1
Q
What ist “access control”
A
authentication + authorisation
2
Q
Attacks against passwords?
A
- Guess
- phishing, spoofing, keylogging
- social engineering
3
Q
What are the risks of reusing a password?
A
Using the same or related passwords on multiple accounts means that one compromised system or account can lead to compromise of other accounts
4
Q
how to avoid password reuse?
A
- Generating service-specific passwords from one master password
- Password wallet
5
Q
Countermeasures against password guessing?
A
- limit login attempts
- prevent reuse of old passwords
- Password aging, i.e. mandatory periodic password changes
6
Q
difference between offline and online attack?
A
offline attack: cracking password from known hash of the password -> attacker can perform brute force
online attack: attacker tries to og in many times->System can limit number of login attempts
7
Q
How should you store passwords on a database?
A
- store as hash
- use a slow hash function
- include random account-specific “salt”
8
Q
What is biometric authentication?
A
verifying some physical feature of the user
HCISSP ISC2
flashcards
Decks in class (56)
# Cards
-
Domain 1 - Healthcare Industry10
-
1.1 Medical Business Operations29
-
1.2 Healthcare Data, Data Sets And Standards33
-
1.3 HIS: Patient, personal, or population records36
-
Domain 1 EHRs16
-
1.4 HIS Divisions: Administrative, Departmental, Clinical, and Financial18
-
Domain 2 - Regulatory Environment10
-
2.1 Regulatory Requirements20
-
2.2 HIPPA: Privacy and Confidentiality: Professional and Legal Responsibilities82
-
Domain 3 – Privacy and Security in Healthcare27
-
3.1 Goals and Principles - What Is Security20
-
3.2 Goals and Principles - Privacy12
-
3.3 Goals and Principles - Design Principles for Secure Systems12
-
Authentication8
-
3.4 Introduction to Encryption59
-
3.4.1 Symmetric Cryptography28
-
3.4.2 Symmetric Block Ciphers36
-
RC416
-
AES15
-
Asymmetric Cryptography14
-
Symetric Cryptography overview and comparations4
-
MAC & MDC25
-
Most used MDC & MAC20
-
Cryptographic Protocols36
-
Eliptic Curve Cryptography1
-
Applications of Cryptography11
-
Security Management - Standards10
-
Security Managment - Common Criteria20
-
Domain 4 – Information Governance and Risk Management10
-
Data Flow In HIT12
-
Secure Operating Environments - OS Hardening8
-
Trusted computing6
-
Domain 5 – Information Risk Assessment10
-
5.1 Orginizational Behavior Risks30
-
IT Operations28
-
Domain 6 – Third-Party Risk Management10
-
Intro To Healthcare IT7
-
Quiz 190
-
HIT Chapter 14
-
Quiz 257
-
Quilt4
-
Midterm75
-
Quiz 398
-
Quiz 4100
-
Secure Operating Environments - Access Control Datei16
-
malware4
-
DPRC Review 2 True/False18
-
DPRC Vocabulary 3-528
-
DPRC Vocabulary33
-
DPRC Session 6 and 7 Full Question Bank55
-
DPRC Final Exam136
-
DPRC CERTIFICATION TEST121
-
Random24
-
RHIA Exam Prep66
-
Vocabulary2
-
HCISPP 2234
