CISSP

Ace your homework & exams now with Quizwiz!

Permutation

(Also called transposition) provides confusion by rearranging the characters of the plaintext, anagram-style

Clipper Chip

(Failed) 1993 Escrowed Encryption Standard (EES), which used the Skipjack algorithm

E3

24 E1s

T3

28 bundled T1s

Grandfather-Father-Son Tape Rotation

3 sets of tapes: 7 daily tapes (the son), 4 weekly tapes (the father), and 12 monthly tapes (the grandfather). Once per week a son tape graduates to father. Once every 5 weeks a father graduates into a grandfather. After running for a year this method ensures there are backup tapes available for the past 7 days, weekly tapes for the past 4 weeks, and monthly tapes for the past 12 months.

Triple DES

56-bit DES applied three times per block

Managed mode

802.11 mode that clients use to connect to an AP

802.11b

802.11 mode that operates at 11 mbps using the 2.4 GHz frequency

802.11g

802.11 mode that operates at 54 mbps using the 2.4 GHz frequency

802.11a

802.11 mode that operates at 54 mbps using the 5 GHz frequency

802.11n

802.11 mode that uses both 2.4 and 5 GHz frequencies and allows speeds of 144 mbps and beyond

Master mode

802.11 mode used by Aps

Ad hoc mode

802.11 peer-to-peer mode with no central AP

Monitor mode

802.11 read-only mode used for sniffing

Bluetooth

802.15 networking, a PAN wireless technology

Object

A "black box" that combines code and data, and sends and receives messages

Attribute

A Column in a relational database table

Cipher

A Cryptographic algorithm

Data Warehouse

A Large collection of Data

SLIP / Serial Line Internet Protocol

A Layer 2 protocol which provides IP connectivity via asynchronous connections such as serial lines and modems.

Dumpster diving

A Physical attack in which a person recovers trash in hopes of finding sensitive information that has been merely discarded in whole rather than being destroyed

RADIUS / Remote Authentication Dial In User Service

A UDP-based third-party authentication system.

Background checks

A Verification of a person's background and experience, Also called pre-employment screening

SIP / Session Initiation Protocol

A VoIP signaling protocol.

ATM/Asynchronous Transfer Mode

A WAN technology that uses fixed length cells

failover

A backup operation that automatically switches to a standby system if the primary system fails or is taken offline. It is an important fault-tolerant function that provides system availability.

GFS / Grandfather Father Son

A backup rotation method

Warm site

A backup site with all the necesssary hardware and connectivity, and configured computes without live data

Cold Site

A backup site with raised floor, power, utilities, and physical security, and no configured systems or data

Cracker

A black hat hacker

Zero knowledge test

A blind penetration test where the tester has no inside information at the start of the test

ISO 17799

A broad-based approach for information security code of practice by the International Organization for Standardization

Capability

A capability outlines the objects a subject can access and the operations the subject can carry out on the different objects. It indicates the access rights for a specific subject; many times, the capability is in the form of a ticket.

Botnet

A central bot command and control (C&C) network, managed by humans

Audit Trail

A chronological set of logs and records used to provide evidence of a system's performance or activity that took place on the system. These logs and records can be used to attempt to reconstruct past events and track the activities that took place, and possibly detect and identify intruders.

Compartment

A class of information that has need-to-know access controls beyond those normally provided for access to confidential, secret, or top-secret information. A compartment is the same thing as a category within a security label. Just because a subject has the proper classification, that does not mean it has a need to know. The category, or compartment, of the security label enforces the subject's need to know.

multilevel security

A class of systems containing information with different classifications. Access decisions are based on the subject's security clearances, need to know, and formal approval.

Savepoint

A clean snapshot of the database tables.

TACACS (Terminal Access Controller Access Control System)

A client/server authentication protocol that provides the same type of functionality as RADIUS and is used as a central access control mechanism mainly for remote users.

covert channel

A communications path that enables a process to transmit information in a way that violates the system's security policy

Distributed Network Protocol 3 (DNP3)

A communications protocol designed for use in SCADA systems, particular those within the power sector, that does not include routing functionality.

Trojan Horse

A computer program that has an apparently or actually useful function, but that also contains hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.

Trojan horse

A computer program that has an apparently or actually useful function, but that also contains hidden malicious capabilities to exploit a vulnerability and/or provide unauthorized access into a system.

Accredited

A computer system or network that has received official authorization and approval to process sensitive data in a specific operational environment. There must be a security evaluation of the system's hardware, software, configurations, and controls by technical personnel.

Bot

A computer system running malware that is controlled via a botnet

Extranet

A connection between private Intranets

Best practice

A consensus of the best way to protect the confidentiality, integrity and availability of assets

countermeasure

A control, method, technique, or procedure that is put into place to prevent a threat agent from exploiting a vulnerability. A countermeasure is put into place to mitigate risk. Also called a safeguard or control

Multiprotocol Label Switching (MPLS)

A converged data communications protocol designed to improve the routing speed of high-performance networks.

Fiber Channel over Ethernet (FCoE)

A converged protocol that allows Fiber Channel frames to ride over Ethernet networks

Internet Small Computer System Interface (iSCSI)

A converged protocol that encapsulates SCSI data on TCP segments in order to allow peripherals to be connected to computers across networks.

covert timing channel

A covert channel in which one process modulates its system resource (for example, CPU cycles), which is interpreted by a second process as some type of communication.

covert storage channel

A covert channel that involves writing to a storage location by one process and the direct or indirect ready of the storage location by another process. Covert storage channels typically involve a resource (for example, sectors on a disk) that is shared by two subjects at different security levels.

Object

A data file

Network model (telecommunications)

A description of how a network protocol suite operates

Certification

A detailed inspection that verifies whether a system meets the documented security requirements

Clearance

A determination, typically made by a senior security professional, about whether or not a user can be trusted with a specific level of information

Lightweight Directory Access Protocol (LDAP)

A directory service based on a subset of the X.500 standard that allows users and applications to interact with a directory.

key

A discrete data set that contorls the operation of a cryptography algorithm. In encryption, a key specifies the particular transformation of plaintext to ciphertext, or vice versus, during encryption. Keys are also used in other cryptographic algorithms, such as digital signatures and keyed-hash functions (also known as HMACs), which are often used for authentication and integrity.

RIP / Routing Information Protocol

A distance vector routing protocol that uses hop count as its metric.

Annualized loss expectancy (ALE)

A dollar amount that estiamtes the loss potenial from a risk in a span of a year. Single Loss Expectancy (SLE) x annualized rate of occurrence (ARO) = ALE

Ciphertext

A encrypted message

dictionary attack

A form of attack in which an attacker uses a large set of likely combinations to guess a secret, usually a password.

Packet-switched network

A form of networking where bandwidth is shared and data is carried in units called packets

EULA / End User License Agreement

A form of software licensing agreement

Biba Model

A formal state transition system of a computer security policy that describes a set of access control rules designed to ensure data integrity.

Public Key Infrastructure (PKI)

A framework of programs, procedures, communication protocols, and public key cryptography that enables a diverse group of individuals to communicate securely.

Business Impact Analysis (BIA)

A functional analysis in which a team collects data, documents business functions, develops a hierarchy of business functions, and applies a classification scheme to indicate each individual function's criticality level.

fail-safe

A functionality that ensure that when software or system fails for any reason, it does not end up in a vulnerable state. After a failure, software might default to no access instead of allowing full control, which would be an example of a fail-safe measure.

GAN / Global Area Network

A global collection of WAN's

Delphi technique

A group decision method used to ensure that each member of a group gives an honest and anonymous opinion pertaining to the company's risks.

SHA-1 / Secure Hash Algorithm 1

A hash function that creates a 160-bit message digest.

SHA-2 / Secure Hash Algorithm 2

A hash function that includes SHA-224, SHA-256, SHA-384, and SHA-512, named after the length of the message digest each creates.

Security assessments

A holistic approach to assessing the effectiveness of access control. May use other tests as a subset, including penetration tests and vulnerability scans.

Ticket Granting Service (TGS)

A kerberos service which grants access to services

Foreign key

A key in a related database table that matches a primary key in the parent database

EAP / Extensible Authentication Protocol

A layer 2 authentication framework that describes many specific authentication protocols

Entrapment

A legal defense wher the defendant claims an agent of law enforcement persuaded the defendant to commit a crime that he or she would otherwise not have committed

trademark

A legal right that protects a word, name, product shape, symbol, color, or a combination of these used to identify a product or a company.

Trademark

A legal right that protects a word, name, product shape, symbol, color, or combination of these used to identify a product or company.

Copyright

A legal right that protects the expression of ideas.

operational assurance

A level of confidence of a trusted system's architecture and implementation that enforces the system's security policy. This can include system architecture, covert channel analysis, system integrity, and trusted recovery.

Thread

A lightweight process (LWP)

Access Control list (ACL)

A list of subjects that are authorized to access a particular object. Typically, the types of access are read, write, execute, append, modify, delete, and create.

Database Journal

A log of all database transactions. Should a database becomes corrupted, the database can be reverted to a backup copy, and then subsequent transactions can be "replayed" from the journal, restoring database integrity

Passphrase

A long static password, comprised of words in a phrase or sentence

logic bomb

A malicious program that is triggered by a specific event or condition.

Logic bomb

A malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processes, or on a specific date

Data Owner

A management employee responsible for assuring that specific data is protected

XML / Extensible Markup Language

A markup language designed as a standard way to encode documents and data

lattice-based access control mode

A mathematical model that allows a system to easily represent the different security levels and control access attempts based on those levels. Every pair of elements has a highest lower bound and a lowest upper bound of access rights. The classes stemmed from military designations.

formal security policy model

A mathematical statement of a security policy. When an operating system is created, it can be built upon a predeveloped model that lays out how all activates will take place in each and every situation. This model can be expressed mathematically, which is then translated into a programming language.

Parity

A means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance

data remanence

A measure of the magnetic flux density remaining after removal of the applied magnetic force, which is used to erase data, Refers to any data remaining on magnetic storage media

Trusted Path

A mechanism within the system that enables the user to communicate directly with the TCB. This mechanism can be activated only by the user or the TCB and not by an untrusted mechanism or process.

trusted path

A mechanism within the system that enables the user to communicate directly with the TCB. This mechanism can be activated only by the user or the TCB and not by an untrusted mechanism or process.

one-time pad

A method of encryption in which the plaintext is combined with a random "pad," which should be the same length as the plaintext. This encryption process uses a nonrepeating set of random bits that are combined bitwise (XOR) with the message to produce ciphertext. A one-time pad is a perfect encryption scheme because it is unbreakable and each pad is used exactly once, but it is impractical because of all of the required overhead.

Risk Analysis

A method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards.

Remote Journaling

A method of transmitting changes to data to an offsite facility. This takes place as a parallel processing of transactions, meaning that changes to that data are saved locally and to an off-site facility. These activities take place in real time and provide redundancy and fault tolerance.

Challenge/Response Method

A method used to verify the identity of a subject by sending the subject an unpredictable or random value. If the subject responds with the expected value in return, the subject is authenticated.

Clipping level

A minimum reporting threshold level

database shadowing

A mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy.

Microkernels

A modular kernel

DevOps

A more agile development and support model, echoing agile programming methods including Sashimi and Scrum. Developers directly support operational function

OSI Model

A network model with seven layers: physical, data link, network, transport, session, presentation, application

Network stack

A network protocol suite programmed in software or hardware

object

A passive entity that contains or receives information. Access to an object potentially implies access to the information that it contains. Examples of objects include records, pages, memory segments, files, directories, directory trees, and programs.

overt channel

A path within a computer system or network that is designed for the authorized transfer of data.

Full knowledge test

A penetration test where the tester is provided with inside information at the start of the test

Partial Knowledge Test

A penetration test where the tester is provided with partial inside information at the start of the test

User

A person or process that is accessing a computer system.

user

A person or process that is accessing a computer system.

disaster recovery plan

A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities.

Contingency Plan

A plan put in place before any potential emergencies, with the mission of dealing with possible future emergencies. It pertains to training peronnel, performing backups, preparing critical facilities, and recoving from an emergency or disaster so that business operations can continue.

Bollard

A post designed to stop a car, typically deployed in front of building entrances

Threat

A potentially negative ocurrence

Mantrap

A preventive physical control with two doors. Each door requires a separate form of authentication to open

Intranet

A privately owned network running TCP/IP

Callback

A procedure for identifying a system that accessed an environment remotely. In a callback, the host system disconnects the caller and then dials the authorized telephone number of the remote terminal in order to reestablish the connection. Synonymous with dialback.

Capability Maturity Model Integration (CMMI)

A process model that captures the organization's maturity and fosters continuous improvement.

Vulnerability Scanning

A process to discover poor configurations and missing patches in an environment

TPM (Trusted Platform Module)

A processor that can provide additional security capabilities at the hardware level, allowing for hardware-based cryptographic operations

Risk Analysis Matrix

A quadrant used to map the likelihood of a risk occurring against the consequences (or impact) that risk would have.

Salt

A random number that is hashed with a password. Allows one password to hash multiple ways.

Guideline

A recommendation, administrative control

Asset

A resource that is valuable to an organization and must be protected

Deadbolt

A rigid locking mechanism that is held in place by a key, and prevents the door from opening or fully closing when extended

quantitative risk analysis

A risk analysis method that attempts to use percentages in damage estimations and assigns real numbers to the costs of countermeasures for particular risks and the amount of damage that could result from the risk. Compare to qualitative risk analysis.

qualitative risk analysis

A risk analysis method that uses intuition and experience to judge an organization's exposure to risks. It uses scenarios and ratings systems. Compare to quantitative risk analysis.

Caesar Cipher

A rot-3 substitution cipher

Tuple

A row in a relational database table

SSH / Secure Shell

A secure replacement for Telnet, FTP and the UNIX "R" commands.

Accountability

A security principle indicating that individuals must be identifiable and must be held responsible for their actions.

need to know

A security principle stating that users should have access only to the information and resources necessary to complete their tasks that fulfill their roles within an organization. Need to know is commonly used in access control criteria by operating systems and applications.

privacy

A security principle that protects an individual's information and employs controls to ensure that this information is not disseminated or accessed in an unauthorized manner.

Confidentiality

A security principle that works to ensure that information is not disclosed to unauthorized subjects.

RADIUS (Remote Authentication Dial-in User Service)

A security service that authenticates and authorizes dial-up users and is a centralized access control mechanism.

password

A sequence of characters used to prove one's identity. It is used during a logon process and should be highly protected.

nonrepudiation

A service that ensures the sender cannot later falsely deny sending a message.

Blacklist

A set of known bad resources such as IP addresses, domain names, or applications.

Whitelist

A set of known good resources such as IP addresses, domain names, or applications.

whitelist

A set of known good resources such as IP addresses, domain names, or applications.

Trusted Recovery

A set of procedures restores a system and its data in a trusted manner after system has been disrupted or a system failure has occurred.

trusted recovery

A set of procedures that restores a system and its data in a trusted manner after the system has been disrupted or a system failure has occurred.

protocol

A set of rules and formats that enables the standardized exchange of information between different systems.

Backdoor

A shortcut in a system that allows a user to bypass security checks

Packet Filter

A simple and fast firewall that has no concept of state

SA / Security Association

A simplex connection which may be used to negotiate ESP or AH parameters.

Virus

A small application, or string of code, that infects applications. The main function of a virus is to reproduce, and it requires a host application to do this. It can damage data directly or degrade system performance.

virus

A small application, or string of code, that infects applications. The main function of a virus is to reproduce, and it requires a host application to do this. It can damage data directly or degrade system performance.

Flash memory

A specific type of EEPROM, used for small portalbe disk drives

TEMPEST

A standard for shielding electromagnetic emanations from computer equipment

Monolithic kernel

A statically compiled kernel

SMTP / Simple Mail Transfer Protocol

A store-and-forward protocol used to exchange email between servers.

Database

A structured collection of related data

Access

A subject's ability to view, modify, or communicate with an object. Access enables the flow of information between the subject and the object.

SDLC / Synchronous Data Link Control (Telecommunications)

A synchronous layer 2 WAN protocol that uses polling to transmit data.

SDLC / Systems Development Life Cycle (Applications)

A system development model that focuses on security in every phase.

Trusted Computer System

A system that has the necessary controls to ensure that the security policy will not be compromised and that can process a range of sensitive or classified information simultaneously.

trusted computer system

A system that has the necessary controls to ensure that the security policy will not be compromised and that can process a range of sensitive or classified information simultaneously.

node

A system that is connected to a network.

Classification

A systematic arrangement of objects into groups or categories according to a set of established criteria. Data and resources can be assigned a level of sensitivity as they are being created, amended, enhanced, stored, or transmitted. The classification level then determines the extent to which the resource needs to be controlled and secured, and is indicative of its value in terms of information assets.

end-to-end encryption

A technology that encrypts the data payload of a packet.

Security audit

A test against a published standard.

Kerberos

A third-party authentication service that may be used to support Single Sign On

keystroke monitoring

A type of auditing that can review or record keystrokes entered by a user during an active session.

Fuzzing / Fuzz testing

A type of black box testing that enters random malformed data as inputs into software programs to determine if they will crash

RFID / Radio-Frequency Idnetification

A type of contact less card technology.

link encryption

A type of encryption technology that encrypts packets' headers, trailers, and the data payload. Each network communications node, or hop, must decrypt the packets to read its address and routing information and then re-encrypt the packets. This is different from end-to-end encryption.

public key encryption

A type of encryption that uses two mathematically related keys to encrypt and decrypt messages. The private key is known only to the owner, and the public key is available to anyone.

User ID

A unique set of characters or code that is used to identify a specific user to a system.

user ID

A unique set of characters or code that is used to identify a specific user to a system.

Compromise

A violation of the security policy of a system or an organization such that unauthorized disclosure or modification of sensitive information occurs.

Vulnerability

A weakness in a system

Twofish

AES finalist,encrypting 128-bit blocks usinf 128 through 256 bit keys

Access Control Lists/ACL

Access Control List

Domains of trust

Access control Module used by windows active directory

Nondiscretionary access control

Access control based on subjects' roles or tasks

Color of law

Acting on the authority of law enforcement

Sanction

Action taken as a result of policy violation.

Authorization

Actions an individual can perform on a system

Microwave motion detector

Active motion detector that uses microwave energy

SSID / Service Set Identifier

Acts as a wireless network name.

Ultrasonic motion detector

Actuve motion detector that uses ultrasonic energy

Compensation controls

Additional security controls put in place to compensate for weaknesses in other controls

ASLR

Address Space Layout Randomization, seeks to decrease the likelihood of successful exploitation by making memory address employed by the system less predictable

Address Space Layout Randomization/ASLR

Address Space Layout Randomization, seeks to decrease the likelihood of successful exploitation by making memory address employed by the system less predictable

Virtualization

Adds a software layer between an operating system and the inderlying computer hardware

Content-dependent access controls

Adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access

Context-dependent access control

Adds additional criteria beyond identification and authentication: the context of the access, such as time

Access Control Mechanism

Administrative, physical, or technical control that is designed to detect and prevent unauthorized access to a resource or environment.

Advanced Encryption Standard/AES

Advanced Encryption Standard, a block cipher using 128 bit, 192 bit, or 256 bit keys to encrypt 128-bit blocks of data

Scrum

Agile development model that uses small teams, roles include Scrum Master and Product Owner.

Integrated Circuits Cards (ICC)

Alias for "Smart Card". Physical access control device that's contains a computer circuit

trusted computing base (TCB)

All of the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.

Convergence

All routers on a network agree on the state of routing

Trusted Computing Base (TCB)

All the protection mechanisms within a computer system (software, hardware, and firmware) that are responsible for enforcing a security policy.

First sale doctrine

Allows a legitimate purchaser of copyrighted material to sell it to another person

API/Application Programmers Interface

Allows an application to communicate with another application, or an operating system, database, network, etc. For example, The Google Maps API allows an application to integrate 3rd-party content such as restaurants overlaid on a Google Map

Multitasking

Allows multiple tasks (heavy weight processes) to run simultaneously on one CPU

Fair use doctrine

Allows someone to duplicate copyrighted material without requiring the payment, consent, or even knowledge of the copyright holder

Business Owners

Also called Mission Owners, members of senior management who create the information security program and ensure that it is properly staffed, funded, and has organization priority

Synthetic Transactions

Also called synthetic monitoring, involves building scripts or tools that simulate activities normally performed in an application

Walkthrough drill

Also known as a simulation test, recovery form a pretend disaster, goes beyond talking about the process and actually has teams carry out the recovery process

Divestitures

Also known as de-mergers and de-acquisitions, and represent flip side of acquisition: one company becomes two or more

RFI / Remote File Inclusion

Altering web URLs to include remote content.

Assurance

Ameasurement of confidence in the level of protection that a specific security control delivers and the degree to which is enforces the security policy.

XP / Extreme Programming

An Agile development method that uses pairs of programmers who work off a detailed specification

SAML / Security Assertion Markup Language

An XML-based framework for exchanging security information, including authentication data.

Reference Monitor Concept

An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. The security kernel enforces the reference monitor concept.

discretionary access control (DAC)

An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.

Message Authention Code (MAC)

An access policy that restricts subjects' access to objects based on the security clearance of the subject and the classification of the object. The system enforces the security policy, and users cannot share their files with other users.

declassification

An administrative decision or procedure to remove or reduce the security classification information.

Collusion

An agreement between two or more individuals to subvert the security of a system

pseudo-flaw

An apparent loophole deliberately implanted in an operating system or program as a trap for intruders.

Waterfall model

An application development model that uses riged phases; when one phase end, the next begins

Top-down Approach

An approach in which the initiation, support, and direction for a project come from top management and work their way down through middle management and then to staff members.

top-down approach

An approach in which the initiation, support, and direction for a project come from top management and work their way down through middle management and then to staff members.

protection ring

An architecture that provides hierarchies of privileged operation modes of a system, which gives certain access rights to processes that are authorized to operate in that mode. Supports the integrity and confidentiality requirements of multitasking operating systems and enables the operating system to protect itself from user programs and rogue processes.

Full backup

An archive of all files

Differential backup

An archive of any files that have been changed since the last full backup was performed

cost/benefit analysis

An assessment that is performed to ensure that the cost of a safeguard does not outweighs the benefit of the safeguard. Spending more to protect an asset than the asset is actually worth does not make good business sense. All possible safeguards must be evaluated to ensure that the most security-effective and cost-effective choice is made.

War Dialing

An attack in which a long list of phone numbers I inserted into a war-dialing program in the hope of finding a modem that can be exploited to gain unauthorized access.

war dialing

An attack in which a long list of phone numbers is inserted into a war-dialing program in the hope of finding a modem that can be exploited to gain unauthorized access.

Brute-Force Attack

An attack that continually tries different inputs to achieve a predefined goal, which can be used to obtain credentials for unauthorized access.

Attack

An attempt to bypass security controls in a system with the mission of using that system or compromising it. An attack is usually accomplished by exploiting a current vulnerability.

digital signature

An electronic signature based upon cryptographic methods of originator authentication, computer by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.

Zero-day exploit

An exploit for a vulnerability with no available vendor patch

EGP / Exterior Gateway Protocol

An exterior gateway protocol used by Private networks like Intreanets

Worm

An independent program that can reproduce by copying itself from one system to another. It may damage data directly or degrade system performance by tying up resources.

worm

An independent program that can reproduce by copying itself from one system to another. It may damage data directly or degrade system performance by tying up resources.

data custodian

An individual who is responsible for the maintenance and protection of the data. This role is usually filled by the IT department (usually the network administrator). The duties include performing regular backups of the data; implementing security mechanisms; periodically validating the integrity of the data; restoring the data from backup media; and fulfilling the rudiments specified in the company's security policy, standards, and guidelines that pertain to information security and data protection.

operator

An individual who supports the operations of computer systems—usually a mainframe. The individual may monitor the execution of the system, control the flow of jobs, and develop and schedule batch jobs.

Payment Card Industry Data Security Standard (PCI-DSS)

An information security standard for organizations that are involved in payment card transactions.

exposure

An instance of being exposed to losses from a threat. A weakness or vulnerability can cause an organization to be exposed to possible damages.

Clark-Wilson Model

An integrity model that addresses all three integrity goals: prevent unauthorized users from making modification, prevent authorized users from making improper modifications, and maintain internal and external consistency through auditing.

Common Criteria

An internationally agreed upon standard for describing and testing the security of IT projects

Java

An object-oriented language used not only to write applets, but also as a general-purpose programming language

Password Cracking

An offline technique in which the attacker has gained access to the password hashes or database

Password guessing

An online technique that involves attempting to authenticate as a particular user to the system

write

An operation that results in the flow of information from a subject to an object

Write

An operation that results in the flow of information from a subject to an object.

Read

An operation that results in the flow of information from an object to a subject and does not give the subject the ability to modify the object or the data within the object.

Recovery Planning

An operation that results in the flow of information from an object to a subject and does not give the subject the ability to modify the object or the data within the object.

Back Door

An undocumented way of gaining access to a computer system. After a system is compromised, an attacker may load a program that listens on a port )back door) so that the attacker can enter the system at any time. A back door is also referred to as a trapdoor.

denial of service (DoS)

Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.

Candidate keys

Any attribute (column) in the table with unique values

Covert channel

Any communications that violates security policy

Disaster

Any disruptive event that interrupts normal systems, operations.

Bastion Host

Any host placed on the internet that is not protected by another device

Threat

Any potential danger that a vulnerability will be exploited by a threat agent.

threat

Any potential danger that a vulnerability will be exploited by a threat agent.

Defense in Depth

Application of Multiple safeguards that span multiple domains to protect an asset

FIdM / Federated Identity Management

Applies Single Sign On at a much wider scale: tanging from cross-organization to Internet scale

data classification

Assignments to data that indicates the level of availability, integrity, and confidentiality that is required for each type of information

Non-repudiation

Assurance that a specific user performed a specific transaction and assurance that that the transaction did not change

Availability

Assures information is available when needed

ADSL

Asymmetric Digital Subscriber Line, DSL featuring faster download speeds than upload

ABM

Asynchronous Mode HDLC combined mode where nodes may act as primary or secondary, initiating transmission without receiving permission

ARCNET

Attached Resource Computer Network, a Legacy LAN technology that uses tokens

Server-side attack

Attack launched directly from an attacker to a listening service. Also called service-side attack

Lock bumping

Attack on locks using a shaved key, which bumps the pins, allowing the lock to turn

Brute force attack

Attack that attempts every possible key or combination

Client-side attacks

Attack where a user downloads malicious content

Script kiddies

Attackers who target computer systems with tools they have little or no understanding of.

Disassembler

Attempt to convert machine language into assembly

SSL / Secure Sockets Layer

Authenticates and provides confidentiality to network traffic such as web traffic.

AH/Authentication Header

Authentication Header, Ipsec protocol that provides authentication and integrity for each packet of network data

Asynchronous Dynamic Token

Authentication that is not synchronized with a central server, includes challenge-response tokens

Overt Channel

Authorized communication that complies with security policy

BIOS

Basic Input output System, typically stored in firmware

BRI

Basic Rate interface, provides two 64 K digital ISDN channels

Electronic vaulting

Batch process of electronically transmitting data that is to be backed up on a routine, regularly scheduled time interval

Simple Security Property

Bell-LaPadula property that states "no read up" (NRU).

Security property

Bell-LaPadula property that states "no write-down"

Strong Tranquility property

Bell-LaPudula property that states security labels will not change while the system is operating

Weak tranquility property

Bell-Lapadula property that states security labels wil not change in a way that violates security policy

Simple integrity axiom

Biba property that states "no read down".

Integrity Axiom

Biba property which states "no write-up"

Facial Scan

Bimetric control that compares a picture of a face to pictures stored in a database

Exclusive Or

Binary operation that is true if one of two inputs (but not both) are true

Dynamic signatures

Biometric control that measures the process by which someone signs their name

Keyboard dynamics

Biometric control that refers to how hard a person presses each key and the rhythm by which the keys are pressed

Retina scan

Biometric laser scan of the capillaries which feed the retina.

Fingerprint scan

Biometric scan of the minutae (specific details of the fingerprint)

Binary image

Bit-level copy of memory

Combinatorial software testing

Black box testing method that seeks to identify and test all unique combinations of software inputs

Chaining

Block cipher mechanism that seeds the previous encrypted block into the next block to be encrypted

Blowfish

Block cipher using from 32 through 448 bit (the default is 128) keys to encrypt 64 bits of data

BOOTP

Bootstrap Protocol, used for bootstrapping via a network by diskless systems

Bootstrap Protocol - BOOTP

Bootstrap Protocol, used for bootstrapping via a network by diskless systems

BGP

Border Gateway Protocol, the routing protocol used on the Internet

Border Gateway Protocol - BGP

Border Gateway Protocol, the routing protocol used on the Internet

BCP

Business Continuity Plan, A long-term plan to ensure the continuity of business operations

Business Continuity Plan - BCP

Business Continuity Plan, A long-term plan to ensure the continuity of business operations

BRP

Business Recovery Plan, details the steps required to restore normal business operations after recovering from a disruptive event. Also known as the Business Resumption Plan

Business Recovery Plan - BRP

Business Recovery Plan, details the steps required to restore normal business operations after recovering from a disruptive event. Also known as the Business Resumption Plan

Business Resumption Plan - BRP

Business Recovery Plan, details the steps required to restore normal business operations after recovering from a disruptive event. Also known as the Business Resumption Plan

Trade secret

Business-propriety information that is important to an organizations ability to compete

Repeatable

CMM / Capability Maturity Model phase 2.

Optimizing

CMM Phase 5

Defined

CMM phase 3

Managed

CMM phase 4

ALU/Arithmetic Logic Unit

CPU Component that performs mathematical calculations

I/O Controller Hub (ICH)

CPU Southbridge bus connects input/output (I/O) devices such as disk, keyboard, mouse, CD drive, USB ports,etc..

Control unit

CPU component that acts as a traffic cop, sending instructions to the ALU

piplining

CPU feature that combines multiple steps into on combined process, allowing simultaneous fetch, decode, execuet and write steps for different instructions

RISC / Reduced Instruction Set Computer

CPU instructions which are short and simple.

CMM

Capability Maturity Model, a maturity framework for evaluating and improving the software development process

Capability Maturity Model - CMM

Capability Maturity Model, a maturity framework for evaluating and improving the software development process

playback attack (same as replay attack?)

Capturing data and resending the data at a later time in the hope of tricking the receiving system. This is usually carried out to obtain unauthorized access to specific resources.

CSMA

Carrie Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions

Carrier Sense Multiple Access - CSMA

Carrier Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions

CPU

Central Processing unit, the "brains" of the computer, capable of controlling and performing mathematical calculations

Central Processing Unit - CPU

Central Processing unit, the "brains" of the computer, capable of controlling and performing mathematical calculations

CRL

Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked

Certificate Revocation List

Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked

CHAP

Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret

Challenge Handshake Authentication Protocol - CHAP

Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret

Dynamic password

Changes at regular intervals

CSU/DSU

Channel Service Unit/Data Service Unit, DCE device

Channel Service Unit/Data Service Unit - CSU/DSU

Channel Service Unit/Data Service Unit, DCE device.

CCD

Charged Couple Discharge, a digital CCTV

Charged Couple Discharge - CCD

Charged Couple Discharge, a digital CCTV

CBC

Cipher Block Chaining, a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted

Cipher Block Chaining - CBC

Cipher Block Chaining, a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted

CFB

Cipher Feedback, a stream mode DES that is similar to block-mode CBC

Cipher Feedback - CFB

Cipher Feedback, a stream mode DES that is similar to block-mode CBC

Rijndael

Cipher which became AES, named after authors Vincent Rijmen and Joan Daemen.

Well-formed transactions

Clark-Wilson control to enforce contol over applications

CIDR

Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary stateful network sizes

Classless Inter-Domain Routing - CIDR

Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary stateful network sizes

CCTV

Closed Circuit Television, a detective device used to aid guards in detecting the presence of intruders in restricted areas

Closed Circuit Television - CCTV

Closed Circuit Television, a detective device used to aid guards in detecting the presence of intruders in restricted areas

Traceroute

Command the ues ICMP Time Exceeded messages to trace a network route

COTS

Commercial Off-the-Shelf Software, third-party developed commercial software available to the generic public

Class II gate

Commercial gate, such as a parking garage gate

COCOM

Committee for Multilateral Export Controls, a munitions law which was in effect from 1947 to 1994. It was designed to control the export of critical technologies (including cryptography) to "Iron Curtain" countries during the cold war

CORBA

Common Object Request Broker Architecture, an open vendor-neutral networked object broker framework

Digital

Communication that transfers data in bits: ones and zeroes

Analog

Communications that sends a continuous wave of information

Mirroring

Complete duplication of data to another disk, used by some levels of RAID

SaaS / Software as a Service

Completely configured cloud-based application, from the operating system on up.

CISC

Complex Instruction Set Computers, CPU instructions that are longer and more powerful

COM

Component Object Model, locates, and connects objects locally

Session hijacking

Compromise of an existing network sessions.

CIRT

Computer Incident Response Team, a team that performs incident handling

CSIRT

Computer Security Incident Response Team, the group that is tasked with monitoring, identifying, and responding to security incidents

Diskless workstation

Computer systems that contains CPU, Memory, and Firmware, but no hard drive, type of thin client

CASE

Computer-Aided Software Engineering, uses programs to create assist in the creation and maintenance of other computer programs

Computer Fraud

Computer-related crimes involving deliberate misrepresentation, modification, or disclosure of data in order to compromise a system or obtain something of value.

Centralized access control

Concentrates access control in one logical point for a system or organization

Buffer overflow

Condition where an attacker can inset data beyond the end of a buffer variable

life-cycle assurance

Confidence that a trusted system is designed, developed, and maintained with formal designs and controls. This includes design specification and verification, implementation, testing, configuration management, and distribution.

CIA triad

Confidentiality, Integrity and Availability

DTE/DCE

Connection that spans the Demarc

Middleware

Connects programs to programs

Northbridge

Connects the CPU to RAM and video memory, also called the memory controller hub (MCH)

Host-To-Host Transport Layer (TCP/IP transport layer)

Connects the internet layer to the application layer. Where applications are addressed on a network via ports.

Data dictionary

Contains a description of the database tables, including the schema, database view information, and information about authorized database administrator and user accounts

Encapsulation / Object

Contains and hides the details of an object's method

Motherboard

Contains computer hardware including the CPU, memory slots, firmware, and peripheral slots such as PCI (Peripheral Component Interconnect) slots

Relational database

Contains two-dimensional tables of related data.

CDN

Content Distribution networks (also Content Delivery Networks) use a series of distributed caching servers to improve performance and lower the latency of downloaded online content

CPPT

Continuity Planning Project Team, a team comprised of stakeholders within an organization and focuses on identifying who would need to play a role in specific emergency event were to occur

COOP

Continuity of Operations Plan, a plan to maintain operations during a disaster

BS-25999

Continuity standard by the British Standards institution (BSI)

SLA / Service Level Agreement

Contractual agreement that helps assure availability.

COBIT

Control Objectives for Information and related Technology, a control framework for employing information security governance best practices within an organization

Confinement

Controlling information in a manner that prevents sensitive data from being leaked from a program to another program, subject, or object in an unauthorized manner.

physical security

Controls and procedures put into place to prevent intruders from physically accessing a system or facility. The controls enforce access control and authorized access.

Communications Security

Controls in place to protect information as it is being transmitted, especially by telecommunications mechanisms.

Detection controls

Controls that alert during or after a successful attack

Compensating Controls

Controls that are alternative procedures designed to reduce the risk. They are used to "counterbalance" the effects of an internal control weakness.

Corrective controls

Controls that correct a damaged system or process

physical controls

Controls that pertain to controlling individual access into the facility and different departments, locking systems and removing unnecessary floppy or CD-ROM drives, protecting the perimeter of the facility, monitoring for intrusion, and checking environmental controls.

Free software

Controversial term that is defined differently by different groups. "Gree" may mean free of charge, or "free" may mean the user is free to use the software in any way they would like, including modifying it

Hacker

Controversial term that may mean explorer or someone who maliciously attacks systems

Compiler

Convert source code, such as C or Basic, and compile it into machine code

Encryption

Converts the plaintext to a ciphertext

Back up

Copy and move data to a medium so that it may be restored if the original data is corrupted or destroyed. A full backup copies all the data from the system to the backup medium. An incremental backup copies only the files that have been modified since the previous backup. A differential backup backs up all files since the last full backup.

CCMP

Counter Mode CBC MAC Protocol, used by WPA2 to create a MIC

CTR

Counter, a stream mode of DES that uses a counter for feedback

Search Warrant

Court order that allows a legal search.

Timing Channel

Covert channel that relies on the system clock to inder sensitve information

Storage Channel

Covert channel that uses shared storage, such as a temporary directory to allow two subjects to signal each other

Genetic algorithms

Creating computer algorithms via Darwinian evolution principals

Genetic programming

Creating entire software programs (usually in the form of Lisp source code) via Darwinian evolution principals

Computer crimes

Crimes using computers

CMP

Crisis Management Plan

XSS

Cross Site Scripting, third-party execution of web scripting languages such as Javascript within the security content of a trusted site

CSRF

Cross-Site Request Forgery, third-party redirect of static content within the security context of a trusted site

CER

Crossover Error Rate, describes the point where the False Reject Rate (FRR) and the False Accept Rate (FAR) are equal

Side-Channel attack

Cryptographic attack which uses physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.

Jefferson Disks

Cryptographic device invented by Thomas Jefferson that used multiple wheels, each with an entire alphabet along the ridge

Cipher disk

Cryptographic device that uses two concentric disks, each with an alphabet around the periphery

Book cipher

Cryptographic method that uses whole words from a well-known text such as a dictionary as a one-to-one replacement for plaintext

Running-key cipher

Cryptographic method that uses whole words from a well-known text such as a dictionary, "adding" letters to plaintext using modular math.

Customary Law

Customs or practices that are so commonly accepted by a group that the custom is treated as law

Distributed component object model

DCOM

Mobile sites

DRP backup site option that is a "data centers on wheels"; towable trailers that contain racks of computer equipment, as well as HVAC, fire suppression and physical security

SDSL / Symmetric Digital Subscriber Line

DSL with matching upload and download speeds.

operational goals

Daily goals to be accomplished to ensure the proper operation of an environment.

Compensatory damages

Damages provided as compensation

Ticket

Dara that authenticates a Kerberos principal's identity

DCE

Data Circuit-Terminating equipment, a device that networks DTEs, such as a router

DDL

Data Definition language, used to create, modify, and delete tables

DEA

Data Encryption Algorithm, described by DES

DES

Data Encryption Standard, a symmetric block cipher using a 56-bit key and 64-bit block size

DEP

Data Execution Prevention, which can be enabled within hardware and/or software, and makes specific pages of the stack non-executable

DML

Data Manipulation language, used to query and update data stored in the tables

Data Manipulation Language

Data Manipulation language, used to query and update data stored in the tables

DTE

Data terminal equipment, a Network "terminal," such as a desktop, server, or actual terminal

Data Terminal Equipment

Data terminal equipment, a Network "terminal," such as a desktop, server, or actual terminal

Ciphertext

Data that has been encrypted and is unreadable until it has been converted into plaintext.

data in transit or data in motion (DIM)

Data that is moving between computing nodes over a data network such as the Internet.

Electronic Backups

Data that is stored electronically and can be retrieved in case of disruptive event or disaster

Remanence

Data that might persist after removal attemps.

data a rest (DAR)

Data that resides in external or auxiliary storage devices such as hard disk drives, solid-states drives, or DVDs.

data in use

Data that temporarily resides in primary storage such as registers, caches, or RAM while the CPU is using it.

DBA

Database Administrator, role that manages databases

Database Administrators

Database Administrator, role that manages databases

DBMS

Database management system, controls all across all access to the database and enforces database security

Database management system

Database management system, controls all across all access to the database and enforces database security

Object-Oriented Database

Database that combines data with functions (code) in an object-oriented framework

Hierarchical Database

Database that forms a tree

Codebreakers (The)

David Kahn's history of cryptography

E1

Dedicated 2.048 megabit circuits that carries 30 channels

Modes of Operation

Dedicated, system-high, compartmented, and multilevel modes

Inference

Deductive attack where a user is able to use lower-level access to learn restricted information

DARPA

Defense Advanced Research Projects Agency, funders of the original MILNET and ARPANET

Demarc

Demarcation point, where the ISP's responsibility end, and the customer's begins

DMZ

Demilitarized Zone network, used to separate trusted from untrusted networks

Demilitarized Zone

Demilitarized Zone network, used to separate trusted from untrusted networks

Denial of Service

Denial of Service, an attack on availability

DoS

Denial of Service, an attack on availability

Schema

Describes the attributes and values of the database tables.

Cryptographic Protocol Governance

Describes the process of selecting the right cipher and implementation for the right job

Standard

Describes the specific use of technology, often applied to hardware and software administrative control

4GL / Fourth-generation programming language

Designed to increase programmer's efficiency by automating the creation of computer programming code

Degaussing

Destroying the integrity of the magnetization of the storage media, making the data unrecoverable

procedure

Detailed step-by-step instructions to achieve a certain task, which are used by users, IT staff, operations staff, security members, and others.

Deterrent controls

Deter users from performing actions on a system

Executive Succession Planning

Determines an organizations line of succession

Take-Grant Protection Method

Determines the safety of a given computer system that follows specific rules

Sashimi Model

Development model with highly overlapping steps; it can be thought of as a real-world successor to the Waterfall Model.

Turnstile

Device designed to prevent tailgating by enforcing a 'one person per authentication' rules

Firewall

Device that filters traffic based on layers 3 (IP Addresses) and 4 (ports)

DSl

Digital subscriber Line, uses existing copper pairs to provide digital service to homes and small offices

Digital subscriber line

Digital subscriber Line, uses existing copper pairs to provide digital service to homes and small offices

DSSS

Direct Sequence Spared Spectrum, uses the entire wireless band at once

Direct sequence spread spectrum

Direct Sequence Spared Spectrum, uses the entire wireless band at once

Account Lockout

Disables an account after a set number of failed logins, sometimes during a specific time period

DRP

Disaster Recovery Plan, a short-term plan to recover from a disruptive event

Disaster recovery plan

Disaster Recovery Plan, a short-term plan to recover from a disruptive event

DAD

Disclosure, Alteration, and Destruction, the opposite of Confidentiality, Integrity and Availability

DAC

Discretionary Access Control, gives subjects full control of objects they have or been given access to, including sharing objects with other subjects

Split horizon

Distance vector routing protocol safeguard will not send a route update via an interface it learned the route from

Ddos

Distributed Denial of Service, an availability attack using many systems

Distributed Denial of Service

Distributed Denial of Service, an availability attack using many systems

DNP3

Distributed Network Protocol, provides an open standard used primarily within the energy sector for interoperability between various vendors' SCADA and smart grid applications

DCOM

Distributed component object model, locates, and connects objects across a network

Seperation of duties

Dividing sensitive transactions among multiple subjects

LAND attack

DoS attack which uses a spoofed SYN packet that includes the victim's IP address as both source and destination

ping of death (malformed packets)

DoS that sends a malformed ICMP Echo Request (ping) that is larger than the maximum size of an IP packet

Formal access approval

Documented approval from the data owner for a subject to access certain objects

Ethics

Doing what is morally right

DNS

Domain Name System, a distributed global hierarchical database that translates names to IP Addresses, and vice versa

Domain Name systems

Domain Name System, a distributed global hierarchical database that translates names to IP Addresses, and vice versa

DNSSEC

Domain Name server security extensions, provides authentication and integrity to DNS reponces via the use of public key encryption

Domain Name Server security extensions

Domain Name server security extensions, provides authentication and integrity to DNS response via the use of public key encryption

Ethernet

Dominant local area networking technology that transmits network data via frames

DHCP

Dynamic Host Configuration protocol, assigns temporary IP address leases to systems, as well as DNS and default gateway configurations

Dynamic host configuration protocol

Dynamic Host Configuration protocol, assigns temporary IP address leases to systems, as well as DNS and default gateway configurations

DRAM

Dynamic Random Access Memory, stores bits in small capacitors (Like small batteries), cheaper, and slower than SRAM

EAP OVER LAN

EAP Over LAN, a Layer 2 protocol for varying EAP

EAPOL

EAP Over LAN, a Layer 2 protocol for varying EAP

EAP tunneled transport layer security

EAP tunneled transport layer security, simplifies EAP-TLS by dropping the client side certificate requirement

EAP-TTLS

EAP tunneled transport layer security, simplifies EAP-TLS by dropping the client side certificate requirement

EAP-FAST

EAP-Flexible Authentication via Secure Tunneling, designed by Cisco to replace LEAP

EAP-TLS

EAP-Transport Layer security, uses PKI, requiring both server-side and client side certificates

EAP-Transport Layer Security

EAP-Transport Layer security, uses PKI, requiring both server-side and client side certificates

Integrated Services Digital Network (ISDN)

Earlier attempt to provide digital service via 'copper pair'. Commonly used for teleconferencing and videoconferencing.

Panic bar

Egress device that opens externally facing doors from the inside

emanations

Electrical and electromagnetic signals emitted from electrical equipment that can transmit through the airwaves. These signals carry information that can be captured and deciphered, which can cause a security breach. These are also called emissions.

EEPROM / Electrically -Erasable Programmable Read Only Memory

Electrically erasable memory via the use of flashing program

Symmetric Encryption

Encryption that uses one key to encrypt and decrypt

Asymmetric Encryption

Encryption that uses two keys: if you encrypt with one you may decrypt with the other

Emanations

Energy which escape an slectronic system, and which may be remotely monitored under certain circumstances

Noninterference model

Ensures that data at different security domains remain separate from one another

Directory path traversal

Escaping from the root of a webserver (such as /var/www) into the regular file system by referencing directories such as "../.."

Secondary Evidence

Evidence consisting of copies of original documents and oral descriptions.

Corroborative evidence

Evidence that provides additional support for a fact that might have been called into question

Circumstantial evidence

Evidence that servers to establish the circumstances related to particular points or even other evidence

XOR

Exclusive OR, binary operation that is true if one of two inputs (but not both) are true

Knowledge base

Expert system component that consists of "if/then" statements

Inference Engines

Expert system component that follows the tree formed by knowledge base, and fires a rule where there is a match

Backward chaining

Expert system mode that starts with begins with a premise and works backwards

Forward chaining

Expert system mode that starts with no premise, and works forward to determine a solution

EAP

Extensible Authentication Protocol, a Layer 2 authentication framework that describes many specific authentication protocols

Whole Disk Encryption

FDE - Full Disk Encryption

Type II Error

False Acceptance Rate (FAR) , occurs when an authorised subject is accepted as valid

Type I error

False Reject Rate (FRR) occurs when an authorised subject is rejected as invalid

Develop an IT contingency plan

Fifth step of the NIST SP 800-34 contingency planning process

Stateful firewall

Firewall with a state table that allows the firewall to compare current packets to previous

protect society, the commonwealth, and the infrastructure

First canon of the (ISC)2 Code of Ethics

Develop the contingency planning policy statement

First step of the NIST SP 800-34 contingency planning process

Information Technology Security Evaluation Criteria (ITSEC)

First successful evaluation model that separates functionality (how well a system works) from assurance ( the ability to evaluate the security of a system)

Static Route

Fixed routing entries

Agile Software Development

Flexible software development model that evolved as a reaction to rigid software development models such as the Waterfall Model

Continuity of Support Plan

Focuses narrowly on support of specific IT systems and applications

Mandatory leave

Forcing staff to take vacation or time away from the office. Also known as forced vacation

Ring model

Form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.

Pairwise testing

Form of combinatorial software testing that tests unique pairs of inputs

All pairs testing

Form of combinatorial software testing that tests unique pairs of inputs otherwise known as (Pairwise testing)

Develop recovery strategy

Forth step of the NIST SP 800-34 contingency planning process

Advance and protect the profession

Fourth canon of the (ISC)2 Code of Ethics

4GL

Fourth-generation programming language designed to increase programmers efficiency by automating the creation of computer programming code

Information Technology Infrastructure Library (ITIL)

Framework for providing best services in IT Service Management (ITSM).

Shareware

Fully functional proprietary software that may be initially used free of charge. If the user continues to use the Shareware for a specific period of time, the shareware license typically requires payment.

Fitness function

Genetic algorithm concept that assigns a score to an evolved algorithm

Crossover

Genetic algorithm concept that combines two algorithms

Mutation

Genetic algorithm concept that introduces random changes to algorithms

Black box software testing

Gives the tester no internal details: the software is treated as a black box that receives inputs

"Bad" Blocks/Clusters/sectors

Good disk blocks marked as bad

ARM/Asynchronous Response Mode

HDLC mode where secondary nodes may initiate communication with the primary

Hacktivist

Hacker activist, someone who attacks computer systems for political reasons

ATA Secure Erase

Hardware-level secure erase command available on Solid State Drives (SSD's) that erases all blocks and also generates a new encryption key

Hash of Variable Length

Hash algorithm that creates message digests of 128, 160, 192, 224, or 256 bits in length, using 3, 4, or 5 rounds.

Hashed Message Authentication Code (HMAC)

Hash function that uses a key

Health Insurance Portability and Accountability Act (HIPAA)

Health insurance portability and accountability act, united states regulation which protects healthcare information

Abstraction

Hides unnecessary details from the user

Accountability

Holds individuals accountable for their actions

Host-Based Intrusion Detection Systems (HIDS)

Host based intrusion detection systems, a detective technical control

Host-Based Intrusion Prevention Systems (HIPS)

Host based intrusion prevention system, preventative device that processes information within the host

Dual homed host

Host with 2 Network interfaces one connected to a trusted network and the other connected to an untrusted network

Classful address

IPv4 networks in classes A through E

Caller ID

Identifies the calling phone number, sometimes used as a weak authentication method

Identity as a Service (IDaaS)

Identity as a service, also called cloud identity, allows organizations to leverage closed service for identity management

masquerading

Impersonating another user, usually with the intention of gaining unauthorized access to a system.

Administrative Controls

Implemented by creating and following organizational policy, procedures, or regulation. Also called directive controls

Technical Controls

Implemented using software, hardware or firmware that restricts logical access on an information technology system

plaintext

In cryptography, the original readable text before it is encrypted.

Cleartext

In data communications, cleartext is the form of a message or data, which is transferred or stored without cryptographic protection.

Detection phase

Incident response phase that analyses events in order to determine weather they might comprise a security incident

Containment phase

Incident response phase that attempts to keep further damage from occurring as a result of the incident

Eradication phase

Incident response phase that cleans a compromised system

Reporting phase

Incident response phase that provides a final report on the incident.

Interrupt

Indicates an asynchronous CPU event has occurred

ISM

Industrial, Scientific, and Medical, wireless bands set aside for unlicensed use

Class III gate

Industrial/limited access gate, such as a loading dock

ITIL

Information Technology Infrastructure Library, is a framework for providing best services in IT Service Management

ITSEC

Information Technology Security Evaluation Criteria, the first successful

maintenance hook

Instructions within a program's code that enable the developer or maintainer to enter the program without having to go through the usual access control and authentication processes. Maintenance hooks should be removed from the code before it is released to production; otherwise, they can cause serious security risks. Also called trapdoor or back door.

ISDN

Integrated Services Digital Network, provides digital service via copper pair

Integrated Product Team (IPT)

Integrated product team, a customer-focused group that focuses on the entire lifecycle of a project

Big Bang testing

Integration testing that tests all integrated software components

Trademark

Intellectual property protection that allows for the creation of a brand that distinguishes the source of products

Servicemark

Intellectual property protection that allows for the creation of a brand that distinguishes the source of services.

Patent

Intellectual property protection that grants a monopoly on the right to use, make, or sell an invention for a period of time

Interface Definition Language (IDL)

Interface definition language, used by COBRA objects to communicate

International Data Encryption Algorithm (IDEA)

International data encryption algorithm, a symmetric block cipher using a 128 bit key and 64 bit block size

Internet Security Association and Key Management Protocol (ISAKMP)

Internet Security Association and Key Management Protocol manages the Ipsec Security Association process

iSCSI

Internet Small Computer System Interface, Storage Area Network (SAN) protocol transmitted via Ethernet and TCP/IP

Internet Control Message Protocol (ICMP)

Internet control message protocol

Internet Key Exchange (IKE)

Internet key exchange, manages the IPSec encryption algorithm

Internet Message Access Protocol (IMAP)

Internet message access protocol, an email client protocol

Internet of Things (IOT)

Internet of Things, Internet-connected embedded devices such as thermostats, baby monitors, appliances, light bulbs, smart meters, etc...

IPv4

Internet protocol Version 4, commonly called IP. It's the fundamental protocol of the internet

IPv6

Internet protocol Version 6, the successor of IPv4, featuring the far larger address space, simpler routing, and simpler address assignment

IP

Internet protocol, includes all IPV4 and IPv6

Intrusion Detection System (IDS)

Intrusion detection system, a detective technical control

Active-passive Cluster

Involves devices or systems that are already in place, configured, powered on and ready to begin processing network traffic should a failure occur on the primary system

Active-active Cluster

Involves multiple systems all of which are online and actively processing traffic or data

ESP / Encapsulating Security Payload

Ipsec protocol which Payload primarily provides confidentiality by encrypting packet data

JSON

JavaScript Object Notation, a data interchange format

Ticket Granting Ticket (TGT)

Kerberos credentials encrypted with the TGS' key

KDC

Key Distribution Center, a Kerberos service that authenticates principals

Diffie-Hellman Key Agreement protocol

Key agreement allows two parties to securely agree on a symmetric key via public channel with no prior key exchange

Linear cryptanalysis

Known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key

VLAN

LAN, which can be thought of as a virtual switch

Administrative Law

Law enacted by government agencies, aka regulatory law

Civil law

Law that resolves disputes between individuals or organizations

Criminal law

Law where the victim can be seen as society itself

Repeater

Layer 1 device that receives bits on one port, and "repeats" them out the other port.

Hub

Layer 1 network access device that acts as a multiport repeater

L2F

Layer 2 Forwarding, designed to tunnel PPP

Frame

Layer 2 PDU

L2TP

Layer 2 Tunneling Protocol, combines PPTP and L2F

MAC address

Layer 2 address of a NIC

Switch

Layer 2 device that carries traffic on one LAN

Bridge

Layer 2 device that has two ports and connects network segments together

Data link layer

Layer 2 of the OSI model, handles access to the physical layer as well as local area network communication

Packet

Layer 3 PDU

Router

Layer 3 device that routes traffic from one LAN to another, based on IP addresses.

Network layer

Layer 3 of the OSI model, describes routing data from a system on one LAN to a system on another

Segment

Layer 4 PDU / Protocol Data Unit.

Session layer

Layer 5 of the OSI model, manages sessions, which provide maintenance on connections.

Application Layer (OSI)

Layer 7 of the OSI model where the user interfaces with the computer application.

FDDI / Fiber Distributge Data Interface

Legacy LAB technology that uses light

Token Ring

Legacy LAN techniology that uses tokens

Civil law (legal system)

Legal system that leverages codified laws or statues to determine what is considered within the bounds of law

Common law

Legal system that places significant emphasis on particular cases and judicial precedent as a determinant of laws

Religious law

Legal system that uses religious doctrine or interpertation as a source of legal understanding and statutes.

S/MIME / Secure/Multipurpose Internet Mail Extensions

Leverages PKI to encrypt and authenticate MIME-encoded email.

Legal liability

Liability enforced through civil law

LDAP

Lightweight Directory Access Protocol, open protocol for interfacing and querying directory service information provided by network operating systems. Uses port 389 via TCP or UDP

LEAP

Lightweight Extensible Authentication Protocol, a Cisco-proprietary protocol released before 802.1X was finalized

LCP

Link Control Protocol, the initial unauthenticated connected used by CHAP

Checklist testing

Lists all necessary components required for successful recovery, and ensures that they are, or will be, readily available should a disaster occur. Also knows as consistency testing

LAN

Local Area Network, a comparatively small network, typically confined to a building or an area within one

LLC

Logical Link Control, layer 2 protocol that handles LAN communications

Assembly Language

Low-level computer programming Language with instructions that are short mnemonics, such as "ADD", "SUB" (subtract) and "JMP" (jump) that match to machine language instructions

Unit Testing

Low-level tests of software components, such as functions, procedures or objects

Bytecode

Machine-independent interpreted code, used by Java

Commit

Makes changes to a database permanent

Enticement

Making the conditions for commission of a crime favorable for those already intent on breaking the law

Phishing

Malicious attack that poses as a legitimate site such as a bank, attempting to steal account credentials

Malware

Malicious software, any type of software which attacks an application or system

malware

Malicious software. Code written to perform activities that circumvent the security policy of a system. Examples are viruses, malicious applets, Trojan horses, logical bombs, and worms.

Trojan

Malware that performs two functions: one benigns (such as a game) and one malicious. Also called trojan horses

Rootkit

Malware that replaces portions of the kernel and/or operating system.

Vulnerability Management

Management of vulnerability information

ISO 22301

Management-focused business continuity guideline called "Business continuity management systems - Requirements"

MAC (Access Control)

Mandatory Access Control, system-enforced access control based on subject's clearances and object's labels

Traceability Matrix

Maps customers' requirements to the software testing plan: it 'traces' the 'requirements', and ensures they are being met

High-Data-Rate Digital Subscriber Line (HDSL)

Matches SDSL speeds using two pairs of copper. HDSL is used to provide inexpensive T1 service.

Aggregation

Mathematical attack where a user is able to use lower-level access to learn restricted information

MTD

Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted

MTTR

Maximum Transmission Unit, the maximum PDU size on a network

MTU

Maximum Transmission Unit, the maximum PDU size on a network

MTBF

Mean Time Between Failures, quantifies how long a new or repaired system will run on average before failing

FDX / Fetch and execute

Mechanism that allows the CPU to receive machine language instructions and execute them. Also called "Fetch, Decode, Execute"

Access Control

Mechanisms, controls, and methods of limiting access to resources to authorized subjects only.

MAC (Telecommunications)

Media Access Control, layer 2 protocol that transfers data to and from the physical layer

MD5

Message Digest 5, a hash function that creates a 128-bit message digest

MIC

Message Integrity Check, integrity protocol used by WPA2

MAN

Metropolitan Area Network, typically confined to a city, a zip code, or a campus or office park

Tactical Goals

Midterm goals to accomplish. These may be milestones to accomplish within a project or specific projects to accomplish in a year. Strategic, tactical, and operational goals make up a planning horizon.

tactical goals

Midterm goals to accomplish. These may be milestones to accomplish within a project or specific projects to accomplish in a year. Strategic, tactical, and operational goals make up a planning horizon.

MOR

Minimum Operating Requirements, describes the minimum environmental and connectivity requirements in order to operate computer equipment

Database replication

Mirrors a Live database, allowing simultaneous reads and writes to multiple replicated databases by clients

Brewer-Nash / Chinese Wall Model

Model designed to avoid conflicts of interest by prohibiting one person, like a consultant, from accessing multiple conflict of interest categories (CoIs)

Chinese Wall Model

Model designed to avoid conflicts of interest by prohibiting one person, like a consultant, from accessing multiple conflict of interest categories (CoIs)

Callback

Modem-based authentication system

Modem

Modulator/Demodulator; takes binary data and modulates it into analog sound that can be carried on phone networks

Return on Investment

Money saved by deploying a safeguard.

Failover cluster

Multiple systems that can be seamlessly leveraged to maintain the availability of the service or application being provided. Also called a failover cluster

MPLS

Multiprotocol Label Switching, provides a way to forward WAN data via labels

Wassenaar Arrangement

Munitions law that followed COCOM, beginning in 1996

NIST SP 800-34

NIST Special Publication 800-34 "Contingency Planning Guide for Information Technology Systems"

NAT

Network Address Translation, translates IP addresses

NIC

Network Interface Card, a card that connects a system to a network

NIDS

Network based intrusion detection system, a detective technical control

STP / Shielded Twisted Pair

Network cabling that contains additional metallic shielding around each twisted pair of wires.

Coaxial

Network cabling that has an inner copper core separated by an insulator from a metallic braid or shield

Unshielded Twister Pair (UTP)

Network cabling that uses pairs of wire twisted together

NIPS

Network intrusion prevention system, a device designed to prevent malicious network traffic

Circuit-switched network

Network that provides a dedicated circuit or channel between two nodes

Broadband

Network with multiple channels; can send multiple signals at a time, like cable TV

Baseband

Network with one channel; can only send one signal at a time

CWR

New TCP flag, Congestion Window Reduced

Remote meeting technology

Newer technology that allows users to conduct online meetings via the Internet, including desktop sharing functionality.

Fibre Channel

Non-Ethernet/IP fiber optic storage technology

NS

Nonce sum, the newest TCP flag, used for congestion notification

NDA

Nondisclosure agreement, a contractual agreement that ensures that an individual or organization appreciates their legal responsibility to maintain the confidentiality of sensitive information

Lattice-Based Access Controls

Nondiscretionary access control with defined upper and lower bounds implemented by the system

NRM

Normal response mode, SDLC/HDLC mode where secondar nodes can transmit when given permission by the primary

Breach notification

Notification of persons whose personal data has been, or is likely to have been, compromised

Openness Principle

OECD Privacy Guideline principle that states collection and use of personal data should be readily available

Security Safeguards Principle

OECD Privacy Guideline principle that states personal data should be reasonably protected against unauthorized use, disclosure, or alteration.

Use Limitation Principle

OECD Privacy Guideline principle that states personal data should never be disclosed without either consent of the individual or lgel requirement

Accountability Principle

OECD Privacy Guideline principle which states individuals should have the right to challenge the content of any personal data being held, and have a process for updating their personal data if found to be inaccurate or incomplete

Collection Limitation Principle

OECD Privacy Guideline principle which states personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individuals knowledge and approval.

Data Quality Principle

OECD Privacy guideline principle that states personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection

Individual Participation Protocol

OECD privacy guideline principle that states indivdual should have control over their data

purpose specification principle

OECD privacy guidline principle that states the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined a the time of collection

polymorphism

OOP concept based on the Greek roots "polyu" and "morph" meaning many and forms, respectively): allows an object to overload an operator, for example

Parent Class

OOP concept that allows objects to inherit capabilites from parents

Coupling

OOP concept that connects objects to others. Highly coupled objects have low cohesion

Cohesion

OOP concept that describes as independent object. Objects with high cohesion have low coupling

Interior Gateway Protocol (IGP)

OSI Layer 3 Routing Protocol used for private networks, like Intranets

ORBs

Object Request Brokers, used to locate and communicate with objects

OOA

Object-Oriented Analysis, high-level approach to understanding a problem domain that identifies all objects and their interaction

OOD

Object-Oriented Design, a high-level object-oriented approach to designing software

OOP

Object-Oriented Programming, changes the older procedural programming methodology, and treats a program as a series of connected objects that communicate via messages

OLE

Oblject Linking and Embedding, part of DCOM which links documents to other documents

OEP

Occupant Emergency Plan, a facility-based plan focused on safety and evacuation

FRR / False Reject Rate

Occurs when an authorized subject is rejected as invalid, Also known as a type I error

FAR / False Accept Rate

Occurs when an unauthorized subject is accepted as valid, Also known as a type II error

Authorization Creep

Occurs when employees not only maintain old access rights but also gain new ones as they move from one division to another within an organization.

Screened host architecture

Older flat network design using one router to filter external traffic to and from a bastion host via an ACL.

X.25

Older packet switched Wan protocol

Thinnet

Older type of coaxial cable, used for Ethernet bus networking

Thicknet

Older type of coaxial cable, used for ethernet bus networking

Instance

One copy of an object

Footcandle

One lumen per square foot

Lux

One lumen per square meter

Vernam Cipher

One-time pad using a teletypewriter, invented by Gilbert Vernam

Multicast

One-to-many network traffic, and the "many" is preselected

Unicast

One-to-one netork traffi, such as a client surfing the web

Simplex

One-way communication, like a car radio tuned to a music station.

OCSP

Online Certificate Status Protocol

OSPF

Open Shortest Path First, an open link state routing protocol

OCTAVE

Operationally Critical Threat, Asset and Vulnerability Evaluation, a risk management framework from Carnegie Mellon University

OECD Privacy Guidelines

Organization for Economic Cooperation and Development privacy guidelines, containing eight principles

OUI

Organizationally unique identifier, first 24-bits of a MAC address

OFDM

Orthogonal Frequency-Division Multiplexing, a newer wireless multiplexing method, allowing simultaneous transmission using multiple independent wireless frequencies that do not interfere with each other

OFB

Output Feedback, a stream mode of DES that uses portions of the keyfor feedback

Offshoring

Outsourcing to another country

protocol data unit

PDU

protected EAP

PEAP

pretty good privacy

PGP

public key infrastructure

PKI

Certificate Authority

PKI component that authenticates the identity of a person or organization before issuing a certificate to them

programmable logic device

PLD

post office protocol

POP

power-on self-test

POST

point-to-point protocol

PPP

point-to-point tunneling protocol

PPTP

primary rate interface

PRI

programmable read only memory

PROM

platform as a service

Paas

RSN / Robust Security Network

Part of 802.11i that allows changes to cryptographic ciphers as new vulnerabilities are discovered.

Business interruption testing

Partial or complete failover to an alternate site

Crippleware

Partially functioning proprietary software, often with key features disabled. The user is typically required to make a payment to unlock the full functionality

Magnetic stripe card

Passive device that contains no circuits. Sometimes called swipe cards: they are used by swiping through a card reader

Passive infrared sensor

Passive motion detector that detects infrared energy created by body head

PAP

Password Authentication Protocol, an insecure network authentication protocol that exposes passwords in cleartext

Dictionary attack

Password cracking method that uses a [redefined list of words like a dictionary , running each word through a hash algorithm

One-Time password

Password that may be used for a single authentication

PCI-DSS

Payment Card Industry Data Security Standard, a security standard created by the Payment Card Industry Security Standards Council (PCI SSC)

penetration testing

Penetration testing is a method of evaluating the security of a computer system or network by simulating an attack that a malicious hacker would carry out. This is done so that vulnerabilities and weaknesses can be uncovered.

Transposition

Permutation - provides confustion by rearranging the characterso fthe plain-text, anagram style

PAN

Personal Area Network, a very small network with a range of 100 m or much less

PDA

Personal Data Assistant, a small networked computer that can fit in the palm of your hand

eDiscovery / Electronic Discovery

Pertains to legal counsel gaining access to pertinent ESI (Electronic Stored Information) during the pre-trial discovery phase of civil legal proceedings

Shoulder surfing

Physical attack where an attacker observes credentials, such as a key combination.

Bus

Physical network topology that connects network nodes in a string

Ring (physical)

Physical network topology that connects nodes in a physical ring.

Mesh

Physical network topology that interconnects network nodes to each other

Tree

Physical network topology with a root node, and branch node that are at least three level deep

POTS

Plain old telephone service, analog phone service (RJ11 fax machine)

Cyber Incident Response Plan

Plan designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan horses, etc.

PaaS

Platform as a service, provides a pre-configured operating system, and the customer configures the application

Vigenere Cipher

Ployalphabetic cipher names after Blaise de Vignère, using a Vignère Square

Exfiltration

Policy-violating removal of sensitive data fram a secure perimeter

802.1X

Port-based Network Access Control layer 2 authentication

Unallocated space

Portions of a disk partition whoc do not contain active data

Allocated Space

Portions of disk partition that are marked as actively containing data

Active RFID

Powered RFID tags that can operate via larger distances

Constrained user interface

Presents a user with limited controls on information, such as an ATM keypad

PGP

Pretty Good Privacy, software that integrates asymmetric, symmetric and hash cryptography

Intrusion Prevention System (IPS)

Preventative device designed to prevent malicious actions

Warded lock

Preventative device that turn a key through channels (called wards) to unlock

Key lock

Preventive device that requires a physical key to unlock

EU Data Protection Directive

Privacy directive which allows for the free flow of information while still maintaining consistent protections of each member nations citizens data

RFC 1918 addresses

Private IPv4 addresses which may be used for internal traffic.

Agents of law enforcement

Private citizens carrying out actions on the behalf of law enforcement

degauss

Process that demagnetizes magnetic media so that a very low residue of magnetic induction is left on the media. Used to effectively erase data from media.

Authentication

Proof of an Identity claim

PDU

Protocol Data Unit, a header and data at one layer of a network stack

Cable modem

Provide Internet access via broadband cable TV

Zachman Framework

Provides 6 frameworks for providing information security, asking what, how, where, who, when and why, and mapping those frameworks across rules including planner, owner, designer, builder, programmer and user

SAN / Storage Area Network

Provides block-level disk storage via a network.

Custodian

Provides hands-on protection of assets

Graham-Denning Model

Provides more granuler approach for interaction between subjects and objects.

Digital signature

Provides nonrepudiation, which includes authentication of the identity of the signer, and proof of the document's integrity

ECPA / Electronic Communications Privacy Act

Provides search and seizure protection to non-telephony electronic communications

BRI/Basic Rate Interface

Provides two 64k digital ISDN channels

Virtual Memory

Provides virtual address mapping between applications and hardward memory

Circuit-level proxy

Proxy firewall that operates at Layer 5

Application-layer proxy

Proxy firewall that operates up to Layer 7

qualitative risk analysis

RA method which uses approximate values (different from quantitative - which is to quantify, how much, count, etc..)

rapid application development

RAD

redundant array of inexpensive disks

RAID

RAID 1 + 0

RAID 0 combined with RAID 1, sometimes called RAID 10

RAID 10

RAID 1 + 0

RAID 2

RAID hamming code

RAID 1

RAID mirrored set

RAID 0

RAID striped set

RAID 3

RAID striped set with dedicated parity (byte level)

RAID 4

RAID striped set with dediciated parity (block level)

RAID 5

RAID striped set with distibuted parity

RAID 6

RAID striped set with dual distrubuted parity

random access memory

RAM

radio-frequency identification

RFID (best known as scanning bar codes)

reduced instruction set computer

RISC

read only memory

ROM

recovery point objective

RPO

recovery time objective

RTO

real-time transport protocol

RTP

Industrial, Scientific, and Medical (ISM)

Radium Spectrum (bands) that are set aside for unlicensed use, meaning you do not need to acquire a license from an organization such as the FCC to use them

ROM

Read Only Memory

Clark-Wilson

Real-world integrity model that protects integrity by having subjects access objects via programs

object reuse

Reassigning to a subject media that previously contained information. Object reuse is a security concern because if insufficient measures were taken to erase the information on the media, the information may be disclosed to unauthorized personnel.

Watchdog timer

Recovers a system by rebooting after critical processes hang or crash

Simulation test

Recovery from a pretend disaster, goes beyond talking about the process and actually has teams carry out the recovery process.

Parallel Processing

Recovery of critical processing components at an alternate computing facility, without impacting regular production systems

Cybersquatting

Registering internet domain names associated with another organization's intellectual property

Typosquatting

Registering internet domain names comprised of likely misspellings or mistyping of legitmate domain trademarks

Need to know

Requirement that subjects need to know infomration before accessing it

GLBA / Gramm-Leach-Bliley Act

Requires financial institutions to protect the confidentiality and integrity of consumer financial information

Gramm-Leach-Bliley Act (GLBA)

Requires financial institutions to protect the confidentiality and integrity of consumer financial information

Rotation of Duties

Requires that critical functions or responsibilities are not continuously performed by the same person without interruption. Also known as job rotation.

Entity Integrity

Requires that each tuple has a unique primary key that is not null

Semantic integrity

Requires that each value is consistent with the attribute data type

Due care

Requires that key organizational stakeholders are prudent in carrying out their duties, aka that "prudent man rule"

Chain of custody

Requires that once evidence is acquired, full documentation regarding who, what, when and where evidence was handled is maintained

Strong Authentication

Requires that the user present more than one authentication factor, also called dual factor authentication

Best evidence rule

Requires use of the strongest possible evidence

Class I gate

Residential gate designed for home use

Rollback

Restores a database after a failed commit.

Class IV gate

Restricted access gate, used at an airport or prison

Static password

Reusable passwords that may or may not expire

Data controllers

Role that creates and manages sensitive data within the organization. Human resources employees are an example: they create and manage sensitive data, such as salary and benefit data, reports from employee sanctions, etc..

Data Processor

Role that manages data on behalf of data controllers. An outsourced payroll company is an example of data processor

Enigman

Rotor machine used by German Axis powers during World War II

SIGABA

Rotor machine used by the United States through World War II into the 1950s.

Distance vector

Routing protocol that uses a simple metric, such as hop count

Link state

Routing protocols that factor in additional metrics for determining the best route, including bandwidth

Multiprocessing

Runs multiple processes on multiple CPUs

Internet Small Computer System Interface (iSCSI)

SAN protocol that allows for leveraging existing networking infrastructure and protocols to interface with storage

FCIP / Fibre Channel over IP

SAN protocol that encapsulates Fibre Channel frames via Ethernet and TCP/IP

FCoE / Fibre Channel over Ethernet

SAN protocol that leverages Fibre Channel, but can be transmitted across standard Ethernet networks. Does not use TCP/IP

SOX

Sarbanes-Oxley Act of 2002, created regulatory compliance mandates for publicly traded companies

SOX / Sarbanes-Oxley Act

Sarbanes-Oxley Act of 2002, created regulatory compliance mandates for publicly traded companies.

Remote journaling

Saves database checkpoints and the database journal to a remote site. In the event of failure at the primary site, the database may be recovered.

Cryptography

Science of creating messages whose meaning is hidden

Browsing

Searching through storage media looking for specific information without necessarily knowing what format the information is in. A browsing attack is one in which the attacker looks around a computer system either to see what looks interesting or to find specific information.

Act honorably, justly, responsibly, and legally

Second canon of the (ISC)2 Code of ethics

Conduct the business impact analysis (BIA)

Second step of the NIST SP 800-34 contingency planning process

SRTP

Secure Real-time Transport Protocol used to provide secure VoIP

SSL

Secure Sockets Layer, authenticates and provides confidentiality to network traffic such as web traffic

Code Repositories

Secure service for storing source code of projects, a public example is GitHub

Awareness

Security Control designed to change user behavior

SPI

Security Parameter Index, used to identify Simplex IPsec security violations

Training

Security control designed to provide a skill set

Label

Security level assigned to an object, such as confidential, secret or top secret

Administrative Controls

Security mechanisms that are management's responsibility and referred to as "soft" controls. These controls include the development and publication of policies, standards, procedures, and guidelines; the screening of personnel; security-awareness training; the monitoring of system activity; and change control procedures.

Bell-LaPadula

Security model focused on maintaining the confidentiality of objects

Biba

Security model focused on maintaining the integrity of objects

Add-on Security

Security protection mechanisms that are hardware or software retrofitted to a system to increase that system's protection level.

Penetration test

Security test designed to determine if an attacker can penetrate an organization

Computer-Aided Software Engineer

See - CASE

Counter Mode CBC MAC Protocol

See - CCMP

Content Distribution Networks

See - CDN

Crossover Error Rate

See - CER

Computer Incident Response Team

See - CIRT

Complex Instruction Set Computer

See - CISC

Crisis Management Plan

See - CMP

Control Objectives for Information and related Technology

See - COBIT

Component Object Model

See - COM

Continuity of Operations Plan

See - COOP

Commercial Off-the-Shelf Software

See - COTS

Continuity Planning Project Team

See - CPPT

Computer Security Incident Response Team

See - CSIRT

Cross-Site Request Forgery

See - CSRF

Counter Mode

See - CTR

Consistency testing

See - Checklist testing

Data Circuit-Terminating Equipment

See - DCE

Data Definition Language

See - DDL

Data Encryption Algorithm

See - DEA

Data Execution Prevention

See - DEP

Date Encryption Standard

See - DES

Data hiding

See - Encapsulation (object)

Cross-Site Scripting

See - XSS

Discretionary access control

See --DAC

Distributed Network Protocol

See DPN3

JavaScript Object Notation

See JSON - JavaScript Object Notation, a data interchange format

Network Address Translation

See NAT

Nondisclosure agreement

See NDA

Network Interface Card

See NIC

Network-based Intrusion Detection Systems

See NIDS

Network Intrusion Prevention System

See NIPS

Normal Response Mode

See NRM

Nonce Sum

See NS

Online Certificate Status Protocol

See OCSP

Operationally Critical Threat, Asset, and Vulnerability Evaluation

See OCTAVE

Occupant Emergency Plan

See OEP

Output Feedback

See OFB

Orthogonal Frequency-Division Multiplexing

See OFDM

Object Linking and Embedding

See OLE

Object-Oriented Analysis

See OOA

Object-Oriented Design

See OOD

Object-Oriented Programming

See OOP

Object Request Brokers

See ORBs

Open Shortest Path First

See OSPF

Organizationally Unique Identifier

See OUI

Personal Area Network

See PAN

Password Authentication Protocol

See PAP

Payment Card Industry Data Security Standard

See PCI DSS

Personal Digital Assistant

See PDA

Personally Identifiable Information

See PII

Personal Identification Number

See PIN

Mutual Aid Agreement

See Reciprocal agreement

Dual Factor Authentication

See Strong Authentication

Orange Book

See TCSEC

Common Object Request Broker Architecture

See- COBRA

Disclosure, Alteration and Destruction

See--DAD

Data remanence

See-Remanence

Contraband check

Seek to identify objects that are prohibited to enter a secure perimeter (such as an airplane)

Differential cryptanalysis

Seeks to find the "difference" between related plaintexts that are encrypted

Normalization

Seeks to make the data in a database table logically concise, organized and consistent

Confidentiality

Seeks to prevent the unauthorized disclosure of information

Expert systems

Seeks to replicate the knowledge and decision-making capability of human experts

Mission Owners

See—Business Owners - Also called Mission Owners, members of senior management who create the information security program and ensure that it is properly staffed, funded, and has organizational priority

Layered defense

See—Defense-in-depth Application of multiple safeguards that span multiple domains to protect an asset

Key Distribution Center

See—KDC Key Distribution Center, a Kerberos service that authenticates principals

Layer 2 Tunneling Protocol

See—L2TP - Layer 2 Tunneling Protocol, combines PPTP and L2F

Local Area Network

See—LAN - Local Area Network, a comparatively small network, typically confined to a building or an area within one

Link Control Protocol

See—LCP -Link Control Protocol, the initial unauthenticated connected used by CHAP

Lightweight Directory Access Protocol

See—LDAP - Lightweight Directory Access Protocol, open protocol for interfacing and querying directory service information provided by network operating systems. Uses port 389 via TCP or UDP

Lightweight Extensible Authentication Protocol

See—LEAP - Lightweight Extensible Authentication Protocol, a Cisco-proprietary protocol released before 802.1X was finalized

Logical Link Control

See—LLC- Logical Link Control, layer 2 protocol that handles LAN communications

Logical Unit Numbers

See—LUN - Logical Unit Numbers, provide a way of addressing storage across the network. Also used for basic access control for network accessible storage

Media Access Control

See—MAC - Mandatory Access Control, system-enforced access control based on subject's clearances and object's labels

Mandatory Access Control

See—MAC - Media Access Control, layer 2 protocol that transfers data to and from the physical layer

Metropolitan Area Network

See—MAN - Metropolitan Area Network, typically confined to a city, a zip code, or a campus or office park

Message Digest 5

See—MD5 - Message Digest 5, a hash function that creates a 128-bit message digest

Message Integrity Check

See—MIC - Message Integrity Check, integrity protocol used by WPA2

Minimum Operating Requirements

See—MOR - Minimum Operating Requirements, describes the minimum environmental and connectivity requirements in order to operate computer equipment

Multiprotocol Label Switching

See—MPLS - Multiprotocol Label Switching, provides a way to forward WAN data via labels

Mean Time Between Failures

See—MTBF - Mean Time Between Failures, quantifies how long a new or repaired system will run on average before failing

MAD

See—MTD - Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted

Maximum Allowable Downtime

See—MTD - Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted

Maximum Tolerable Downtime

See—MTD - Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted

Mean Time to Repair

See—MTTR - Mean Time to Repair, describes how long it will take to recover a failed system

Maximum Transmission Unit

See—MTU - Maximum Transmission Unit, the maximum PDU size on a network

Malicious Code

See—Malware -Malicious software, any type of software which attacks an application or system

MCH

See—Northbridge - Connects the CPU to RAM and video memory, also called the Memory Controller Hub (MCH)

Memory Controller Hub

See—Northbridge - Connects the CPU to RAM and video memory, also called the Memory Controller Hub (MCH)

Least privilege

See—Principle of least privilege - Granting subjects the minimum amount of authorization required to do their jobs, also known as minimum necessary access

LWP

See—Thread - A lightweight process (LWP)

Scrum Master

Senior member of the organization who acts as a coach for the Scrum team.

SDN / Software Defined Networking

Separates a router's control plane from the data (forwarding) plane. Routing decisions are made remotely, instead of on each individual router.

Layering

Separates hardware and software functionality into modular tiers

SLIP

Serial Line Internet Protocol, a Layer 2 protocol which provides IP connectivity via asynchronous connections such as serial lines and modems

SLA

Service Level Agreement, contractual agreement that helps assure availability

SIP

Session Initiation Protocol, a VoIP signaling protocol

Time multiplexing

Shares system resources between mulitiple processes, eahc with a dedicated slice of time

STP

Shielded Twisted Pair, network cabling that contains additional metallic shielding around each twisted pair of wires

Faraday Cage

Shields enclosed objects from EMI

Maintenance hook

Shortcut installed by system designers and programmers to allow developers to bypass normal system checks during development

Shadow Database

Similar to a replicated database, with one key difference: a shadow database mirrors all changes made to a primary database, but clients do not access the shadow.

Thin clients

Simple computer systems the rely on centralise applications and data

SMTP

Simple mail transfer protocol, a store-and-forward protocol used to exchange email between servers

ANN/Artificial Neural Networks

Simulate neural networks found in humans and animals

SLE

Single Loss Expectancy, the cost of a single loss

SSO

Single Sign On, allows a subject to authenticate once and then access multiple systems

Applet

Small pieces of mobile code that are embedded in other software such as web browsers

Fraggle attack

Smurf attack variation which uses UDP instead of ICMP

Initial

Software Capability Maturity Model (CMM) Phase 1 : software process is characterized as ad hoc, and occassionally even chaotic. Few processes are defined, and success depends on individual effort

Spiral Model

Software Development model designed to control risk

Antivirus Software

Software designed to prevent and detect malware infections

Intrusion Detection System (IDS)

Software employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity. The IDS can be network based, which monitors network traffic, or host based, which monitors activities of a specific system and protects system files and control mechanisms.

firmware

Software instructions that have been written into read-only memory (ROM) or a programmable ROM (PROM) chip.

Closed source

Software released in executable form: the source code is kept confidential

Machine code

Software that is executed directly by the CPU

Freeware

Software that is free of charge

Operating System

Software that operates a computer

Antimalware

Software whose principal functions include the identification and mitigation of malware; also known as antivirus, although this term could be specific to only one type of malware.

Open source

Software with publicly published source code, allowing anyone to inspect, modify, or compile the code

SSD

Solid State Drive, a combination of flash memory (EEPROM) and DRAM

Type 3 Authenication

Something you are

Type 2 Authentication

Something you have

Type 1 Authentication

Something you know

Slack Space

Space on a disk between the end-of-file marker and the end of the cluster

Minutiae

Specific fingerprint details that include whorls, ridges, bifurcation, and others

DNS reflection attack

Spoofed Dos attack using third-party DNS servers

Striping

Spreading data across multiple disks to achieve performance gains, used by some levels of RAID

Top-Down Programming

Starts with the broadest and highest level requirements (the concept of the final program) works down towards the low-level tehcnical implementation details

Bottom-Up programming

Starts with the low-level technical implementation details and works up to the concept of the complete program

SRAM

Static Random Access Memory, expensive and fast memory that uses small latches called "flip-flops" to store bits

Firmware

Stores small programs that do not change frequently, such as a compute's BIOS

Feedback

Stream cipher mechanism that seeds the previous encrypted bit into the next bit to be encrypted

SQL

Structured Query Language, the most popular database query language

RBAC / Role-Based Access Controls

Subjects are grouped into roles and each defined role has access permissions based upon the role, not the individual.

Rotation Cipher

Substitution cipher that shifts each character of ciphertext a fixed amount past each plaintext character.

Monoalphabetic cipher

Substitution cipher using one alphabet

High-level Data link control (HDLC)

Successor to SDLC. HDLC adds error correction and flow control, as well as two additional modes (ARM and ABM).

SMDS

Switched Multimegabit Data Service, an older WAN technology that is similar to ATM

SVC

Switched Virtual Circuit, a circuit that is established on demand

SPAN port

Switched port analyzer, receives traffic forwarded from other switch ports

Data Encryption Standard (DES)

Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).

SONET

Synchronous Optical Networking, carries multiple T-carrier circuits via fiber optic cable

Open system

System using open hardware and standards, using standard componenets from a variety of vendors

Closed system

System using proprietary hardware or software

PSH

TCP flac, push data to application layer

ACK

TCP flag, acknowledge received data

URG

TCP flag, packet contains urgent data

RST

TCP flag, reset (tear down) a connection.

SYN

TCP flag, synchronize a connection

FIN

TCP fral, finish a connection (gracefully)

Internet Protocol (TCP/IP)

TCP/IP model layer that aligns with layer 3 (network) layer of the OSI Model. This is where IP Addresses and routing lives.

Application Layer (TCP/IP)

TCP/IP model layer that combines Layers 5 through 7 of the OSI model

Network Access Layer

TCP/IP model layer that combines layers 1 and 2 of the OSI model. It describes Layer 1 issues such as energy, bits and the medium used to carry them

Transport Layer (OSI)

TCP/IP model layer that connects the internet layer to the application layer

Reserved ports

TCP/IP ports 1023 and lower.

Ephemeral ports

TCP/IP ports 1024 and higher

race condition

TOCTOU

Access Control Matrix

Table defining what access permissions exist between specific subjects and objects

Truth table

Table used to map all the results of a mathmatical operaiont such as XOR

Encapsulation / Network

Takes information from a higher network layer and adds a header to it, treating the higher-layer information as data

Live forensics

Taking a binary image of physical memory, gathering details about running processes, and gathering network connection data

Compartmentalization

Technical enforcement of need to know

ISO/IEC-27031

Technically-focused business continuity guideline that is part of the ISO 27000 series

TKIP

Temporal Key Integrity Protocol - user to provide integrity py WPA

TACACS

Terminal Access Controller Access Controller System, a SSO method often used for network equipment

TAP

Test Access Port, provides a way to tap into network traffic and see all unicast streams on a network

Direct evidence

Testimony provided by a witness regarding what the witness actually experienced

Acceptance Testing

Testing to ensure the software meets the customers operational requirements

Dynamic testing

Tests code while executing it

Flat file

Text file that contains multiple lines of data, each in a standard format

BCI

The Business Continuity Institute

Commandments of Computer Ethics

The Computer Ethics institute code of ethics

GIG / Global Information Grid

The US DoD global network, one of the largest private networks in the world

AV/Asset Value

The Value of a protected asset

Remote wipe

The ability to remotely erase a mobile device.

Vulnerability

The absence or weakness of a safeguard that could be exploited.

vulnerability

The absence or weakness of a safeguard that could be exploited.

Recovery Point Objective

The acceptable amount of data loss measured in time.

Aggregation

The act of combining information from separate sources of a lower classification level that results in the creation of information of a higher classification level, which the subject does not have the necessary rights to access.

Validation

The act of performing tests and evaluations to test a system's security level to see if it complies with security specifications and requirements.

validation

The act of performing tests and evaluations to test a system's security level to see if it complies with security specifications and requirements.

data leak prevention (DLP)

The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.

Threat Agents

The actors causing the threats that exploit a vulerability

RPO / Recovery Point Objective

The amount of data loss or system inaccessibility (measured in time) that an organization can withstand.

Work factor

The amount of time required to break a cryptosystem (decrypt a ciphertext without a key)

data mining

The analysis of the data held in data warehouses in order to produce new and useful information.

Depth of Field

The area that is in focus

Lock picking

The art of unlocking a lock without a key

Reliability

The assurance of a given system, or individual component, performing its mission adequately for a specified period of time under the expected operating conditions.

Access aggregation

The collective entitlements granted by multiple systems to one user. Can lead to authorization creep

EOC / Emergency Operations Center

The command post established during or just after an emergency event

isolation

The containment of processes in a system in such a way that they are seperated from one another to ensure integrity and confidentiality.

Full disclosure

The controverial practice of releasing vulnerability details publicly

kernel

The core of an OS, a kernel manages the machine's hardware resources (including the processor and the memory) and provides and controls the way any other software component accesses these resources.

Total Cost of Ownership (TCO)

The cost of a safeguard

ALE/Annualized Loss Expectancy

The cost of loss due to a risk over a year

Accreditation

The data owners acceptance of the risk represented by a system

Field of view

The entire area viewed by a camera

Work Factor

The estimated time and effort required for an attacker to overcome a security control.

work factor

The estimated time and effort required for an attacker to overcome a security control.

Keyboard unit

The external keyboard

Cache memory

The fastest memory on the system, required to keep up with the CPU as it fetches and executes instructions

802.11i

The first 802.11 wireless security standard that provides reasonable security

Method

The function performed by an object

ActiveX controls

The functional equivalent of Java applets. They use digital certificates instead of a sandbox to provide security

cryptosystem

The hardware or software implementation of cryptography.

Kernel

The heart of the operating system, that usually runs in ring 0. It provides the interface between hardware and the rest of the operating system, including applications

Configuration Management

The identification, control, accounting, and documentation of all changes that take place to system hardware, software, firmware, supporting documentation, and test results throughout the lifespan of the system.

BCP/DRP project manager

The key point of contact for ensuring that a BCP/DRP is not only completed, but also routinely tested

Risk

The likelihood of a threat agent taking advantage of a vulnerability and the resulting business impact. A risk is the loss potential, or probability, that a threat will exploit a vulnerability.

Security domain

The list of objects a subject is allowed to access.

Due Diligence

The management of Due care

RTO / Recovery Time Objective

The maximum time allowed to recover business or IT systems.

Recovery Time Objective

The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.

Baseline

The minimum level of security necessary to support and enforce a security policy.

dedicated security mode

The mode in which a system operates if all users have the clearance or authorization to access, and the need to know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements pertaining to this information.

Bell-LaPadula Model

The model uses a formal state transition model that describes its access controls and how they should perform. When the system must transition from one state to another, the security of the system should never be lowered or compromised. See also multilevel security, simple security proeprty, and start property (*-property).

ARO/Annual Rate of Occurrence

The number of losses suffered per year

Gross negligence

The opposite of due care

Diffusion

The order of plaintext should be dispersed in the ciphertext

802.11-1997

The original mode of 802.11 operated at 2mbs using the 2.4 GHz frequency

exposure factor

The percentage of loss a realized threat could have on a certain asset.

EF / Exposure Factor

The percentage of value an asset lost due to an iincident

Entitlements

The permissions granted to a user

Topology

The physical construction of how nodes are connected to form a network.

topology

The physical construction of how nodes are connected to form a network.

loss potential

The potential losses that can be accrued if a threat agent actually exploits a vulnerability.

cryptanalysis

The practice of breaking cryptosystems and algorithms used in encryption and decryption processes.

DevOps

The practice of incorporating developers and members of operations and quality assurance (QA) staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.

Responsible Disclosure

The practice of privately sharing vulnerability information with a vendor, and withholding public release until a patch is available.

ARPAnet

The predecessor of the Internet

Computer bus

The primary communication channel on a computer system

personnel security

The procedures that are established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances. Procedures confirm a person's background and provide assurance of necessary trustworthiness.

Throughput

The process of authenitcain to a system (such as a biometric authentication system)

Baselining

The process of capturing a point in time understanding of the current system security configuration

Scoping

The process of determining which portions of a standard will be employed by an organization.

Configuration management

The process of developing a consistent system security configuration that can be leveraged throughout an organization

Enrollment

The process of enrolling with a system (such as a biometric authentication system), creating an account for the first time

Risk Management

The process of identifying, assessing, and reducing the risk to an acceptable level and implementing the right mechanisms to maintain the level of risk.

Patch management

The process of managing software updates

electronic discovery (e-discovery)

The process of producing for a court or external attorney all electronically stored information pertinent to a legal proceeding.

Change management

The process of understanding, communicating, and documenting changes

Confusion

The relationship between the plaintext and ciphertext should be confused (or random) as possible

Availability

The reliability and accessibility of data and resources to authorized identified individuals in a timely manner.

Residual Risk

The remaining risk after the security controls have been applied. The conceptual formulas that explain the difference between total and residual risk are: threats x vulnerability x asset value = total risk (threats x vulnerability x asset value) x control gaps = residual risk

purge

The removal of sensitive data from a system, storage device, or peripheral device with storage capacity at the end of a processing period. This action is performed in such a way that there is assurance proportional to the sensitivity of the data that the data cannot be reconstructed.

Database view

The results of a database query

Cryptanalysis

The science of breaking encrypted messages (recovering their meaning)

Steganography

The science of hidden communication

Artificial Intelligence

The science of programming electronic computers to "think" more intelligently, sometimes mimicking the ability of mammal brains

Cryptology

The science of secure communications

least privilege

The security principle that requires each subject to be granted the most restrictive set of privileges needed for the performance of authorized tasks. The application of this principle limits the damage that can result from accident, error, or unauthorized use.

dial-up

The service whereby a computer terminal can use telephone lines, usually via a modem, to initiate and continue communications with another computer system.

domain

The set of objects that a subject is allowed to access. Within this domain, all subjects and objects share a common security policy, procedures, and rules, and they are managed by the same management system.

Impact

The severity of damage, sometimes expressed in dollars (value)

ECB / Electonic Code Book mode

The simplest and weakest mode of DES

Control Zone

The space within a facility that is used to protect sensitive processing equipment. Controls are in place to protect equipment from physical or technical unauthorized entry or compromise. The zone can also be used to prevent electrical waves carrying sensitive data from leaving the area.

Tempest

The study and control of spurious electronic signals emitted by electrical equipment. Tempest equipment is implemented to prevent intruders from picking up information through the airwaves with listening devices.

Tempest

The study and control of spurious electronic signals emitted by electrical equipment. Tempest equpment is implemented to prevent intruders from picking up information through the airwaves with listening devices.

cryptology

The study of cryptography and cryptanalysis.

Certification

The technical evaluation of the security components and their compliance for the purpose of accreditation. A certification process can use safeguard evaluation, risk analysis, verification, testing, and auditing techniques to assess the appropriateness of a specific system processing a certain level of information within a particular environment. The certification is the testing of the security component or system, and the accreditation is the approval from management of the security component or system.

AIC triad

The three security principles: availability, intregrity, and confidentiality.

electronic vaulting

The transfer of backup data to an offsite location. This process is primarily a batch process of transmitting data through communications lines to a server at an alternative location.

encryption

The transformation of plaintext into unreadable ciphertext.

permissions

The type of authorized interactions that a subject can have with an object. Examples include read, write, execute, add, modify, and delete.

Cloud computing

The use of share remote computing devices for the purpose of providing improved efficiencies, performance, reliability, scalability, and security.

Annualized Rate of Occurrence (ARO)

The value that represents the estimated possibility of a specific threat taking place within a one-year timeframe.

One-Time Pad

Theoretically unbreakable encryption using paired pads of random characters

Technical Controls

These controls, also called logical access control mechanisms, work in software to provide confidentiality, integrity, or availability protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and he configuration of the network.

technical controls

These controls, also called logical access control mechanisms, work in software to provide confidentiality, integrity, or availability protection. Some examples are passwords, identification and authentication methods, security devices, auditing, and the configuration of the network.

Structured walkthrough

Thorough review of a DRP by individuals that are knowledgeable about the systems and services targeted for recovery, AKA tabletop exercise

TGS

Ticket Granting Service, a Kerberos service which grants access to services

TGT

Ticket Granting Ticket, Kerberos credentials encrypted with the TGS key

Computer Fraud and Abuse Act

Title 18 United States Code Section 1030

Authenticate

To verify the identity of a subject requesting the use of a system and/or access to network resources. The steps to giving a subject access to an object should be identification, authentication, and authorization.

Broadcast

Traffic that is sent to all stations on a LAN

TCP

Transmission Control Protocol, uses a 3-way handshake to create reliable connections across a network

Object encapsulation

Treats a process as a "black box"

TFTP

Trivial File Transfer Protocol, a simple way to transfer files with no authentication or directory structure

RAT / Remote Access Trojans

Trojan Horses which may be remotely controlled.

TCSEC

Trusted Computer System Evaluation Critera - aka the Orange Book, evluaiton model developed by the departmnet of defence

TCSEC

Trusted Computer System Evaluation Criteria, AKA the Orange Book, evaluation model developed by the US Dept of Defense

TNI

Trusted Network Interpretation - the red Book

TLS

Tunnel Layer Security - the sucessor to SSL

Screened subnet architecture

Two firewalls screening a DMZ.

Collusion

Two or more people working together to carry out a fraudulent activity. More than one person would need to work together to cause some type of destruction or fraud; this drastically reduces its probability.

Collision

Two or more plaintexts that generate the same hash

Full duplex

Two-way simultaneous transmission, like two people having a face-to-face conversation

Network model (databases)

Type of hierarchical database that allows branches to have two parents

Copyright

Type of intellectual property that protects the form of expression in artistic, musical, or literary works

BIOS/Basic Input Output System

Typically stored in Firmware

Global Information Grid

US Department of Defense (DoD) global network, one of the largest private networks in the world

piggyback

Unauthorized access to a system by using another user's legitimate credentials.

Black hat

Unethical hacker or researcher

Baseline

Uniform ways to implement a safeguard , administrative control

USA PATRIOT ACT

Uniting and Strengthening America by Promoting Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001

Passive RFID

Unpowered RFID tags

Outsourcing

Use of a third party to provide information technology support services which were previously performed in-house

SPI / Security Parameter Index

Used to identify simplex IPsec security associations.

REST / Representational State Transfer

Used to implement web services.

SNMP / Simple Network Management Protocol

Used to monitor network devices.

SRTP / Secure Real-time Transport Protocol

Used to provide secure VoIP.

Data Mining

Used to search for patterns, such as fraudulent activity, in a data warehouse

FTP / File Transfer Protocol

Used to transfer files to and from servers

UDP

User Datagram Protocol, a simpler and faster cousin of to TCP

FHSS / Frequency Hopping Spread Spectrume

Uses a mumber of small frequency channels throughout the wireless band and "hops" through them in pseudorandom order

Rule-based access control

Uses a series of defined rules, restrictions, and filters for accessing objects within a system.

Fiber Optic network cable

Uses light to carry information

Bayesian filtering

Uses mathematical formulas to assign probabilities to make decisions such as identifying spam

War dialing

Uses modem to dial a series of phone numbers, looking for an answering modm carrier tone

Voice of Internet Protocol

VOIP - carries voice via data networks

Virtual Private Network

VPN - a method to send private data over insecure network, such as the internet

Threat vectors

Vectors which allow exploits to connect to vulnerabilites

VDSL

Very High Rate Digital Subscriber Line - DSL, featuring much faster asymmetric speeds

Stealth Virus

Virus that hides itself from the OS and other protective software, such as anti-virus software

Boot sector virus

Virus that infects the boot sector of a PC, which ensures the virus loads upon system startup

Multipartite virus

Virus that spreads via multiple vectors. Also called multipart virus

RTP / Real Time Protocol

VoIP protocol designed to carry streaming audio and video.

Memory

Volatile or nonvolatile computer storage

Wi-Fi Protected Access

WPA - a partial implementation of 802.11i

Wi-Fi Protected Access 2

WPA2 - the full implementation of 802.11i

Work Recovery Time

WRT - the time required to configure a recovered system

WSDL

Web Services Description Language, provides details about how web services are to be invoked

total risk

When a safeguard is not implemented, an organization is faced with the total risk of that particular vulnerability.

Total Risk

When a safeguard is not implemented, an origination is faced with the total risk of that particular vulnerability.

Repudiation

When the sender of a message denies sending the message. The countermeasure to this is to implement digital signatures.

Biometrics

When used within computer security, identifies individuals by physiological characteristics, such as a fingerprint, hand geometry, or pattern in the iris.

FDE / Full Disk Encryption

Whole Disk Encryption

WAN

Wide area network, typically covering cities, states, or countries

WAP

Wireless Application Protocol, designed to provide secure web services to handheld wireless devices such as smart phones

WLAN

Wireless Local Area Network

802.11

Wireless networking standard

Exigent circumstances

With respect to evidence acquisition, justification for the seizure of evidence without a warrant due to the extreme likelihood that the evidence will be destroyed

WORM

Write Once Read Many, memory wich can be written to once, and read many times

Shredding / Wiping

Writes new data over each bit or block of file data.

Wiping

Writes new data over each bit or block of file data. Also called shredding

Hot Site

a backup site with all necessary hardware and critical applications data mirrored in real time

reciprocol agreement

a bi-directional agreeement between two organizations in which one organization promises another organization it can move in and share space if it experiences a disaster. also known as a mutual aid agreement.

Socket

a combination of an IP address and a TCP or UDP port on one node

T1

a dedicated 1.544 megabit circuit that carries 24 64 bit DSO channels

Internet

a global collection of peered networks running tcp/ip

Table

a group of related data in a relational database

Spring-bolt lock

a locking mechanism that springs in and out of the door jamb

realm

a logical kerberos network

Teardrop Attack

a malformed packet DoS attack that targets issues with systems' fragmentation reassembly

System Owner

a manager responsible for the actual computers that house data, including hardware and software config, updates, patching, etc

TCP/IP Model

a network model with 4 layers: network access, Internet, transport and application

Honeynet

a network of honeypots

Smart Card

a physical access control device containing an integrated circuit, AKA Integrated Circuit Card (ICC)

Trivial Transfer Protocol (TFTP)

a simple way to transfer files withouht the use of authentication or directory structure

problem domain

a specific challenge that needs to be addressed

Honeypot

a system designed to attract attackers

photoelectric motion sensor

active motin detector that sends a beam of light across a monitored space to a photoelectric sensor

Rainbow Table

acts as a databae that contains the hashed output for most or all possible passwords (as mentioned on McGuiver TV show)

regulatory law

administrative law

Zombie

aka Bot - a computer system running malware that is controlled by a botnet

purple

allied name for the stepping-switch encryption device used by Japanese Axis powers durring WWII

System call

allow processes to communicate with the kernel and provide a window between CPU rings

Hypervisor Mode

allows guests or operating in ring 0, controlled by a hypervisor in ring "-1"

polyinstantiation

allows two different objects to have the same name. the name is based on the Latin roots for multiple (poly) and instances (instantiation)

Time of Check/Time of Use (TOCTOU)

alrering a condition after it has been checked by the operating system, but before it Is used

Subject

an active entity on an Information System which accesses or changes data

Incremental Backup

an archive of all files that have changed since the last backup of any kind was performed

redundant site

an exact production dupliate of a system that has the capability to seamlessly operate all necessary IT operations withougt loss of services to the end user

process

an executable program and its associated data loaded and running in memory

pseudo guard

an unarmed security guard (sounds like a security monitor)

plaintext

an uncreypted message

Hardcopy Data

any data that is accessed through reading or writing on paper rather than processing through a computer system

Identification

association of an individual

Smurf attack

attack using an ICMP flood and directed broadcast addresses

IPv6 Autoconfiguration

autoconfiguration of a unique IPv6 address, omitting the need for static addressing for DHCP

Hand Geometry

biometric control that uses measurements from within specific points on the subjects hand

Hebern Machines

class of cryptographic devices known as rotor machines, includes enigma and SIGABA

Interpreted Code

code that is compiled on the fly each time the program is run

Hybrid Risk Analysis

combines quantitative and qualitative risk analysis

System unit

computer case, containing all of the internal electronic components including motherboard, internal disk drives, power supply etc

Source Code

computer programming language instructions that are written in text that must be translated into machine code before execution by the CPU

Sniffing

confidentiality attack on network traffic

Southbridge

connects I/O devices such as disk, keyboard, mouse, CD drive, USB ports etc

recovery controls

controls that restore a damege system or process

Decryption

converts a cipher text into plaintext

Substitution

cryptographic method that replaces one character with another

punitive damages

damages designed to punish an individual or organization

Statutory Damages

damages prescribed by law

Socket pair

describes a unique connection between two nodes: source port, source IP, destination port and destination IP

poison reverse

distance vector routihng protocol safeguard that sets bad route to infinity

Hold-Down Timers, Routing Information protocol

distance vector routing protocol safeguard that avoids flapping

XML

eXtensible Markup Language, a markup language designed as a standard way to encode documents and data

XP

eXtreme Programming, an agile development method that users paits of programmers who work off detailed specification

white hat

ethical hacker or researcher

real evidence

evidence consisting of tangilbe or physical objects

proxy firewall

firewalls that terminate connections and act as intermediary servers

Tailgating

following an authorized person into a building without providing credentials, AKA piggybacking

white box software testing

gives the tester accesss to program source code, data structures, variables, etc

principle of least privilege

granting subjects the minimum amount of authorization required (never give a person, program or process more permission than is required)

High-data-rate Digital Subscriber Line (HDSL)

high-data-rate DSL, matches SDSL speeds using two pairs of copper

policy

high-level management directives, administrative control

Hypertext Markup Language (HTML)

hypertext markup language, used to display web content

Hypertext Transport Protocol (HTTP)

hypertext transfer protocol, a protocol to transmit web data via a network

Hypertext Transport Protocol Secure (HTTPS)

hypertext transport protocol secure, HTTP using SSL, or TLS

physical controls

implemented with physical devices, such as locks, fencees, gates, etc.

recovery phase

incident response phase that restores a previously compromised system to operational status

Intellectual property

intangible property that resulted from a creative act

Internet Protocol Security (IPSEC)

internet protocol security, a suite of protocols that provide a cryptographic layer to both IPv4 and IPv6

Internet Relay Chat (IRC)

internet relay chat, a global network of chat servers and clients

principal

kerberos client (user) or service

query language

language that searches and updates a database

presentation layer

layer 6 of the OSI model, presents data to the application in a comprehensible way

physical layer

leyer 1 of the OSI modek, descrives units of data like bits rpresented by enerby, and he medium use to carry them

process isolation

logical control that attempts to prevent on process from interfering with another

Worm

malware that self-propogates

Virus

malware the requires a carrier to propagate

Harrison-Ruzzo-Ullman Model

maps subjects, objects, and accessrights to an access matrix. It is considered a variation to the graham-dennis model

Spoofing

masquerading as another endpoint

reference monitor

mediates all access between subjects and objects

High Availability (HA) Cluster

multiple systems that can be seamlessly leveraged to maintain the availability of the service or application being provided. Also called a failover cluster

Inheritance

objects inherit capabilities from their parent class

private key

one half of asymmetric key pair, must be kept secure (cousin of symmetric key pair)

public key

one half of asymmetric key pari, may be publicly poste

Hash Function

one-way encryption using an algorigthm and no key

prudent man rule

organization should engage in business practices that a prudent, right thinking, person would consider to be appropriate (ever watch what would you do?)

Iris Scan

passive biometric scan of the iris (colored portion of the eye)

Hybrid Attack

password attack that appends, prepends, or changes characters in words from a dictionary

PVC

permanent virtual circuit, a circuite that is always connected

PIN

personal identification number, a number-based password

PII

personally identifiable information, data associate with a specific person, such as credit card data

Star

physical network topology that connects each node to a central device such as a hub or a switch

Strike Plate

plate in the door jamb with a slot for a deadbolt or spring-bolt lock

PPP

point-to-point protocol, a layer 2 protocol that has largely replaces SLIP, adding confidentiality, integrity and authenticaion (CIA triad)

SOCKS

popular circuit-level proxy

POP

post office protocol, an email client protocol

POST

power on self test, performs basic computer hardware testes, including verifying the integrity of the BIOS, testing the memory, identifying system devices, among other tasks. Machines can fail this, it may come with beeps.

preventive controls

prevents actions from occuring

PRI

primary rate interface, provides 23 64K digital ISDN channels (as in conjuction with BRI)

PLD

programable logic device, field-programmable hardware

PROM

programmable read only memory, memory that can be written to once, typically at the factory

procedural languages

programming languages that use subroutines, procedures and functions

privacy

protection of the confidentiality of personal information

privacy act of 1974

protects US citizens' data that is being used by the federal government

Telnet

protocol that provides terminal emulation over a network using TCP port 23

PKI

public key infrastructure leverages symmetric, asymmetric and hash-based cyrptography to manage digital certificates

QoS

quality of service, gives specific traffic precedence over other traffic on packet-switched networks

RAM

random access memory, memory that allows any address to be directly accessed

RAD

rapid application development, rapidly develops software via the use of prototypes, "dummy" GUIs, back-end databases, and more

RAID

redundant array of inexpensive disks, a method of using multiple disk drives to achieve greater data reliabilty, greater speed, or both (striping, mirroring, or parity)

RAT

remote access trojans, trojan hourse which may be remotely controlled

RADIUS

remote authentication dial in user service, a UDP-based third-party authenction system (like pvault)

referential integrity

requires that every foreign key in a secondary table matches a primary key in the parent table

SYN flood

resource exhaustion DoS attack that fills a system's half-open connection table

RC4

rivest cipher 4, used to provide confidentiality by WPA

RC5

rivest cipher 5, symmetric block cipher by RSA laboratories

RC6

rivest cipher 6, symmetric block cipher by RSA laboratories, AES finalist

RBAC

role-based access controls, subjects are grouped into roles and each defined role has access permission base dupon the role, not the individual (there is also MAC & DAC)

product owner

scrum rold that serves as the voice of the business unit

Hearsay

second-hand evidence

SSH

secure shell, a secure replacement for telnet, ftp and the unix "R" commands

Integrity

seeks to prevent unauthorized modification of information

ping

sends and ICMP Echos Request to a node and listens for an ICMP Echo Reply

Half Duplex

sends or receives at one tome only (not simultanesouly), like a walkie-talkie

SSID

service set identifier, acts as a wireless network name

plan maintenance

seventh steps of the NIST SP 800-34 contingency planning process

SNMP

simple network management protocol, unsed to monitor network devices

plan testing, training and exercises

sixth step of the NISt SP 800-34 contingency planning process

registers

small storage locations used by the CPU to store instructions and data

Hypervisor

software or operating system that controls access between virtual guests and host hardware

Software escrow

source code held by a neutral third party

procedure

step-by-step guide for accomplishing a task, administrative control

polyalphabetice cipher

substitution cipher using multiple alphabets

penetration

successful attempt at circumventing security controls and gaining access to a system.

Diameter RADIUS

successor, designed to provide an improved Authentication, Authorization , and accounting (AAA) framework

Spear Phishing

targeted phishing attack against a small number of high level victims

Internet Layer (TCP/IP)

tcp/ip model layer that aligns with the layer 3 of the OSI model, describes IP Addresses and routing

Integration testing

testing multiple software components as they are combined into a working system

regression testing

testing software after updates, modifications or patches

Installation testing

testing software as it is installed and first operated

Interface Testing

tests all the ways users can interact with the application, and is concerned with appropriate functionality being exposed. From a security-oriented vantage point, the goal is to ensure that security is uniformly applied across the various interfaces

Static Testing

tests code passively, the code is not running

promiscuous access

the ability to sniff all traffic on a network (sounds like promiscuous mode)

reduction analysis

the process of analyzing and lowering risk

data warehousing

the process of combining data from multiple databases or data sources into a large data store for the purpose of providing more extensive information retrieval and data analysis.

Tailoring

the process of customizing a standard for an organization

due diligence

the process of systematically evaluating information to identify vulnerabilities, threats, and issues relating to an organization's overall risk.

cryptography

the science of secret writing that enables storage and transmission of data in a form that is available only to the intended individuals.

provide diligent and competent service to principals

third canon of the (ISC)2 Code of Ethics

Identify preventative controls

third step of the NIST SP 800-34 contigency planning process

Database shadowing

two or more identical databases that are updated simultaneously

primary key

unique attribute in a relational database table, used to join tables (as in SQL or MS Access)

Thin client applications

use a web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the client's browser

Synchronous Dynamic Token

use time or counters to synchronize a displayed token code with the code expected by the authentication server

SOAP

used to implement web services, used to stand for Simple Object Access Protocol, now simply "SOAP"

Social Engineering

uses the human mind to bypass security controls

Swapping

uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory

polymorphic virus

virus that changes its sinature upon infection of a new systme, attempting to evade signature-based antivirus software

WEP

wired equivalent privacy, a very weak 802.11 security protocol


Related study sets

Small Business Management // Chapters 1, 2, 4, 5 Exam

View Set

Module 2 - Variables, Operators, and Strings

View Set

Weather Test Unit Review Questions

View Set

BUS251: Chapter 39 Reading & Assessment Questions

View Set

NU372 HESI Case Study: Management of a Medical Unit

View Set

FoRT Practice Test questions 1-68

View Set