ISC2 CC Exam Glossary
Bot
Malicious code that acts like a remotely controlled "robot" for an attacker, with other Trojan and worm capabilities.
Ingress Monitoring
Monitoring of incoming network traffic.
Egress Monitoring
Monitoring of outgoing network traffic.
Cryptanalyst
One who performs cryptanalysis, which is the study of mathematical techniques for attempting to defeat cryptographic techniques and/or information systems security. This includes the process of looking for errors or weaknesses in the implementation of an algorithm or of the algorithm itself.
Oversized Packet Attack
Purposely sending a network packet that is larger than expected or larger than can be handled by the receiving system, causing the receiving system to fail unexpectedly.
Packet
Representation of data at Layer 3 of the Open Systems Interconnection (OSI) model.
National Institutes of Standards and Technology (NIST)
The N_ _ _ is part of the U.S. Department of Commerce and addresses the measurement infrastructure within science and technology efforts within the U.S. federal government. NIST sets standards in a number of areas, including information security within the Computer Security Resource Center of the Computer Security Divisions.
Artificial Intelligence
The ability of computers and robots to simulate human intelligence and behavior.
Authentication
The act of identifying or verifying the eligibility of a station, originator, or individual to access specific categories of information. Typically, a measure designed to protect against fraudulent transmissions by establishing the validity of a transmission, message, station or originator.
Ciphertext
The altered form of a plaintext message so it is unreadable for anyone except the intended recipients. In other words, it has been turned into a secret.
Byte
The byte is a unit of digital information that most commonly consists of eight bits.
Confidentiality
The characteristic of data or information when it is not made available or disclosed to unauthorized persons or processes.
Business Continuity Plan (BCP)
The documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business processes will be sustained during and after a significant disruption.
Incident Response Plan (IRP)
The documentation of a predetermined set of instructions or procedures to detect, respond to and limit consequences of a malicious cyberattack against an organization's information systems(s).
Non-reputation
The inability to deny taking an action such as creating information, approving information and sending or receiving a message.
File Transfer Protocol (FTP)
The internet protocol (and program) used to transfer files between hosts.
Internet Engineering Task Force
The internet standards organization, made up of network designers, operators, vendors and researchers, that defines protocol standards (e.g., IP, TCP, DNS) through a process of collaboration and consensus.
Breach
The loss of control, compromise, unauthorized disclosure, unauthorized acquisition or any similar occurrence where: a person other than an authorized user accesses or potentially accesses personally identifiable information; or an authorized user accesses personally identifiable information for other than an authorized purpose.
Impact
The magnitude of harm that could be caused by a threat's exercise of a vulnerability.
Bit
The most essential representation of data (zero or one) at Layer 1 of the Open Systems Interconnection (OSI) model.
De-encapsulation
The opposite process of encapsulation, in which bundles of data are unpacked or revealed.
Hardware
The physical parts of a computer and related devices.
Information Security Risk
The potential adverse impacts to an organization's operations (including its mission, functions and image and reputation), assets, individuals, other organizations, and even the nation, which results from the possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information and/or information systems.
Denial-of-Service (DoS)
The prevention of authorized access to resources or the delaying of time-critical operations. (Time-critical may be milliseconds or it may be hours, depending upon the service provided.)
Likelihood
The probability that a potential vulnerability may be exercised within the construct of the associated threat environment.
Encryption
The process and act of converting the message from its plaintext to ciphertext. Sometimes it is also referred to as enciphering. The two terms are sometimes used interchangeably in literature and have similar meanings.
Incident Handling, or Incident Response (IR)
The process of detecting and analyzing incidents to limit the incident's effect.
Governance
The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles and procedures the organization uses to make those decisions.
Hashing
The process of using a mathematical algorithm against data to produce a numeric value that is representative of that data.
Disaster Recovery Plan (DRP)
The processes, policies and procedures related to preparing for recovery or continuation of an organization's critical business functions, technology infrastructure, systems and applications after the organization experiences a disaster. A disaster is when an organization's critical business function(s) cannot be performed at an acceptable level within a predetermined period following a disruption.
Integrity
The property of information whereby it is recorded, used and maintained in a way that ensures its completeness, accuracy, internal consistency and usefulness for a stated purpose.
Data Integrity
The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing and while in transit.
Infrastructure as a Service (IaaS)
The provider of the core computing, storage and network hardware and software that is the foundation upon which organizations can build and then deploy applications. IaaS is popular in the data center where software and servers are purchased as a fully outsourced service and usually billed on usage and how much of the resource is used.
Digital Signature
The result of a cryptographic transformation of data which, when properly implemented, provides the services of origin authentication, data integrity, and signer non-repudiation.
Decryption
The reverse process from encryption. It is the process of converting a ciphertext message back into plaintext through the use of the cryptographic algorithm and the appropriate key for decryption (which is the same for symmetric encryption, but different for asymmetric encryption). This term is also used interchangeably with "deciphering."
Authorization
The right or a permission that is granted to a system entity to access a system resource.
Operating System
The software "master control application" that runs the computer. It is the first program loaded when the computer is turned on, and its main component, the kernel, resides in memory at all times. The operating system sets the standards for all application programs (such as the Web server) that run in the computer. The applications communicate with the operating system for most user interface and file management operations.
Cryptography
The study or applications of methods to secure or protect the meaning and content of messages, files, or other information, usually by disguise, obscuration, or other transformations of that content and meaning.
Encryption System
The total set of algorithms, processes, hardware, software and procedures that taken together provide an encryption and decryption capability.
Encrypt
To protect private information by putting it into a form that can only be read by people who have permission to do so.
Multi-Factor Authentication
Using two or more distinct instances of the three factors of authentication (something you know, something you have, something you are) for identity verification.
Baseline
A documented, lowest level of security configuration allowed by a standard or organization.
Patch
A software component that, when installed, directly modifies files or device settings related to a different software component without changing the version number or release details for the related software component.
Internet Control Message Protocol (ICMP)
An IP network protocol standardized by the Internet Engineering Task Force (IETF) through RFC 792 to determine if a particular service or host is available.
Firewalls
Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules.
General Data Protection Regulation (GDPR)
In 2016, the European Union passed comprehensive legislation that addresses personal privacy, deeming it an individual human right.
Microsegmentation
Part of a zero-trust strategy that breaks LANs into very small, highly localized zones using firewalls or similar technologies. At the limit, this places firewall at every connection point.
Object
Passive information system-related entity (e.g., devices, files, records, tables, processes, programs, domains) containing or receiving information. Access to an object (by a subject) implies access to the information it contains.
Adequate Security
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information.
Internet Protocol
Standard protocol for transmission of data from source to destinations in packet-switched communications networks and interconnected systems of such networks.
Data Loss Prevention (DLP)
System capabilities designed to detect and prevent the unauthorized use and transmission of information.
Layered Defense
The use of multiple controls arranged in series to provide several consecutive controls to protect an asset; also called defense in depth.
Health Insurance Portability and Accountability Act (HIPAA)
This U.S. federal law is the most important healthcare information regulation in the United States. It directs the adoption of national standards for electronic healthcare transactions while protecting the privacy of individual's health information. Other provisions address fraud reduction, protections for individuals with health insurance and a wide range of other healthcare-related activities. Est. 1996.
Domain Name Service (DNS)
This acronym can be applied to three interrelated elements: a service, a physical server and a network protocol.
Discretionary Access Control (DAC)
A certain amount of access control is left to the discretion of the object's owner, or anyone else who is authorized to control the object's access. The owner can determine who should have access rights to an object and what those rights should be.
Hybrid Cloud
A combination of public cloud storage and private cloud storage where some critical data resides in the enterprise's private cloud while other data is stored and accessible from a public cloud storage provider.
Application Server
A computer responsible for hosting applications to user workstations.
Checksum
A digit representing the sum of the correct digits in a piece of stored or transmitted digital data, against which later comparisons can be made to detect errors in the data.
Message Digest
A digital signature that uniquely identifies data and has the property such that changing a single bit in the data will cause a completely different message digest to be generated.
Criticality
A measure of the degree to which an organization depends on the information or information system for the success of a mission or of a business function.
Cloud Computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
Exploit
A particular attack. It is named this way because these attacks exploit system vulnerabilities.
Configuration Management
A process and discipline used to ensure that the only changes made to a system are those that have been authorized and validated.
Hardening
A reference to the process of applying secure configurations (to reduce the attack surface) and locking down various hardware, communications systems, and software, including operating system, web server, application server, application, etc. Hardening is normally performed based on industry guidelines and benchmarks, such as those provided by the Center for Internet Security (CIS).
Intrusion
A security event, or combination of security events, that constitutes a security incident in which an intruder gains, or attempts to gain, access to a system or system resource without authorization.
Application Programming Interface (API)
A set of routines, standards, protocols, and tools for building software applications to access a web-based software application or web tool.
Community Cloud
A system in which the cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy and compliance considerations). It may be owned, managed and operated by one or more of the organizations in the community, a third party or some combination of them, and it may exist on or off premises.
Log Anomaly
A system irregularity that is identified when studying log entries which could represent events of interest for further surveillance.
Degaussing
A technique of erasing data on disk or tape (including video tapes) that, when performed properly, ensures that there is insufficient magnetic remanence to reconstruct data.
Likelihood of Occurrence
A weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability or set of vulnerabilities.
Mandatory Access Control
Access control that requires the system itself to manage access controls in accordance with the organization's security policies.
Business Continuity (BC)
Actions, processes and tools for ensuring an organization can continue critical operations during a contingency.
Hash Function
An algorithm that computes a numerical value (called the hash value) on a data file or electronic message that is used to represent that file or message and depends on the entire contents of the file or message. A hash function can be considered to be a fingerprint of the file or message.
Asymmetric Encryption
An algorithm that uses one key to encrypt and a different key to decrypt the input plaintext.
Business Impact Analysis (BIA)
An analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.
Critical Prevention through Environmental Design (CPTED)
An architectural approach to the design of buildings and spaces that emphasizes passive features to reduce the likelihood of criminal activity.
Man-in-the-middle
An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them.
Logical Access Control Systems
An automated system that controls an individual's ability to access one or more computer system resources, such as a workstation, network, application or database. A logical access control system requires the validation of an individual's identity through some mechanism, such as a PIN, card, biometric or other token. It has the capability to assign different access privileges to different individuals depending on their roles and responsibilities in an organization.
Insider Threat
An entity with authorized access that has the potential to harm an information system through destruction, disclosure, modification of data, and/or denial of service.
Mantrap
An entrance to a building or an area that requires people to pass through two doors with only one door opened at a time.
Incident
An event that actually or potentially jeopardizes the confidentiality, integrity or availability of an information system or the information the system processes, stores or transmits.
iOS
An operating system manufactured by Apple Inc. Used for mobile devices.
Linux
An operating system that is open source, making its source code legally available to end users.
Event
Any observable occurrence in a network or system.
Asset
Anything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.
Biometric
Biological characteristics of an individual, such as a fingerprint, hand geometry, voice, or iris patterns.
Broadcast
Broadcast transmission is a one-to-many (one-to-everyone) form of sending internet traffic.
Encapsulation
Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking, revealing, or using other terms. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption.
Availability
Ensuring timely and reliable access to and use of information by authorized users.
Adverse Events
Events with a negative consequence, such as system crashes, network packet floods, unauthorized use of system privileges, defacement of a web page or execution of malicious code that destroys data.
Institute of Electrical and Electronics Engineers (IEEE)
I_ _ _ is a professional organization that sets standards for telecommunications, computer engineering and similar disciplines
International Organization of Standards (ISO)
I_ _ develops voluntary international standards in collaboration with its partners in international standardization, the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU), particularly in the field of information and communication technologies.
Disaster Recovery (DR)
In information systems terms, the activities necessary to restore IT and communications services to an organization during and after an outage, disruption or disturbance of any kind or scale.
Fragment Attack
In this type of attack, an attacker fragments traffic in such a way that a system is unable to put data packets back together.
Audit
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures.
Defense in Depth
Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and missions of the organization.
Classified or Sensitive Information
Information that has been determined to require protection against unauthorized disclosure and is marked to indicate its classified status and classification level when in documentary form.
Classification
Classification identifies the degree of harm to the organization, its stakeholders or others that might result if an information asset is divulged to an unauthorized person, process or organization. In short, classification is focused first and foremost on maintaining the confidentiality of the data, based on the data sensitivity.
Logging
Collecting and storing user activities in a log, which is a record of the events occurring within an organization's systems and networks.
Administrative Controls
Controls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation. Administrative controls in modern environments are often enforced in conjunction with physical and/or technical controls, such as an access-granting policy for new users that requires login and approval by the hiring manager