A long asymmetric encryption key (public-key encryption) increases encryption overhead and cost.
Creating user accounts that automatically expire by a predetermined date is an effective control for granting temporary access to vendors and external support personnel.
Worms are malicious programs that can run independently and can propagate without the aid of a carrier program such as email.
Outbound traffic filtering can help prevent an organization's systems from participating in a distributed denial-of-service (DDoS) attack.
Identifying network applications such as mail, web, or FTP servers to be externally accessed is an initial step in creating a proper firewall policy.
Improperly configured routers and router access lists are a common vulnerability for denial-of-service attacks.
With public-key encryption, or asymmetric encryption, data is encrypted by the sender using the recipient's public key, and the data is then decrypted using the recipient's private key.
Trojan horse programs are a common form of Internet attack.
The SSL protocol provides confidentiality through symmetric encryption such as Data Encryption Standard, or DES.
Network performance-monitoring tools are used to measure and ensure proper network capacity management and availability of services.
Information systems security policies are used as the framework for developing logical access controls.
Intrusion-detection systems (IDS) are used to gather evidence of network attacks.
Time stamps are an effective control for detecting duplicate transactions such as payments made or received.
Traffic analysis is a passive attack method used by intruders to determine potential network vulnerabilities.
File encryption is a good control for protecting confidential data that resides on a PC.
Although many methods of fire suppression exist, dry-pipe sprinklers are considered to be the most environmentally friendly.
Logical access controls should be reviewed to ensure that access is granted on a leastprivilege basis per the organization's data owners.
A callback system is a remote access control in which the user initially connects to the network systems via dial-up access, only to have the initial connection terminated by the server, which then subsequently dials back the user at a predetermined number stored in the server's configuration database.