حٌظقش٠ق
accredited by an authorizing ِٓ ٗ١ٍرخٌّٛحفمش ػ
Accreditation official and excludes ِىٛٔخص ٔظخَ ِؼٍِٛخص
كذٚد ح٨ػظّخد
Boundary – separately accredited رخعظؼٕخء ِخ طُ حٌّٛحفمش
systems, to which the ِٓ ًػٍ١ٗ رؾىً ِٕفق
information system is َأٔظّش ٠ظقً رٙخ ٔظخ
connected. .حٌّؼٍِٛخص
The evidence provided to the ٌٝح٤دٌش حٌّمذِش ا
authorizing official to be used "ِٛظف "افذحس حٌظقش٠ق
in the security accreditation ٨عظخذحِٙخ فٟ ػٍّ١ش
decision process. Evidence افذحس لشحس حٌّٛحفمش
includes, but is not limited to: ح٤ِٕ١ش. طظنّٓ طٍه
Accreditation
)1 ك١ؼ١خص ح٨ػظّخدthe system security plan; ً١ح٤دٌش ػٍٝ عز
Package –
2) the assessment results :حٌّؼخي ٌٚ١ظ حٌلقش
from the security َ1) حٌخطش ح٤ِٕ١ش ٌٍٕظخ
certification; and 2) ٔظخثؾ حٌظم١١ُ حٌقخدسس
3) the plan of action and ِٟٕ٤ػٓ حٌظٛػ١ك ح
milestones. .ٍٗ3) خطش حٌؼًّ ِٚشحك
حٌـٙش حٌّخٛي ٌٙخ
Official with the authority to
ْٛسعّ١خً عٍطش أْ طى
formally assume responsibility
ً١ِغجٌٛش ػٓ طؾغ
for operating an information
ٓ١ٔظخَ ِؼٍِٛخص ِؼ
Accrediting system at an acceptable level
ؿٙش ح٨ػظّخد ِٓ مّٓ كذ ِمزٛي
Authority – of risk to agency operations
حٌّخخهشس رؼٍّ١خص ٘١جش
(including mission, functions,
ًِّؼ١ٕش رّخ ٠ؾ
image, or reputation), agency
سعخٌظٙخ ٚٚظخثفٙخ
assets, or individuals.
ِٚقذحل١ظٙخ ٚعّؼظٙخ
3. ٚرخ٦مخفش اٌٝ أفٌٛٙخ أ
.ِٕغٛر١ٙخ
ٟ٘ طٍه حٌز١خٔخص
Private data, other than keys, حٌخخفش حٌّطٍٛرش
Activation Data
ر١خٔخص حٌظٕؾ١و that are required to access ٌٍٛفٛي اٌٝ ٚكذحص
–
cryptographic modules. حٌظؾف١ش حٌّٕط١ش
.رخعظؼٕخء حٌّفخط١ق
٠ؾ١ش حٌّلظٜٛ حٌٕؾو
Active content refers to
اٌٝ حٌٛػخثك ح٨ٌىظشٚٔ١ش
electronic documents that are
ٚحٌظٟ ٠ّىٕٙخ طٕف١ز أ
able to automatically carry
Active Content – حٌّلظٜٛ حٌٕؾو ٍٝطؾغ١ً أػّخي ػ
out or trigger actions on a
ًِٕقش حٌلخعٛد آٌ١خ
computer platform without
ِٓ ًرذْٚ طذخ
the intervention of a user.
.َحٌّغظخذ
Security commensurate with ح٤ِٓ حٌزٞ ٠ظٕخعذ ِغ
the risk and the magnitude of ِذٜ حٌّخخهشس ٚحٌنشس
Adequate harm resulting from the loss, حٌٕخطؾ ِٓ طؼشك
ٟح٤ِٓ حٌىخف
Security – misuse, or unauthorized ٚحٌّؼٍِٛخص اٌٝ حٌفمذ أ
access to or modification of حٌؼزغ أٚ حٌٛفٛي غ١ش
information. .حٌّقشف رٗ أٚ حٌظغ١١ش
Administrative actions,
policies, and procedures to أػّخي ٚع١خعخص
manage the selection, ُٚاؿشحءحص ادحس٠ش ٌٍظلى
development, فٟ حخظ١خس ٚططٛ٠ش
implementation, and ٚططز١ك ٚف١خٔش ِؼخ٠١ش
Administrative ح٦ؿشحءحص ح٦دحس٠ش maintenance of security ح٤ِٓ رغشك كّخ٠ش
Safeguards – حٌٛلخث١ش measures to protect حٌّؼٍِٛخص ح٨ٌىظشٚٔ١ش
electronic health information ٓ١ٍِٚمزو طقشفخص حٌؼخ
and to manage the conduct دحخً حٌـٙش حٌّئََِّٕش
of the covered entity's ف١ّخ ٠خظـ رلّخ٠ش
workforce in relation to .حٌّؼٍِٛخص
protecting that information.
The Advanced Encryption َ٠لذد حٌّؼ١خس حٌّظمذ
Standard specifies a U.S. ٌٍظؾف١ش خٛحسصِ١ش
Government-approved حٌظؾف١ش حٌقخدس رؾؤٔٙخ
cryptographic algorithm that ِٛحفمش ِٓ حٌلىِٛش
can be used to protect ٓح٤ِش٠ى١ش حٌظٟ ٠ّى
Advanced
electronic data. The AES حعظخذحِٙخ ٌلّخ٠ش
Encryption َحٌّؼ١خس حٌّظمذ
algorithm is a symmetric .حٌز١خٔخص ح٨ٌىظشٚٔ١ش
Standard (AES) ٌٍظؾف١ش
block cipher that can encrypt ٚطّؼً خٛحسصِ١ش حٌّؼ١خس
–
(encipher) and decrypt حٌّظمذَ ٌٍظؾف١ش لخٌذ
(decipher) information. This ِظٕخظش ِٓ حٌظشِ١ض
standard specifies the ٠ّىٕٗ طؾف١ش ٚفه
Rijndael algorithm, a طؾف١ش حٌّؼٍِٛخص. ٠لذد
symmetric block cipher that ٘زح حٌّؼ١خس خٛحسصِ١ش
4. can process data blocks of ٟ٘ٚ "ً٠"س٠ـٕذح
128 bits, using cipher keys طؾف١ش لخٌذ ِظٕخظش
with lengths of 128, 192, and ٠ّىٕٙخ ِؼخٌـش لٛحٌذ
256 bits. ر١خٔخص رطٛي 821 رض
رخعظخذحَ ِفخط١ق طشِ١ض
256 ٚ 192 ٚ 128 هٌٛٙخ
.رض
ًّ٘١جش طقذ٠ك طؼ
A CA that acts on behalf of an
Agency رخٌٕ١خرش ػٓ ٚوخٌش ِؼ١ٕش
٘١جش حٌظٛػ١ك Agency, and is under the
Certification رل١غ طىْٛ خخمؼش
حٌظخرؼش ٌٛوخٌش operational control of an
Authority – (CA) ٌٍشلخرش حٌظؾغ١ٍ١ش ٌظٍه
Agency.
حٌٛوخٌش
ٟرشٔخِؾ ٠غظخذَ ف
٘ـّخص كـذ حٌخذِش
A program used in distributed
ًحٌّٛصَّػّش حٌظٟ طشع
denial of service (DDoS)
ع١ً ِٓ حٌز١خٔخص
Agent – ً١ّحٌؼ attacks that sends malicious
ٌٝحٌخز١ؼش ٠ظذفك ا
traffic to hosts based on the
ٍٝحٌّن١ف رٕخءحً ػ
instructions of a handler.
ِٓ طؼٍ١ّخص فخدسس
.ُِؼخٌؾ طلى
The examination of acquired فلـ ر١خٔخص ُِـِّّؼش
Analysis – ً١ٍطل data for its significance and ٔظشحً ٤ّ٘١ظٙخ ٚد٨ٌظٙخ
probative value to the case. .ٌٍلخٌش ِٛمغ حٌٕمخػ
رشٔخِؾ ٠مَٛ رّشحلزش
A program that monitors a حٌلخعٛد أٚ حٌؾزىش
computer or network to ٌٍظؼشف ػٍٝ وً أٔٛحع
Antivirus رشحِؾ ِىخفلش
identify all major types of حٌزشِـ١خص حٌخز١ؼش ِٕٚغ
Software – حٌف١شٚعخص
malware and prevent or ِٓ أٚ ػضي ِخ ٠ظٙش
contain malware incidents. كخ٨ص (أػشحك) طٍه
.حٌزشِـ١خص حٌخز١ؼش
فٟ رؼل ح٤ك١خْ ٠طٍك
The subscriber is sometimes ُػٍٝ حٌّؾظشن حع
called an ―applicant‖ after "ِمذَ حٌطٍذ" رؼذ
/ ُِمَذَِ حٌطٍذ applying to a certification طمذ٠ّٗ هٍزخً اٌٝ ٘١جش
Applicant –
ِؾظَشِن authority for a certificate, but ٍٝحٌظٛػ١ك ٌٍلقٛي ػ
before the certificate issuance ْٛؽٙخدس ػٍٝ أْ ٠ى
procedure is completed. رٌه لزً حٔظٙخء اؿشحءحص
.افذحس طٍه حٌؾٙخدس
حعظخذحَ حٌّٛحسد
The use of information
حٌّؼٍِٛخط١ش (حٌّؼٍِٛخص
resources (information and
)ٚطمٕ١ش حٌّؼٍِٛخص
Application – ططز١ك information technology) to
ٌظٍز١ش ِـّٛػش ِلذدس
satisfy a specific set of user
ِٓ ِظطٍزخص
requirements.
.َحٌّغظخذ
5. ً١٠مَٛ حِؾ ٚو
ْرش
رظقف١ش ِلظٜٛ حٌظطز١ك
Application content filtering is
٦صحٌش أٚ ػضي حٌف١شٚعخص
performed by a software
ٟحٌظٟ سرّخ طشد ف
proxy agent to remove or
ِشفمخص حٌزش٠ذ
quarantine viruses that may
ح٨ٌىظشٟٚٔ أٚ كـض أٔٛحع
Application be contained in email
ٜٛطقف١ش ِلظ ِؼ١ٕش ِٓ حِظذحدحص رش٠ذ
Content Filtering attachments, to block specific
حٌظطز١ك ح٨ٔظشٔض حٌّظؼذدس
– Multipurpose Internet Mail
ح٤غشحك أٚ ٌظقف١ش أٔٛحع
Extensions (MIME) types, or
ٜٛأخشٜ ِٓ حٌّلظ
to filter other active content
ٚ حٌٕؾو ِؼً ؿخفخ
such as Java, JavaScript, and
ؿخفخعىش٠زض ٚػٕخفش
ActiveX® Controls.
حٌظلىُ ِٓ ٔٛع حوظف
.اوظ
ِخ ٠ظفك ِغ حٌّؼ١خس
حٌف١ذسحٌٟ ٌّؼخٌـش
حٌّؼٍِٛخص أٚ ِخ ٠قذس
ِٓ ٗ١رؾؤٔٗ طٛف
Federal Information
ٟٕحٌّؼٙذ حٌٛه
Processing Standard (FIPS)
ٌّمخ٠١ظ ٚحٌظمٕ١شي
approved or National Institute
ٚرّؼٕٝ أخش خٛحسصِ١ش أ
of Standards and Technology
هش٠مش
(NIST) recommended. An
ٗٔفخدس رؾؤ 1) ِلذدس فٟ حٌّؼ١خس
Approved – algorithm or technique that is
ِٛحفمش حٌف١ذسحٌٟ ٌّؼخٌـش
either
ٟحٌّؼٍِٛخص أٚ ف
1) specified in a FIPS or NIST
ٟٕطٛف١خص حٌّؼٙذ حٌٛه
Recommendation, or
ٌٍّٚمخ٠١ظ ٚحٌظمٕ١ش أ
2) adopted in a FIPS or NIST
2) ِطزمش فٟ حٌّؼ١خس
Recommendation.
حٌف١ذسحٌٟ ٌّؼخٌـش
حٌّؼٍِٛخص أٚ طٛف١خص
ٟٕحٌّؼٙذ حٌٛه
.ٌٍّمخ٠١ظ ٚحٌظمٕ١ش
ٚمؼ١ش ِؼ١ٕش ٌٛكذس
ٟحٌظؾف١ش حٌّٕط١ش حٌظ
A mode of the cryptographic
طمَٛ رظؾغ١ً ٚظخثف
module that employs only
ح٤ِٓ حٌقخدس رؾؤٔٙخ
approved security functions
ِٛحفمش فمو ( ٨ ٠ـذ
ً١ٚمؼ١ش حٌظؾغ (not to be confused with a
Approved Mode حٌخٍو ر١ٕٙخ ٚر١ٓ ٚمؼ١ش
حٌقخدس رؾؤٔٙخspecific mode of an approved
of Operation – ِلذدس ٌٛظ١فش إِٔ١ش
ِٛحفمش security function, e.g., Data
فخدس رؾؤٔٙخ ِٛحفمش
Encryption Standard (DES)
ِؼً ٚمؼ١ش ِؼ١خس
Cipher Block Chaining (CBC)
طؾف١ش حٌز١خٔخص ٚٚمؼ١ش
mode).
لخٌذ حٌظشِ١ض
. )ًحٌّغٍغ
Approved ٚظ١فش إِٔ١ش A security function (e.g., ًٚظ١فش إِٔ١ش (ِؼ
Security فخدس رؾؤٔٙخ cryptographic algorithm, ٚخٛحسصِ١ش حٌظؾف١ش أ
6. Function – ِٛحفمش cryptographic key هش٠مش ادحسس ِفظخف
management technique, or حٌظؾف١ش أٚ هش٠مش
authentication technique) ْٛحٌظقذ٠ك) ٚحٌظٟ طى
that is either اِخ
a) specified in an approved أ) ِلذدس فٟ ِؼ١خس
standard, فخدس رؾؤٔٗ ِٛحفمش
b) adopted in an approved ٟد) أٚ ُِغظخذَِش ف
standard and specified either ِٗٔؼ١خس فخدس رؾؤ
in an appendix of the ِٟٛحفمش ِٚزوٛسس ف
approved standard or in a ٍِلك خخؿ رزٌه
document referenced by the حٌّؼ١خس أٚ فٟ ٚػ١مش
approved standard, or ٍِٗؾخس اٌ١ٙخ دحخ
c) specified in the list of ّٓؽ) أٚ ِلذدس م
approved security functions. لخثّش ِٓ ٚظخثف إِٔ١ش
.ِقذِّق ػٍ١ٙخ
A focused activity or action ٔؾخه أٚ ػًّ ُِشوَّض
Assessment employed by an assessor for ٠ززٌٗ حٌُّم١ُِّ ٌم١خط
ُ١١أعٍٛد حٌظم
Method – evaluating a particular خخف١ش ِؼ١ٕش ِٓ خٛحؿ
attribute of a security control. .حٌشلخرش ح٤ِٕ١ش
ِـّٛػش ِٓ ح٤ٔؾطش
A set of activities or actions
أٚ ح٤ػّخي ٠مَٛ رٙخ
employed by an assessor to
ٜحٌُّم١ُِّ ٌظلذ٠ذ ِذ
determine the extent to
ططز١ك حٌشلخرش ح٤ِٕ١ش
which a security control is
رؾىً فل١ق ٚطؾغ١ٍٙخ
Assessment implemented correctly,
ُ١١اؿشحءحص حٌظم كغذ حٌّطٍٛد
Procedure – operating as intended, and
ٚطلم١مٙخ ٌٍٕظخثؾ
producing the desired
حٌّشؿٛس ِٕٙخ ف١ّخ
outcome with respect to
٠خظـ رخعظ١فخء
meeting the security
حٌّظطٍزخص ح٤ِٕ١ش
requirements for the system.
.ٌٍَٕظخ
َططز١ك سث١غٟ أٚ ٔظخ
A major application, general
ٌٗ دػُ ػخَ أٚ رشٔخِؾ
support system, high impact
طؤػ١ش رخٌغ أٚ ِٕؾؤس
أفً / (ِٛسد program, physical plant,
Asset – ًِِخد٠ش أٚ ٔظخَ ٌٍظؼخ
ٟ)سث١غ mission critical system, or a
ِٚغ حٌُ٘خَ حٌلشؿش أ
logically related group of
ِـّٛػش ِٓ ح٤ٔظّش
systems.
.ًحٌّشطزطش ِٕطم١خ
One of the five ―Security أكذ ح٤٘ذحف حٌخّغش
Goals.‖ It involves support for ٌّٓ٥ِٓ حٌظٟ طظن
our confidence that the other دػّخً ٌؼمظٕخ رخعظ١فخء
four security goals (integrity, ٜح٤سرغ أ٘ذحف ح٤خش
Assurance – ْطؤِ١ٓ / مّخ
availability, confidentiality, ، ًٌِ٥ِٓ (حٌظىخ
and accountability) have been حعظّشحس٠ش طٛفش حٌخذِش
adequately met by a specific )، حٌغش٠ش ، حٌّغئٌٚ١ش
implementation. ―Adequately رؾىً وخفٍ ِٓ خ٩ي
7. met‖ includes ٟهش٠مش ِلذدس ف
(1) functionality that ّٓحٌظٕف١ز. ٠ظن
performs correctly, ح٨عظ١فخء حٌىخًِ ٌظٍه
(2) sufficient protection حٌؼٕخفش
against unintentional errors 1) ع٩ِش ح٤دحء
(by users or software), and ٌٍٕٛحكٟ حٌٛظ١ف١ش
(3) sufficient resistance to 2) مّخْ كّخ٠ش وخف١ش
intentional penetration or by- مذ ح٤خطخء غ١ش
pass. ِٓ( حٌّظؼّذس
ٚحٌّغظخذِ١ٓ أ
)حٌزشحِؾ
3) ٚحٌّمخِٚش حٌىخف١ش
ٌّلخٚ٨ص ح٨خظشحق
.ٚحٌظخطٟ حٌّظؼّذس
Two related keys, a public ٓ١ِفظخك١ٓ ِشطزط
key and a private key that are َأكذّ٘خ ِفظخف ػخ
used to perform ُٚح٤خش خخؿ ٠ظ
Asymmetric ِفخط١ق غ١ش complementary operations, حعظخذِّٙخ ٤دحء
Keys ِظٕخظشس such as encryption and ًػٍّ١خص ِظىخٍِش ِؼ
decryption or signature ٚحٌظؾف١ش ٚفه حٌظؾف١ش أ
generation and signature افذحس حٌظٛل١غ ٚحٌظلمك
verification. .ِٓ فلش حٌظٛل١غ
ِٓ ِـّٛػش ِظغٍغٍش
A specific sequence of events
Attack Signature ٌٝح٤كذحع طؾ١ش ا
َٛرقّش ٘ـ indicative of an unauthorized
– ٚؿٛد ِلخٌٚش ٚفٛي غ١ش
access attempt.
.ِقشف رٙخ
An entity, recognized by the ؿٙش طلذد٘خ ٘١جش
Federal Public Key حٌغ١خعخص حٌف١ذسحٌ١ش
Infrastructure (PKI) Policy ٌغ١خعخص حٌزٕ١ش
٘١جش حٌظلمك
Attribute Authority or comparable ٚحٌظلظ١ش ٌٍّفظخف حٌؼخَ أ
ِٓ خقخثـ
Authority – Agency body as having the ٚوخٌش ِّخػٍش رل١غ
حٌٙٛ٠ش
authority to verify the ٠ىْٛ ٌٙخ عٍطش حٌظلمك
association of attributes to an ِٓ طٛحفك خقخثـ ِغ
حي
identity. .٘ٛ٠ش ِؼ١ٕش
ِشحؿؼش ِغظمٍش ٚفلـ
Independent review and
ٌٍغـ٩ص ٚح٤ٔؾطش
examination of records and
ٌظم١١ُ وفخ٠ش ػٕخفش
activities to assess the
ِٓ طلىُ حٌٕظخَ ٌٍظؤوذ
adequacy of system controls,
ِٛحفمظٙخ ٌٍغ١خعخص
to ensure compliance with
Audit – حٌظذل١ك ٚحٌفلـ ً١ٚاؿشحءحص حٌظؾغ
established policies and
حٌّمشسس، ٚافذحس
operational procedures, and
ٛ٘ حٌظٛف١خص كٛي ِخ
to recommend necessary
ٟمشٚسٞ ِٓ طغ١١شحص ف
changes in controls, policies,
ٚػٕخفش حٌظلىُ أ
or procedures
.حٌغ١خعخص أٚ ح٦ؿشحءحص
8. Chronological record of عـً طخس٠خٟ ٤ٔؾطش
system activities to enable حٌٕظخَ ٌظٛف١ش اِىخٔ١ش
ر١خٔخص حٌظذل١ك the reconstruction and اػخدس رٕخء ٚفلـ
Audit Data –
ٚحٌفلـ examination of the sequence ٚ عٍغٍش ِٓ ح٤كذحع
of events and changes in an حٌظغ١١شحص حٌظٟ ؽٙذ٘خ
event. .ٓ١كذع ِؼ
ِؼخٌـخص طُ اػذحد٘خ
ُِغزمخً ٌخفل كـ
عـ٩ص حٌفلـ
Preprocessors designed to ً١ٙٚحٌظذل١ك رغشك طغ
reduce the volume of audit ًحٌّشحؿؼش حٌ١ذٚ٠ش. لز
records to facilitate manual اؿشحء حٌّشحؿؼش ح٤ِٕ١ش
review. Before a security طغظط١غ ٘زٖ ح٤دٚحص
review, these tools can اصحٌش حٌؼذ٠ذ ِٓ عـ٩ص
remove many audit records حٌظذل١ك ٚحٌفلـ
Audit Reduction أدٚحص ط١غ١ش
known to have little security حٌّؼشٚفش رخٔخفخك
Tools – حٌظذل١ك ٚحٌفلـ
significance. These tools َٛأّ٘١ظٙخ ح٤ِٕ١ش. طم
generally remove records ً٘زٖ ح٤دٚحص ػِّٛخ
generated by specified ِٓ ربصحٌش أٔٛحع ِلذدس
classes of events, such as ح٤كذحع ِؼً طٍه
records generated by nightly ٓحٌغـ٩ص حٌٕخطـش ػ
backups. ػٍّ١خص حٌٕغخ
ٟح٨كظ١خهٟ حٌذٚس٠ش حٌظ
ًطلذع فٟ ٔٙخ٠ش و
.ٌ١ٍش
A record showing who has
َعـً ٠ٛمق ِٓ لخ
accessed an Information
رخٌذخٛي اٌٝ ٔظخَ طمٕ١ش
ٚ عـً حٌفلـ Technology (IT) system and
Audit Trail – ِؼٍِٛخص ٚ حٌؼٍّ١خص
حٌّشحؿؼش what operations the user has
حٌظٟ لخَ رظٕف١ز٘خ أػٕخء
performed during a given
.فظشس ِؼ١ٕش
period.
To confirm the identity of an حٌظؤوذ ِٓ ٘ٛ٠ش ؿٙش
/ ٍٝ٠قذِّق ػ
Authenticate – entity when that identity is ِؼ١ٕش ػٕذ طمذ٠ُ طٍه
٠ظلمك ِٓ ٘ٛ٠ش
presented. .حٌٙٛ٠ش
Verifying the identity of a حٌظؤوذ ِٓ فلش ٘ٛ٠ش
user, process, or device, حٌخخفش رؤكذ
often as a prerequisite to ٚحٌّغظخذِ١ٓ أ
allowing access to resources .حٌؼٍّ١خص أٚ ح٤ؿٙضس
/ حٌظقذ٠ك in an information system. The ٠ىْٛ رٌه ػخدس وؤكذ
Authentication – ِٓ حٌظلمك process of establishing ِظطٍزخص حٌغّخف
حٌٙٛ٠ش confidence of authenticity. رخٌٛفٛي اٌٝ حٌّٛحسد
Encompasses identity َحٌّٛؿٛدس فٟ ٔظخ
verification, message origin ِؼٍِٛخص ِؼ١ٓ. ػٍّ١ش
authentication, and message ًّطؤع١ظ حٌؼمش ٚطؾ
content authentication. A حٌظلمك ِٓ فلش حٌٙٛ٠ش
9. process that establishes the ٚحٌظلمك ِٓ ِقذس
origin of information or .حٌشعخٌش ِٚلظٛح٘خ
determines an entity‘s ػٍّ١ش طٙذف اٌٝ طلذ٠ذ
identity. ِٚقذس حٌّؼٍِٛخص أ
.٘ٛ٠ش ؿٙش ِخ
ِؼخدٌش طؾف١ش كغخر١ش
A cryptographic checksum
طؼظّذ ػٍٝ ٚظ١فش
based on an approved
Authentication ؽفشس حٌظلمك إِٔ١ش فخدس رؾؤٔٙخ
security function (also known
Code – ِٓ حٌٙٛ٠ش ًِٛحفمش (طؼشف أ٠نخ
as a Message Authentication
رخعُ ؽفشس سعخٌش
Code (MAC)).
. )حٌظقذ٠ك
The process of establishing ٟػٍّ١ش اػزخص حٌؼمش ف
Electronic ِٓ حٌظلمك confidence in user identities ٓ١ِ٘ٛ٠خص حٌّغظخذ
Authentication – ًحٌٙٛ٠ش حٌىظشٚٔ١خ electronically presented to an ًحٌظٟ طمذَ حٌىظشٚٔ١خ
information system. .ٌٕظخَ ِؼٍِٛخص
ٍٝآٌ١خص طؼظّذ ػ
ح٤ؿٙضس أٚ حٌزشحِؾ رل١غ
Hardware or software-based
ٓ١ِطُـزِش حٌّغظخذ
Authentication ِٓ آٌ١ش حٌظلمك mechanisms that force users
ًػٍٝ اػزخص ٘ٛ٠خطُٙ لز
Mechanism – حٌٙٛ٠ش to prove their identity before
حٌٛفٛي ٌٍز١خٔخص
accessing data on a device.
حٌّٛؿٛدس ػٍٝ أكذ
.ح٤ؿٙضس
A block cipher mode of َٚمؼ١ش طؾغ١ً طغظخذ
operation that can provide لخٌذ طشِ١ض ِؼ١ٓ ٠ّىٕٙخ
Authentication ٚمؼ١ش حٌظلمك
assurance of the authenticity طؤِ١ٓ حٌؼمش فٟ ٘ٛ٠ش
Mode – ِٓ حٌٙٛ٠ش
and, therefore, the integrity ٟحٌّغظخذَ ٚرخٌظخٌٟ ف
of data. .طىخًِ حٌز١خٔخص
ًػٍّ١ش طزخدي ٌٍشعخث
ِٞلذدس رذلش ٠ـش
ِٓ خ٩ٌٙخ حٌظلمك
A well specified message
فلش حِظ٩ن حكذ حٌشِٛص
exchange process that
حٌّّ١ضس رغشك حٌظلمك
verifies possession of a token
ػٓ رؼذ ِٓ ٘ٛ٠ش
to remotely authenticate a
حٌؾخـ حٌزٞ ٠طٍذ
claimant. Some
.ٓ١حٌظؼخًِ ِغ ٔظخَ ِؼ
Authentication رشطٛوٛي حٌظلمك authentication protocols also
رؼل رشطٛوٛ٨ص
Protocol – ِٓ حٌٙٛ٠ش generate cryptographic keys
حٌظقذ٠ك طمَٛ ربٔؾخء
that are used to protect an
ََِفخط١ق طؾف١ش طُغظخذ
entire session, so that the
ٌظٛف١ش حٌلّخ٠ش هٛحي
data transferred in the
َفظشس حٌظؼخًِ ِغ حٌٕظخ
session is cryptographically
ٌٚزٌه طىْٛ حٌز١خٔخص
protected.
لٌٛش خ٩ي طٍه ٌّٓح
ًحٌفظشس ِلّ١ش رفن
.طؾف١ش٘خ
10. A pair of bit strings ًصٚؿ١ٓ ِٓ حٌغ٩ع
Authentication
ػ٩ِش حٌظقذ٠ك associated to data to provide حٌٕق١ش ِشطزطش رخٌز١خٔخص
Tag –
assurance of its authenticity. .ٌٍظؤوذ ِٓ ِقذحل١ظٙخ
حٌشِض حٌّّ١ض Authentication information ِؼٍِٛخص حٌظلمك
Authentication
ِٓ ٌٍظلمك conveyed during an حٌّظزخدٌش أػٕخء حٌظلمك
Token –
حٌٙٛ٠ش authentication exchange. ِٓ فلش حٌٙٛ٠ش
The property of being ًخخف١ش أْ طىْٛ أفٍ١خ
genuine and being able to be ِٓ ٚلخرً ٌٍظلمك
خخف١ش verified and trusted; ِٓ ٘ٛ٠ظه ٚحٌٛػٛق رٙخ
Authenticity –
حٌّقذحل١ش confidence in the validity of a ٟخ٩ي ِٕق حٌؼمش ف
transmission, a message, or فلش ح٦سعخي ٚحٌشعخٌش
message originator. .ِٚشعٍٙخ
لشحس ح٦دحسس حٌشعّ١ش
The official management حٌقخدس ِٓ أكذ حٌىٛحدس
decision given by a senior حٌؼٍ١خ ٌٙ١جش ِخ ٨ػظّخد
agency official to authorize ً١حٌّٛحفمش ػٍٝ طؾغ
operation of an information ٔظخَ ِؼٍِٛخص ٚحٌمزٛي
system and to explicitly ػ٩ٔ١شً رظؼش٠ل ػٍّ١خص
accept the risk to agency طٍه حٌٙ١جش ٌٍّخخهشس
Authorization – طقش٠ق
operations (including mission, (رّخ فٟ رٌه سعخٌظٙخ
functions, image, or ٚٚظخثفٙخ ِٚقذحل١ظٙخ
reputation), agency assets, or ٚٚعّؼظٙخ) أٚ أفٌٛٙخ أ
individuals, based on the ٍِٕٝغٛر١ٙخ رٕخءحً ػ
implementation of an agreed- ِٓ طٕف١ز ِـّٛػش
upon set of security controls. ِٟٕ٤ػٕخفش حٌظلىُ ح
.حٌّظفك ػٍ١ٙخ
Official with the authority to )ْحٌّٛظف (حٌى١خ
formally assume responsibility ٓحٌّغجٛي سعّ١خً ػ
for operating an information طؾغ١ً ٔظخَ َػٍِٛخص
system at an acceptable level ِؼ١ٓ مّٓ كذ ِمزٛي
Authorizing ِٛظف افذحس of risk to agency operations ِٓ حٌّخخهشس رؼٍّ١خص
Official – حٌظقش٠ق (including mission, functions, ًّ٘١جش ِؼ١ٕش (رّخ ٠ؾ
image, or reputation), agency سعخٌظٙخ ٚٚظخثفٙخ
assets, or individuals. )ِٚقذحل١ظٙخ ٚعّؼظٙخ
Synonymous with ٚرخ٦مخفش اٌٝ أفٌٛٙخ أ
Accreditation Authority. .ِٕغٛر١ٙخ
Individual selected by an ؽخـ ٠خظخسٖ ِٛظف
authorizing official to act on ًّافذحس حٌظقش٠ق ٌٍؼ
Authorizing
their behalf in coordinating ٔ١خرش ػٕٗ فٟ طٕغ١ك
Official –
ِٕذٚد افذحس and carrying out the ٚطٕف١ز ح٤ٔؾطش
Designated
حٌظقش٠ق necessary activities required حٌنشٚس٠ش حٌّطٍٛرش أػٕخء
Representative
during the security حٌظٛػ١ك ٚ ح٨ػظّخد
–
certification and accreditation ح٤ِٕٟ ٤كذ أٔظّش
of an information system. .حٌّؼٍِٛخص
11. The transport of ٔمً ِفخط١ق حٌظؾف١ش
cryptographic keys, usually in )(ػخدس رطش٠مش ِؾفشس
encrypted form, using ًرخعظخذحَ ٚعخث
Automated Key ٌٟ٢حٌٕمً ح
electronic means such as a حٌىظشٚٔ١ش ِؼً ؽزىخص
Transport – ٌٍّفظخف
computer network (e.g., key حٌلخعٛد وّخ ٘ٛ حٌلخي
transport/agreement ًفٟ رشٚطٛوٛ٨ص ٔم
protocols). .ٌِٗٛفظخف حٌظؾف١ش ٚلز
An algorithm which creates خٛحسصِ١ش طمَٛ ربٔؾخء
Automated
ٌِٛذ وٍّش حٌّشٚسrandom passwords that have وٍّخص ِشٚس حٌؼؾٛحث١ش
Password
ٌٟ٢ح no association with a َغ١ش ِشطزطش رّغظخذ
Generator –
particular user. .ٓ١ِؼ
حٌظؤوذ ِٓ اِىخٔ١ش
Ensuring timely and reliable حٌٛفٛي اٌٝ حٌّؼٍِٛخص
حعظّشحس٠ش طٛفش
Availability – access to and use of ٚحعظخذحِٙخ فٟ حٌٛلض
حٌخذِش
information. حٌّٕخعذ ٚرؾىً ٠ُؼظَّذ
.ٗ١ٍػ
ٝح٤ٔؾطش حٌظٟ طغؼ
Activities which seek to focus
Information ٌٌٝـزد حٔظزخٖ ح٤فشحد ا
ِٓحٌٛػٟ رؤ an individual‘s attention on an
Security ِٓ ِٛمٛع أٚ ِـّٛػش
حٌّؼٍِٛخص (information security) issue or
Awareness – ِٓحٌّٛمٛػخص فٟ أ
set of issues.
.حٌّؼٍِٛخص
ٔغخش ِٓ حٌٍّفخص
A copy of files and programs
ٚحٌزشحِؾ ٌظغٙ١ً ػٍّ١ش
Backup – ٔغخش حكظ١خه١ش made to facilitate recovery if
ح٨عظشؿخع فٟ كخٌش
necessary.
.حٌنشٚسس
حٌلذ ح٤دٔٝ ِٓ ػٕخفش
The minimum security حٌظلىُ ح٤ِٕ١ش حٌّطٍٛرش
controls required for ٌلّخ٠ش ٔظخَ ِؼٍِٛخص
Baseline ِٓ ٝٔحٌلذ ح٤د safeguarding an IT system ٍِٝؼ١ٓ رٕخءحً ػ
Security – ِٓ٤ح based on its identified needs ح٨كظ١خؿخص حٌّلذدس
for confidentiality, integrity ًٌِلّخ٠ش عش٠ش ٚطىخ
and/or availability protection. ٚ/أٚ حعظّشحس٠ش طٛفش
.َخذِش ٘زح حٌٕظخ
Monitoring resources to ِشحلزش حٌّٛحسد ٌظلذ٠ذ
حٌشلخرش ٚحٌّظخرؼش determine typical utilization ًّٔخرؽ ح٨عظخذحَ ح٤ِؼ
Baselining –
ٚحٌنزو patterns so that significant رٙذف وؾف ح٨ٔلشحفخص
deviations can be detected. .حٌخط١شس
A bastion host is typically a
٘ٛ ؿذحس كّخ٠ش
firewall implemented on top
ّٗٔٛرؿٟ ٠ـشٜ طٕق١ز
ؿٙخص حٌّن١ف of an operating system that
Bastion Host – ٜػٍٝ ٔظخَ طؾغ١ً ؿش
ٓحٌّلق has been specially configured
ًاػذحدٖ ٚطمٛ٠ظٗ خق١قخ
and hardened to be resistant
.ٌ١ىْٛ ِمخَٚ ٌٍٙـّخص
to attack.
12. What an individual who has ِخ ٠ظٛلغ ِٓ ؽخـ
completed the specific ٕٗطٍمٝ طذس٠زخً خخفخً ٠ِّّى
Behavioral حٌّلقٍش training module is expected ِٓ اظٙخس ِشدٚد ِخ
Outcome – حٌغٍٛو١ش to be able to accomplish in ِٓطؼٍّٗ ػٓ أ
terms of IT security-related حٌّؼٍِٛخص ِٓ خ٩ي
job performance. .ٟأدحءٖ حٌٛظ١ف
ٓ٠ػٍّ١ش مُ ػٕقش
ِشطزط١ٓ ِٓ ػٕخفش
Process of associating two
ِٓ حٌّؼٍِٛخص. حػظشحف
related elements of
َٛهشف ػخٌغ ِٛػٛق ٠م
information. An
رشرو ٘ٛ٠ش ؿٙش ِؼ١ٕش
acknowledgement by a
َرّفظخف حٌظؾف١ش حٌؼخ
trusted third party that
ٌْظٍه حٌـٙش. ٠ّىٓ أ
associates an entity‘s identity
ِٓ ٠ظُ ططز١ك رٌه
with its public key. This may
خ٩ي
take place through
1) ل١خَ ٘١جش طٛػ١ك
(1) a certification authority‘s
Binding – حٌشرو ربفذحس ؽٙخدس ِفظخف
generation of a public key
َحٌظؾف١ش حٌؼخ
certificate,
ِٓ2) ل١خَ ِٛظف أ
(2) a security officer‘s
رخٌظلمك ِٓ ر١خٔخص
verification of an entity‘s
دخٛي طٍه حٌـٙش ٚٚمغ
credentials and placement of
َِفظخف حٌظؾف١ش حٌؼخ
the entity‘s public key and
ٌُظٍه حٌـٙش ِغ سل
identifier in a secure
ِّ١ض فٟ لخػذس ر١خٔخص
database, or
ٚإِٓش أ
(3) an analogous method.
3) اطزخع ح٤عٍٛد
.ٞحٌظٕخظش
A physical or behavioral ِٚ١ضس ؿغذ٠ش أ
characteristic of a human عٍٛو١ش ِٓ ِّ١ضحص
being. A measurable, physical ح٦ٔغخْ. ِ١ضس ؿغذ٠ش
characteristic or personal أٚ ففش عٍٛن
behavioral trait used to حٌؾخقٟ لخرٍش ٌٍم١خط
Biometric – ٞٛ١ل١خط ك recognize the identity, or طُغظخذََ فٟ طؼش٠ف
verify the claimed identity, of ٚؽخق١ش ِمذَ حٌطٍذ أ
an applicant. Facial images, حٌظلمك ِٕٙخ. طؼذ فٛس
fingerprints, and handwriting حٌٛؿٗ ٚرقّخص ح٤فخرغ
samples are all examples of ّٚٔخرؽ حٌىظخرش ِٓ أِؼٍش
biometrics. .حٌم١خعخص حٌل١ٛ٠ش
The stored electronic ٟ٘ طٍه حٌّؼٍِٛخص
information pertaining to a ح٨ٌىظشٚٔ١ش حٌّخضٔش
biometric. This information ٞٛ١رخقٛؿ ِم١خط ك
Biometric ِؼٍِٛخص حٌم١خط
can be in terms of raw or ًِؼ١ٓ ٚ طىْٛ فٟ ؽى
Information – ٞٛ١حٌل
compressed pixels or in terms ٚٔمخه خخَ أٚ ِنغٛهش أ
of some characteristic (e.g. فٟ ؽىً ٌٗ رؼل
patterns.) .حٌخقخثـ ِؼً حٌّٕخرؽ
13. An automated system :ٍٝٔظخَ آٌٟ لخدس ػ
capable of: 1) حٌلقٛي ػٍٝ ػ١ٕش
1) capturing a biometric ِٓ ل١خط ك١ٛ٠ش
sample from an end user; ٟحٌّغظخذَ حٌٕٙخث
2) extracting biometric data 2) حعظخ٩ؿ ر١خٔخص
from that sample; حٌم١خط حٌل١ٛٞ ِٓ طٍه
3) comparing the biometric حٌؼ١ٕش
Biometric ٔظخَ ل١خط data with that contained in 3) ِمخسٔش ر١خٔخص حٌم١خط
System – ٞٛ١ك one or more reference حٌل١ٛٞ رظٍه حٌّٛؿٛدس
templates; فٟ ّٔٛرؽ أٚ أوؼش
4) deciding how well they ً4) طمذ٠ش ِذٜ حٌظّخػ
match; and ٚ ر١ّٕٙخ
5) indicating whether or not 5) ح٦ؽخسس اٌٝ ِخ ارح
an identification or وخْ حٌظؼشف أٚ حٌظلمك
verification of identity has ِٓ فلش حٌؾخق١ش لذ
been achieved. .٨ َطُ أـخصٖ أ
A characteristic of biometric أكذ خٛحؿ ِؼٍِٛخص
Biometric ّٔٛرؽ ل١خط
information (e.g. minutiae or ( ٞٛ١حٌم١خط حٌل
Template – ٞٛ١ك
patterns.) .)ً ٩طفخف١ً أٚ ؽىً ِؼ
ؽفشس رشِـ١ش خز١ؼش
Blended Attack Malicious code that uses
حٌٙـَٛ حٌّخظٍََو طغظخذَ ػذس أعخٌ١ذ
– multiple methods to spread.
.ٖوٟ طذػُ حٔظؾخس
طغٍغً ِٓ ٚكذحص
ًحٌزض حٌؼٕخث١ش ٠ؾى
Sequence of binary bits that
حٌّذخ٩ص ٚحٌّخشؿخص
comprise the input, output,
ٚحٌلخٌش ٚحٌّفخط١ق
State, and Round Key. The
حٌّظؼخلزش. هٛي رٌه
Block – لخٌذ length of a sequence is the
حٌظغٍغً ٘ٛ ػذد
number of bits it contains.
ٟٚكذحص حٌزض حٌظ
Blocks are also interpreted as
٠ظنّٕٙخ. طُفغش حٌمٛحٌذ
arrays of bytes.
أ٠نخً ٜ أٔٙخ ِقفٛفش
ًػ
.ِٓ ٚكذحص حٌزخ٠ض
A symmetric key
خٛحسصِ١ش طؾف١ش
cryptographic algorithm that
ِٓ ِظٕخظشس طُلِّٛي لخٌذ
transforms a block of
حٌّؼٍِٛخص فٟ ٚلض
information at a time using a
ٚحكذ ِغظخذِش ِفظخف
Block Cipher – طؾف١ش حٌمخٌذ cryptographic key. For a
طؾف١ش. ِٓ ففخص طٍه
block cipher algorithm, the
حٌخٛحسصِ١ش أْ هٛي لخٌذ
length of the input block is
حٌّذخ٩ص ٘ٛ ٔفظ
the same as the length of the
.هٛي لخٌذ حٌّخشؿخص
output block.
A family of functions and ِـّٛػش ِٓ حٌذٚحي
Block Cipher خٛحسصِ١ش طؾف١ش their inverses that is حٌلغخر١ش ِٚؼىٛعخطٙخ
Algorithm – حٌمخٌذ parameterized by a ً٠ـشٞ طٛك١ذ٘خ ِؼ١خس٠خ
cryptographic key; the رخعظخذحَ ِفظخف
14. function maps bit strings of a طؾف١ش ك١غ طمَٛ حٌذحٌش
fixed length to bit strings of رظلٛ٠ً عٍغٍش رحص
the same length. هٛي ِلذد ِٓ ٚكذحص
ِٓ حٌزض اٌٝ عٍغٍش
ٚكذحص حٌزض ٌٙخ ٔفظ
.حٌطٛي
ف١شٚط ٠مَٛ رضسحػش
A virus that plants itself in a
ٔفغٗ دحخً لطخع
Boot Sector ف١شٚط لطخع system‘s boot sector and
ُطؾغ١ً ٔظخَ ِؼ١ٓ ػ
Virus – ً١حٌظؾغ infects the master boot
ً١٠ق١ذ عـً حٌظؾغ
record.
.ٟحٌشث١غ
ُفشك حٌشلخرش ٚحٌظلى
Monitoring and control of ٍٝفٟ ح٨طقخ٨ص ػ
communications at the ٓ١حٌلذٚد حٌخخسؿ١ش ر
external boundary between أٔظّش حٌّؼٍِٛخص
information systems حٌخخمؼش رخٌىخًِ ٦دحسس
completely under the ٚسلخرش ِٕظّش ِؼ١ٕش
management and control of ٨ ٟٚطٍه ح٤ٔظّش حٌظ
the organization and طخنغ ٦دحسطٙخ ٚسلخرظٙخ
information systems not رؾىً وخًِ، رخ٦مخفش
completely under the ٍٝاٌٝ فشمّٙخ ػ
management and control of حٌلذٚد حٌذحخٍ١ش
Boundary كّخ٠ش كذٚد the organization, and at key ُحٌشث١غ١ش ر١ٓ ٔظ
Protection – َحٌٕظخ internal boundaries between حٌّؼٍِٛخص حٌظٟ طخنغ
information systems رؤوٍّٙخ ٦دحسس ٚسلخرش
completely under the طٍه حٌّٕظّش رغشك ِٕغ
management and control of ٚحوظؾخف ِلخٚ٨ص
the organization, to prevent ح٨طقخي حٌخز١ؼش ٚغ١ش
and detect malicious and حٌّقشف رٙخ ٚوزٌه
other unauthorized حعظؼّخي ٚعخثً حطقخي
communication, employing ً٠ّىٓ حٌظلىُ رٙخ ِؼ
controlled interfaces (e.g., حٌٛو١ً ٚرٛحرخص حٌٛفٛي
proxies, gateways, routers, ْٚحٌّٛؿٙخص ٚؿذسح
firewalls, encrypted tunnels). حٌلّخ٠ش ٚحٌمٕٛحص
.حٌّؾفشس
ِٛؿٗ خخسؿٟ ٠ٛمغ
A boundary router is located
Boundary ِٛؿٗ حطقخي ػٍٝ ٔمخه حطقخي
at the organizations boundary
Router – ٟخخسؿ حٌّٕظّخص ِغ ؽزىش
to an external network.
.خخسؿ١ش
A method of accessing an أعٍٛد ٌّلخٌٚش حٌذخٛي
هش٠مش obstructed device through ٟػٍٝ أكذ ح٤ؿٙضس حٌظ
Brute Force
ٟح٨عظمقخء ف attempting multiple طّؼً ػخثمخً ِٓ خ٩ي
Password Attack
ٍٝحٌٙـَٛ ػ combinations of numeric اؿشحء حٌّلخٚ٨ص
–
وٍّش حٌّشٚس and/or alphanumeric رخعظخذحَ وٍّخص َسٚس
passwords. ِٓ ِظٕٛػش طـّغ ػذد
15. .َحٌلشٚف ٚ/أٚ ح٤سلخ
ؽشه فٟ لٕخس ح٨طقخي
٠ّىٓ ِٓ خ٩ٌٗ ٚمغ
ػذد حوزش ِٓ حٌّذخ٩ص
A condition at an interface فٟ ِٕطمش ِخققش
under which more input can ٨كظـخص حٌز١خٔخص رّخ
be placed into a buffer or ٠فٛق لذسطٙخ
data holding area than the ِٓ ح٨عظ١ؼخر١ش ٌزٌه
capacity allocated, خ٩ي حعظزذحي
Buffer Overflow اغشحق رحوشس
overwriting other information. حٌّؼٍِٛخص حٌّٛؿٛدس
– حٌظخض٠ٓ حٌّئلض
Attackers exploit such a َرخٌىظخرش ػٍ١ٙخ. ٠غظخذ
condition to crash a system حٌّٙخؿّْٛ رٌه حٌؾشه
or to insert specially crafted ٦عمخه حٌٕظخَ أٚ ادخخي
code that allows them to gain ُؽفشحص خخفش ط
control of the system. اػذحد٘خ رّٙخسس ػخٌ١ش
طغّق ٌُٙ رخٌغ١طشس
ُػٍٝ حٌٕظخَ ٚحٌظلى
.ٗ١ف
أعٍٛد حٌظلّ١ً حٌضحثذ
ٌٍز١خٔخص دحخً ِغخكش
A method of overloading a
ِٟلذدس عٍفخً ف
حٌٙـَٛ ربغشحق predefined amount of space
Buffer Overflow ِٕطمش كفع حٌز١خٔخص
ٓ٠رحوشس حٌظخض in a buffer, which can
Attack – ِّخ ٠ئدٜ اٌٝ حكظّخٌ١ش
حٌّئلض potentially overwrite and
حٌىظخرش ػٍٝ حٌىظخرش
corrupt data in memory.
ٚحٌّٛؿٛدس فٟ حٌزحوشس أ
.طخش٠زٙخ
The documentation of a
ِٓ طٛػ١ك ِـّٛػش
predetermined set of
حٌظؼٍ١ّخص ٚح٦ؿشحءحص
instructions or procedures
Business خطش حٌلفخظ حٌُّؼَذِّس عٍفخً ٌٛفف
that describe how an
Continuity Plan ػٍٝ حعظّشحس٠ش ٍٝو١ف١ش حٌلفخظ ػ
organization‘s business
(BCP) – ًّحٌؼ ًٚظخثف حٌؼًّ دحخ
functions will be sustained
ِٕظّش ِؼ١ٕش أػٕخء ٚرؼذ
during and after a significant
.كذٚع خًٍ خط١ش
disruption.
َطلٍ١ً ٌّخ ٠خـ ٔظخ
An analysis of an information
ِٓ طمٕ١ش حٌّؼٍِٛخص
technology (IT) system‘s
ِظطٍزخص ٚػٍّ١خص
requirements, processes, and
ٚػ٩لخص ِظزخدٌش
Business Impact طلٍ١ً ِظطٍزخص interdependencies used to
طُغظخذََ فٟ طٛف١ف ِخ
Analysis (BIA) – حٌطٛحسة characterize system
ِٓ َ٠خـ حٌٕظخ
contingency requirements
ِظطٍزخص هخسثش ٚأٌٚٛ٠خص
and priorities in the event of
ًٍفٟ كخٌش كذٚع خ
a significant disruption.
.خط١ش
Business خطش حعظؼخدس The documentation of a ِٓ طٛػ١ك ٌّـّٛػش
Recovery- ًّكشوش حٌؼ predetermined set of حٌظؼٍ١ّخص ٚح٦ؿشحءحص
16. Resumption instructions or procedures حٌّلذدس عٍفخً طقف
Plan – (BRP) that describe how business و١ف١ش حعظؼخدس كشوش
processes will be restored ًٍحٌؼًّ رؼذ كذٚع خ
after a significant disruption .خط١ش
has occurred.
The method of taking a ٍٝأعٍٛد حٌلقٛي ػ
Capture – حٌظمخه biometric sample from an end ِٓ ٞٛ١ػ١ٕش ل١خط ك
user. .ِٟغظخذَ ٔٙخث
An individual possessing an ؽخـ ِؼ١ٓ ٠ّظٍه
Cardholder – كخًِ حٌزطخلش issued Personal Identity رطخلش ؽخق١ش ٌظلذ٠ذ
Verification (PIV) card. .حٌٙٛ٠ش
ؽىً سلّٟ ٌٍز١خٔخص
ٍٟ٠ ٠ٛفش ػٍٝ ح٤لً ِخ
1) طلذ٠ذ ٘١جش حٌظٛػ١ك
حٌظٟ أفذسص حٌؾٙخدس
A digital representation of ٓ١2) أعّخء حٌّؾظشو
information which at least ف١ٙخ
1) identifies the certification َ3) حٌّفظخف حٌؼخ
authority issuing it, ٌٍّؾظشن
2) names or identifies its ٟ4) ٠لذد حٌفظشس حٌظ
subscriber, طىْٛ خ٩ٌٙخ طٍه
3) contains the subscriber's ًّحٌؾٙخدس فخٌلش ٌٍؼ
public key, 5) ٠لًّ حٌظٛل١غ
4) identifies its operational ح٨ٌىظشٟٚٔ ٌٙ١جش
period, and حٌظٛػ١ك حٌظٟ أفذسص
5) is digitally signed by the ِٓ حٌؾٙخدس. ِـّٛػش
Certificate – ؽٙخدس سلّ١ش certification authority issuing حٌز١خٔخص حٌظٟ طؾ١ش
it. A set of data that uniquely ْرؾىً ِٕفشد اٌٝ و١خ
identifies an entity, contains ٍٝٚحكذ رل١غ طلظٜٛ ػ
the entity‘s public key and حٌّفظخف حٌؼخَ ٌزٌه
possibly other information, حٌى١خْ ٚأٞ ِؼٍِٛخص
and is digitally signed by a ْٛأخشٜ ِّىٕش. طى
trusted party, thereby binding حٌشعخٌش ُِقَذق ػٍ١ٙخ
the public key to the entity. سلّ١خً ِٓ هشف ػخٌغ
Additional information in the ِٛػٛق رٗ ٚػٍ١ٗ ٠ظُ سرو
certificate could specify how حٌّفظخف حٌؼخَ رزٌه
the key is used and its حٌى١خْ. ٕ٘خن ِؼٍِٛخص
cryptoperiod. امخف١ش فٟ حٌؾٙخدس
ِٓ ٓحٌشلّ١ش ٠ّى
خ٩ٌٙخ طلذ٠ذ و١ف١ش
حعظخذحَ حٌّفظخف ِٚذس
.ٖطؾف١ش
A Certificate Policy is a ِٓ ؽىً خخؿ
Certificate Policy ع١خعش
specialized form of حٌغ١خعخص ح٦دحس٠ش
(CP) – حٌؾٙخدس حٌشلّ١ش
administrative policy tuned to ٠ظٛحءَ ِغ ِؼخِ٩ص
17. electronic transactions اٌىظشٚٔ١ش طُطزك أػٕخء
performed during certificate .ادحسس حٌؾٙخدس حٌشلّ١ش
management. A Certificate طؼخٌؾ ع١خعش حٌؾٙخدس
Policy addresses all aspects ٝحٌشلّ١ش وً حٌٕٛحك
associated with the حٌّشطزطش رخفذحس٘خ
generation, production, ٚحعظخشحؿٙخ ٚطٛص٠ؼٙخ
distribution, accounting, ٚكغخرخطٙخ ٚحعظؼخدطٙخ
compromise recovery and ًٚوزٌه ادحسطٙخ. ٚرؾى
administration of digital ٓغ١ش ِزخؽش ٠ّى
certificates. Indirectly, a ٌغ١خعش حٌؾٙخدس
certificate policy can also ٝحٌشلّ١ش أْ طظلىُ ف
govern the transactions حٌّؼخِ٩ص حٌُّٕـضس
conducted using a ٌٗ رٕظخَ حطقخ٨ص طظٛفش
communications system َحٌلّخ٠ش ِٓ خ٩ي ٔظخ
protected by a certificate- ٍٝأِٓ ٠ؼظّذ ػ
based security system. By ِٓ .حٌؾٙخدس حٌشلّ١ش
controlling certificate ٟخ٩ي حٌظلىُ ف
extensions, such policies and ح٨ِظذحدحص حٌخخفش
associated enforcement رخٌؾٙخدحص حٌشلّ١ش
technology can support حٌلشؿش ٠ّىٓ ٌظٍه
provision of the security حٌغ١خعخص ِٚخ ٠قخكزٙخ
services required by ِٓ طمٕ١ش حٌّظخرؼش
particular applications. ٚحٌنزو دػُ طذحر١ش
ٟحٌخذِخص ح٤ِٕ١ش حٌظ
.ططٍزٙخ ططز١مخص ِؼ١ٕش
Certificate
٘١جش ادحسس A Certification Authority (CA)
Management ٘١جش طٛػ١ك أٚ ٘١جش
حٌؾٙخدحص or a Registration Authority
Authority (CMA) .ً١طغـ
حٌشلّ١ش (RA).
–
ِؼٍِٛخص غ١ش ِنخفش
Information, such as a
ًٌٍؾٙخدس حٌشلّ١ش ِؼ
subscriber's postal address,
Certificate- ِؼٍِٛخص ِشطزطش ٞحٌؼٕٛحْ حٌزش٠ذ
that is not included in a
Related رخٌؾٙخدحص ٌٍّؾظشن. سرّخ
certificate. May be used by a
Information – حٌشلّ١ش طغظخذَ ٘١جش طٛػ١ك
Certification Authority (CA)
ِؼ١ٓ طٍه حٌز١خٔخص ٦دحسس
managing certificates.
.حٌؾٙخدحص حٌشلّ١ش
لخثّش ؽٙخدحص حٌّفظخف
A list of revoked public key
Certificate حٌؼخَ حٌٍّغ١ش. ٠ظُ افذحس
لخثّش حٌؾٙخدحص certificates created and
Revocation List طٍه حٌمخثّش ٚحٌظٛل١غ
حٌشلّ١ش حٌٍّغخس digitally signed by a
(CRL) – ػٍ١ٙخ سلّ١خً رٛحعطش
Certification Authority.
.٘١جش طٛػ١ك
A trusted entity that provides و١خْ ِٛػٛق ف١ٗ طٛفش
Certificate
٘١جش طلذ٠ذ كخٌش on-line verification to a رؾىً ِزخؽش ٌطشف
Status Authority
حٌؾٙخدس حٌشلّ١ش Relying Party of a subject ِٓ طخرغ حِىخٔ١ش حٌظلمك
–
certificate's trustworthiness, ِقذحل١ش ؽٙخدس سلّ١ش