Gray (Grey) box (Partial Knowledge) Pen testing: The attacker has limited knowledge, a normal user, vendor or someone with limited environment knowledge.

Water: Removes the “heat” leg of the fire triangle by lowering the temperature. Is the safest suppression agent, but for Data Centers: Water + hardware = dead hardware. Should always be a last resort and electricity could always be cut before water is used.

PROM (Programmable Read Only Memory) – Can only be written once, normally at the factory.

Patents: Protects inventions for 20 years (normally) – Cryptography algorithms can be patented. Inventions must be:Novel (New idea no one has had before). Useful (It is actually possible to use and it is useful to someone). Nonobvious (Inventive work involved).

Risk = Threat x Vulnerability. Impact - Can at times be added to give a more full picture. Risk = Threat x Vulnerability x Impact (How bad is it?). Total Risk = Threat x Vulnerability x Asset Value. Residual Risk = Total Risk – Countermeasures.

Misuse Case Testing: Executing a malicious act against a system, attackers won't do what normal users would, we need to test misuse to ensure our application or software is safe.

Social engineering is often more successful if is uses one or more of these approaches: authority, intimidation, consensus, scarcity, urgency, or familiarity.

DRP has a lifecycle of Mitigation, Preparation, Response and Recovery. Mitigation: Reduce the impact, and likeliness of a disaster. Preparation: Build programs, procedures and tools for our response. Response: How we react in a disaster, following the procedures. Recovery: Reestablish basic functionality and get back to full production.

EU Data Protection Directive: Very aggressive pro-privacy law. Organizations must notify individuals of how their data is gathered and used. Organizations must allow for opt-out for sharing with 3rd parties. Opt-in is required for sharing most sensitive data. No transmission out of EU unless the receiving country is perceived to have adequate (equal) privacy protections; the US does NOT meet this standard. EU-US Safe Harbor: optional between organization and EU.

Fences (Deterrence, Preventative): Smaller fences such as 3ft. (1m) can be a deterrence, while taller ones, such as 8ft. (2.4m) can be a prevention mechanism. The purpose of the fences is to ensure that entrances/exits from the facility happen through only a few entry points (doors, gates, turnstiles). Gates (Deterrence, Preventative): Placed at control points at the perimeter. Used with the fences to ensure that access only happens through a few entry points.