CISSP
Permutation
(Also called transposition) provides confusion by rearranging the characters of the plaintext, anagram-style
Clipper Chip
(Failed) 1993 Escrowed Encryption Standard (EES), which used the Skipjack algorithm
E3
24 E1s
T3
28 bundled T1s
Grandfather-Father-Son Tape Rotation
3 sets of tapes: 7 daily tapes (the son), 4 weekly tapes (the father), and 12 monthly tapes (the grandfather). Once per week a son tape graduates to father. Once every 5 weeks a father graduates into a grandfather. After running for a year this method ensures there are backup tapes available for the past 7 days, weekly tapes for the past 4 weeks, and monthly tapes for the past 12 months.
Triple DES
56-bit DES applied three times per block
Managed mode
802.11 mode that clients use to connect to an AP
802.11b
802.11 mode that operates at 11 mbps using the 2.4 GHz frequency
802.11g
802.11 mode that operates at 54 mbps using the 2.4 GHz frequency
802.11a
802.11 mode that operates at 54 mbps using the 5 GHz frequency
802.11n
802.11 mode that uses both 2.4 and 5 GHz frequencies and allows speeds of 144 mbps and beyond
Master mode
802.11 mode used by Aps
Ad hoc mode
802.11 peer-to-peer mode with no central AP
Monitor mode
802.11 read-only mode used for sniffing
Bluetooth
802.15 networking, a PAN wireless technology
Object
A "black box" that combines code and data, and sends and receives messages
Attribute
A Column in a relational database table
Cipher
A Cryptographic algorithm
Data Warehouse
A Large collection of Data
SLIP / Serial Line Internet Protocol
A Layer 2 protocol which provides IP connectivity via asynchronous connections such as serial lines and modems.
Dumpster diving
A Physical attack in which a person recovers trash in hopes of finding sensitive information that has been merely discarded in whole rather than being destroyed
RADIUS / Remote Authentication Dial In User Service
A UDP-based third-party authentication system.
Background checks
A Verification of a person's background and experience, Also called pre-employment screening
SIP / Session Initiation Protocol
A VoIP signaling protocol.
ATM/Asynchronous Transfer Mode
A WAN technology that uses fixed length cells
failover
A backup operation that automatically switches to a standby system if the primary system fails or is taken offline. It is an important fault-tolerant function that provides system availability.
GFS / Grandfather Father Son
A backup rotation method
Warm site
A backup site with all the necesssary hardware and connectivity, and configured computes without live data
Cold Site
A backup site with raised floor, power, utilities, and physical security, and no configured systems or data
Cracker
A black hat hacker
Zero knowledge test
A blind penetration test where the tester has no inside information at the start of the test
ISO 17799
A broad-based approach for information security code of practice by the International Organization for Standardization
Capability
A capability outlines the objects a subject can access and the operations the subject can carry out on the different objects. It indicates the access rights for a specific subject; many times, the capability is in the form of a ticket.
Botnet
A central bot command and control (C&C) network, managed by humans
Audit Trail
A chronological set of logs and records used to provide evidence of a system's performance or activity that took place on the system. These logs and records can be used to attempt to reconstruct past events and track the activities that took place, and possibly detect and identify intruders.
Compartment
A class of information that has need-to-know access controls beyond those normally provided for access to confidential, secret, or top-secret information. A compartment is the same thing as a category within a security label. Just because a subject has the proper classification, that does not mean it has a need to know. The category, or compartment, of the security label enforces the subject's need to know.
multilevel security
A class of systems containing information with different classifications. Access decisions are based on the subject's security clearances, need to know, and formal approval.
Savepoint
A clean snapshot of the database tables.
TACACS (Terminal Access Controller Access Control System)
A client/server authentication protocol that provides the same type of functionality as RADIUS and is used as a central access control mechanism mainly for remote users.
covert channel
A communications path that enables a process to transmit information in a way that violates the system's security policy
Distributed Network Protocol 3 (DNP3)
A communications protocol designed for use in SCADA systems, particular those within the power sector, that does not include routing functionality.
Trojan Horse
A computer program that has an apparently or actually useful function, but that also contains hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.
Trojan horse
A computer program that has an apparently or actually useful function, but that also contains hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.
Accredited
A computer system or network that has received official authorization and approval to process sensitive data in a specific operational environment. There must be a security evaluation of the system's hardware, software, configurations, and controls by technical personnel.
Bot
A computer system running malware that is controlled via a botnet
Extranet
A connection between private Intranets
Best practice
A consensus of the best way to protect the confidentiality, integrity and availability of assets
countermeasure
A control, method, technique, or procedure that is put into place to prevent a threat agent from exploiting a vulnerability. A countermeasure is put into place to mitigate risk. Also called a safeguard or control
Multiprotocol Label Switching (MPLS)
A converged data communications protocol designed to improve the routing speed of high-performance networks.
Fiber Channel over Ethernet (FCoE)
A converged protocol that allows Fiber Channel frames to ride over Ethernet networks
Internet Small Computer System Interface (iSCSI)
A converged protocol that encapsulates SCSI data on TCP segments in order to allow peripherals to be connected to computers across networks.
covert timing channel
A covert channel in which one process modulates its system resource (for example, CPU cycles), which is interpreted by a second process as some type of communication.
covert storage channel
A covert channel that involves writing to a storage location by one process and the direct or indirect ready of the storage location by another process. Covert storage channels typically involve a resource (for example, sectors on a disk) that is shared by two subjects at different security levels.
Object
A data file
Network model (telecommunications)
A description of how a network protocol suite operates
Certification
A detailed inspection that verifies whether a system meets the documented security requirements
Clearance
A determination, typically made by a senior security professional, about whether or not a user can be trusted with a specific level of information
Lightweight Directory Access Protocol (LDAP)
A directory service based on a subset of the X.500 standard that allows users and applications to interact with a directory.
key
A discrete data set that contorls the operation of a cryptography algorithm. In encryption, a key specifies the particular transformation of plaintext to ciphertext, or vice versus, during encryption. Keys are also used in other cryptographic algorithms, such as digital signatures and keyed-hash functions (also known as HMACs), which are often used for authentication and integrity.
RIP / Routing Information Protocol
A distance vector routing protocol that uses hop count as its metric.
Annualized loss expectancy (ALE)
A dollar amount that estiamtes the loss potenial from a risk in a span of a year. Single Loss Expectancy (SLE) x annualized rate of occurrence (ARO) = ALE
Ciphertext
A encrypted message
dictionary attack
A form of attack in which an attacker uses a large set of likely combinations to guess a secret, usually a password.
Packet-switched network
A form of networking where bandwidth is shared and data is carried in units called packets
EULA / End User License Agreement
A form of software licensing agreement
Biba Model
A formal state transition system of a computer security policy that describes a set of access control rules designed to ensure data integrity.
Public Key Infrastructure (PKI)
A framework of programs, procedures, communication protocols, and public key cryptography that enables a diverse group of individuals to communicate securely.
Business Impact Analysis (BIA)
A functional analysis in which a team collects data, documents business functions, develops a hierarchy of business functions, and applies a classification scheme to indicate each individual function's criticality level.
fail-safe
A functionality that ensure that when software or system fails for any reason, it does not end up in a vulnerable state. After a failure, software might default to no access instead of allowing full control, which would be an example of a fail-safe measure.
GAN / Global Area Network
A global collection of WAN's
Delphi technique
A group decision method used to ensure that each member of a group gives an honest and anonymous opinion pertaining to the company's risks.
SHA-1 / Secure Hash Algorithm 1
A hash function that creates a 160-bit message digest.
SHA-2 / Secure Hash Algorithm 2
A hash function that includes SHA-224, SHA-256, SHA-384, and SHA-512, named after the length of the message digest each creates.
Security assessments
A holistic approach to assessing the effectiveness of access control. May use other tests as a subset, including penetration tests and vulnerability scans.
Ticket Granting Service (TGS)
A kerberos service which grants access to services
Foreign key
A key in a related database table that matches a primary key in the parent database
EAP / Extensible Authentication Protocol
A layer 2 authentication framework that describes many specific authentication protocols
Entrapment
A legal defense wher the defendant claims an agent of law enforcement persuaded the defendant to commit a crime that he or she would otherwise not have committed
trademark
A legal right that protects a word, name, product shape, symbol, color, or a combination of these used to identify a product or a company.
Trademark
A legal right that protects a word, name, product shape, symbol, color, or combination of these used to identify a product or company.
Copyright
A legal right that protects the expression of ideas.
operational assurance
A level of confidence of a trusted system's architecture and implementation that enforces the system's security policy. This can include system architecture, covert channel analysis, system integrity, and trusted recovery.
Thread
A lightweight process (LWP)
Access Control list (ACL)
A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create.
Database Journal
A log of all database transactions. Should a database becomes corrupted, the database can be reverted to a backup copy, and then subsequent transactions can be "replayed" from the journal, restoring database integrity
Passphrase
A long static password, comprised of words in a phrase or sentence
logic bomb
A malicious program that is triggered by a specific event or condition.
Logic bomb
A malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processes, or on a specific date
Data Owner
A management employee responsible for assuring that specific data is protected
XML / Extensible Markup Language
A markup language designed as a standard way to encode documents and data
lattice-based access control mode
A mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. Every pair of elements has a highest lower bound and a lowest upper bound of access rights. The classes stemmed from military designations.
formal security policy model
A mathematical statement of a security policy. When an operating system is created, it can be built upon a predeveloped model that lays out how all activates will take place in each and every situation. This model can be expressed mathematically, which is then translated into a programming language.
Parity
A means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance
data remanence
A measure of the magnetic flux density remaining after removal of the applied magnetic force, which is used to erase data, Refers to any data remaining on magnetic storage media
Trusted Path
A mechanism within the system that enables the user to communicate directly with the TCB. This mechanism can be activated only by the user or the TCB and not by an untrusted mechanism or process.
trusted path
A mechanism within the system that enables the user to communicate directly with the TCB. This mechanism can be activated only by the user or the TCB and not by an untrusted mechanism or process.
one-time pad
A method of encryption in which the plaintext is combined with a random "pad," which should be the same length as the plaintext. This encryption process uses a nonrepeating set of random bits that are combined bitwise (XOR) with the message to produce ciphertext. A one-time pad is a perfect encryption scheme because it is unbreakable and each pad is used exactly once, but it is impractical because of all of the required overhead.
Risk Analysis
A method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards.
Remote Journaling
A method of transmitting changes to data to an offsite facility. This takes place as a parallel processing of transactions, meaning that changes to that data are saved locally and to an off-site facility. These activities take place in real time and provide redundancy and fault tolerance.
Challenge/Response Method
A method used to verify the identity of a subject by sending the subject an unpredictable or random value. If the subject responds with the expected value in return, the subject is authenticated.
Clipping level
A minimum reporting threshold level
database shadowing
A mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy.
Microkernels
A modular kernel
DevOps
A more agile development and support model, echoing agile programming methods including Sashimi and Scrum. Developers directly support operational function
OSI Model
A network model with seven layers: physical, data link, network, transport, session, presentation, application
Network stack
A network protocol suite programmed in software or hardware
object
A passive entity that contains or receives information. Access to an object potentially implies access to the information that it contains. Examples of objects include records, pages, memory segments, files, directories, directory trees, and programs.
overt channel
A path within a computer system or network that is designed for the authorized transfer of data.
Full knowledge test
A penetration test where the tester is provided with inside information at the start of the test
Partial Knowledge Test
A penetration test where the tester is provided with partial inside information at the start of the test
User
A person or process that is accessing a computer system.
user
A person or process that is accessing a computer system.
disaster recovery plan
A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities.
Contingency Plan
A plan put in place before any potential emergencies, with the mission of dealing with possible future emergencies. It pertains to training peronnel, performing backups, preparing critical facilities, and recoving from an emergency or disaster so that business operations can continue.
Bollard
A post designed to stop a car, typically deployed in front of building entrances
Threat
A potentially negative ocurrence
Mantrap
A preventive physical control with two doors. Each door requires a separate form of authentication to open
Intranet
A privately owned network running TCP/IP
Callback
A procedure for identifying a system that accessed an environment remotely. In a callback, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal in order to reestablish the connection. Synonymous with dialback.
Capability Maturity Model Integration (CMMI)
A process model that captures the organization's maturity and fosters continuous improvement.
Vulnerability Scanning
A process to discover poor configurations and missing patches in an environment
TPM (Trusted Platform Module)
A processor that can provide additional security capabilities at the hardware level, allowing for hardware-based cryptographic operations
Risk Analysis Matrix
A quadrant used to map the likelihood of a risk occurring against the consequences (or impact) that risk would have.
Salt
A random number that is hashed with a password. Allows one password to hash multiple ways.
Guideline
A recommendation, administrative control
Asset
A resource that is valuable to an organization and must be protected
Deadbolt
A rigid locking mechanism that is held in place by a key, and prevents the door from opening or fully closing when extended
quantitative risk analysis
A risk analysis method that attempts to use percentages in damage estimations and assigns real numbers to the costs of countermeasures for particular risks and the amount of damage that could result from the risk. Compare to qualitative risk analysis.
qualitative risk analysis
A risk analysis method that uses intuition and experience to judge an organization's exposure to risks. It uses scenarios and ratings systems. Compare to quantitative risk analysis.
Caesar Cipher
A rot-3 substitution cipher
Tuple
A row in a relational database table
SSH / Secure Shell
A secure replacement for Telnet, FTP and the UNIX "R" commands.
Accountability
A security principle indicating that individuals must be identifiable and must be held responsible for their actions.
need to know
A security principle stating that users should have access only to the information and resources necessary to complete their tasks that fulfill their roles within an organization. Need to know is commonly used in access control criteria by operating systems and applications.
privacy
A security principle that protects an individual's information and employs controls to ensure that this information is not disseminated or accessed in an unauthorized manner.
Confidentiality
A security principle that works to ensure that information is not disclosed to unauthorized subjects.
RADIUS (Remote Authentication Dial-in User Service)
A security service that authenticates and authorizes dial-up users and is a centralized access control mechanism.
password
A sequence of characters used to prove one's identity. It is used during a logon process and should be highly protected.
nonrepudiation
A service that ensures the sender cannot later falsely deny sending a message.
Blacklist
A set of known bad resources such as IP addresses, domain names, or applications.
Whitelist
A set of known good resources such as IP addresses, domain names, or applications.
whitelist
A set of known good resources such as IP addresses, domain names, or applications.
Trusted Recovery
A set of procedures restores a system and its data in a trusted manner after system has been disrupted or a system failure has occurred.
trusted recovery
A set of procedures that restores a system and its data in a trusted manner after the system has been disrupted or a system failure has occurred.
protocol
A set of rules and formats that enables the standardized exchange of information between different systems.
Backdoor
A shortcut in a system that allows a user to bypass security checks
Packet Filter
A simple and fast firewall that has no concept of state
SA / Security Association
A simplex connection which may be used to negotiate ESP or AH parameters.
Virus
A small application, or string of code, that infects applications. The main function of a virus is to reproduce, and it requires a host application to do this. It can damage data directly or degrade system performance.
virus
A small application, or string of code, that infects applications. The main function of a virus is to reproduce, and it requires a host application to do this. It can damage data directly or degrade system performance.
Flash memory
A specific type of EEPROM, used for small portalbe disk drives
TEMPEST
A standard for shielding electromagnetic emanations from computer equipment
Monolithic kernel
A statically compiled kernel
SMTP / Simple Mail Transfer Protocol
A store-and-forward protocol used to exchange email between servers.
Database
A structured collection of related data
Access
A subject's ability to view, modify, or communicate with an object. Access enables the flow of information between the subject and the object.
SDLC / Synchronous Data Link Control (Telecommunications)
A synchronous layer 2 WAN protocol that uses polling to transmit data.
SDLC / Systems Development Life Cycle (Applications)
A system development model that focuses on security in every phase.
Trusted Computer System
A system that has the necessary controls to ensure that the security policy will not be compromised and that can process a range of sensitive or classified information simultaneously.
trusted computer system
A system that has the necessary controls to ensure that the security policy will not be compromised and that can process a range of sensitive or classified information simultaneously.
node
A system that is connected to a network.
Classification
A systematic arrangement of objects into groups or categories according to a set of established criteria. Data and resources can be assigned a level of sensitivity as they are being created, amended, enhanced, stored, or transmitted. The classification level then determines the extent to which the resource needs to be controlled and secured, and is indicative of its value in terms of information assets.
end-to-end encryption
A technology that encrypts the data payload of a packet.
Security audit
A test against a published standard.
Kerberos
A third-party authentication service that may be used to support Single Sign On
keystroke monitoring
A type of auditing that can review or record keystrokes entered by a user during an active session.
Fuzzing / Fuzz testing
A type of black box testing that enters random malformed data as inputs into software programs to determine if they will crash
RFID / Radio-Frequency Idnetification
A type of contact less card technology.
link encryption
A type of encryption technology that encrypts packets' headers, trailers, and the data payload. Each network communications node, or hop, must decrypt the packets to read its address and routing information and then re-encrypt the packets. This is different from end-to-end encryption.
public key encryption
A type of encryption that uses two mathematically related keys to encrypt and decrypt messages. The private key is known only to the owner, and the public key is available to anyone.
User ID
A unique set of characters or code that is used to identify a specific user to a system.
user ID
A unique set of characters or code that is used to identify a specific user to a system.
Compromise
A violation of the security policy of a system or an organization such that unauthorized disclosure or modification of sensitive information occurs.
Vulnerability
A weakness in a system
Twofish
AES finalist,encrypting 128-bit blocks usinf 128 through 256 bit keys
Access Control Lists/ACL
Access Control List
Domains of trust
Access control Module used by windows active directory
Nondiscretionary access control
Access control based on subjects' roles or tasks
Color of law
Acting on the authority of law enforcement
Sanction
Action taken as a result of policy violation.
Authorization
Actions an individual can perform on a system
Microwave motion detector
Active motion detector that uses microwave energy
SSID / Service Set Identifier
Acts as a wireless network name.
Ultrasonic motion detector
Actuve motion detector that uses ultrasonic energy
Compensation controls
Additional security controls put in place to compensate for weaknesses in other controls
ASLR
Address Space Layout Randomization, seeks to decrease the likelihood of successful exploitation by making memory address employed by the system less predictable
Address Space Layout Randomization/ASLR
Address Space Layout Randomization, seeks to decrease the likelihood of successful exploitation by making memory address employed by the system less predictable
Virtualization
Adds a software layer between an operating system and the inderlying computer hardware
Content-dependent access controls
Adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access
Context-dependent access control
Adds additional criteria beyond identification and authentication: the context of the access, such as time
Access Control Mechanism
Administrative, physical, or technical control that is designed to detect and prevent unauthorized access to a resource or environment.
Advanced Encryption Standard/AES
Advanced Encryption Standard, a block cipher using 128 bit, 192 bit, or 256 bit keys to encrypt 128-bit blocks of data
Scrum
Agile development model that uses small teams, roles include Scrum Master and Product Owner.
Integrated Circuits Cards (ICC)
Alias for "Smart Card". Physical access control device that's contains a computer circuit
trusted computing base (TCB)
All of the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.
Convergence
All routers on a network agree on the state of routing
Trusted Computing Base (TCB)
All the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.
First sale doctrine
Allows a legitimate purchaser of copyrighted material to sell it to another person
API/Application Programmers Interface
Allows an application to communicate with another application, or an operating system, database, network, etc. For example, The Google Maps API allows an application to integrate 3rd-party content such as restaurants overlaid on a Google Map
Multitasking
Allows multiple tasks (heavy weight processes) to run simultaneously on one CPU
Fair use doctrine
Allows someone to duplicate copyrighted material without requiring the payment, consent, or even knowledge of the copyright holder
Business Owners
Also called Mission Owners, members of senior management who create the information security program and ensure that it is properly staffed, funded, and has organization priority
Synthetic Transactions
Also called synthetic monitoring, involves building scripts or tools that simulate activities normally performed in an application
Walkthrough drill
Also known as a simulation test, recovery form a pretend disaster, goes beyond talking about the process and actually has teams carry out the recovery process
Divestitures
Also known as de-mergers and de-acquisitions, and represent flip side of acquisition: one company becomes two or more
RFI / Remote File Inclusion
Altering web URLs to include remote content.
Assurance
Ameasurement of confidence in the level of protection that a specific security control delivers and the degree to which is enforces the security policy.
XP / Extreme Programming
An Agile development method that uses pairs of programmers who work off a detailed specification
SAML / Security Assertion Markup Language
An XML-based framework for exchanging security information, including authentication data.
Reference Monitor Concept
An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. The security kernel enforces the reference monitor concept.
discretionary access control (DAC)
An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
Message Authention Code (MAC)
An access policy that restricts subjects' access to objects based on the security clearance of the subject and the classification of the object. The system enforces the security policy, and users cannot share their files with other users.
declassification
An administrative decision or procedure to remove or reduce the security classification information.
Collusion
An agreement between two or more individuals to subvert the security of a system
pseudo-flaw
An apparent loophole deliberately implanted in an operating system or program as a trap for intruders.
Waterfall model
An application development model that uses riged phases; when one phase end, the next begins
Top-down Approach
An approach in which the initiation, support, and direction for a project come from top management and work their way down through middle management and then to staff members.
top-down approach
An approach in which the initiation, support, and direction for a project come from top management and work their way down through middle management and then to staff members.
protection ring
An architecture that provides hierarchies of privileged operation modes of a system, which gives certain access rights to processes that are authorized to operate in that mode. Supports the integrity and confidentiality requirements of multitasking operating systems and enables the operating system to protect itself from user programs and rogue processes.
Full backup
An archive of all files
Differential backup
An archive of any files that have been changed since the last full backup was performed
cost/benefit analysis
An assessment that is performed to ensure that the cost of a safeguard does not outweighs the benefit of the safeguard. Spending more to protect an asset than the asset is actually worth does not make good business sense. All possible safeguards must be evaluated to ensure that the most security-effective and cost-effective choice is made.
War Dialing
An attack in which a long list of phone numbers I inserted into a war-dialing program in the hope of finding a modem that can be exploited to gain unauthorized access.
war dialing
An attack in which a long list of phone numbers is inserted into a war-dialing program in the hope of finding a modem that can be exploited to gain unauthorized access.
Brute-Force Attack
An attack that continually tries different inputs to achieve a predefined goal, which can be used to obtain credentials for unauthorized access.
Attack
An attempt to bypass security controls in a system with the mission of using that system or compromising it. An attack is usually accomplished by exploiting a current vulnerability.
digital signature
An electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
Zero-day exploit
An exploit for a vulnerability with no available vendor patch
EGP / Exterior Gateway Protocol
An exterior gateway protocol used by Private networks like Intreanets
Worm
An independent program that can reproduce by copying itself from one system to another. It may damage data directly or degrade system performance by tying up resources.
worm
An independent program that can reproduce by copying itself from one system to another. It may damage data directly or degrade system performance by tying up resources.
data custodian
An individual who is responsible for the maintenance and protection of the data. This role is usually filled by the IT department (usually the network administrator). The duties include performing regular backups of the data; implementing security mechanisms; periodically validating the integrity of the data; restoring the data from backup media; and fulfilling the rudiments specified in the company's security policy, standards, and guidelines that pertain to information security and data protection.
operator
An individual who supports the operations of computer systems—usually a mainframe. The individual may monitor the execution of the system, control the flow of jobs, and develop and schedule batch jobs.
Payment Card Industry Data Security Standard (PCI-DSS)
An information security standard for organizations that are involved in payment card transactions.
exposure
An instance of being exposed to losses from a threat. A weakness or vulnerability can cause an organization to be exposed to possible damages.
Clark-Wilson Model
An integrity model that addresses all three integrity goals: prevent unauthorized users from making modification, prevent authorized users from making improper modifications, and maintain internal and external consistency through auditing.
Common Criteria
An internationally agreed upon standard for describing and testing the security of IT projects
Java
An object-oriented language used not only to write applets, but also as a general-purpose programming language
Password Cracking
An offline technique in which the attacker has gained access to the password hashes or database
Password guessing
An online technique that involves attempting to authenticate as a particular user to the system
write
An operation that results in the flow of information from a subject to an object
Write
An operation that results in the flow of information from a subject to an object.
Read
An operation that results in the flow of information from an object to a subject and does not give the subject the ability to modify the object or the data within the object.
Recovery Planning
An operation that results in the flow of information from an object to a subject and does not give the subject the ability to modify the object or the data within the object.
Back Door
An undocumented way of gaining access to a computer system. After a system is compromised, an attacker may load a program that listens on a port )back door) so that the attacker can enter the system at any time. A back door is also referred to as a trapdoor.
denial of service (DoS)
Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.
Candidate keys
Any attribute (column) in the table with unique values
Covert channel
Any communications that violates security policy
Disaster
Any disruptive event that interrupts normal systems, operations.
Bastion Host
Any host placed on the internet that is not protected by another device
Threat
Any potential danger that a vulnerability will be exploited by a threat agent.
threat
Any potential danger that a vulnerability will be exploited by a threat agent.
Defense in Depth
Application of Multiple safeguards that span multiple domains to protect an asset
FIdM / Federated Identity Management
Applies Single Sign On at a much wider scale: tanging from cross-organization to Internet scale
data classification
Assignments to data that indicates the level of availability, integrity, and confidentiality that is required for each type of information
Non-repudiation
Assurance that a specific user performed a specific transaction and assurance that that the transaction did not change
Availability
Assures information is available when needed
ADSL
Asymmetric Digital Subscriber Line, DSL featuring faster download speeds than upload
ABM
Asynchronous Mode HDLC combined mode where nodes may act as primary or secondary, initiating transmission without receiving permission
ARCNET
Attached Resource Computer Network, a Legacy LAN technology that uses tokens
Server-side attack
Attack launched directly from an attacker to a listening service. Also called service-side attack
Lock bumping
Attack on locks using a shaved key, which bumps the pins, allowing the lock to turn
Brute force attack
Attack that attempts every possible key or combination
Client-side attacks
Attack where a user downloads malicious content
Script kiddies
Attackers who target computer systems with tools they have little or no understanding of.
Disassembler
Attempt to convert machine language into assembly
SSL / Secure Sockets Layer
Authenticates and provides confidentiality to network traffic such as web traffic.
AH/Authentication Header
Authentication Header, Ipsec protocol that provides authentication and integrity for each packet of network data
Asynchronous Dynamic Token
Authentication that is not synchronized with a central server, includes challenge-response tokens
Overt Channel
Authorized communication that complies with security policy
BIOS
Basic Input output System, typically stored in firmware
BRI
Basic Rate interface, provides two 64 K digital ISDN channels
Electronic vaulting
Batch process of electronically transmitting data that is to be backed up on a routine, regularly scheduled time interval
Simple Security Property
Bell-LaPadula property that states "no read up" (NRU).
Security property
Bell-LaPadula property that states "no write-down"
Strong Tranquility property
Bell-LaPudula property that states security labels will not change while the system is operating
Weak tranquility property
Bell-Lapadula property that states security labels wil not change in a way that violates security policy
Simple integrity axiom
Biba property that states "no read down".
Integrity Axiom
Biba property which states "no write-up"
Facial Scan
Bimetric control that compares a picture of a face to pictures stored in a database
Exclusive Or
Binary operation that is true if one of two inputs (but not both) are true
Dynamic signatures
Biometric control that measures the process by which someone signs their name
Keyboard dynamics
Biometric control that refers to how hard a person presses each key and the rhythm by which the keys are pressed
Retina scan
Biometric laser scan of the capillaries which feed the retina.
Fingerprint scan
Biometric scan of the minutae (specific details of the fingerprint)
Binary image
Bit-level copy of memory
Combinatorial software testing
Black box testing method that seeks to identify and test all unique combinations of software inputs
Chaining
Block cipher mechanism that seeds the previous encrypted block into the next block to be encrypted
Blowfish
Block cipher using from 32 through 448 bit (the default is 128) keys to encrypt 64 bits of data
BOOTP
Bootstrap Protocol, used for bootstrapping via a network by diskless systems
Bootstrap Protocol - BOOTP
Bootstrap Protocol, used for bootstrapping via a network by diskless systems
BGP
Border Gateway Protocol, the routing protocol used on the Internet
Border Gateway Protocol - BGP
Border Gateway Protocol, the routing protocol used on the Internet
BCP
Business Continuity Plan, A long-term plan to ensure the continuity of business operations
Business Continuity Plan - BCP
Business Continuity Plan, A long-term plan to ensure the continuity of business operations
BRP
Business Recovery Plan, details the steps required to restore normal business operations after recovering from a disruptive event. Also known as the Business Resumption Plan
Business Recovery Plan - BRP
Business Recovery Plan, details the steps required to restore normal business operations after recovering from a disruptive event. Also known as the Business Resumption Plan
Business Resumption Plan - BRP
Business Recovery Plan, details the steps required to restore normal business operations after recovering from a disruptive event. Also known as the Business Resumption Plan
Trade secret
Business-propriety information that is important to an organizations ability to compete
Repeatable
CMM / Capability Maturity Model phase 2.
Optimizing
CMM Phase 5
Defined
CMM phase 3
Managed
CMM phase 4
ALU/Arithmetic Logic Unit
CPU Component that performs mathematical calculations
I/O Controller Hub (ICH)
CPU Southbridge bus connects input/output (I/O) devices such as disk, keyboard, mouse, CD drive, USB ports,etc..
Control unit
CPU component that acts as a traffic cop, sending instructions to the ALU
piplining
CPU feature that combines multiple steps into on combined process, allowing simultaneous fetch, decode, execuet and write steps for different instructions
RISC / Reduced Instruction Set Computer
CPU instructions which are short and simple.
CMM
Capability Maturity Model, a maturity framework for evaluating and improving the software development process
Capability Maturity Model - CMM
Capability Maturity Model, a maturity framework for evaluating and improving the software development process
playback attack (same as replay attack?)
Capturing data and resending the data at a later time in the hope of tricking the receiving system. This is usually carried out to obtain unauthorized access to specific resources.
CSMA
Carrie Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions
Carrier Sense Multiple Access - CSMA
Carrier Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions
CPU
Central Processing unit, the "brains" of the computer, capable of controlling and performing mathematical calculations
Central Processing Unit - CPU
Central Processing unit, the "brains" of the computer, capable of controlling and performing mathematical calculations
CRL
Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked
Certificate Revocation List
Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked
CHAP
Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret
Challenge Handshake Authentication Protocol - CHAP
Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret
Dynamic password
Changes at regular intervals
CSU/DSU
Channel Service Unit/Data Service Unit, DCE device
Channel Service Unit/Data Service Unit - CSU/DSU
Channel Service Unit/Data Service Unit, DCE device.
CCD
Charged Couple Discharge, a digital CCTV
Charged Couple Discharge - CCD
Charged Couple Discharge, a digital CCTV
CBC
Cipher Block Chaining, a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted
Cipher Block Chaining - CBC
Cipher Block Chaining, a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted
CFB
Cipher Feedback, a stream mode DES that is similar to block-mode CBC
Cipher Feedback - CFB
Cipher Feedback, a stream mode DES that is similar to block-mode CBC
Rijndael
Cipher which became AES, named after authors Vincent Rijmen and Joan Daemen.
Well-formed transactions
Clark-Wilson control to enforce contol over applications
CIDR
Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary stateful network sizes
Classless Inter-Domain Routing - CIDR
Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary stateful network sizes
CCTV
Closed Circuit Television, a detective device used to aid guards in detecting the presence of intruders in restricted areas
Closed Circuit Television - CCTV
Closed Circuit Television, a detective device used to aid guards in detecting the presence of intruders in restricted areas
Traceroute
Command the ues ICMP Time Exceeded messages to trace a network route
COTS
Commercial Off-the-Shelf Software, third-party developed commercial software available to the generic public
Class II gate
Commercial gate, such as a parking garage gate
COCOM
Committee for Multilateral Export Controls, a munitions law which was in effect from 1947 to 1994. It was designed to control the export of critical technologies (including cryptography) to "Iron Curtain" countries during the cold war
CORBA
Common Object Request Broker Architecture, an open vendor-neutral networked object broker framework
Digital
Communication that transfers data in bits: ones and zeroes
Analog
Communications that sends a continuous wave of information
Mirroring
Complete duplication of data to another disk, used by some levels of RAID
SaaS / Software as a Service
Completely configured cloud-based application, from the operating system on up.
CISC
Complex Instruction Set Computers, CPU instructions that are longer and more powerful
COM
Component Object Model, locates, and connects objects locally
Session hijacking
Compromise of an existing network sessions.
CIRT
Computer Incident Response Team, a team that performs incident handling
CSIRT
Computer Security Incident Response Team, the group that is tasked with monitoring, identifying, and responding to security incidents
Diskless workstation
Computer systems that contains CPU, Memory, and Firmware, but no hard drive, type of thin client
CASE
Computer-Aided Software Engineering, uses programs to create assist in the creation and maintenance of other computer programs
Computer Fraud
Computer-related crimes involving deliberate misrepresentation, modification, or disclosure of data in order to compromise a system or obtain something of value.
Centralized access control
Concentrates access control in one logical point for a system or organization
Buffer overflow
Condition where an attacker can inset data beyond the end of a buffer variable
life-cycle assurance
Confidence that a trusted system is designed, developed, and maintained with formal designs and controls. This includes design specification and verification, implementation, testing, configuration management, and distribution.
CIA triad
Confidentiality, Integrity and Availability
DTE/DCE
Connection that spans the Demarc
Middleware
Connects programs to programs
Northbridge
Connects the CPU to RAM and video memory, also called the memory controller hub (MCH)
Host-To-Host Transport Layer (TCP/IP transport layer)
Connects the internet layer to the application layer. Where applications are addressed on a network via ports.
Data dictionary
Contains a description of the database tables, including the schema, database view information, and information about authorized database administrator and user accounts
Encapsulation / Object
Contains and hides the details of an object's method
Motherboard
Contains computer hardware including the CPU, memory slots, firmware, and peripheral slots such as PCI (Peripheral Component Interconnect) slots
Relational database
Contains two-dimensional tables of related data.
CDN
Content Distribution networks (also Content Delivery Networks) use a series of distributed caching servers to improve performance and lower the latency of downloaded online content
CPPT
Continuity Planning Project Team, a team comprised of stakeholders within an organization and focuses on identifying who would need to play a role in specific emergency event were to occur
COOP
Continuity of Operations Plan, a plan to maintain operations during a disaster
BS-25999
Continuity standard by the British Standards institution (BSI)
SLA / Service Level Agreement
Contractual agreement that helps assure availability.
COBIT
Control Objectives for Information and related Technology, a control framework for employing information security governance best practices within an organization
Confinement
Controlling information in a manner that prevents sensitive data from being leaked from a program to another program, subject, or object in an unauthorized manner.
physical security
Controls and procedures put into place to prevent intruders from physically accessing a system or facility. The controls enforce access control and authorized access.
Communications Security
Controls in place to protect information as it is being transmitted, especially by telecommunications mechanisms.
Detection controls
Controls that alert during or after a successful attack
Compensating Controls
Controls that are alternative procedures designed to reduce the risk. They are used to "counterbalance" the effects of an internal control weakness.
Corrective controls
Controls that correct a damaged system or process
physical controls
Controls that pertain to controlling individual access into the facility and different departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of the facility, monitoring for intrusion, and checking environmental controls.
Free software
Controversial term that is defined differently by different groups. "Gree" may mean free of charge, or "free" may mean the user is free to use the software in any way they would like, including modifying it
Hacker
Controversial term that may mean explorer or someone who maliciously attacks systems
Compiler
Convert source code, such as C or Basic, and compile it into machine code
Encryption
Converts the plaintext to a ciphertext
Back up
Copy and move data to a medium so that it may be restored if the original data is corrupted or destroyed. A full backup copies all the data from the system to the backup medium. An incremental backup copies only the files that have been modified since the previous backup. A differential backup backs up all files since the last full backup.
CCMP
Counter Mode CBC MAC Protocol, used by WPA2 to create a MIC
CTR
Counter, a stream mode of DES that uses a counter for feedback
Search Warrant
Court order that allows a legal search.
Timing Channel
Covert channel that relies on the system clock to inder sensitve information
Storage Channel
Covert channel that uses shared storage, such as a temporary directory to allow two subjects to signal each other
Genetic algorithms
Creating computer algorithms via Darwinian evolution principals
Genetic programming
Creating entire software programs (usually in the form of Lisp source code) via Darwinian evolution principals
Computer crimes
Crimes using computers
CMP
Crisis Management Plan
XSS
Cross Site Scripting, third-party execution of web scripting languages such as Javascript within the security content of a trusted site
CSRF
Cross-Site Request Forgery, third-party redirect of static content within the security context of a trusted site
CER
Crossover Error Rate, describes the point where the False Reject Rate (FRR) and the False Accept Rate (FAR) are equal
Side-Channel attack
Cryptographic attack which uses physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.
Jefferson Disks
Cryptographic device invented by Thomas Jefferson that used multiple wheels, each with an entire alphabet along the ridge
Cipher disk
Cryptographic device that uses two concentric disks, each with an alphabet around the periphery
Book cipher
Cryptographic method that uses whole words from a well-known text such as a dictionary as a one-to-one replacement for plaintext
Running-key cipher
Cryptographic method that uses whole words from a well-known text such as a dictionary, "adding" letters to plaintext using modular math.
Customary Law
Customs or practices that are so commonly accepted by a group that the custom is treated as law
Distributed component object model
DCOM
Mobile sites
DRP backup site option that is a "data centers on wheels"; towable trailers that contain racks of computer equipment, as well as HVAC, fire suppression and physical security
SDSL / Symmetric Digital Subscriber Line
DSL with matching upload and download speeds.
operational goals
Daily goals to be accomplished to ensure the proper operation of an environment.
Compensatory damages
Damages provided as compensation
Ticket
Dara that authenticates a Kerberos principal's identity
DCE
Data Circuit-Terminating equipment, a device that networks DTEs, such as a router
DDL
Data Definition language, used to create, modify, and delete tables
DEA
Data Encryption Algorithm, described by DES
DES
Data Encryption Standard, a symmetric block cipher using a 56-bit key and 64-bit block size
DEP
Data Execution Prevention, which can be enabled within hardware and/or software, and makes specific pages of the stack non-executable
DML
Data Manipulation language, used to query and update data stored in the tables
Data Manipulation Language
Data Manipulation language, used to query and update data stored in the tables
DTE
Data terminal equipment, a Network "terminal," such as a desktop, server, or actual terminal
Data Terminal Equipment
Data terminal equipment, a Network "terminal," such as a desktop, server, or actual terminal
Ciphertext
Data that has been encrypted and is unreadable until it has been converted into plaintext.
data in transit or data in motion (DIM)
Data that is moving between computing nodes over a data network such as the Internet.
Electronic Backups
Data that is stored electronically and can be retrieved in case of disruptive event or disaster
Remanence
Data that might persist after removal attemps.
data a rest (DAR)
Data that resides in external or auxiliary storage devices such as hard disk drives, solid-states drives, or DVDs.
data in use
Data that temporarily resides in primary storage such as registers, caches, or RAM while the CPU is using it.
DBA
Database Administrator, role that manages databases
Database Administrators
Database Administrator, role that manages databases
DBMS
Database management system, controls all across all access to the database and enforces database security
Database management system
Database management system, controls all across all access to the database and enforces database security
Object-Oriented Database
Database that combines data with functions (code) in an object-oriented framework
Hierarchical Database
Database that forms a tree
Codebreakers (The)
David Kahn's history of cryptography
E1
Dedicated 2.048 megabit circuits that carries 30 channels
Modes of Operation
Dedicated, system-high, compartmented, and multilevel modes
Inference
Deductive attack where a user is able to use lower-level access to learn restricted information
DARPA
Defense Advanced Research Projects Agency, funders of the original MILNET and ARPANET
Demarc
Demarcation point, where the ISP's responsibility end, and the customer's begins
DMZ
Demilitarized Zone network, used to separate trusted from untrusted networks
Demilitarized Zone
Demilitarized Zone network, used to separate trusted from untrusted networks
Denial of Service
Denial of Service, an attack on availability
DoS
Denial of Service, an attack on availability
Schema
Describes the attributes and values of the database tables.
Cryptographic Protocol Governance
Describes the process of selecting the right cipher and implementation for the right job
Standard
Describes the specific use of technology, often applied to hardware and software administrative control
4GL / Fourth-generation programming language
Designed to increase programmer's efficiency by automating the creation of computer programming code
Degaussing
Destroying the integrity of the magnetization of the storage media, making the data unrecoverable
procedure
Detailed step-by-step instructions to achieve a certain task, which are used by users, IT staff, operations staff, security members, and others.
Deterrent controls
Deter users from performing actions on a system
Executive Succession Planning
Determines an organizations line of succession
Take-Grant Protection Method
Determines the safety of a given computer system that follows specific rules
Sashimi Model
Development model with highly overlapping steps; it can be thought of as a real-world successor to the Waterfall Model.
Turnstile
Device designed to prevent tailgating by enforcing a 'one person per authentication' rules
Firewall
Device that filters traffic based on layers 3 (IP Addresses) and 4 (ports)
DSl
Digital subscriber Line, uses existing copper pairs to provide digital service to homes and small offices
Digital subscriber line
Digital subscriber Line, uses existing copper pairs to provide digital service to homes and small offices
DSSS
Direct Sequence Spared Spectrum, uses the entire wireless band at once
Direct sequence spread spectrum
Direct Sequence Spared Spectrum, uses the entire wireless band at once
Account Lockout
Disables an account after a set number of failed logins, sometimes during a specific time period
DRP
Disaster Recovery Plan, a short-term plan to recover from a disruptive event
Disaster recovery plan
Disaster Recovery Plan, a short-term plan to recover from a disruptive event
DAD
Disclosure, Alteration, and Destruction, the opposite of Confidentiality, Integrity and Availability
DAC
Discretionary Access Control, gives subjects full control of objects they have or been given access to, including sharing objects with other subjects
Split horizon
Distance vector routing protocol safeguard will not send a route update via an interface it learned the route from
Ddos
Distributed Denial of Service, an availability attack using many systems
Distributed Denial of Service
Distributed Denial of Service, an availability attack using many systems
DNP3
Distributed Network Protocol, provides an open standard used primarily within the energy sector for interoperability between various vendors' SCADA and smart grid applications
DCOM
Distributed component object model, locates, and connects objects across a network
Seperation of duties
Dividing sensitive transactions among multiple subjects
LAND attack
DoS attack which uses a spoofed SYN packet that includes the victim's IP address as both source and destination
ping of death (malformed packets)
DoS that sends a malformed ICMP Echo Request (ping) that is larger than the maximum size of an IP packet
Formal access approval
Documented approval from the data owner for a subject to access certain objects
Ethics
Doing what is morally right
DNS
Domain Name System, a distributed global hierarchical database that translates names to IP Addresses, and vice versa
Domain Name systems
Domain Name System, a distributed global hierarchical database that translates names to IP Addresses, and vice versa
DNSSEC
Domain Name server security extensions, provides authentication and integrity to DNS reponces via the use of public key encryption
Domain Name Server security extensions
Domain Name server security extensions, provides authentication and integrity to DNS response via the use of public key encryption
Ethernet
Dominant local area networking technology that transmits network data via frames
DHCP
Dynamic Host Configuration protocol, assigns temporary IP address leases to systems, as well as DNS and default gateway configurations
Dynamic host configuration protocol
Dynamic Host Configuration protocol, assigns temporary IP address leases to systems, as well as DNS and default gateway configurations
DRAM
Dynamic Random Access Memory, stores bits in small capacitors (Like small batteries), cheaper, and slower than SRAM
EAP OVER LAN
EAP Over LAN, a Layer 2 protocol for varying EAP
EAPOL
EAP Over LAN, a Layer 2 protocol for varying EAP
EAP tunneled transport layer security
EAP tunneled transport layer security, simplifies EAP-TLS by dropping the client side certificate requirement
EAP-TTLS
EAP tunneled transport layer security, simplifies EAP-TLS by dropping the client side certificate requirement
EAP-FAST
EAP-Flexible Authentication via Secure Tunneling, designed by Cisco to replace LEAP
EAP-TLS
EAP-Transport Layer security, uses PKI, requiring both server-side and client side certificates
EAP-Transport Layer Security
EAP-Transport Layer security, uses PKI, requiring both server-side and client side certificates
Integrated Services Digital Network (ISDN)
Earlier attempt to provide digital service via 'copper pair'. Commonly used for teleconferencing and videoconferencing.
Panic bar
Egress device that opens externally facing doors from the inside
emanations
Electrical and electromagnetic signals emitted from electrical equipment that can transmit through the airwaves. These signals carry information that can be captured and deciphered, which can cause a security breach. These are also called emissions.
EEPROM / Electrically -Erasable Programmable Read Only Memory
Electrically erasable memory via the use of flashing program
Symmetric Encryption
Encryption that uses one key to encrypt and decrypt
Asymmetric Encryption
Encryption that uses two keys: if you encrypt with one you may decrypt with the other
Emanations
Energy which escape an slectronic system, and which may be remotely monitored under certain circumstances
Noninterference model
Ensures that data at different security domains remain separate from one another
Directory path traversal
Escaping from the root of a webserver (such as /var/www) into the regular file system by referencing directories such as "../.."
Secondary Evidence
Evidence consisting of copies of original documents and oral descriptions.
Corroborative evidence
Evidence that provides additional support for a fact that might have been called into question
Circumstantial evidence
Evidence that servers to establish the circumstances related to particular points or even other evidence
XOR
Exclusive OR, binary operation that is true if one of two inputs (but not both) are true
Knowledge base
Expert system component that consists of "if/then" statements
Inference Engines
Expert system component that follows the tree formed by knowledge base, and fires a rule where there is a match
Backward chaining
Expert system mode that starts with begins with a premise and works backwards
Forward chaining
Expert system mode that starts with no premise, and works forward to determine a solution
EAP
Extensible Authentication Protocol, a Layer 2 authentication framework that describes many specific authentication protocols
Whole Disk Encryption
FDE - Full Disk Encryption
Type II Error
False Acceptance Rate (FAR) , occurs when an authorised subject is accepted as valid
Type I error
False Reject Rate (FRR) occurs when an authorised subject is rejected as invalid
Develop an IT contingency plan
Fifth step of the NIST SP 800-34 contingency planning process
Stateful firewall
Firewall with a state table that allows the firewall to compare current packets to previous
protect society, the commonwealth, and the infrastructure
First canon of the (ISC)2 Code of Ethics
Develop the contingency planning policy statement
First step of the NIST SP 800-34 contingency planning process
Information Technology Security Evaluation Criteria (ITSEC)
First successful evaluation model that separates functionality (how well a system works) from assurance ( the ability to evaluate the security of a system)
Static Route
Fixed routing entries
Agile Software Development
Flexible software development model that evolved as a reaction to rigid software development models such as the Waterfall Model
Continuity of Support Plan
Focuses narrowly on support of specific IT systems and applications
Mandatory leave
Forcing staff to take vacation or time away from the office. Also known as forced vacation
Ring model
Form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.
Pairwise testing
Form of combinatorial software testing that tests unique pairs of inputs
All pairs testing
Form of combinatorial software testing that tests unique pairs of inputs otherwise known as (Pairwise testing)
Develop recovery strategy
Forth step of the NIST SP 800-34 contingency planning process
Advance and protect the profession
Fourth canon of the (ISC)2 Code of Ethics
4GL
Fourth-generation programming language designed to increase programmers efficiency by automating the creation of computer programming code
Information Technology Infrastructure Library (ITIL)
Framework for providing best services in IT Service Management (ITSM).
Shareware
Fully functional proprietary software that may be initially used free of charge. If the user continues to use the Shareware for a specific period of time, the shareware license typically requires payment.
Fitness function
Genetic algorithm concept that assigns a score to an evolved algorithm
Crossover
Genetic algorithm concept that combines two algorithms
Mutation
Genetic algorithm concept that introduces random changes to algorithms
Black box software testing
Gives the tester no internal details: the software is treated as a black box that receives inputs
"Bad" Blocks/Clusters/sectors
Good disk blocks marked as bad
ARM/Asynchronous Response Mode
HDLC mode where secondary nodes may initiate communication with the primary
Hacktivist
Hacker activist, someone who attacks computer systems for political reasons
ATA Secure Erase
Hardware-level secure erase command available on Solid State Drives (SSD's) that erases all blocks and also generates a new encryption key
Hash of Variable Length
Hash algorithm that creates message digests of 128, 160, 192, 224, or 256 bits in length, using 3, 4, or 5 rounds.
Hashed Message Authentication Code (HMAC)
Hash function that uses a key
Health Insurance Portability and Accountability Act (HIPAA)
Health insurance portability and accountability act, united states regulation which protects healthcare information
Abstraction
Hides unnecessary details from the user
Accountability
Holds individuals accountable for their actions
Host-Based Intrusion Detection Systems (HIDS)
Host based intrusion detection systems, a detective technical control
Host-Based Intrusion Prevention Systems (HIPS)
Host based intrusion prevention system, preventative device that processes information within the host
Dual homed host
Host with 2 Network interfaces one connected to a trusted network and the other connected to an untrusted network
Classful address
IPv4 networks in classes A through E
Caller ID
Identifies the calling phone number, sometimes used as a weak authentication method
Identity as a Service (IDaaS)
Identity as a service, also called cloud identity, allows organizations to leverage closed service for identity management
masquerading
Impersonating another user, usually with the intention of gaining unauthorized access to a system.
Administrative Controls
Implemented by creating and following organizational policy, procedures, or regulation. Also called directive controls
Technical Controls
Implemented using software, hardware or firmware that restricts logical access on an information technology system
plaintext
In cryptography, the original readable text before it is encrypted.
Cleartext
In data communications, cleartext is the form of a message or data, which is transferred or stored without cryptographic protection.
Detection phase
Incident response phase that analyses events in order to determine weather they might comprise a security incident
Containment phase
Incident response phase that attempts to keep further damage from occurring as a result of the incident
Eradication phase
Incident response phase that cleans a compromised system
Reporting phase
Incident response phase that provides a final report on the incident.
Interrupt
Indicates an asynchronous CPU event has occurred
ISM
Industrial, Scientific, and Medical, wireless bands set aside for unlicensed use
Class III gate
Industrial/limited access gate, such as a loading dock
ITIL
Information Technology Infrastructure Library, is a framework for providing best services in IT Service Management
ITSEC
Information Technology Security Evaluation Criteria, the first successful
maintenance hook
Instructions within a program's code that enable the developer or maintainer to enter the program without having to go through the usual access control and authentication processes. Maintenance hooks should be removed from the code before it is released to production; otherwise, they can cause serious security risks. Also called trapdoor or back door.
ISDN
Integrated Services Digital Network, provides digital service via copper pair
Integrated Product Team (IPT)
Integrated product team, a customer-focused group that focuses on the entire lifecycle of a project
Big Bang testing
Integration testing that tests all integrated software components
Trademark
Intellectual property protection that allows for the creation of a brand that distinguishes the source of products
Servicemark
Intellectual property protection that allows for the creation of a brand that distinguishes the source of services.
Patent
Intellectual property protection that grants a monopoly on the right to use, make, or sell an invention for a period of time
Interface Definition Language (IDL)
Interface definition language, used by COBRA objects to communicate
International Data Encryption Algorithm (IDEA)
International data encryption algorithm, a symmetric block cipher using a 128 bit key and 64 bit block size
Internet Security Association and Key Management Protocol (ISAKMP)
Internet Security Association and Key Management Protocol manages the Ipsec Security Association process
iSCSI
Internet Small Computer System Interface, Storage Area Network (SAN) protocol transmitted via Ethernet and TCP/IP
Internet Control Message Protocol (ICMP)
Internet control message protocol
Internet Key Exchange (IKE)
Internet key exchange, manages the IPSec encryption algorithm
Internet Message Access Protocol (IMAP)
Internet message access protocol, an email client protocol
Internet of Things (IOT)
Internet of Things, Internet-connected embedded devices such as thermostats, baby monitors, appliances, light bulbs, smart meters, etc...
IPv4
Internet protocol Version 4, commonly called IP. It's the fundamental protocol of the internet
IPv6
Internet protocol Version 6, the successor of IPv4, featuring the far larger address space, simpler routing, and simpler address assignment
IP
Internet protocol, includes all IPV4 and IPv6
Intrusion Detection System (IDS)
Intrusion detection system, a detective technical control
Active-passive Cluster
Involves devices or systems that are already in place, configured, powered on and ready to begin processing network traffic should a failure occur on the primary system
Active-active Cluster
Involves multiple systems all of which are online and actively processing traffic or data
ESP / Encapsulating Security Payload
Ipsec protocol which Payload primarily provides confidentiality by encrypting packet data
JSON
JavaScript Object Notation, a data interchange format
Ticket Granting Ticket (TGT)
Kerberos credentials encrypted with the TGS' key
KDC
Key Distribution Center, a Kerberos service that authenticates principals
Diffie-Hellman Key Agreement protocol
Key agreement allows two parties to securely agree on a symmetric key via public channel with no prior key exchange
Linear cryptanalysis
Known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key
VLAN
LAN, which can be thought of as a virtual switch
Administrative Law
Law enacted by government agencies, aka regulatory law
Civil law
Law that resolves disputes between individuals or organizations
Criminal law
Law where the victim can be seen as society itself
Repeater
Layer 1 device that receives bits on one port, and "repeats" them out the other port.
Hub
Layer 1 network access device that acts as a multiport repeater
L2F
Layer 2 Forwarding, designed to tunnel PPP
Frame
Layer 2 PDU
L2TP
Layer 2 Tunneling Protocol, combines PPTP and L2F
MAC address
Layer 2 address of a NIC
Switch
Layer 2 device that carries traffic on one LAN
Bridge
Layer 2 device that has two ports and connects network segments together
Data link layer
Layer 2 of the OSI model, handles access to the physical layer as well as local area network communication
Packet
Layer 3 PDU
Router
Layer 3 device that routes traffic from one LAN to another, based on IP addresses.
Network layer
Layer 3 of the OSI model, describes routing data from a system on one LAN to a system on another
Segment
Layer 4 PDU / Protocol Data Unit.
Session layer
Layer 5 of the OSI model, manages sessions, which provide maintenance on connections.
Application Layer (OSI)
Layer 7 of the OSI model where the user interfaces with the computer application.
FDDI / Fiber Distributge Data Interface
Legacy LAB technology that uses light
Token Ring
Legacy LAN techniology that uses tokens
Civil law (legal system)
Legal system that leverages codified laws or statues to determine what is considered within the bounds of law
Common law
Legal system that places significant emphasis on particular cases and judicial precedent as a determinant of laws
Religious law
Legal system that uses religious doctrine or interpertation as a source of legal understanding and statutes.
S/MIME / Secure/Multipurpose Internet Mail Extensions
Leverages PKI to encrypt and authenticate MIME-encoded email.
Legal liability
Liability enforced through civil law
LDAP
Lightweight Directory Access Protocol, open protocol for interfacing and querying directory service information provided by network operating systems. Uses port 389 via TCP or UDP
LEAP
Lightweight Extensible Authentication Protocol, a Cisco-proprietary protocol released before 802.1X was finalized
LCP
Link Control Protocol, the initial unauthenticated connected used by CHAP
Checklist testing
Lists all necessary components required for successful recovery, and ensures that they are, or will be, readily available should a disaster occur. Also knows as consistency testing
LAN
Local Area Network, a comparatively small network, typically confined to a building or an area within one
LLC
Logical Link Control, layer 2 protocol that handles LAN communications
Assembly Language
Low-level computer programming Language with instructions that are short mnemonics, such as "ADD", "SUB" (subtract) and "JMP" (jump) that match to machine language instructions
Unit Testing
Low-level tests of software components, such as functions, procedures or objects
Bytecode
Machine-independent interpreted code, used by Java
Commit
Makes changes to a database permanent
Enticement
Making the conditions for commission of a crime favorable for those already intent on breaking the law
Phishing
Malicious attack that poses as a legitimate site such as a bank, attempting to steal account credentials
Malware
Malicious software, any type of software which attacks an application or system
malware
Malicious software. Code written to perform activities that circumvent the security policy of a system. Examples are viruses, malicious applets, Trojan horses, logical bombs, and worms.
Trojan
Malware that performs two functions: one benigns (such as a game) and one malicious. Also called trojan horses
Rootkit
Malware that replaces portions of the kernel and/or operating system.
Vulnerability Management
Management of vulnerability information
ISO 22301
Management-focused business continuity guideline called "Business continuity management systems - Requirements"
MAC (Access Control)
Mandatory Access Control, system-enforced access control based on subject's clearances and object's labels
Traceability Matrix
Maps customers' requirements to the software testing plan: it 'traces' the 'requirements', and ensures they are being met
High-Data-Rate Digital Subscriber Line (HDSL)
Matches SDSL speeds using two pairs of copper. HDSL is used to provide inexpensive T1 service.
Aggregation
Mathematical attack where a user is able to use lower-level access to learn restricted information
MTD
Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted
MTTR
Maximum Transmission Unit, the maximum PDU size on a network
MTU
Maximum Transmission Unit, the maximum PDU size on a network
MTBF
Mean Time Between Failures, quantifies how long a new or repaired system will run on average before failing
FDX / Fetch and execute
Mechanism that allows the CPU to receive machine language instructions and execute them. Also called "Fetch, Decode, Execute"
Access Control
Mechanisms, controls, and methods of limiting access to resources to authorized subjects only.
MAC (Telecommunications)
Media Access Control, layer 2 protocol that transfers data to and from the physical layer
MD5
Message Digest 5, a hash function that creates a 128-bit message digest
MIC
Message Integrity Check, integrity protocol used by WPA2
MAN
Metropolitan Area Network, typically confined to a city, a zip code, or a campus or office park
Tactical Goals
Midterm goals to accomplish. These may be milestones to accomplish within a project or specific projects to accomplish in a year. Strategic, tactical, and operational goals make up a planning horizon.
tactical goals
Midterm goals to accomplish. These may be milestones to accomplish within a project or specific projects to accomplish in a year. Strategic, tactical, and operational goals make up a planning horizon.
MOR
Minimum Operating Requirements, describes the minimum environmental and connectivity requirements in order to operate computer equipment
Database replication
Mirrors a Live database, allowing simultaneous reads and writes to multiple replicated databases by clients
Brewer-Nash / Chinese Wall Model
Model designed to avoid conflicts of interest by prohibiting one person, like a consultant, from accessing multiple conflict of interest categories (CoIs)
Chinese Wall Model
Model designed to avoid conflicts of interest by prohibiting one person, like a consultant, from accessing multiple conflict of interest categories (CoIs)
Callback
Modem-based authentication system
Modem
Modulator/Demodulator; takes binary data and modulates it into analog sound that can be carried on phone networks
Return on Investment
Money saved by deploying a safeguard.
Failover cluster
Multiple systems that can be seamlessly leveraged to maintain the availability of the service or application being provided. Also called a failover cluster
MPLS
Multiprotocol Label Switching, provides a way to forward WAN data via labels
Wassenaar Arrangement
Munitions law that followed COCOM, beginning in 1996
NIST SP 800-34
NIST Special Publication 800-34 "Contingency Planning Guide for Information Technology Systems"
NAT
Network Address Translation, translates IP addresses
NIC
Network Interface Card, a card that connects a system to a network
NIDS
Network based intrusion detection system, a detective technical control
STP / Shielded Twisted Pair
Network cabling that contains additional metallic shielding around each twisted pair of wires.
Coaxial
Network cabling that has an inner copper core separated by an insulator from a metallic braid or shield
Unshielded Twister Pair (UTP)
Network cabling that uses pairs of wire twisted together
NIPS
Network intrusion prevention system, a device designed to prevent malicious network traffic
Circuit-switched network
Network that provides a dedicated circuit or channel between two nodes
Broadband
Network with multiple channels; can send multiple signals at a time, like cable TV
Baseband
Network with one channel; can only send one signal at a time
CWR
New TCP flag, Congestion Window Reduced
Remote meeting technology
Newer technology that allows users to conduct online meetings via the Internet, including desktop sharing functionality.
Fibre Channel
Non-Ethernet/IP fiber optic storage technology
NS
Nonce sum, the newest TCP flag, used for congestion notification
NDA
Nondisclosure agreement, a contractual agreement that ensures that an individual or organization appreciates their legal responsibility to maintain the confidentiality of sensitive information
Lattice-Based Access Controls
Nondiscretionary access control with defined upper and lower bounds implemented by the system
NRM
Normal response mode, SDLC/HDLC mode where secondar nodes can transmit when given permission by the primary
Breach notification
Notification of persons whose personal data has been, or is likely to have been, compromised
Openness Principle
OECD Privacy Guideline principle that states collection and use of personal data should be readily available
Security Safeguards Principle
OECD Privacy Guideline principle that states personal data should be reasonably protected against unauthorized use, disclosure, or alteration.
Use Limitation Principle
OECD Privacy Guideline principle that states personal data should never be disclosed without either consent of the individual or lgel requirement
Accountability Principle
OECD Privacy Guideline principle which states individuals should have the right to challenge the content of any personal data being held, and have a process for updating their personal data if found to be inaccurate or incomplete
Collection Limitation Principle
OECD Privacy Guideline principle which states personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individuals knowledge and approval.
Data Quality Principle
OECD Privacy guideline principle that states personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection
Individual Participation Protocol
OECD privacy guideline principle that states indivdual should have control over their data
purpose specification principle
OECD privacy guidline principle that states the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined a the time of collection
polymorphism
OOP concept based on the Greek roots "polyu" and "morph" meaning many and forms, respectively): allows an object to overload an operator, for example
Parent Class
OOP concept that allows objects to inherit capabilites from parents
Coupling
OOP concept that connects objects to others. Highly coupled objects have low cohesion
Cohesion
OOP concept that describes as independent object. Objects with high cohesion have low coupling
Interior Gateway Protocol (IGP)
OSI Layer 3 Routing Protocol used for private networks, like Intranets
ORBs
Object Request Brokers, used to locate and communicate with objects
OOA
Object-Oriented Analysis, high-level approach to understanding a problem domain that identifies all objects and their interaction
OOD
Object-Oriented Design, a high-level object-oriented approach to designing software
OOP
Object-Oriented Programming, changes the older procedural programming methodology, and treats a program as a series of connected objects that communicate via messages
OLE
Oblject Linking and Embedding, part of DCOM which links documents to other documents
OEP
Occupant Emergency Plan, a facility-based plan focused on safety and evacuation
FRR / False Reject Rate
Occurs when an authorized subject is rejected as invalid, Also known as a type I error
FAR / False Accept Rate
Occurs when an unauthorized subject is accepted as valid, Also known as a type II error
Authorization Creep
Occurs when employees not only maintain old access rights but also gain new ones as they move from one division to another within an organization.
Screened host architecture
Older flat network design using one router to filter external traffic to and from a bastion host via an ACL.
X.25
Older packet switched Wan protocol
Thinnet
Older type of coaxial cable, used for Ethernet bus networking
Thicknet
Older type of coaxial cable, used for ethernet bus networking
Instance
One copy of an object
Footcandle
One lumen per square foot
Lux
One lumen per square meter
Vernam Cipher
One-time pad using a teletypewriter, invented by Gilbert Vernam
Multicast
One-to-many network traffic, and the "many" is preselected
Unicast
One-to-one netork traffi, such as a client surfing the web
Simplex
One-way communication, like a car radio tuned to a music station.
OCSP
Online Certificate Status Protocol
OSPF
Open Shortest Path First, an open link state routing protocol
OCTAVE
Operationally Critical Threat, Asset and Vulnerability Evaluation, a risk management framework from Carnegie Mellon University
OECD Privacy Guidelines
Organization for Economic Cooperation and Development privacy guidelines, containing eight principles
OUI
Organizationally unique identifier, first 24-bits of a MAC address
OFDM
Orthogonal Frequency-Division Multiplexing, a newer wireless multiplexing method, allowing simultaneous transmission using multiple independent wireless frequencies that do not interfere with each other
OFB
Output Feedback, a stream mode of DES that uses portions of the keyfor feedback
Offshoring
Outsourcing to another country
protocol data unit
PDU
protected EAP
PEAP
pretty good privacy
PGP
public key infrastructure
PKI
Certificate Authority
PKI component that authenticates the identity of a person or organization before issuing a certificate to them
programmable logic device
PLD
post office protocol
POP
power-on self-test
POST
point-to-point protocol
PPP
point-to-point tunneling protocol
PPTP
primary rate interface
PRI
programmable read only memory
PROM
platform as a service
Paas
RSN / Robust Security Network
Part of 802.11i that allows changes to cryptographic ciphers as new vulnerabilities are discovered.
Business interruption testing
Partial or complete failover to an alternate site
Crippleware
Partially functioning proprietary software, often with key features disabled. The user is typically required to make a payment to unlock the full functionality
Magnetic stripe card
Passive device that contains no circuits. Sometimes called swipe cards: they are used by swiping through a card reader
Passive infrared sensor
Passive motion detector that detects infrared energy created by body head
PAP
Password Authentication Protocol, an insecure network authentication protocol that exposes passwords in cleartext
Dictionary attack
Password cracking method that uses a [redefined list of words like a dictionary , running each word through a hash algorithm
One-Time password
Password that may be used for a single authentication
PCI-DSS
Payment Card Industry Data Security Standard, a security standard created by the Payment Card Industry Security Standards Council (PCI SSC)
penetration testing
Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack that a malicious hacker would carry out. This is done so that vulnerabilities and weaknesses can be uncovered.
Transposition
Permutation - provides confustion by rearranging the characterso fthe plain-text, anagram style
PAN
Personal Area Network, a very small network with a range of 100 m or much less
PDA
Personal Data Assistant, a small networked computer that can fit in the palm of your hand
eDiscovery / Electronic Discovery
Pertains to legal counsel gaining access to pertinent ESI (Electronic Stored Information) during the pre-trial discovery phase of civil legal proceedings
Shoulder surfing
Physical attack where an attacker observes credentials, such as a key combination.
Bus
Physical network topology that connects network nodes in a string
Ring (physical)
Physical network topology that connects nodes in a physical ring.
Mesh
Physical network topology that interconnects network nodes to each other
Tree
Physical network topology with a root node, and branch node that are at least three level deep
POTS
Plain old telephone service, analog phone service (RJ11 fax machine)
Cyber Incident Response Plan
Plan designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan horses, etc.
PaaS
Platform as a service, provides a pre-configured operating system, and the customer configures the application
Vigenere Cipher
Ployalphabetic cipher names after Blaise de Vignère, using a Vignère Square
Exfiltration
Policy-violating removal of sensitive data fram a secure perimeter
802.1X
Port-based Network Access Control layer 2 authentication
Unallocated space
Portions of a disk partition whoc do not contain active data
Allocated Space
Portions of disk partition that are marked as actively containing data
Active RFID
Powered RFID tags that can operate via larger distances
Constrained user interface
Presents a user with limited controls on information, such as an ATM keypad
PGP
Pretty Good Privacy, software that integrates asymmetric, symmetric and hash cryptography
Intrusion Prevention System (IPS)
Preventative device designed to prevent malicious actions
Warded lock
Preventative device that turn a key through channels (called wards) to unlock
Key lock
Preventive device that requires a physical key to unlock
EU Data Protection Directive
Privacy directive which allows for the free flow of information while still maintaining consistent protections of each member nations citizens data
RFC 1918 addresses
Private IPv4 addresses which may be used for internal traffic.
Agents of law enforcement
Private citizens carrying out actions on the behalf of law enforcement
degauss
Process that demagnetizes magnetic media so that a very low residue of magnetic induction is left on the media. Used to effectively erase data from media.
Authentication
Proof of an Identity claim
PDU
Protocol Data Unit, a header and data at one layer of a network stack
Cable modem
Provide Internet access via broadband cable TV
Zachman Framework
Provides 6 frameworks for providing information security, asking what, how, where, who, when and why, and mapping those frameworks across rules including planner, owner, designer, builder, programmer and user
SAN / Storage Area Network
Provides block-level disk storage via a network.
Custodian
Provides hands-on protection of assets
Graham-Denning Model
Provides more granuler approach for interaction between subjects and objects.
Digital signature
Provides nonrepudiation, which includes authentication of the identity of the signer, and proof of the document's integrity
ECPA / Electronic Communications Privacy Act
Provides search and seizure protection to non-telephony electronic communications
BRI/Basic Rate Interface
Provides two 64k digital ISDN channels
Virtual Memory
Provides virtual address mapping between applications and hardward memory
Circuit-level proxy
Proxy firewall that operates at Layer 5
Application-layer proxy
Proxy firewall that operates up to Layer 7
qualitative risk analysis
RA method which uses approximate values (different from quantitative - which is to quantify, how much, count, etc..)
rapid application development
RAD
redundant array of inexpensive disks
RAID
RAID 1 + 0
RAID 0 combined with RAID 1, sometimes called RAID 10
RAID 10
RAID 1 + 0
RAID 2
RAID hamming code
RAID 1
RAID mirrored set
RAID 0
RAID striped set
RAID 3
RAID striped set with dedicated parity (byte level)
RAID 4
RAID striped set with dediciated parity (block level)
RAID 5
RAID striped set with distibuted parity
RAID 6
RAID striped set with dual distrubuted parity
random access memory
RAM
radio-frequency identification
RFID (best known as scanning bar codes)
reduced instruction set computer
RISC
read only memory
ROM
recovery point objective
RPO
recovery time objective
RTO
real-time transport protocol
RTP
Industrial, Scientific, and Medical (ISM)
Radium Spectrum (bands) that are set aside for unlicensed use, meaning you do not need to acquire a license from an organization such as the FCC to use them
ROM
Read Only Memory
Clark-Wilson
Real-world integrity model that protects integrity by having subjects access objects via programs
object reuse
Reassigning to a subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel.
Watchdog timer
Recovers a system by rebooting after critical processes hang or crash
Simulation test
Recovery from a pretend disaster, goes beyond talking about the process and actually has teams carry out the recovery process.
Parallel Processing
Recovery of critical processing components at an alternate computing facility, without impacting regular production systems
Cybersquatting
Registering internet domain names associated with another organization's intellectual property
Typosquatting
Registering internet domain names comprised of likely misspellings or mistyping of legitmate domain trademarks
Need to know
Requirement that subjects need to know infomration before accessing it
GLBA / Gramm-Leach-Bliley Act
Requires financial institutions to protect the confidentiality and integrity of consumer financial information
Gramm-Leach-Bliley Act (GLBA)
Requires financial institutions to protect the confidentiality and integrity of consumer financial information
Rotation of Duties
Requires that critical functions or responsibilities are not continuously performed by the same person without interruption. Also known as job rotation.
Entity Integrity
Requires that each tuple has a unique primary key that is not null
Semantic integrity
Requires that each value is consistent with the attribute data type
Due care
Requires that key organizational stakeholders are prudent in carrying out their duties, aka that "prudent man rule"
Chain of custody
Requires that once evidence is acquired, full documentation regarding who, what, when and where evidence was handled is maintained
Strong Authentication
Requires that the user present more than one authentication factor, also called dual factor authentication
Best evidence rule
Requires use of the strongest possible evidence
Class I gate
Residential gate designed for home use
Rollback
Restores a database after a failed commit.
Class IV gate
Restricted access gate, used at an airport or prison
Static password
Reusable passwords that may or may not expire
Data controllers
Role that creates and manages sensitive data within the organization. Human resources employees are an example: they create and manage sensitive data, such as salary and benefit data, reports from employee sanctions, etc..
Data Processor
Role that manages data on behalf of data controllers. An outsourced payroll company is an example of data processor
Enigman
Rotor machine used by German Axis powers during World War II
SIGABA
Rotor machine used by the United States through World War II into the 1950s.
Distance vector
Routing protocol that uses a simple metric, such as hop count
Link state
Routing protocols that factor in additional metrics for determining the best route, including bandwidth
Multiprocessing
Runs multiple processes on multiple CPUs
Internet Small Computer System Interface (iSCSI)
SAN protocol that allows for leveraging existing networking infrastructure and protocols to interface with storage
FCIP / Fibre Channel over IP
SAN protocol that encapsulates Fibre Channel frames via Ethernet and TCP/IP
FCoE / Fibre Channel over Ethernet
SAN protocol that leverages Fibre Channel, but can be transmitted across standard Ethernet networks. Does not use TCP/IP
SOX
Sarbanes-Oxley Act of 2002, created regulatory compliance mandates for publicly traded companies
SOX / Sarbanes-Oxley Act
Sarbanes-Oxley Act of 2002, created regulatory compliance mandates for publicly traded companies.
Remote journaling
Saves database checkpoints and the database journal to a remote site. In the event of failure at the primary site, the database may be recovered.
Cryptography
Science of creating messages whose meaning is hidden
Browsing
Searching through storage media looking for specific information without necessarily knowing what format the information is in. A browsing attack is one in which the attacker looks around a computer system either to see what looks interesting or to find specific information.
Act honorably, justly, responsibly, and legally
Second canon of the (ISC)2 Code of ethics
Conduct the business impact analysis (BIA)
Second step of the NIST SP 800-34 contingency planning process
SRTP
Secure Real-time Transport Protocol used to provide secure VoIP
SSL
Secure Sockets Layer, authenticates and provides confidentiality to network traffic such as web traffic
Code Repositories
Secure service for storing source code of projects, a public example is GitHub
Awareness
Security Control designed to change user behavior
SPI
Security Parameter Index, used to identify Simplex IPsec security violations
Training
Security control designed to provide a skill set
Label
Security level assigned to an object, such as confidential, secret or top secret
Administrative Controls
Security mechanisms that are management's responsibility and referred to as "soft" controls. These controls include the development and publication of policies, standards, procedures, and guidelines; the screening of personnel; security-awareness training; the monitoring of system activity; and change control procedures.
Bell-LaPadula
Security model focused on maintaining the confidentiality of objects
Biba
Security model focused on maintaining the integrity of objects
Add-on Security
Security protection mechanisms that are hardware or software retrofitted to a system to increase that system's protection level.
Penetration test
Security test designed to determine if an attacker can penetrate an organization
Computer-Aided Software Engineer
See - CASE
Counter Mode CBC MAC Protocol
See - CCMP
Content Distribution Networks
See - CDN
Crossover Error Rate
See - CER
Computer Incident Response Team
See - CIRT
Complex Instruction Set Computer
See - CISC
Crisis Management Plan
See - CMP
Control Objectives for Information and related Technology
See - COBIT
Component Object Model
See - COM
Continuity of Operations Plan
See - COOP
Commercial Off-the-Shelf Software
See - COTS
Continuity Planning Project Team
See - CPPT
Computer Security Incident Response Team
See - CSIRT
Cross-Site Request Forgery
See - CSRF
Counter Mode
See - CTR
Consistency testing
See - Checklist testing
Data Circuit-Terminating Equipment
See - DCE
Data Definition Language
See - DDL
Data Encryption Algorithm
See - DEA
Data Execution Prevention
See - DEP
Date Encryption Standard
See - DES
Data hiding
See - Encapsulation (object)
Cross-Site Scripting
See - XSS
Discretionary access control
See --DAC
Distributed Network Protocol
See DPN3
JavaScript Object Notation
See JSON - JavaScript Object Notation, a data interchange format
Network Address Translation
See NAT
Nondisclosure agreement
See NDA
Network Interface Card
See NIC
Network-based Intrusion Detection Systems
See NIDS
Network Intrusion Prevention System
See NIPS
Normal Response Mode
See NRM
Nonce Sum
See NS
Online Certificate Status Protocol
See OCSP
Operationally Critical Threat, Asset, and Vulnerability Evaluation
See OCTAVE
Occupant Emergency Plan
See OEP
Output Feedback
See OFB
Orthogonal Frequency-Division Multiplexing
See OFDM
Object Linking and Embedding
See OLE
Object-Oriented Analysis
See OOA
Object-Oriented Design
See OOD
Object-Oriented Programming
See OOP
Object Request Brokers
See ORBs
Open Shortest Path First
See OSPF
Organizationally Unique Identifier
See OUI
Personal Area Network
See PAN
Password Authentication Protocol
See PAP
Payment Card Industry Data Security Standard
See PCI DSS
Personal Digital Assistant
See PDA
Personally Identifiable Information
See PII
Personal Identification Number
See PIN
Mutual Aid Agreement
See Reciprocal agreement
Dual Factor Authentication
See Strong Authentication
Orange Book
See TCSEC
Common Object Request Broker Architecture
See- COBRA
Disclosure, Alteration and Destruction
See--DAD
Data remanence
See-Remanence
Contraband check
Seek to identify objects that are prohibited to enter a secure perimeter (such as an airplane)
Differential cryptanalysis
Seeks to find the "difference" between related plaintexts that are encrypted
Normalization
Seeks to make the data in a database table logically concise, organized and consistent
Confidentiality
Seeks to prevent the unauthorized disclosure of information
Expert systems
Seeks to replicate the knowledge and decision-making capability of human experts
Mission Owners
See—Business Owners - Also called Mission Owners, members of senior management who create the information security program and ensure that it is properly staffed, funded, and has organizational priority
Layered defense
See—Defense-in-depth Application of multiple safeguards that span multiple domains to protect an asset
Key Distribution Center
See—KDC Key Distribution Center, a Kerberos service that authenticates principals
Layer 2 Tunneling Protocol
See—L2TP - Layer 2 Tunneling Protocol, combines PPTP and L2F
Local Area Network
See—LAN - Local Area Network, a comparatively small network, typically confined to a building or an area within one
Link Control Protocol
See—LCP -Link Control Protocol, the initial unauthenticated connected used by CHAP
Lightweight Directory Access Protocol
See—LDAP - Lightweight Directory Access Protocol, open protocol for interfacing and querying directory service information provided by network operating systems. Uses port 389 via TCP or UDP
Lightweight Extensible Authentication Protocol
See—LEAP - Lightweight Extensible Authentication Protocol, a Cisco-proprietary protocol released before 802.1X was finalized
Logical Link Control
See—LLC- Logical Link Control, layer 2 protocol that handles LAN communications
Logical Unit Numbers
See—LUN - Logical Unit Numbers, provide a way of addressing storage across the network. Also used for basic access control for network accessible storage
Media Access Control
See—MAC - Mandatory Access Control, system-enforced access control based on subject's clearances and object's labels
Mandatory Access Control
See—MAC - Media Access Control, layer 2 protocol that transfers data to and from the physical layer
Metropolitan Area Network
See—MAN - Metropolitan Area Network, typically confined to a city, a zip code, or a campus or office park
Message Digest 5
See—MD5 - Message Digest 5, a hash function that creates a 128-bit message digest
Message Integrity Check
See—MIC - Message Integrity Check, integrity protocol used by WPA2
Minimum Operating Requirements
See—MOR - Minimum Operating Requirements, describes the minimum environmental and connectivity requirements in order to operate computer equipment
Multiprotocol Label Switching
See—MPLS - Multiprotocol Label Switching, provides a way to forward WAN data via labels
Mean Time Between Failures
See—MTBF - Mean Time Between Failures, quantifies how long a new or repaired system will run on average before failing
MAD
See—MTD - Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted
Maximum Allowable Downtime
See—MTD - Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted
Maximum Tolerable Downtime
See—MTD - Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted
Mean Time to Repair
See—MTTR - Mean Time to Repair, describes how long it will take to recover a failed system
Maximum Transmission Unit
See—MTU - Maximum Transmission Unit, the maximum PDU size on a network
Malicious Code
See—Malware -Malicious software, any type of software which attacks an application or system
MCH
See—Northbridge - Connects the CPU to RAM and video memory, also called the Memory Controller Hub (MCH)
Memory Controller Hub
See—Northbridge - Connects the CPU to RAM and video memory, also called the Memory Controller Hub (MCH)
Least privilege
See—Principle of least privilege - Granting subjects the minimum amount of authorization required to do their jobs, also known as minimum necessary access
LWP
See—Thread - A lightweight process (LWP)
Scrum Master
Senior member of the organization who acts as a coach for the Scrum team.
SDN / Software Defined Networking
Separates a router's control plane from the data (forwarding) plane. Routing decisions are made remotely, instead of on each individual router.
Layering
Separates hardware and software functionality into modular tiers
SLIP
Serial Line Internet Protocol, a Layer 2 protocol which provides IP connectivity via asynchronous connections such as serial lines and modems
SLA
Service Level Agreement, contractual agreement that helps assure availability
SIP
Session Initiation Protocol, a VoIP signaling protocol
Time multiplexing
Shares system resources between mulitiple processes, eahc with a dedicated slice of time
STP
Shielded Twisted Pair, network cabling that contains additional metallic shielding around each twisted pair of wires
Faraday Cage
Shields enclosed objects from EMI
Maintenance hook
Shortcut installed by system designers and programmers to allow developers to bypass normal system checks during development
Shadow Database
Similar to a replicated database, with one key difference: a shadow database mirrors all changes made to a primary database, but clients do not access the shadow.
Thin clients
Simple computer systems the rely on centralise applications and data
SMTP
Simple mail transfer protocol, a store-and-forward protocol used to exchange email between servers
ANN/Artificial Neural Networks
Simulate neural networks found in humans and animals
SLE
Single Loss Expectancy, the cost of a single loss
SSO
Single Sign On, allows a subject to authenticate once and then access multiple systems
Applet
Small pieces of mobile code that are embedded in other software such as web browsers
Fraggle attack
Smurf attack variation which uses UDP instead of ICMP
Initial
Software Capability Maturity Model (CMM) Phase 1 : software process is characterized as ad hoc, and occassionally even chaotic. Few processes are defined, and success depends on individual effort
Spiral Model
Software Development model designed to control risk
Antivirus Software
Software designed to prevent and detect malware infections
Intrusion Detection System (IDS)
Software employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity. The IDS can be network based, which monitors network traffic, or host based, which monitors activities of a specific system and protects system files and control mechanisms.
firmware
Software instructions that have been written into read-only memory (ROM) or a programmable ROM (PROM) chip.
Closed source
Software released in executable form: the source code is kept confidential
Machine code
Software that is executed directly by the CPU
Freeware
Software that is free of charge
Operating System
Software that operates a computer
Antimalware
Software whose principal functions include the identification and mitigation of malware; also known as antivirus, although this term could be specific to only one type of malware.
Open source
Software with publicly published source code, allowing anyone to inspect, modify, or compile the code
SSD
Solid State Drive, a combination of flash memory (EEPROM) and DRAM
Type 3 Authenication
Something you are
Type 2 Authentication
Something you have
Type 1 Authentication
Something you know
Slack Space
Space on a disk between the end-of-file marker and the end of the cluster
Minutiae
Specific fingerprint details that include whorls, ridges, bifurcation, and others
DNS reflection attack
Spoofed Dos attack using third-party DNS servers
Striping
Spreading data across multiple disks to achieve performance gains, used by some levels of RAID
Top-Down Programming
Starts with the broadest and highest level requirements (the concept of the final program) works down towards the low-level tehcnical implementation details
Bottom-Up programming
Starts with the low-level technical implementation details and works up to the concept of the complete program
SRAM
Static Random Access Memory, expensive and fast memory that uses small latches called "flip-flops" to store bits
Firmware
Stores small programs that do not change frequently, such as a compute's BIOS
Feedback
Stream cipher mechanism that seeds the previous encrypted bit into the next bit to be encrypted
SQL
Structured Query Language, the most popular database query language
RBAC / Role-Based Access Controls
Subjects are grouped into roles and each defined role has access permissions based upon the role, not the individual.
Rotation Cipher
Substitution cipher that shifts each character of ciphertext a fixed amount past each plaintext character.
Monoalphabetic cipher
Substitution cipher using one alphabet
High-level Data link control (HDLC)
Successor to SDLC. HDLC adds error correction and flow control, as well as two additional modes (ARM and ABM).
SMDS
Switched Multimegabit Data Service, an older WAN technology that is similar to ATM
SVC
Switched Virtual Circuit, a circuit that is established on demand
SPAN port
Switched port analyzer, receives traffic forwarded from other switch ports
Data Encryption Standard (DES)
Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).
SONET
Synchronous Optical Networking, carries multiple T-carrier circuits via fiber optic cable
Open system
System using open hardware and standards, using standard componenets from a variety of vendors
Closed system
System using proprietary hardware or software
PSH
TCP flac, push data to application layer
ACK
TCP flag, acknowledge received data
URG
TCP flag, packet contains urgent data
RST
TCP flag, reset (tear down) a connection.
SYN
TCP flag, synchronize a connection
FIN
TCP fral, finish a connection (gracefully)
Internet Protocol (TCP/IP)
TCP/IP model layer that aligns with layer 3 (network) layer of the OSI Model. This is where IP Addresses and routing lives.
Application Layer (TCP/IP)
TCP/IP model layer that combines Layers 5 through 7 of the OSI model
Network Access Layer
TCP/IP model layer that combines layers 1 and 2 of the OSI model. It describes Layer 1 issues such as energy, bits and the medium used to carry them
Transport Layer (OSI)
TCP/IP model layer that connects the internet layer to the application layer
Reserved ports
TCP/IP ports 1023 and lower.
Ephemeral ports
TCP/IP ports 1024 and higher
race condition
TOCTOU
Access Control Matrix
Table defining what access permissions exist between specific subjects and objects
Truth table
Table used to map all the results of a mathmatical operaiont such as XOR
Encapsulation / Network
Takes information from a higher network layer and adds a header to it, treating the higher-layer information as data
Live forensics
Taking a binary image of physical memory, gathering details about running processes, and gathering network connection data
Compartmentalization
Technical enforcement of need to know
ISO/IEC-27031
Technically-focused business continuity guideline that is part of the ISO 27000 series
TKIP
Temporal Key Integrity Protocol - user to provide integrity py WPA
TACACS
Terminal Access Controller Access Controller System, a SSO method often used for network equipment
TAP
Test Access Port, provides a way to tap into network traffic and see all unicast streams on a network
Direct evidence
Testimony provided by a witness regarding what the witness actually experienced
Acceptance Testing
Testing to ensure the software meets the customers operational requirements
Dynamic testing
Tests code while executing it
Flat file
Text file that contains multiple lines of data, each in a standard format
BCI
The Business Continuity Institute
Commandments of Computer Ethics
The Computer Ethics institute code of ethics
GIG / Global Information Grid
The US DoD global network, one of the largest private networks in the world
AV/Asset Value
The Value of a protected asset
Remote wipe
The ability to remotely erase a mobile device.
Vulnerability
The absence or weakness of a safeguard that could be exploited.
vulnerability
The absence or weakness of a safeguard that could be exploited.
Recovery Point Objective
The acceptable amount of data loss measured in time.
Aggregation
The act of combining information from separate sources of a lower classification level that results in the creation of information of a higher classification level, which the subject does not have the necessary rights to access.
Validation
The act of performing tests and evaluations to test a system's security level to see if it complies with security specifications and requirements.
validation
The act of performing tests and evaluations to test a system's security level to see if it complies with security specifications and requirements.
data leak prevention (DLP)
The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
Threat Agents
The actors causing the threats that exploit a vulerability
RPO / Recovery Point Objective
The amount of data loss or system inaccessibility (measured in time) that an organization can withstand.
Work factor
The amount of time required to break a cryptosystem (decrypt a ciphertext without a key)
data mining
The analysis of the data held in data warehouses in order to produce new and useful information.
Depth of Field
The area that is in focus
Lock picking
The art of unlocking a lock without a key
Reliability
The assurance of a given system, or individual component, performing its mission adequately for a specified period of time under the expected operating conditions.
Access aggregation
The collective entitlements granted by multiple systems to one user. Can lead to authorization creep
EOC / Emergency Operations Center
The command post established during or just after an emergency event
isolation
The containment of processes in a system in such a way that they are seperated from one another to ensure integrity and confidentiality.
Full disclosure
The controverial practice of releasing vulnerability details publicly
kernel
The core of an OS, a kernel manages the machine's hardware resources (including the processor and the memory) and provides and controls the way any other software component accesses these resources.
Total Cost of Ownership (TCO)
The cost of a safeguard
ALE/Annualized Loss Expectancy
The cost of loss due to a risk over a year
Accreditation
The data owners acceptance of the risk represented by a system
Field of view
The entire area viewed by a camera
Work Factor
The estimated time and effort required for an attacker to overcome a security control.
work factor
The estimated time and effort required for an attacker to overcome a security control.
Keyboard unit
The external keyboard
Cache memory
The fastest memory on the system, required to keep up with the CPU as it fetches and executes instructions
802.11i
The first 802.11 wireless security standard that provides reasonable security
Method
The function performed by an object
ActiveX controls
The functional equivalent of Java applets. They use digital certificates instead of a sandbox to provide security
cryptosystem
The hardware or software implementation of cryptography.
Kernel
The heart of the operating system, that usually runs in ring 0. It provides the interface between hardware and the rest of the operating system, including applications
Configuration Management
The identification, control, accounting, and documentation of all changes that take place to system hardware, software, firmware, supporting documentation, and test results throughout the lifespan of the system.
BCP/DRP project manager
The key point of contact for ensuring that a BCP/DRP is not only completed, but also routinely tested
Risk
The likelihood of a threat agent taking advantage of a vulnerability and the resulting business impact. A risk is the loss potential, or probability, that a threat will exploit a vulnerability.
Security domain
The list of objects a subject is allowed to access.
Due Diligence
The management of Due care
RTO / Recovery Time Objective
The maximum time allowed to recover business or IT systems.
Recovery Time Objective
The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.
Baseline
The minimum level of security necessary to support and enforce a security policy.
dedicated security mode
The mode in which a system operates if all users have the clearance or authorization to access, and the need to know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements pertaining to this information.
Bell-LaPadula Model
The model uses a formal state transition model that describes its access controls and how they should perform. When the system must transition from one state to another, the security of the system should never be lowered or compromised. See also multilevel security, simple security proeprty, and start property (*-property).
ARO/Annual Rate of Occurrence
The number of losses suffered per year
Gross negligence
The opposite of due care
Diffusion
The order of plaintext should be dispersed in the ciphertext
802.11-1997
The original mode of 802.11 operated at 2mbs using the 2.4 GHz frequency
exposure factor
The percentage of loss a realized threat could have on a certain asset.
EF / Exposure Factor
The percentage of value an asset lost due to an iincident
Entitlements
The permissions granted to a user
Topology
The physical construction of how nodes are connected to form a network.
topology
The physical construction of how nodes are connected to form a network.
loss potential
The potential losses that can be accrued if a threat agent actually exploits a vulnerability.
cryptanalysis
The practice of breaking cryptosystems and algorithms used in encryption and decryption processes.
DevOps
The practice of incorporating developers and members of operations and quality assurance (QA) staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.
Responsible Disclosure
The practice of privately sharing vulnerability information with a vendor, and withholding public release until a patch is available.
ARPAnet
The predecessor of the Internet
Computer bus
The primary communication channel on a computer system
personnel security
The procedures that are established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances. Procedures confirm a person's background and provide assurance of necessary trustworthiness.
Throughput
The process of authenitcain to a system (such as a biometric authentication system)
Baselining
The process of capturing a point in time understanding of the current system security configuration
Scoping
The process of determining which portions of a standard will be employed by an organization.
Configuration management
The process of developing a consistent system security configuration that can be leveraged throughout an organization
Enrollment
The process of enrolling with a system (such as a biometric authentication system), creating an account for the first time
Risk Management
The process of identifying, assessing, and reducing the risk to an acceptable level and implementing the right mechanisms to maintain the level of risk.
Patch management
The process of managing software updates
electronic discovery (e-discovery)
The process of producing for a court or external attorney all electronically stored information pertinent to a legal proceeding.
Change management
The process of understanding, communicating, and documenting changes
Confusion
The relationship between the plaintext and ciphertext should be confused (or random) as possible
Availability
The reliability and accessibility of data and resources to authorized identified individuals in a timely manner.
Residual Risk
The remaining risk after the security controls have been applied. The conceptual formulas that explain the difference between total and residual risk are: threats x vulnerability x asset value = total risk (threats x vulnerability x asset value) x control gaps = residual risk
purge
The removal of sensitive data from a system, storage device, or peripheral device with storage capacity at the end of a processing period. This action is performed in such a way that there is assurance proportional to the sensitivity of the data that the data cannot be reconstructed.
Database view
The results of a database query
Cryptanalysis
The science of breaking encrypted messages (recovering their meaning)
Steganography
The science of hidden communication
Artificial Intelligence
The science of programming electronic computers to "think" more intelligently, sometimes mimicking the ability of mammal brains
Cryptology
The science of secure communications
least privilege
The security principle that requires each subject to be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.
dial-up
The service whereby a computer terminal can use telephone lines, usually via a modem, to initiate and continue communications with another computer system.
domain
The set of objects that a subject is allowed to access. Within this domain, all subjects and objects share a common security policy, procedures, and rules, and they are managed by the same management system.
Impact
The severity of damage, sometimes expressed in dollars (value)
ECB / Electonic Code Book mode
The simplest and weakest mode of DES
Control Zone
The space within a facility that is used to protect sensitive processing equipment. Controls are in place to protect equipment from physical or technical unauthorized entry or compromise. The zone can also be used to prevent electrical waves carrying sensitive data from leaving the area.
Tempest
The study and control of spurious electronic signals emitted by electrical equipment. Tempest equipment is implemented to prevent intruders from picking up information through the airwaves with listening devices.
Tempest
The study and control of spurious electronic signals emitted by electrical equipment. Tempest equpment is implemented to prevent intruders from picking up information through the airwaves with listening devices.
cryptology
The study of cryptography and cryptanalysis.
Certification
The technical evaluation of the security components and their compliance for the purpose of accreditation. A certification process can use safeguard evaluation, risk analysis, verification, testing, and auditing techniques to assess the appropriateness of a specific system processing a certain level of information within a particular environment. The certification is the testing of the security component or system, and the accreditation is the approval from management of the security component or system.
AIC triad
The three security principles: availability, intregrity, and confidentiality.
electronic vaulting
The transfer of backup data to an offsite location. This process is primarily a batch process of transmitting data through communications lines to a server at an alternative location.
encryption
The transformation of plaintext into unreadable ciphertext.
permissions
The type of authorized interactions that a subject can have with an object. Examples include read, write, execute, add, modify, and delete.
Cloud computing
The use of share remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.
Annualized Rate of Occurrence (ARO)
The value that represents the estimated possibility of a specific threat taking place within a one-year timeframe.
One-Time Pad
Theoretically unbreakable encryption using paired pads of random characters
Technical Controls
These controls, also called logical access control mechanisms, work in software to provide confidentiality, integrity, or availability protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and he configuration of the network.
technical controls
These controls, also called logical access control mechanisms, work in software to provide confidentiality, integrity, or availability protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and the configuration of the network.
Structured walkthrough
Thorough review of a DRP by individuals that are knowledgeable about the systems and services targeted for recovery, AKA tabletop exercise
TGS
Ticket Granting Service, a Kerberos service which grants access to services
TGT
Ticket Granting Ticket, Kerberos credentials encrypted with the TGS key
Computer Fraud and Abuse Act
Title 18 United States Code Section 1030
Authenticate
To verify the identity of a subject requesting the use of a system and/or access to network resources. The steps to giving a subject access to an object should be identification, authentication, and authorization.
Broadcast
Traffic that is sent to all stations on a LAN
TCP
Transmission Control Protocol, uses a 3-way handshake to create reliable connections across a network
Object encapsulation
Treats a process as a "black box"
TFTP
Trivial File Transfer Protocol, a simple way to transfer files with no authentication or directory structure
RAT / Remote Access Trojans
Trojan Horses which may be remotely controlled.
TCSEC
Trusted Computer System Evaluation Critera - aka the Orange Book, evluaiton model developed by the departmnet of defence
TCSEC
Trusted Computer System Evaluation Criteria, AKA the Orange Book, evaluation model developed by the US Dept of Defense
TNI
Trusted Network Interpretation - the red Book
TLS
Tunnel Layer Security - the sucessor to SSL
Screened subnet architecture
Two firewalls screening a DMZ.
Collusion
Two or more people working together to carry out a fraudulent activity. More than one person would need to work together to cause some type of destruction or fraud; this drastically reduces its probability.
Collision
Two or more plaintexts that generate the same hash
Full duplex
Two-way simultaneous transmission, like two people having a face-to-face conversation
Network model (databases)
Type of hierarchical database that allows branches to have two parents
Copyright
Type of intellectual property that protects the form of expression in artistic, musical, or literary works
BIOS/Basic Input Output System
Typically stored in Firmware
Global Information Grid
US Department of Defense (DoD) global network, one of the largest private networks in the world
piggyback
Unauthorized access to a system by using another user's legitimate credentials.
Black hat
Unethical hacker or researcher
Baseline
Uniform ways to implement a safeguard , administrative control
USA PATRIOT ACT
Uniting and Strengthening America by Promoting Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001
Passive RFID
Unpowered RFID tags
Outsourcing
Use of a third party to provide information technology support services which were previously performed in-house
SPI / Security Parameter Index
Used to identify simplex IPsec security associations.
REST / Representational State Transfer
Used to implement web services.
SNMP / Simple Network Management Protocol
Used to monitor network devices.
SRTP / Secure Real-time Transport Protocol
Used to provide secure VoIP.
Data Mining
Used to search for patterns, such as fraudulent activity, in a data warehouse
FTP / File Transfer Protocol
Used to transfer files to and from servers
UDP
User Datagram Protocol, a simpler and faster cousin of to TCP
FHSS / Frequency Hopping Spread Spectrume
Uses a mumber of small frequency channels throughout the wireless band and "hops" through them in pseudorandom order
Rule-based access control
Uses a series of defined rules, restrictions, and filters for accessing objects within a system.
Fiber Optic network cable
Uses light to carry information
Bayesian filtering
Uses mathematical formulas to assign probabilities to make decisions such as identifying spam
War dialing
Uses modem to dial a series of phone numbers, looking for an answering modm carrier tone
Voice of Internet Protocol
VOIP - carries voice via data networks
Virtual Private Network
VPN - a method to send private data over insecure network, such as the internet
Threat vectors
Vectors which allow exploits to connect to vulnerabilites
VDSL
Very High Rate Digital Subscriber Line - DSL, featuring much faster asymmetric speeds
Stealth Virus
Virus that hides itself from the OS and other protective software, such as anti-virus software
Boot sector virus
Virus that infects the boot sector of a PC, which ensures the virus loads upon system startup
Multipartite virus
Virus that spreads via multiple vectors. Also called multipart virus
RTP / Real Time Protocol
VoIP protocol designed to carry streaming audio and video.
Memory
Volatile or nonvolatile computer storage
Wi-Fi Protected Access
WPA - a partial implementation of 802.11i
Wi-Fi Protected Access 2
WPA2 - the full implementation of 802.11i
Work Recovery Time
WRT - the time required to configure a recovered system
WSDL
Web Services Description Language, provides details about how web services are to be invoked
total risk
When a safeguard is not implemented, an organization is faced with the total risk of that particular vulnerability.
Total Risk
When a safeguard is not implemented, an origination is faced with the total risk of that particular vulnerability.
Repudiation
When the sender of a message denies sending the message. The countermeasure to this is to implement digital signatures.
Biometrics
When used within computer security, identifies individuals by physiological characteristics, such as a fingerprint, hand geometry, or pattern in the iris.
FDE / Full Disk Encryption
Whole Disk Encryption
WAN
Wide area network, typically covering cities, states, or countries
WAP
Wireless Application Protocol, designed to provide secure web services to handheld wireless devices such as smart phones
WLAN
Wireless Local Area Network
802.11
Wireless networking standard
Exigent circumstances
With respect to evidence acquisition, justification for the seizure of evidence without a warrant due to the extreme likelihood that the evidence will be destroyed
WORM
Write Once Read Many, memory wich can be written to once, and read many times
Shredding / Wiping
Writes new data over each bit or block of file data.
Wiping
Writes new data over each bit or block of file data. Also called shredding
Hot Site
a backup site with all necessary hardware and critical applications data mirrored in real time
reciprocol agreement
a bi-directional agreeement between two organizations in which one organization promises another organization it can move in and share space if it experiences a disaster. also known as a mutual aid agreement.
Socket
a combination of an IP address and a TCP or UDP port on one node
T1
a dedicated 1.544 megabit circuit that carries 24 64 bit DSO channels
Internet
a global collection of peered networks running tcp/ip
Table
a group of related data in a relational database
Spring-bolt lock
a locking mechanism that springs in and out of the door jamb
realm
a logical kerberos network
Teardrop Attack
a malformed packet DoS attack that targets issues with systems' fragmentation reassembly
System Owner
a manager responsible for the actual computers that house data, including hardware and software config, updates, patching, etc
TCP/IP Model
a network model with 4 layers: network access, Internet, transport and application
Honeynet
a network of honeypots
Smart Card
a physical access control device containing an integrated circuit, AKA Integrated Circuit Card (ICC)
Trivial Transfer Protocol (TFTP)
a simple way to transfer files withouht the use of authentication or directory structure
problem domain
a specific challenge that needs to be addressed
Honeypot
a system designed to attract attackers
photoelectric motion sensor
active motin detector that sends a beam of light across a monitored space to a photoelectric sensor
Rainbow Table
acts as a databae that contains the hashed output for most or all possible passwords (as mentioned on McGuiver TV show)
regulatory law
administrative law
Zombie
aka Bot - a computer system running malware that is controlled by a botnet
purple
allied name for the stepping-switch encryption device used by Japanese Axis powers durring WWII
System call
allow processes to communicate with the kernel and provide a window between CPU rings
Hypervisor Mode
allows guests or operating in ring 0, controlled by a hypervisor in ring "-1"
polyinstantiation
allows two different objects to have the same name. the name is based on the Latin roots for multiple (poly) and instances (instantiation)
Time of Check/Time of Use (TOCTOU)
alrering a condition after it has been checked by the operating system, but before it Is used
Subject
an active entity on an Information System which accesses or changes data
Incremental Backup
an archive of all files that have changed since the last backup of any kind was performed
redundant site
an exact production dupliate of a system that has the capability to seamlessly operate all necessary IT operations withougt loss of services to the end user
process
an executable program and its associated data loaded and running in memory
pseudo guard
an unarmed security guard (sounds like a security monitor)
plaintext
an uncreypted message
Hardcopy Data
any data that is accessed through reading or writing on paper rather than processing through a computer system
Identification
association of an individual
Smurf attack
attack using an ICMP flood and directed broadcast addresses
IPv6 Autoconfiguration
autoconfiguration of a unique IPv6 address, omitting the need for static addressing for DHCP
Hand Geometry
biometric control that uses measurements from within specific points on the subjects hand
Hebern Machines
class of cryptographic devices known as rotor machines, includes enigma and SIGABA
Interpreted Code
code that is compiled on the fly each time the program is run
Hybrid Risk Analysis
combines quantitative and qualitative risk analysis
System unit
computer case, containing all of the internal electronic components including motherboard, internal disk drives, power supply etc
Source Code
computer programming language instructions that are written in text that must be translated into machine code before execution by the CPU
Sniffing
confidentiality attack on network traffic
Southbridge
connects I/O devices such as disk, keyboard, mouse, CD drive, USB ports etc
recovery controls
controls that restore a damege system or process
Decryption
converts a cipher text into plaintext
Substitution
cryptographic method that replaces one character with another
punitive damages
damages designed to punish an individual or organization
Statutory Damages
damages prescribed by law
Socket pair
describes a unique connection between two nodes: source port, source IP, destination port and destination IP
poison reverse
distance vector routihng protocol safeguard that sets bad route to infinity
Hold-Down Timers, Routing Information protocol
distance vector routing protocol safeguard that avoids flapping
XML
eXtensible Markup Language, a markup language designed as a standard way to encode documents and data
XP
eXtreme Programming, an agile development method that users paits of programmers who work off detailed specification
white hat
ethical hacker or researcher
real evidence
evidence consisting of tangilbe or physical objects
proxy firewall
firewalls that terminate connections and act as intermediary servers
Tailgating
following an authorized person into a building without providing credentials, AKA piggybacking
white box software testing
gives the tester accesss to program source code, data structures, variables, etc
principle of least privilege
granting subjects the minimum amount of authorization required (never give a person, program or process more permission than is required)
High-data-rate Digital Subscriber Line (HDSL)
high-data-rate DSL, matches SDSL speeds using two pairs of copper
policy
high-level management directives, administrative control
Hypertext Markup Language (HTML)
hypertext markup language, used to display web content
Hypertext Transport Protocol (HTTP)
hypertext transfer protocol, a protocol to transmit web data via a network
Hypertext Transport Protocol Secure (HTTPS)
hypertext transport protocol secure, HTTP using SSL, or TLS
physical controls
implemented with physical devices, such as locks, fencees, gates, etc.
recovery phase
incident response phase that restores a previously compromised system to operational status
Intellectual property
intangible property that resulted from a creative act
Internet Protocol Security (IPSEC)
internet protocol security, a suite of protocols that provide a cryptographic layer to both IPv4 and IPv6
Internet Relay Chat (IRC)
internet relay chat, a global network of chat servers and clients
principal
kerberos client (user) or service
query language
language that searches and updates a database
presentation layer
layer 6 of the OSI model, presents data to the application in a comprehensible way
physical layer
leyer 1 of the OSI modek, descrives units of data like bits rpresented by enerby, and he medium use to carry them
process isolation
logical control that attempts to prevent on process from interfering with another
Worm
malware that self-propogates
Virus
malware the requires a carrier to propagate
Harrison-Ruzzo-Ullman Model
maps subjects, objects, and accessrights to an access matrix. It is considered a variation to the graham-dennis model
Spoofing
masquerading as another endpoint
reference monitor
mediates all access between subjects and objects
High Availability (HA) Cluster
multiple systems that can be seamlessly leveraged to maintain the availability of the service or application being provided. Also called a failover cluster
Inheritance
objects inherit capabilities from their parent class
private key
one half of asymmetric key pair, must be kept secure (cousin of symmetric key pair)
public key
one half of asymmetric key pari, may be publicly poste
Hash Function
one-way encryption using an algorigthm and no key
prudent man rule
organization should engage in business practices that a prudent, right thinking, person would consider to be appropriate (ever watch what would you do?)
Iris Scan
passive biometric scan of the iris (colored portion of the eye)
Hybrid Attack
password attack that appends, prepends, or changes characters in words from a dictionary
PVC
permanent virtual circuit, a circuite that is always connected
PIN
personal identification number, a number-based password
PII
personally identifiable information, data associate with a specific person, such as credit card data
Star
physical network topology that connects each node to a central device such as a hub or a switch
Strike Plate
plate in the door jamb with a slot for a deadbolt or spring-bolt lock
PPP
point-to-point protocol, a layer 2 protocol that has largely replaces SLIP, adding confidentiality, integrity and authenticaion (CIA triad)
SOCKS
popular circuit-level proxy
POP
post office protocol, an email client protocol
POST
power on self test, performs basic computer hardware testes, including verifying the integrity of the BIOS, testing the memory, identifying system devices, among other tasks. Machines can fail this, it may come with beeps.
preventive controls
prevents actions from occuring
PRI
primary rate interface, provides 23 64K digital ISDN channels (as in conjuction with BRI)
PLD
programable logic device, field-programmable hardware
PROM
programmable read only memory, memory that can be written to once, typically at the factory
procedural languages
programming languages that use subroutines, procedures and functions
privacy
protection of the confidentiality of personal information
privacy act of 1974
protects US citizens' data that is being used by the federal government
Telnet
protocol that provides terminal emulation over a network using TCP port 23
PKI
public key infrastructure leverages symmetric, asymmetric and hash-based cyrptography to manage digital certificates
QoS
quality of service, gives specific traffic precedence over other traffic on packet-switched networks
RAM
random access memory, memory that allows any address to be directly accessed
RAD
rapid application development, rapidly develops software via the use of prototypes, "dummy" GUIs, back-end databases, and more
RAID
redundant array of inexpensive disks, a method of using multiple disk drives to achieve greater data reliabilty, greater speed, or both (striping, mirroring, or parity)
RAT
remote access trojans, trojan hourse which may be remotely controlled
RADIUS
remote authentication dial in user service, a UDP-based third-party authenction system (like pvault)
referential integrity
requires that every foreign key in a secondary table matches a primary key in the parent table
SYN flood
resource exhaustion DoS attack that fills a system's half-open connection table
RC4
rivest cipher 4, used to provide confidentiality by WPA
RC5
rivest cipher 5, symmetric block cipher by RSA laboratories
RC6
rivest cipher 6, symmetric block cipher by RSA laboratories, AES finalist
RBAC
role-based access controls, subjects are grouped into roles and each defined role has access permission base dupon the role, not the individual (there is also MAC & DAC)
product owner
scrum rold that serves as the voice of the business unit
Hearsay
second-hand evidence
SSH
secure shell, a secure replacement for telnet, ftp and the unix "R" commands
Integrity
seeks to prevent unauthorized modification of information
ping
sends and ICMP Echos Request to a node and listens for an ICMP Echo Reply
Half Duplex
sends or receives at one tome only (not simultanesouly), like a walkie-talkie
SSID
service set identifier, acts as a wireless network name
plan maintenance
seventh steps of the NIST SP 800-34 contingency planning process
SNMP
simple network management protocol, unsed to monitor network devices
plan testing, training and exercises
sixth step of the NISt SP 800-34 contingency planning process
registers
small storage locations used by the CPU to store instructions and data
Hypervisor
software or operating system that controls access between virtual guests and host hardware
Software escrow
source code held by a neutral third party
procedure
step-by-step guide for accomplishing a task, administrative control
polyalphabetice cipher
substitution cipher using multiple alphabets
penetration
successful attempt at circumventing security controls and gaining access to a system.
Diameter RADIUS
successor, designed to provide an improved Authentication, Authorization , and accounting (AAA) framework
Spear Phishing
targeted phishing attack against a small number of high level victims
Internet Layer (TCP/IP)
tcp/ip model layer that aligns with the layer 3 of the OSI model, describes IP Addresses and routing
Integration testing
testing multiple software components as they are combined into a working system
regression testing
testing software after updates, modifications or patches
Installation testing
testing software as it is installed and first operated
Interface Testing
tests all the ways users can interact with the application, and is concerned with appropriate functionality being exposed. From a security-oriented vantage point, the goal is to ensure that security is uniformly applied across the various interfaces
Static Testing
tests code passively, the code is not running
promiscuous access
the ability to sniff all traffic on a network (sounds like promiscuous mode)
reduction analysis
the process of analyzing and lowering risk
data warehousing
the process of combining data from multiple databases or data sources into a large data store for the purpose of providing more extensive information retrieval and data analysis.
Tailoring
the process of customizing a standard for an organization
due diligence
the process of systematically evaluating information to identify vulnerabilities, threats, and issues relating to an organization's overall risk.
cryptography
the science of secret writing that enables storage and transmission of data in a form that is available only to the intended individuals.
provide diligent and competent service to principals
third canon of the (ISC)2 Code of Ethics
Identify preventative controls
third step of the NIST SP 800-34 contigency planning process
Database shadowing
two or more identical databases that are updated simultaneously
primary key
unique attribute in a relational database table, used to join tables (as in SQL or MS Access)
Thin client applications
use a web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the client's browser
Synchronous Dynamic Token
use time or counters to synchronize a displayed token code with the code expected by the authentication server
SOAP
used to implement web services, used to stand for Simple Object Access Protocol, now simply "SOAP"
Social Engineering
uses the human mind to bypass security controls
Swapping
uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory
polymorphic virus
virus that changes its sinature upon infection of a new systme, attempting to evade signature-based antivirus software
WEP
wired equivalent privacy, a very weak 802.11 security protocol
