Skip to main content
Information Security
Mike B's user avatar
Mike B's user avatar
Mike B's user avatar
Mike B
  • Member for 13 years, 3 months
  • Last seen more than a month ago
Profile Activity

60 Questions

Score Activity Newest Views
94 votes
2 answers
84k views

What is the relationship between "SHA-2" and "SHA-256"

46 votes
2 answers
51k views

What is the difference between a "Thumbprint Algorithm" "Signature Algorithm" and "Signature Hash Algorithm" for a certificate?

31 votes
4 answers
95k views

What is the purpose/role of the "alias" attribute in Java keystore files?

23 votes
3 answers
10k views

What is the difference between "key length" and "bit strength"?

10 votes
3 answers
7k views

What's the difference between an access control method, security model, and security policy?

9 votes
3 answers
8k views

Why does the ★-property rule of the Bell-LaPadula Model allow information to be stored in objects with HIGHER sensitivity labels?

8 votes
1 answer
2k views

What is a practical example of an action that violates the non-interference model?

7 votes
3 answers
7k views

What's a practical example of encryption "in use" or "in process"?

6 votes
2 answers
927 views

What's the difference between "load testing" and "stress testing" within the context of a security audit?

6 votes
1 answer
3k views

Is it correct to consider Task Based Access Control as a type of RBAC?

5 votes
2 answers
267 views

Is it correct to consider audits as exclusively "detective" in nature?

4 votes
2 answers
3k views

How exactly are registration authorities related to certificate authorities?

4 votes
1 answer
461 views

Is there a difference in terminology between the words "cryptogram" and "ciphertext"?

4 votes
1 answer
3k views

Are Meltdown and Spectre exploitable on 32-bit Linux platforms?

3 votes
1 answer
5k views

What's the difference between an "application-aware firewall" and a "web application firewall"?

3 votes
2 answers
6k views

What's the difference between an API gateway and XML gateway?

3 votes
1 answer
1k views

Is there a difference between "Maximum Tolerable Downtime" and "Maximum Allowed Downtime"?

3 votes
1 answer
139 views

Are all (or most) expired certificates issued by 3rd party certificate authorities also marked as revoked?

3 votes
2 answers
1k views

Is there a difference between "risk tolerance" and "risk appetite"?

3 votes
3 answers
23k views

What's the difference between "Due Care" and "Due Diligence"?

3 votes
2 answers
556 views

What's a practical example of how volatile information can be preserved in a digital forensics investigation?

3 votes
1 answer
268 views

Why would a goal of DLP solution implementation include "loss of mitigation"?

3 votes
3 answers
941 views

How do I clearly distinguish between groups of formal and informal models?

3 votes
2 answers
293 views

Is there a difference between "symmetric algorithms" and "symmetric ciphers" within the context of cryptography?

2 votes
2 answers
2k views

Is a SHA-256 signature required on a CSR in order to generate a certificate with SHA-256 signature?

2 votes
2 answers
2k views

What's the difference between "access aggregation" and "authorization creep"?

2 votes
1 answer
344 views

Is it reasonable to consider logs as a "technical control"?

2 votes
1 answer
181 views

What's the difference between OVAL definitions, objects, and tests?

2 votes
1 answer
854 views

Does "crypto offloading" require the use of ASICs? Can the concept be applied elsewhere?

2 votes
2 answers
2k views

Do TLS standards require the server-side preference to always be used when negotiating ciphers to use?

1
2