Social engineering uses people skills to bypass security controls. Intimidation (If you don't bad thing happens) - Virus on the network, credit card compromised, lawsuit against your company, intimidation is most effective with impersonation and vishing attacks.

ISO 27002: (From BS 7799, 1/2, ISO 17799) Provides practical advice on how to implement security controls. It focuses on Information Security Management Systems (ISMS).

An UPS (Uninterrupted Power Supply) contains a large battery bank that will take over in a power outage, it does also provide surge protection.

MTD ≥ RTO + WRT: The time to rebuild the system and configure it for reinsertion into production must be less than or equal to our MTD.

RAID 5: Block level striping with distributed parity, requires at least 3 disks. Combined speed with redundancy.

DBMS (database management system): The most common is SQL or a SQL derivative. A computer software application that interacts with the user, other applications, and the database itself to capture and analyze data. A general-purpose DBMS is designed to allow the definition, creation, querying, update, and administration of databases. MySQL, PostgreSQL, MongoDB, MariaDB, Microsoft SQL Server, Oracle, Sybase, SAP HANA, SQLite and IBM DB2.

FAR (False accept rate) Type 2 error: Unauthorized user is granted access. This is a very serious error.

Hash Functions: RIPEMD: Developed outside of defense to ensure no government backdoors. 128, 256, 320 bit hashes. Not widely used. No longer secure.

Our DRP (Disaster Recovery Plan) should answer at least three basic questions: What is the objective and purpose. Who will be the people or teams who will be responsible in case any disruptions happen. What will these people do (our procedures) when the disaster hits.

Contactless Cards - can be read by proximity. Key fobs or credit cards where you just hold it close to a reader. They use a RFID (Radio Frequency Identification) tag (transponder) which is then read by a RFID Transceiver.