Glossary
3DES See Triple DES (3DES).
802.1X A port access protocol that protects networks via authentication. It is used widely in wireless environments.
802.11a A communication standard that operates in the 5 GHz frequency with a maximum speed of 54 Mbps.
802.11ac A communication standard that operates in the 5 GHz frequency with a maximum speed at least 1 gigabit per second (Gbps) and a single-link throughput of 500 megabits per second (Mbps).
802.11b A communication standard that operates in the 2.4 GHz frequency with a maximum speed of 11 Mbps.
802.11f A standard for communication between access points.
802.11g A communication standard that operates in the 2.4 GHz frequency with a maximum speed of 54 Mbps.
802.11n A communication standard that operates in both the 2.4 GHz and 5.0 GHz frequencies with a maximum theoretical speed of 600 Mbps.
absolute addressing Addresses the entire primary memory space.
abstraction The process of taking away or removing characteristics from something to reduce it to a set of essential characteristics.
acceptance testing Testing to ensure that the customer (either internal or external) is satisfied with the functionality of the software.
access aggregation Occurs when users gain more access across more systems. Often used synonymously with privilege creep.
access control The means by which a subject’s ability to communicate with or access an object is allowed or denied based on an organization’s security requirements.
access control list (ACL) A table that consists of the access rights that subjects have to a particular object. An ACL is about the object.
access control matrix A table that consists of a list of subjects, a list of objects, and a list of the actions that a subject can take upon each object.
access control policy A security policy that defines the method for identifying and authenticating users and the level of access that is granted to users.
access point A wireless transmitter and receiver that hooks into the wired portion of the network and provides an access point to this network for wireless devices.
account management Involves the addition and deletion of accounts that are granted access to systems or networks. It also involves changing the permissions or privileges granted to those accounts.
accounting The process whereby auditing results are used to hold users and organizations accountable for their actions or inaction.
accreditation The formal acceptance of the adequacy of a system’s overall security by the management.
ACL See access control list (ACL).
acoustical systems Detection systems that use strategically placed microphones to detect any sound made during a forced entry.
acrylic glass A type of glass made of polycarbonate acrylic that is much stronger than regular glass but produces toxic fumes when burned.
active vulnerability scanner (AVS) Can take action to block an attack, such as block a dangerous IP address, whereas a passive scanner can only gather information.
ActiveX A Microsoft technology that uses object-oriented programming (OOP) and is based on COM and DCOM.
Ad Hoc mode A wireless implementation in which there is no AP and stations communicate directly with one another.
Address Resolution Protocol (ARP) A protocol that resolves the IP address placed in the packet to a physical or layer 2 address (called a MAC address in Ethernet).
administrative control A security control that is implemented to administer the organization’s assets and personnel and includes security policies, procedures, standards, and guidelines that are established by management.
administrative law A type of law where standards of performance or conduct are set by government agencies for organizations and industries to follow. Common areas that are covered include public utilities, communications, banking, environmental protection, and healthcare.
ADSL See Asymmetric DSL (ADSL).
advanced persistent threat (APT) An attack in which an unauthorized person gains access to a network and remains for a long period of time with the intention being to steal data.
adware Software that tracks Internet usage in an attempt to tailor ads and junk emails to a user’s interests.
aggregation The process of assembling or compiling units of information at one sensitivity level and having the resultant totality of data being of a higher sensitivity level than the individual components.
Agile A development model emphasizing continuous feedback and cross-functional teamwork.
AH See Authentication Header (AH).
ALE See annualized loss expectancy.
algorithm A mathematical function that encrypts and decrypts data. Also referred to as a cipher.
annualized loss expectancy The expected risk factor of an annual threat event. The equation used is ALE = SLE × ARO.
annualized rate of occurrence An estimate of how often a given threat might occur annually. This acronym stands for annualized rate of occurrence.
app approval/rejection Approving or rejecting an app based on the test results; part of the app vetting process.
app testing Testing an app to ensure that it conforms to the organization’s security requirements; part of the app vetting process.
app vetting A sequence of activities that aims to determine if an app conforms to the organization’s security requirements. It includes two main activities: app testing and app approval/rejection.
Application layer (layer 7) The OSI reference model layer where the encapsulation process begins. This layer receives the raw data from the application in use and provides services such as file transfer and message exchange to the application (and thus the user).
application level proxy A type of firewall that performs deep packet inspection. It understands the details of the communication process at layer 7 for the application of interest.
architecture The organization of a system, including its components and their interrelationships, along with the principles that guided the system’s design and evolution.
ARO See annualized rate of occurrence.
ARP See Address Resolution Protocol (ARP).
assembly languages Languages that use symbols or mnemonics to represent sections of complicated binary code. Consequently, these languages use an assembler to convert the code to machine level.
asset Any resource, product, process, system, or digital or physical entity that has value to an organization and must be protected.
asset valuation The process of assigning a monetary value to an asset based on its value to the organization.
associative memory Memory in which a specific data value is searched rather than using a specific memory address.
Asymmetric DSL (ADSL) A type of DSL that usually provides uploads from 128 Kbps to 384 Kbps and downloads up to 768 Kbps.
asymmetric encryption An encryption method whereby a key pair, one private key and one public key, performs encryption and decryption. One key performs the encryption, whereas the other key performs the decryption. Also referred to as public key encryption.
asymmetric mode A mode in which a processor is dedicated to a specific process or application and when work is done for that process, it always is done by the same processor.
asynchronous encryption A form of encryption in which encryption or decryption requests are processed from a queue.
Asynchronous Transfer Mode (ATM) A cell-switching technology that transfers fixed-size (53 bytes) cells rather than packets, and after a path is established, it uses the same path for the entire communication.
asynchronous transmission A type of transmission in which start and stop bits communicate when each byte is starting and stopping.
ATM See Asynchronous Transfer Mode (ATM).
atomicity A property in which either all operations are complete or the database changes are rolled back.
attack Any event that violates an organization’s security or privacy policies.
attack vector A segment of the communication path that an attack uses to access a vulnerability.
attenuation The weakening of a signal as it travels down the cable and meets resistance.
attribute-based access control (ABAC) An access control model that grants or denies user requests based on arbitrary attributes of the user and arbitrary attributes of the object, and environment conditions that may be globally recognized.
auditing The process of providing a manual or systematic measurable technical assessment of a system or application.
authenticating server The RADIUS server, which works with the RADIUS client.
authentication The act of validating a user with a unique identifier by providing the appropriate credentials.
Authentication Header (AH) Part of IPsec that provides data integrity, data origin authentication, and protection from replay attacks.
authenticator The component in a RADIUS environment to which an applicant is attempting to connect (AP, switch, remote access server).
authorization The point after identification and authentication at which a user is granted the rights and permissions to resources.
Automatic Private IP Addressing (APIPA) Assigns an IP address to a device if the device is unable to communicate with the DHCP server and is primarily implemented in Windows. The range of IP addresses assigned is 169.254.0.1 to 169.254.255.254 with a subnet mask of 255.255.0.0.
auxiliary station alarm A mechanism that automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters.
availability A value that describes what percentage of the time the resource or the data is available. The tenet of the CIA triad that ensures that data is accessible when and where it is needed.
avalanche effect The condition where any change in the key or plaintext, no matter how minor, will significantly change the ciphertext.
backdoor A mechanism implemented in many devices or applications that gives the user who uses the backdoor unlimited access to the device or application. It is a piece of software installed by a hacker that allows him to return later and connect to the computer without going through the normal authentication process. Also known as a trapdoor.
BACnet2 A master/slave industrial control system protocol that uses port 47808.
base relation In SQL, a relation that is actually existent in the database.
baseband Transmissions where the entire medium is used for a single transmission and then multiple transmission types are assigned time slots to use this single circuit.
Basel II Recommendations from a banking association that affect financial institutions. They address minimum capital requirements, supervisory review, and market discipline with the purpose of protecting against risks the banks and other financial institutions face.
baseline An information security governance component that acts as a reference point that is defined and captured to be used as a future reference. Both security and performance baselines are used.
Basic Rate ISDN (BRI) A communications solution that provides three channels: two B channels that provide 64 Kbps each and a D channel that is 16 Kbps for a total of 144 Kbps.
bastion host A device exposed directly to the Internet or to any untrusted network.
BCP See business continuity plan.
Bell-LaPadula model The first mathematical model of a multilevel system that used both the concepts of a state machine and those of controlling information flow.
best evidence rule A rule which states that when evidence, such as a document or recording, is presented, only the original will be accepted unless a legitimate reason exists for not using the original.
BGP See Border Gateway Protocol (BGP).
Biba model A security model that is concerned with the integrity of information rather than the confidentiality of that information.
biometric acceptability The likelihood that users will accept and follow the system.
biometric accuracy How correct the overall biometric readings will be.
biometric throughput The rate at which the biometric system will be able to scan characteristics and complete the analysis to permit or deny access.
birthday attack An attack in which the values an attacker has are compared against a set of password hashes for which the attacker knows the passwords.
black-box testing The testing team is provided with no knowledge regarding the organization’s network or application. The team can use any means at its disposal to obtain information about the organization’s network or application. This is also referred to as zero-knowledge testing and closed testing. This term is used to refer to network security tests as well as application tests.
blacklisting Configuring unacceptable email addresses, Internet addresses, websites, applications, or some other identifiers as bad senders or as denied.
blackout A prolonged power outage.
blind test A test in which the testing team is provided with limited knowledge of the network systems and devices using publicly available information. The organization’s security team knows that an attack is coming. This test requires more effort by the testing team, and the testing team must simulate an actual attack.
block cipher A cipher that performs encryption by breaking the message into fixed-length units.
Blowfish A block cipher that uses 64-bit data blocks using anywhere from 32- to 448-bit encryption keys. Blowfish performs 16 rounds of transformation.
Bluejacking Sending an unsolicited message to a Bluetooth-enabled device.
Bluesnarfing Gaining unauthorized access to a device using the Bluetooth connection.
Bluetooth A wireless technology that is used to create personal area networks (PANs).
bollards Short vertical posts placed at entrances to buildings and lining sidewalks that help provide protection from vehicles that might either intentionally or unintentionally crash into or enter the building or injure pedestrians.
boot sector virus A virus that infects the boot sector of a computer and either overwrites files or installs code into the sector so the virus initiates at startup.
Border Gateway Protocol (BGP) An exterior routing protocol considered to be a path vector protocol.
botnet A collection of computers that act together in an attack; the individual computers are called zombies.
breach An attack that has been successful in reaching its goal.
Brewer-Nash (Chinese Wall) model A security model that introduced the concept of allowing access controls to change dynamically based on a user’s previous actions. Also called the Chinese Wall model.
BRI See Basic Rate ISDN (BRI).
broadband A wide-bandwidth data transmission that has the ability to simultaneously transport multiple signals and traffic types.
broadcast A transmission sent by a single system to all systems in the network. It is considered one-to-all.
brownout A prolonged drop in power that is below normal voltage.
brute-force attack A password attack that involves trying all possible combinations of numbers and characters. Also referred to as an exhaustive attack.
BSI See Build Security In (BSI).
buffer overflow A problem that occurs when too much data is accepted as input to a specific process. Hackers can take advantage of this phenomenon by submitting too much data, which can cause an error, or in some cases executing commands on the machine if they can locate an area where commands can be executed.
Build and Fix A development method that has been largely discredited and is now used as a template for how not to manage a development project. Simply put, using this method, the software is developed as quickly as possible and released.
Build Security In (BSI) An initiative that promotes a process-agnostic approach to making security recommendations with regard to architectures, testing methods, code reviews, and management processes.
bus topology The earliest Ethernet topology used. In this topology, all devices are connected to a single line that has two definitive endpoints.
business case A formal document that gives the reasons behind an organizational project or initiative.
business continuity plan (BCP) A plan that focuses on sustaining an organization’s mission/business processes during and after a disruption.
CA See certification authority (CA).
cable lock A vinyl-coated steel cable that connects to a laptop and then locks around an object.
cable modems An Internet access solution that can provide up to more than 50 Mbps over the coaxial cabling used for cable TV.
cache A relatively small amount (when compared to primary memory) of very high speed RAM, which holds the instructions and data from primary memory, that has a high probability of being accessed during the currently executing portion of a program.
CALEA See Communications Assistance for Law Enforcement Act (CALEA) of 1994.
campus area network (CAN) Includes multiple LANs but is smaller than a MAN. A CAN could be implemented on a hospital or local business campus.
candidate key An attribute in one relation that has values matching the primary key in another relation.
Capability Maturity Model Integration (CMMI) A comprehensive set of guidelines that addresses all phases of the Software Development Life Cycle. It describes a series of stages or maturity levels that a development process can advance as it goes from the ad hoc (build and fix) model to a model that incorporates a budgeted plan for continuous improvement.
capability table A table that lists the access rights that a particular subject has to objects.
capacitance detector A device that emits a magnetic field and monitors that field. If the field is disrupted, which occurs when a person enters the area, an alarm sounds.
cardinality The number of rows in a relation.
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) A contention method used in 802.11 wireless networks.
Carrier Sense Multiple Access/Collision Detection (CSMA/CD) A contention method used in 802.3 networks.
CAST-128 A block cipher that uses a 40- to 128-bit key that will perform 12 or 16 rounds of transformation on 64-bit blocks.
CAST-256 A block cipher that uses a 128-, 160-, 192-, 224-, or 256-bit key that will perform 48 rounds of transformation on 128-bit blocks.
CBC See Cipher Block Chaining (CBC).
CBC-MAC See Cipher Block Chaining MAC (CBC-MAC).
CCTV See closed-circuit television (CCTV) system.
CDMA See Code Division Multiple Access (CDMA).
CDN See content distribution network (CDN).
centralized access control An access control type in which a central department or personnel oversee access for all organizational resources.
certificate revocation list (CRL) A list of digital certificates that a CA has revoked.
certification The technical evaluation of a system. The process of evaluating the software for its security effectiveness with regard to the customer’s needs.
certification authority (CA) The entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary.
CFAA See Computer Fraud and Abuse Act of 1986.
CFB See Cipher Feedback (CFB).
chain of custody A list that shows who controlled evidence, who secured the evidence, and who obtained the evidence.
Challenge Handshake Authentication Protocol (CHAP) A protocol for validating a password without sending the password across an untrusted network, where the server sends the client a set of random text called a challenge. The client encrypts the text with the password and sends it back. The server then decrypts it with the same password and compares the result with what was sent originally. If the results match, then the server can be assured that the user or system possesses the correct password without ever needing to send it across the untrusted network.
change management process The IT process which ensures that all changes are both approved and documented.
channel service unit/data service unit (CSU/DSU) A device used to connect a LAN to a WAN.
CHAP See Challenge Handshake Authentication Protocol (CHAP).
characteristic factors Factors that are something a person is, such as a fingerprint or facial geometry.
Chinese Wall model See Brewer-Nash (Chinese Wall) model.
chosen ciphertext attack An attack that occurs when an attacker chooses the ciphertext to be decrypted to obtain the plaintext.
chosen plaintext attack An attack that occurs when an attacker chooses the plaintext to get encrypted to obtain the ciphertext.
CIA triad The three fundamentals of security: confidentiality, integrity, and availability.
CIP plan See critical infrastructure protection plan.
cipher See algorithm.
Cipher Block Chaining (CBC) A DES mode in which each 64-bit block is chained together because each resultant 64-bit ciphertext block is applied to the next block. So plaintext message block one is processed by the algorithm using an initialization vector (IV). The resultant ciphertext message block one is XORed with plaintext message block two, resulting in ciphertext message two. This process continues until the message is complete.
Cipher Block Chaining MAC (CBC-MAC) A block-cipher MAC that operates in CBC mode.
Cipher Feedback (CFB) A DES mode that works with 8-bit (or smaller) blocks and uses a combination of stream ciphering and block ciphering. Like CBC, the first 8-bit block of the plaintext message is XORed by the algorithm using a keystream, which is the result of an IV and the key. The resultant ciphertext message is applied to the next plaintext message block.
cipher locks A lock that is opened by entering the correct code on a key pad.
ciphertext An altered form of a message that is unreadable without knowing the key and the encryption system used. Also referred to as a cryptogram.
ciphertext-only attack An attack that occurs when an attacker uses several encrypted messages (ciphertext) to figure out the key used in the encryption process.
circuit-level proxy A firewall that operates at the Session layer (layer 5) of the OSI model.
circuit-switching network A network in which there is an established path to the destination that is the only path for the entire communication.
circumstantial evidence Evidence that provides inference of information from other intermediate relevant facts.
civil code law A type of law based on written laws. It is a rule-based law and does not rely on precedence in any way.
civil disobedience The intentional refusal to obey certain laws, demands, and commands of a government and is commonly, though not always, defined as being nonviolent resistance.
civil investigation An investigation that occurs when one organization or party suspects another organization of civil wrongdoing.
civil/tort law A type of law where the liable party owes a legal duty to the victim. It deals with wrongs that have been committed against an individual or organization.
Clark-Wilson integrity model Developed after the Biba model, a security model that is also concerned with data integrity.
Class 1 gate A gate suitable for residential use.
Class 2 gate A gate suitable for commercial usage.
Class 3 gate A gate suitable for industrial usage.
Class 4 gate A gate that is used for a restricted area.
Class A extinguisher A fire extinguisher used for ordinary combustibles.
Class B extinguisher A fire extinguisher used for flammable liquids and flammable gases.
Class C extinguisher A fire extinguisher used for electrical equipment.
Class D extinguisher A fire extinguisher used for combustible metals.
Class K extinguisher A fire extinguisher used for cooking oil or fat.
Cleanroom A development model that strictly adheres to formal steps and a more structured method. It attempts to prevent errors and mistakes through extensive testing.
cleartext See plaintext.
clipping levels Set a baseline for normal user errors, and violations exceeding that threshold will be recorded for analysis of why the violations occurred.
closed circuit television (CCTV) system A system that uses sets of cameras that can either be monitored in real time or record days of activity that can be viewed as needed at a later time.
closed system A proprietary system that is designed to work with a limited range of other systems.
cloud computing The centralization of data in a web environment that can be accessed from anywhere anytime. Approach that makes resources available in a web-based data center so the resources can be accessed from anywhere.
cloud identity services Identity services provided by a cloud solution.
CMMI See Capability Maturity Model Integration (CMMI).
coaxial One of the earliest cable types to be used for networking, the same basic type of cable that brought cable TV to millions of homes.
Code Division Multiple Access (CDMA) A modulation technique used in mobile wireless.
code repository A place where code is stored, usually on a server or in the cloud.
code review and testing Used to identify bad programming patterns, security misconfigurations, functional bugs, and logic flaws.
cohesion A term used to describe how many different tasks a module can carry out. If a module is limited to a small number or a single function, it is said to have high cohesion.
cold site A leased facility that contains only electrical and communications wiring, air conditioning, plumbing, and raised flooring.
collision An event that occurs when a hash function produces the same hash value on different messages. Occurs when two employees work together to accomplish a theft of some sort that could not be accomplished without their combined knowledge or responsibilities.
column or attribute A column in a table.
COM See Component Object Model (COM).
combination lock A lock that is opened by rotating the lock in a pattern until the tumblers line up.
Common Criteria A system that uses Evaluation Assurance levels (EALs) to rate systems, with each EAL representing a successively higher level of security testing and design in a system.
common law A type of law based on customs and precedent because no written laws were available. Common law reflects on the morals of the people and relies heavily on precedence.
Common Object Request Broker Architecture (CORBA) An open object-oriented standard developed by the Object Management Group (OMG).
Communications Assistance for Law Enforcement Act (CALEA) of 1994 A U.S. law that affects law enforcement and intelligence agencies. It requires telecommunications carriers and manufacturers of telecommunications equipment to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities.
community cloud A cloud deployment solution owned and managed by a group of organizations that create the cloud for a common purpose, perhaps to address a common concern such as regularity compliance.
compensative control A security control that substitutes for a primary access control and mainly acts as a mitigation to risks.
Component Object Model (COM) A model for communication between processes on the same computer.
Computer Fraud and Abuse Act (CFAA) of 1986 A U.S. act that affects any entities that might engage in hacking of “protected computers” as defined in the act.
computer prevalence crime A crime that occurs due to the fact that computers are so widely used in today’s world. This type of crime occurs only because computers exist.
Computer Security Act of 1987 A U.S. act that was the first law written to require a formal computer security plan. It was written to protect and defend any of the sensitive information in the federal government systems and provide security for that information.
computer-assisted crime A crime that occurs when a computer is used as a tool to help commit a crime.
computer-targeted crime A crime that occurs when a computer is the victim of an attack whose sole purpose is to harm the computer and its owner.
concealment cipher A cipher that interspersed plaintext somewhere within other written material. Also referred to as a null cipher.
concentric circle A form of physical security within a building that relies on creating layers of physical barriers to information.
conclusive evidence Evidence that requires no other corroboration.
confidentiality The tenet of the CIA triad which ensures that data is protected from unauthorized disclosure. A characteristic provided if the data cannot be read.
confinement When a process is only allowed to read from and write to certain memory locations and resources.
confusion The process of changing a key value during each round of encryption. Confusion is often carried out by substitution.
consistency The degree to which a transaction follows an integrity process which ensures that data is consistent in all places where it exists.
contamination The intermingling or mixing of data of one sensitivity or need-to-know level with that of another.
content analysis Analysis of the contents of a drive or software. Drive content analysis gives a report detailing the types of data by percentage. Software content analysis determines the purpose of the software.
content distribution network (CDN) A distributed network of servers that is usually located in multiple data centers connected over the Internet.
context-dependent access control A type of access that is based on subject or object attributes or environmental characteristics. Bases the access to data on multiple factors to help prevent inference.
continuity of operations plan (COOP) A plan that focuses on restoring an organization’s mission-essential functions (MEFs) at an alternate site and performing those functions for up to 30 days before returning to normal operations.
COOP See continuity of operations plan.
copy backup A backup that backs up all the files, much like to a full backup, but does not reset the file’s archive bit.
copyright An intellectual property type that ensures that a work that is authored is protected for any form of reproduction or use without the consent of the copyright holder, usually the author or artist that created the original work.
CORBA See Common Object Request Broker Architecture (CORBA).
corrective control A security control that reduces the effect of an attack or other undesirable event.
corroborative evidence Evidence that supports another piece of evidence.
Counter Mode (CTR) A DES mode similar to OFB mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream. Also, the ciphertext is not chaining into the encryption process. Because this chaining does not occur, CTR performance is much better than the other modes.
countermeasure A control that is implemented to reduce potential risk.
coupling Refers to how much interaction one module requires from another module to do its job. Low or loose coupling indicates that a module does not need much help from other modules, whereas high coupling indicates the opposite.
CPTED See Crime Prevention Through Environmental Design (CPTED).
Crime Prevention Through Environmental Design (CPTED) Facility design from the ground up to support security.
crime scene The environment in which potential evidence exists.
criminal investigation An investigation that is carried out because a federal, state, or local law has been violated.
criminal law A type of law that covers any actions that are considered harmful to others. It deals with conduct that violates public protection laws.
crisis communications plan A plan that documents standard procedures for internal and external communications in the event of a disruption using a crisis communications plan. It also provides various formats for communications appropriate to the incident.
critical infrastructure protection (CIP) plan A set of policies and procedures that serve to protect and recover these assets and mitigate risks and vulnerabilities.
criticality See data criticality.
CRL See certificate revocation list (CRL).
cross-certification federated identity model A federated identity model in which each organization certifies that every other organization is trusted.
crossover error rate The point in a biometric system at which FRR equals FAR.
crosstalk A problem that occurs when the signals from the two wires (or more) interfere with one another and distort the transmission.
cryptanalysis The science of decrypting ciphertext without prior knowledge of the key or cryptosystem used. The purpose of cryptanalysis is to forge coded signals or messages that will be accepted as authentic.
cryptogram See ciphertext.
cryptography A science that either hides data or makes data unreadable by transforming it.
cryptology The science that studies encrypted communication and data.
cryptosystem The entire cryptographic process, including the algorithm, key, and key management functions. The security of a cryptosystem is measured by the size of the keyspace and available computational power.
cryptovariable See key.
CSMA/CA See Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA).
CSMA/CD See Carrier Sense Multiple Access/Collision Detection (CSMA/CD).
CSU/DSU See channel service unit/data service unit (CSU/DSU).
CTR See Counter Mode (CTR).
customary law A type of law based on the customs of a country or region.
cyber crime Any criminal activity that is carried out by means of computers or the Internet.
cyber incident response plan A plan that establishes procedures to address cyber attacks against an organization’s information system(s).
cybersquatting Registering domain names with no intent to use them but with intent to hold them hostage.
DAC See discretionary access control (DAC).
daily backup A backup in which a file’s timestamp is used to determine whether it needs to be archived.
data breach Any incident in which information that is considered private or confidential is released to unauthorized parties.
data clearing An attack that renders information unrecoverable using a keyboard. This type of attack extracts information from data storage media by executing software utilities, keystrokes, or other system resources from a keyboard.
data criticality A measure of the importance of the data.
data custodian The individual who assigns permissions to data based on the guidelines from the data owner.
data hiding The principle whereby data about a known entity is not accessible to certain processes or users.
Data Link layer (layer 2) The OSI reference model layer responsible for determining what MAC addresses should be at each hop and adding them to part of the packet.
data loss prevention (DLP) software Software that attempts to prevent data leakage.
data mining A process of using special tools to organize the data into an even more usable format. It analyzes large data sets in a data warehouse to find non-obvious patterns.
Data-Over-Cable Service Interface Specifications (DOCSIS) A standard for cable modem communications.
data owner The individual who actually owns certain data and decides on the level of access granted to individuals or groups.
data processors Any personnel within an organization who process the data that has been collected throughout the entire life cycle of the data.
data purging A process renders information unrecoverable against laboratory attacks (forensics). It can be done using a method such as degaussing to make the old data unavailable even with forensics.
data quality The fitness of data for use.
data sensitivity A measure of how freely data can be handled.
data structure The logical relationship between elements of data. It describes the extent to which elements, methods of access, and processing alternatives are associated and the organization of data elements.
data warehouse A repository of information from heterogeneous databases.
data warehousing A process of combining data from multiple databases or data sources in a central location called a warehouse. The warehouse is used to carry out analysis. The data is not simply combined but is processed and presented in a more useful and understandable way.
database locks Used when one user is accessing a record that prevents another user from accessing the record at the same time to prevent edits until the first user is finished.
database views The given set of data that a user or group of users can see when they access the database.
DCOM See Distributed Component Object Model (DCOM).
DDoS attack See distributed denial-of-service (DDoS) attack.
decentralized access control An access control type in which personnel closest to the resources, such as department managers and data owners, oversee the access control for individual resources.
decoding The process of changing an encoded message back into its original format.
decryption The process of converting data from ciphertext to plaintext. Also referred to as deciphering.
default security posture The default security posture that is used by an organization. An allow-by-default posture permits access to any data unless a need exists to restrict access. A deny-by-default posture is much stricter because it denies any access that is not explicitly permitted.
defense in depth A security approach that refers to deploying layers of protection.
degree The number of columns in a table.
deluge extinguisher A fire extinguisher that allows large amounts of water to be released into a room, which is not a good choice for where computing equipment is located.
demilitarized zone (DMZ) A network where systems are placed that will be accessed regularly from the untrusted network.
demultiplexer A device that takes a single input signal that carries many channels and separates them into multiple output signals.
deprovisioning The act of removing or disabling an access account.
DES See Digital Encryption Standard (DES).
DES-X A variant of DES that uses multiple 64-bit keys in addition to the 56-bit DES key. The first 64-bit key is XORed to the plaintext, which is then encrypted with DES. The second 64-bit key is XORed to the resulting cipher.
detective control A security control that detects an attack while it is occurring to alert appropriate personnel.
deterrent control A security control that deters potential attacks.
device authentication A form of authentication that relies on the identity of the device as part of the authentication process.
DHCP See Dynamic Host Configuration Protocol (DHCP).
dial-up connection A communication connection that uses the PSTN. If it is initiated over an analog phone line, it requires a modem that converts the digital data to analog on the sending end and a modem on the receiving end to convert it back to digital.
Dictionary attack A type of password attack where attackers use a dictionary of common words to discover passwords.
differential backup A backup in which all files that have been changed since the last full backup are backed up and the archive bit for each file is not cleared.
diffusion The process of changing the location of the plaintext within the ciphertext. Diffusion is often carried out using transposition.
digital Signaling used in most computer transmissions, which has only two possible values: on and off.
digital certificate An electronic document that identifies the certificate holder.
Digital Encryption Standard (DES) A symmetric algorithm that uses a 64-bit key, 8 bits of which are used for parity. The effective key length for DES is 56 bits. DES divides the message into 64-bit blocks. Sixteen rounds of transposition and substitution are performed on each block, resulting in a 64-bit block of ciphertext.
digital rights management An approach used by hardware manufacturers, publishers, copyright holders, and individuals to control the use of digital content. It often also involves device controls.
digital signature A method of providing sender authentication and message integrity. The message acts as an input to a hash function, and the sender’s private key encrypts the hash value. The receiver can perform a hash computation on the received message to determine the validity of the message.
Digital Signature Standard (DSS) A federal digital security standard that governs the Digital Security Algorithm (DSA).
Digital Subscriber Line (DSL) A broadband transmission option that provides a high-speed connection from a home or small office to the ISP. While it uses the existing phone lines, it is an always-on connection.
direct evidence Evidence that proves or disproves a fact through oral testimony, based on information gathered through the witness’s senses.
Direct Sequence Spread Spectrum (DSSS) One of two modulation technologies (along with FSSS) that were a part of the original 802.11 standard.
directive control A security control that specifies an acceptable practice within an organization.
disaster A suddenly occurring event that has a long-term negative impact on life.
disaster recovery plan (DRP) An information system–focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.
discretionary access control (DAC) An access control model in which the owner of the object specifies which subjects can access the resource.
disk imaging The process of creating an exact image of the contents of a hard drive.
disruption Any unplanned event that results in the temporary interruption of any organizational asset, including processes, functions, and devices.
distance vector protocols Routing protocols that share their entire routing table with their neighboring routers on a schedule, thereby creating the most traffic of the three categories. They also use a metric called hop count, which is simply the number of routers traversed to get to a network.
Distributed Component Object Model (DCOM) A model for communication between processes in different parts of a network.
distributed denial-of-service (DDoS) attack A DoS attack in which the perpetrator enlists the aid of other machines.
Distributed Network Protocol version 3 (DNP3) A multi-layer protocol that is used between components in process automation systems of electric and water companies. It was developed for communications between various types of data acquisition and control equipment. It works in a master/slave mode using port 19999 when using TLS and port 20000 when not using TLS.
distributed object-oriented systems Systems whose components must be able to both locate each other and communicate on a network. When an application operates in a client/server framework, as many do, the solution is performing distributed computing.
DLP software See data loss prevention (DLP) software.
DMZ See demilitarized zone (DMZ).
DNP3 See Distributed Network Protocol version 3 (DNP3).
DNS See Domain Name System (DNS).
DNS cache poisoning attack An attack in which the attacker attempts to refresh or update a record when it expires with a different address than the correct address.
DNSSEC See Domain Name System Security Extensions (DNSSEC).
DOCSIS See Data-Over-Cable Service Interface Specifications (DOCSIS).
domain The set of allowable values that an attribute can take.
domain grabbing Registering a domain name of a well-known company before the company itself has the chance to do so.
Domain Name System (DNS) A system that resolves a computer name (or, in the case of the web, a domain name) to an IP address.
Domain Name System Security Extensions (DNSSEC) One of the newer approaches to preventing DNS attacks. Many current implementations of DNS software contain this functionality, which uses digital signatures to validate the source of all messages to ensure that they are not spoofed.
double-blind test A blind test in which the organization’s security team does not know that an attack is coming. Only a few individuals at the organization know about the attack, and they do not share this information with the security team. This test usually requires equal effort for both the testing team and the organization’s security team.
Double-DES A DES version that uses a 112-bit key length.
DRM See digital rights management.
DRP See disaster recovery plan.
dry pipe extinguisher A system in which water is not held in the pipes but in a holding tank. The pipes hold pressurized air, which is reduced when fire is detected, allowing the water to enter the pipe and the sprinklers. This minimizes the chance of an accidental discharge.
DSL See Digital Subscriber Line (DSL).
DSS See Digital Signature Standard (DSS).
DSSS See Direct Sequence Spread Spectrum (DSSS).
dual control A security measure that requires two employees to be available to complete a specific task. This security measure is part of separation of duties.
dual-homed firewall A firewall that has two network interfaces, one pointing to the internal network and another connected to the untrusted network.
due care A legal term that is used when an organization took all reasonable measures to prevent security breaches and also took steps to mitigate damages caused by successful breaches.
due diligence A legal term that is used when an organization investigated all vulnerabilities.
dumpster diving A social engineering attack that occurs when attackers examine garbage contents to obtain confidential information.
durability A property in which, after it’s verified, the transaction is committed and cannot be rolled back.
duress A situation that occurs when an employee is coerced to commit an action by another party. This is a particular concern for high-level management and employees with high security clearances because they have access to extra assets.
Dynamic Host Configuration Protocol (DHCP) A service that can be used to automate the process of assigning an IP configuration to the devices in a network.
dynamic NAT Multiple internal private IP addresses are given access to multiple external public IP addresses. This is a many-to-many mapping.
dynamic packet filtering firewall A firewall that keeps track of the source port and dynamically adds a rule to the list to allow return traffic to that port.
dynamic testing Analyzes software security in the runtime environment. With this testing, the tester should not have access to the application’s source code.
EAP See Extensible Authentication Protocol (EAP).
E-carriers In Europe, a similar technology to T-carrier lines.
ECB See Electronic Code Book (ECB).
Economic Espionage Act of 1996 A U.S. act that affects companies that have trade secrets and any individuals who plan to use encryption technology for criminal activities.
ECPA See Electronic Communications Privacy Act (ECPA) of 1986.
eDiscovery See electronic discovery (eDiscovery).
EF See exposure factor.
egress monitoring Monitoring that occurs when an organization monitors the outbound flow of information from one network to another.
EIGRP See Enhanced IGRP (EIGRP).
electromagnetic interference (EMI) Interference from power lines and other power sources.
electromechanical systems Detection systems that operate by detecting a break in an electrical circuit. For example, the circuit might cross a window or door, and when the window or door is opened, the circuit is broken, setting off an alarm of some sort.
Electronic Code Book (ECB) A version of DES in which 64-bit blocks of data are processed by the algorithm using the key. The ciphertext produced can be padded to ensure that the result is a 64-bit block.
Electronic Communications Privacy Act (ECPA) of 1986 A U.S. act that affects law enforcement and intelligence agencies. It extended government restrictions on wiretaps from telephone calls to include transmissions of electronic data by computer and prohibited access to stored electronic communications.
electronic discovery (eDiscovery) Litigation or government investigations that deal with the exchange of information in electronic format as part of the discovery process.
electronic vaulting Copying files to a backup location as modifications occur in real time.
email spoofing The process of sending an email that appears to come from one source when it really comes from another.
embedded system A piece of software built into a larger piece of software that is in charge of performing some specific function on behalf of the larger system.
emergency lighting Lighting systems with their own power source to use when power is out.
EMI See electromagnetic interference (EMI).
Encapsulating Security Payload (ESP) Part of IPsec that provides data integrity, data origin authentication, protection from replay, and encryption.
encapsulation A process in which information is added to the header at each layer and then a trailer is placed on the packet before transmission.
encoding The process of changing data into another form, using code.
encryption The process of converting data from plaintext to ciphertext. Also referred to as enciphering.
endpoint security A field of security that attempts to protect individual systems in a network by staying in constant contact with these individual systems from a central location.
Enhanced IGRP (EIGRP) A classless Cisco proprietary routing protocol that is considered a hybrid or an advanced distance vector protocol.
enrollment The process of requesting a certificate from the CA.
environmental error An error that causes a system to be vulnerable because of the environment in which it is installed.
EPHI Electronic protected health information. See protected health information.
ESP See Encapsulating Security Payload (ESP).
Ethernet A widely used layer 2 protocol described in the 802.3 standard.
event A change of state that occurs.
exposure A condition that occurs when an organizational asset is exposed to losses.
exposure factor The percent value or functionality of an asset that will be lost when a threat event occurs.
Extensible Authentication Protocol (EAP) Not a single protocol but a framework for port-based access control that uses the same three components as RADIUS.
Extensible Markup Language (XML) The most widely used web language.
external threats Threats from perimeter security or access to a building or room.
extranet A network that is logically separate from an intranet. It is an area where resources that will be accessed from the outside world are made available.
fail safe state Leaving system processes and components in a secure state when a failure occurs or is detected in the system.
fail soft state The termination of selected, non-critical processing when a hardware or software failure occurs.
failover The capacity of a system to switch over to a backup system if a failure in the primary system occurs.
failsoft The capability of a system to terminate non-critical processes when a failure occurs.
false acceptance rate (FAR) A measurement of the percentage of invalid users that will be falsely accepted by the system. This is called a Type II error.
false rejection rate (FRR) A measurement of valid users that will be falsely rejected by a biometric system. This is called a Type I error.
FAR See false acceptance rate (FAR).
fault A momentary power outage.
fault tolerance A concept that includes redundancy but refers to any process that allows a system to continue making information assets available in the case of a failure.
FCoE See Fibre Channel over Ethernet (FCoE).
FDDI See Fiber Distributed Data Interface (FDDI).
FDM See Frequency Division Multiplexing (FDM).
FDMA See Frequency Division Multiple Access (FDMA).
Federal Information Security Management Act (FISMA) of 2002 A U.S. act that affects every federal agency. It requires the federal agencies to develop, document, and implement an agency-wide information security program.
Federal Intelligence Surveillance Act (FISA) of 1978 A U.S. act that affects law enforcement and intelligence agencies. It gives procedures for the physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers” and only applies to traffic within the United States.
Federal Privacy Act of 1974 A U.S. act that affects any computer that contains records used by a federal agency. It provides guidelines collection, maintenance, use, and dissemination of personally identifiable information (PII) about individuals that is maintained in systems of records by federal agencies on collecting, maintaining, using, and distributing PII that is maintained in systems of records by federal agencies.
federated identity A portable identity that can be used across businesses and domains.
federated identity management (FIM) See federated identity services.
federated identity services Identity services that participate in a federated structure with other organizations. Each organization that joins the federation agrees to enforce a common set of policies and standards.
feet of illumination A measurement of lighting.
fetching The process of a CPU getting instructions from memory.
FHSS See Frequency Hopping Spread Spectrum (FHSS).
Fiber Distributed Data Interface (FDDI) A layer 2 protocol that uses a ring topology and a fiber infrastructure.
fiber optic Cabling that uses a source of light that shoots down an inner glass or plastic core.
Fibre Channel over Ethernet (FCoE) A protocol that encapsulates Fibre Channel frames over Ethernet networks, thereby allowing Fibre Channel to use 10 Gigabit Ethernet networks or higher while preserving the Fibre Channel protocol.
Field-Programmable Gate Array (FPGA) A type of programmable logic device (PLD) that is programmed by blowing fuse connections on the chip or using an antifuse that makes a connection when a high voltage is applied to the junction.
File Transfer Protocol (FTP) A protocol used to transfer files from one system to another.
firewall A physical or software device that inspects and controls the type of traffic allowed.
firmware A type of ROM where a program is stored.
first in, first out (FIFO) Backup rotation scheme where the newest backup is saved to the oldest media. Although this is the simplest rotation scheme, it does not protect against data errors.
FISA See Federal Intelligence Surveillance Act (FISA) of 1978.
FISMA See Federal Information Security Management Act (FISMA) of 2002.
flame-actuated sensor An optical device that “looks at” the protected area. It generally reacts faster to a fire than do nonoptical devices.
flash memory A type of electrically programmable ROM.
fluorescent A lighting system that uses a very low-pressure mercury-vapor, gas-discharge lamp with fluorescence to produce visible light.
foreign key An attribute in one relation that has values matching the primary key in another relation. Matches between the foreign key to primary key are important because they represent references from one relation to another and establish the connection among these relations.
FPGA See Field-Programmable Gate Array (FPGA).
fractional T1 A part of a T1.
Frequency Division Multiple Access (FDMA) A modulation technique used in cellular wireless networks.
Frequency Division Multiplexing (FDM) A process used in multiplexing that divides the medium into a series of non-overlapping frequency sub-bands, each of which is used to carry a separate signal.
Frequency Hopping Spread Spectrum (FHSS) One of two technologies (along with DSSS) that were a part of the original 802.11 standard. It is unique in that it changes frequencies or channels every few seconds in a set pattern that both transmitter and receiver know.
FRR See false rejection rate (FRR).
FTP See File Transfer Protocol (FTP).
FTPS FTP that includes added support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
full backup A backup in which all data is backed up and the archive bit for each file is cleared.
full-interruption test A test that involves shutting down the primary facility and bringing the alternate facility up to full operation.
full-knowledge test A test in which the testing team is provided with all available knowledge regarding the organization’s network. This test is focused more on what attacks can be carried out.
fuzz testing A dynamic testing tool that provides input to the software to test the software’s limits and discover flaws. The input provided can be randomly generated by the tool or specially created to test for known vulnerabilities.
gateway A device that performs some sort of translation or acts as a control point to entry and exit.
GLBA See Gramm-Leach-Bliley Act (GLBA) of 1999.
Global System for Mobile Communications (GSM) A standard for digital cellular networks.
Graham-Denning model A security model that deals with the delegation and transfer of rights.
Gramm-Leach-Bliley Act (GLBA) of 1999 A U.S. act that affects all financial institutions, including banks, loan companies, insurance companies, investment companies, and credit card providers. It provides guidelines for securing all financial information and prohibits sharing financial information with third parties.
grandfather/father/son (GFS) Backup rotation scheme where three sets of backups are defined. Most often these three definitions are daily, weekly, and monthly. The daily backups are the sons, the weekly backups are the fathers, and the monthly backups are the grandfathers. Each week, one son advances to the father set. Each month, one father advances to the grandfather set.
gray-box testing The testing team is provided more information than in black-box testing, while not as much as in white-box testing. Gray-box testing has the advantage of being nonintrusive while maintaining the boundary between developer and tester. This term is used to refer to network security tests as well as application tests.
grid computing The process of harnessing the CPU power of multiple physical machines to perform a job.
GSM See Global System for Mobile Communications (GSM).
guideline An information security governance component that gives recommended actions that are much more flexible than standards, thereby providing allowance for circumstances that can occur.
Harrison-Ruzzo-Ullman model A security model that deals with access rights and restricts the set of operations that can be performed on an object to a finite set to ensure integrity.
hash A one-way function that reduces a message to a hash value. If the sender’s hash value is compared to the receiver’s hash value, message integrity is determined. If the resultant hash values are different, then the message has been altered in some way, provided that both the sender and receiver used the same hash function.
hash MAC (HMAC) A keyed-hash MAC that involves a hash function with symmetric key.
HAVAL A one-way function that produces variable-length hash values, including 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits, and uses 1,024-bit blocks.
HDSL See High-Bit-Data-Rate DSL (HDSL).
Health Care and Education Reconciliation Act of 2010 A U.S. law that affects healthcare and educational organizations. It increased some of the security measures that must be taken to protect healthcare information.
Health Insurance Portability and Accountability Act (HIPAA) A U.S. act that affects all healthcare facilities, health insurance companies, and healthcare clearinghouses. It provides standards and procedures for storing, using, and transmitting medical information and healthcare data.
hearsay evidence Evidence that is secondhand, where the witness does not have direct knowledge of the fact asserted but knows it only from being told by someone.
heat-activated sensor A sensor that operates by detecting temperature changes, which can either alert when a predefined temperature is met or alert when the rate of rise is a certain value.
hierarchical database A model in which data is organized into a hierarchy. An object can have one child (an object that is a subset of the parent object), multiple children, or no children.
hierarchical storage management (HSM) system A type of backup management system that provides a continuous online backup by using optical or tape “jukeboxes.”
high availability A level of availability which ensures that data is always available, using redundancy and fault tolerance.
High-Bit-Data-Rate DSL (HDSL) A form of DSL that provides T1 speeds.
high-level languages Languages whose instructions use abstract statements (for example, IF–THEN–ELSE) and are processor independent. They are easy to work with, and their syntax is similar to human language.
High-Speed Serial Interface (HSSI) An interface on both routers and multiplexers that pro-vides a connection to services like Frame Relay and ATM. It operates at speeds up to 52 Mbps.
HIPAA See Health Insurance Portability and Accountability Act (HIPAA).
HITRUST Common Security Framework (CSF) A framework that can be used by all organizations that create, access, store, or exchange sensitive and/or regulated data.
HMAC See hash MAC.
honeynet A network that is configured to be attractive to hackers.
honeypot A system that is configured to be attractive to hackers and lure them into spending time attacking them while information is gathered about the attack.
hot site A leased facility that contains all the resources needed for full operation.
HSM See hierarchical storage management (HSM) system.
HSSI See High-Speed Serial Interface (HSSI).
HTTP See Hypertext Transfer Protocol (HTTP).
HTTP-S See HTTP-Secure (HTTP-S).
HTTP-Secure (HTTP-S) The implementation of HTTP running over the SSL/TLS protocol, which establishes a secure session using the server’s digital certificate.
hub A physical device (layer 1) that functions as a junction point for devices in a star topology. It is considered physical in that it has no intelligence.
human-caused disasters Disasters that occur through human intent or error.
human-caused threats Physical threats due to malicious and careless humans.
hybrid A combination of network topologies, including bus, star, and ring.
hybrid or advanced distance vector protocols Protocols that exhibit characteristics of both distance vector and link state routing protocols.
hybrid cloud Some combination of private and public cloud deployment.
hygrometer An alert system that monitors humidity.
Hypertext Transfer Protocol (HTTP) A protocol that is used to view and transfer web pages or web content.
IaaS See infrastructure as a service (IaaS).
ICMP See Internet Message Control Message Protocol (ICMP).
IDaaS See Identity as a Service (IDaaS).
IDEA See International Data Encryption Algorithm (IDEA).
IDEAL model Model developed by the Software Engineering Institute to provide guidance on software development. Its name is an acronym that stands for the five phases: Initiate, Diagnose, Establish, Act, and Learn.
identification A process in which a user professes an identity to an access control system.
Identity as a Service (IDaaS) A cloud-based service that provides a set of identity and access management functions to target systems on customers’ premises and/or in the cloud.
IGMP See Internet Group Management Protocol (IGMP).
IGP See Interior Gateway Protocol (IGP).
IKE See Internet Key Exchange (IKE).
IMAP See Internet Message Access Protocol (IMAP).
implied addressing A type of memory addressing that refers to registers usually contained inside the CPU.
incident A series of events that negatively impact an organization’s operations and security.
incidental computer crime A computer crime that occurs in which the computer is not the victim of the attack or the attacker.
Incremental A refinement to the basic Waterfall model, which states that software should be developed in increments of functional capability.
incremental backup A backup in which all files that have been changed since the last full or incremental backup are backed up and the archive bit for each file is cleared.
indirect addressing A type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location.
inference A process that occurs when someone has access to information at one level that allows them to infer information about another level.
information assets Recipes, processes, trade secrets, product plans, and any other type of information that enables the enterprise to maintain competitiveness within its industry.
information flow model A model that focuses on controlling flows that relate two versions of the same object.
information security continuous monitoring (ISCM) A program that involves maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
information system contingency plan (ISCP) Provides established procedures for the assessment and recovery of a system following a system disruption.
Information Technology Security Evaluation Criteria (ITSEC) A model that addresses integrity and availability as well as confidentiality.
Infrared A short-distance wireless process that uses light, in this case infrared light, rather than radio waves.
infrastructure as a service (IaaS) A cloud computing service that involves the vendor providing the hardware platform or data center and the company installing and managing its own operating systems and application systems. The vendor simply provides access to the data center and maintains that access.
Infrastructure mode A mode in which all transmissions between stations go through the AP, and no direct communication between stations occurs.
input validation A process whereby input is checked for format and length before it is used.
intangible assets Assets such as intellectual property, data, and organizational reputation that are vital and hold value to a company but cannot be touched.
Integrated Services Digital Network (ISDN) Sometimes referred to as digital dial-up, a communications method that is now only used as a backup connection.
integrity A characteristic provided if you can be assured that the data has not changed in any way. The tenet of the CIA triad that ensures that data is accurate and reliable.
interface testing Evaluates whether an application’s systems or components correctly pass data and control to one another. It verifies whether module interactions are working properly and errors are handled correctly.
Interior Gateway Protocol (IGP) An obsolete classful Cisco proprietary routing protocol.
intermediate system to intermediate system (IS-IS) A complex interior routing protocol that is based on OSI protocols rather than IP.
internal threats Threats from those who might have some access to the room or building.
International Data Encryption Algorithm (IDEA) A block cipher that uses 64-bit blocks, which are divided into 16 smaller blocks. It uses a 128-bit key and performs eight rounds of transformations on each of the 16 smaller blocks.
International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) See ISO/IEC 27000.
Internet Control Message Protocol (ICMP) A protocol used by network devices to send a message regarding the success or failure of communications and used by humans for troubleshooting. When you use the programs PING or TRACEROUTE, you are using ICMP.
Internet Group Management Protocol (IGMP) A protocol used for multicasting, which is a form of communication whereby one host sends to a group of destination hosts rather than a single host (called a unicast transmission) or to all hosts (called a broadcast transmission).
Internet Key Exchange (IKE) A key exchange method that provides the authenticated material used to create the keys exchanged by ISAKMP used to perform peer authentication. Also sometimes referred to as IPsec Key Exchange.
Internet Message Access Protocol (IMAP) An Application layer protocol for email retrieval.
Internet Protocol (IP) A protocol that is responsible for putting the source and destination IP addresses in the packet and for routing the packet to its destination.
Internet Protocol Security (IPsec) A suite of protocols that establishes a secure channel between two devices. It can provide encryption, data integrity, and system-based authentication, which makes it a flexible option for protecting transmissions.
Internet Security Association and Key Management Protocol (ISAKMP) A protocol that handles the creation of a security association for the session and the exchange of keys.
Internet Small Computer System Interface (iSCSI) A technology that allows SCSI commands to be sent end-to-end over LANs, WANs, or the Internet over TCP.
Internet of Things (IoT) A system of interrelated computing devices, mechanical and digital machines, and objects that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.
interrupt A signal used by an in/out device when it requires the CPU to perform some action.
intranet The internal network of an enterprise.
IoT See Internet of Things.
IP See Internet Protocol (IP).
IP address spoofing A technique hackers use to hide their trail or to masquerade as another computer in which they alter the IP address as it appears in the packet.
IP convergence Involves carrying different types of traffic over one network. The traffic includes voice, video, data, and images. It is based on the Internet Protocol (IP) and supports multimedia applications.
IPsec See Internet Protocol Security (IPsec).
IS-IS See intermediate system to intermediate system (IS-IS).
ISAKMP See Internet Security Association and Key Management Protocol (ISAKMP).
ISCM See information security continuous monitoring (ISCM).
ISCP See information system contingency plan.
iSCSI See Internet Small Computer System Interface.
ISDN See Integrated Services Digital Network (ISDN).
ISO/IEC 27000 Standards that provide guidance to organizations on integrating security into the development and maintenance of software applications. These standards are part of a series that establishes information security standards and is published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
isolation A situation in which transactions do not interact with other transactions until completion.
issue-specific security policy A security policy that addresses specific security issues.
ITSEC See Information Technology Security Evaluation Criteria (ITSEC).
JAD See Joint Analysis Development (JAD) model.
Java applet A small component created using Java that runs in a web browser. It is platform independent and creates intermediate code called byte code that is not processor specific.
Java Database Connectivity (JDBC) An API that makes it possible for Java applications to communicate with a database.
Java Platform, Enterprise Edition (J2EE) A distributed component model that relies on the Java programming language. It is a framework used to develop software that provides APIs for networking services and uses an interprocess communication process that is based on CORBA.
JDBC See Java Database Connectivity (JDBC).
job rotation A security measure that ensures that more than one person fulfills the job tasks of a single position within an organization. Refers to training of multiple users to perform the duties of a position to help prevent fraud by any individual employee.
Joint Analysis Development (JAD) model Also called the Joint Application Development (JAD), a development model that uses a team approach to both agree on requirements and to resolve differences. The theory is that by bringing all parties together at all stages, a more satisfying product will emerge at the end of the process.
Kennedy-Kassebaum Act See Health Insurance Portability and Accountability Act (HIPAA).
Kerberos An authentication protocol that uses a client/server model developed by MIT’s Project Athena. It is the default authentication model in the recent editions of Windows Server and is also used in Apple, Sun, and Linux operating systems.
kernel proxy firewall An example of a fifth-generation firewall that inspects a packet at every layer of the OSI model but does not introduce the performance hit that an Application layer firewall will because it does this at the kernel layer.
key A parameter that controls the transformation of plaintext into ciphertext or vice versa. Determining the original plaintext data without the key is impossible. Also referred to as a cryptovariable.
key clustering The process that occurs when different encryption keys generate the same ciphertext from the same plaintext message.
keyspace All the possible key values when using a particular algorithm or other security measure. A 40-bit key would have 240 possible values, whereas a 128-bit key would have 2,128 possible values.
knowledge factors Factors that are something a person knows.
known plaintext attack An attack that occurs when an attacker uses the plaintext and ciphertext versions of a message to discover the key used.
L2TP See Layer 2 Tunneling Protocol (L2TP).
Label Distribution Protocol (LDP) Allows routers capable of Multiprotocol Label Switching (MPLS) to exchange label mapping information.
laminated glass Two sheets of glass with a plastic film between that makes it more difficult to break.
LAN See local area network (LAN).
Layer 2 Tunneling Protocol (L2TP) A protocol that operates at layer 2 of the OSI model. It can use various authentication mechanisms like PPTP can, but it does not provide any encryption. It is typically used with IPsec, a very strong encryption mechanism.
layer 3 switch A switch that has routing functionality also built in.
layer 4 switch A switch that provides additional routing above layer 3 by using the port numbers found in the Transport layer header to make routing decisions.
layered defense model A model in which reliance is not based on any single physical security concept but on the use of multiple approaches that support one another.
LDAP See Lightweight Directory Access Protocol (LDAP).
least privilege A security principle which requires that a user or process is given only the minimum access privilege needed to perform a particular task. Also known as need to know.
liability The status of being legally responsible to another entity because of your actions or negligence.
Lightweight Directory Access Protocol (LDAP) A directory access protocol (DAP) that is based on X.500’s DAP and is simpler than X.500.
link state protocol A routing protocol that only shares network changes (link outages and recoveries) with neighbors, thereby greatly reducing the amount of traffic generated. This type of protocol also uses a sophisticated metric that is based on many factors, such as the bandwidth of each link on the path and the congestion on each link.
Lipner model A security model that shares characteristics with the Clark-Wilson model in that it separates objects into data and programs.
local area network (LAN) A group of systems that are connected with a fast network connection. For purposes of this discussion, that is any connection over 10 Mbps and usually in a single location.
location factors Factors for authenticating a user based on the location from which the user is authenticating.
log A recording of events that occur on an organizational asset, including systems, networks, devices, and facilities. Each entry in a log covers a single event that occurs on the asset.
log review An important practice to ensure that issues are detected before they become major problems. Computer security logs are particularly important because they can help an organization identify security incidents, policy violations, and fraud.
logic bomb A type of malware that executes when an event takes place.
logical control Software or hardware components used to restrict access.
LonWorks/LonTalk3 A peer-to-peer industrial control system protocol that uses port 1679.
MAC See mandatory access control (MAC).
MAC address See media access control (MAC) address.
machine languages Languages that deliver instructions directly to the processor.
macro viruses Viruses that infect programs written in Word, Basic, Visual Basic, or VBScript that are used to automate functions. These viruses infect Microsoft Office files and are easy to create because the underlying language is simple and intuitive to apply. These viruses are especially dangerous in that they infect the operating system itself. They also can be transported between different operating systems as the languages are platform independent.
maintenance hook A set of instructions built into code that allows for one who knows about the “back door” to use the instructions to connect to view and edit the code without using the normal access controls.
malware Any software that harms a computer, deletes data, or takes actions the user did not authorize.
MAN See metropolitan area network (MAN).
management control See administrative control.
mandatory access control (MAC) An access control model in which subject authorization is based on security labels.
mantrap A series of two doors with a small room between them.
matrix-based model A security model that organizes tables of subjects and objects indicating what actions individual subjects can take upon individual objects.
MD2 A message digest algorithm that produces a 128-bit hash value and performs 18 rounds of computations.
MD4 A message digest algorithm that produces a 128-bit hash value and performs only 3 rounds of computations.
MD5 A message digest algorithm that produces a 128-bit hash value and performs 4 rounds of computations.
MD6 A message digest algorithm that produces a variable hash value, performing a variable number of computations.
mean time between failure (MTBF) The estimated amount of time a device will operate before a failure occurs. Describes how often a component fails on average.
mean time to repair (MTTR) The average time required to repair a single resource or function when a disaster or disruption occurs. Describes the average amount of time it will take to get a device fixed and back online.
means How a crime was carried out by a suspect.
media access control (MAC) address In Ethernet, a physical 48-bit address expressed in hexadecimal that is permanently assigned to a device.
mercury vapor A lighting system that uses an electric arc through vaporized mercury to produce light.
mesh topology The most fault tolerant and the most expensive network topology to deploy. In it, all devices are connected to all other devices.
Metro Ethernet The use of Ethernet technology over a wide area.
metropolitan area network (MAN) A type of LAN that encompasses a large area such as the downtown of a city.
MIMO See multiple input, multiple output (MIMO).
misuse case testing A type of testing that tests an application to ensure that the application can handle invalid input or unexpected behavior. Also known as negative testing.
mixed law A type of law that combines two or more of the other law types. The most often mixed law uses civil law and common law.
mobile code Instructions passed across a network and executed on a remote system. A code type that can be transferred across a network and then executed on a remote system or device.
Mobile IPv6 (MIPv6) An enhanced protocol supporting roaming for a mobile node, so that it can move from one network to another without losing IP-layer connectivity (as defined in RFC 3775).
Modbus A master/slave industrial control system protocol that uses port 50.
mono-alphabetic substation cipher A cipher that uses only one alphabet.
motive Why a crime was committed and who committed the crime. MOM stands for motive, opportunity, and means.
movable lighting Lighting that can be repositioned as needed.
MPLS See Multiprotocol Label Switching (MPLS).
MTBF See mean time between failure (MTBF).
MTD See maximum tolerable downtime.
MTTR See mean time to repair (MTTR).
MU MIMO See multi-user multiple input, multiple output (MU MIMO).
multicast A signal received by all others in a multicast group. It is considered one-to-many.
multi-factor authentication An authentication type that includes two or more types of authentication factors. Adding more factor types increases the security of authentication.
multilevel lattice model A model developed mainly to deal with confidentiality issues that focuses mainly on information flow.
multi-mode Fiber optic cable that uses several beams of light at the same time and uses LEDs as a light source.
multipartite virus A virus that can infect both program files and boot sectors.
multiple input, multiple output (MIMO) Using multiple antennas, which allow for up to four spatial streams at a time.
multiplexer A physical (layer 1) device that combines several input information signals into one output signal, which carries several communication channels, by means of some multiplex technique.
Multiprotocol Label Switching (MPLS) A protocol that routes data from one node to the next based on short-path labels rather than long network addresses, avoiding complex lookups in a routing table. It includes the ability to control how and where traffic is routed, delivers data transport services across the same network, and improves network resiliency through MPLS Fast Reroute.
multitasking The process of carrying out more than one task at a time.
multithreading A feature that allows multiple tasks to be performed within a single process.
multi-user multiple input, multiple output (MU MIMO) A set of MIMO technologies for wireless communication in which users or wireless access points, each with one or more antennas, communicate with each other.
NAS See network-attached storage (NAS) or network access server (NAS).
NAT See network address translation (NAT).
natural access control A concept that applies to the entrances of the facility and encompasses the placement of the doors, lights, fences, and even landscaping. It aims to satisfy security goals in the least obtrusive and aesthetically appealing manner.
natural languages Languages whose goal is to create software that can solve problems on its own rather than require a programmer to create code to deal with the problem. Although it’s not fully realized, it is a goal worth pursuing using knowledge-based processing and artificial intelligence.
natural surveillance The use of physical environmental features to promote visibility of all areas and thus discourage crime in those areas. The idea is to encourage the flow of people such that the largest possible percentage of the building is always populated, because people in an area discourage crime.
natural territorials reinforcement Creating a feeling of community in an area by extending the sense of ownership to the employees.
natural threats Physical threats that must be addressed and mitigated that are caused by the forces of nature.
near field communication (NFC) A set of communication protocols that allow two electronic devices, one of which is usually a mobile device, to establish communication by bringing them within 2 inches of each other.
need to know The concept that users should only be given access to resources required to do their job. It defines what the actual minimum privileges for each job or business function are.
negative testing See misuse case testing.
network access control (NAC) A service that goes beyond authentication of the user and includes an examination of the state of the computer the user is introducing to the network when making a remote access or VPN connection to the network.
network access server (NAS) A device that controls access to a network.
network address translation (NAT) A service that changes a private IP address to a public address that is routable on the Internet. When the response is returned from the web, the NAT service receives it and translates the address back to the original private IP address and sends it back to the originator.
network discovery scan Examines a range of IP addresses to determine which ports are open. This type of scan only shows a list of systems on the network and the ports in use on the network.
Network layer (layer 3) The OSI reference model layer in which information required to route a packet is added in the form of a source and destination logical address.
network-attached storage (NAS) A form of network storage that uses the existing LAN network for access using file access protocols such as NFS or SMB.
network vulnerability scan Probes a targeted system or network to identify vulnerabilities. It is a more complex scan of the network than a network discovery scan.
NIST SP 800-92 A guide to computer security log management.
NIST SP 800-137 A guide to information security continuous monitoring (ISCM) for federal information systems and organizations.
noise Interference than can be introduced to the cable that causes problems.
nonce A random number that is used only once and acts as a placeholder variable in functions.
noninterference model A model less concerned with the flow of information than with a subject’s knowledge of the state of the system at a point in time; it concentrates on preventing the actions that take place at one level from altering the state presented to another level.
non-repudiation The assurance that a user cannot deny an action.
nonvolatile memory Long-term persistent storage that remains even when the device shuts down.
null cipher See concealment cipher.
object A resource that a user or process wants to access.
object linking and embedding (OLE) A method for sharing objects on a local computer that uses COM as its foundation.
object linking and embedding database (OLE DB) A replacement for ODBC that extends the functionality of ODBC to non-relational databases.
object-oriented database (OODB) A model that has the ability to handle a variety of data types and is more dynamic than a relational database. OODB systems are useful in storing and manipulating complex data, such as images and graphics.
object-oriented programming (OOP) A type of programming in which objects are organized in a hierarchy in classes with characteristics called attributes attached to each. OOP emphasizes the employment of objects and methods rather than types or transformations as in other software approaches.
object-relational database A model that is a marriage of object-oriented and relational technologies, combining the attributes of both.
occupant emergency plan (OEP) A plan that outlines first-response procedures for occupants of a facility in the event of a threat or incident to the health and safety of personnel, the environment, or property.
OCSP See Online Certificate Status Protocol (OCSP).
ODBC See open database connectivity (ODBC).
OEP See occupant emergency plan.
OFB See Output Feedback (OFB).
OFDM See Orthogonal Frequency Division Multiplexing (OFDM).
OLE See object linking and embedding (OLE).
OLE DB See object linking and embedding database (OLE DB).
OLTP ACID test A test in which an Online Transaction Processing system is used to monitor for problems such as processes that stop functioning. Its main goal is to prevent transactions that don’t happen properly or are not complete from taking effect. An ACID test ensures that each transaction has certain properties before it is committed.
on-premises identity services Identity services provided within an enterprise.
one-time pad The most secure encryption scheme that can be used. It works like a running cipher in that the key value is added to the value of the letters. However, it uses a key that is the same length as the plaintext message.
one-way function A mathematical function that can be more easily performed in one direction than in the other.
Online Certificate Status Protocol (OCSP) An Internet protocol that obtains the revocation status of an X.509 digital certificate.
Online Transaction Processing system See OLTP ACID test.
OODB See object-oriented database (OODB).
OOP See object-oriented programming (OOP).
open database connectivity (ODBC) An API that allows communication with databases either locally or remotely.
Open Shortest Path First (OSPF) A standards-based link state protocol.
open system A system that conforms to industry standards and can work with systems that support the same standard.
Open Systems Interconnection (OSI) model A model created in the 1980s by the International Organization for Standardization (ISO) as a part of its mission to create a protocol set to be used as a standard for all vendors.
Open Web Application Security Project (OWASP) An open source application security project. This group creates guidelines, testing procedures, and tools to assist with web security. A group that monitors attacks, specifically web attacks. OWASP maintains a list of top 10 attacks on an ongoing basis.
operating system fingerprinting The process of using some method to determine the operating system running on a host or a server.
operations investigation An investigation into an event or incident that does not result in any criminal, civil, or regulatory issue.
operations security The activities that support continual maintenance of the security of a system on a daily basis.
opinion evidence Evidence that is based on what the witness thinks, feels, or infers regarding the facts.
opportunity Where and when a crime occurred.
Orange Book A collection of criteria based on the Bell-LaPadula model that is used to grade or rate the security offered by a computer system product.
organizational security policy The highest level security policy adopted by an organization that outlines security goals.
Orthogonal Frequency Division Multiplexing (OFDM) A more advanced technique of modulation in which a large number of closely spaced orthogonal subcarrier signals are used to carry the data on several parallel data streams. It is used in 802.11a, 802.11ac, and 802.11g and makes speed up to 54 Mbps possible.
OSI See Open Systems Interconnection (OSI) model.
OSPF See Open Shortest Path First (OSPF).
Output Feedback (OFB) A DES mode that works with 8-bit (or smaller) blocks that uses a combination of stream ciphering and block ciphering. However, OFB uses the previous keystream with the key to create the next keystream.
OWASP See Open Web Application Security Project (OWASP).
ownership factors Factors that are something a person possesses, such as a password.
PaaS See platform as a service (PaaS).
packet filtering firewall A firewall that only inspects the header of a packet for allowed IP addresses or port numbers.
packet-switching network A network that groups all transmitted data blocks, called packets. Each packet is treated individually with respect to routing.
PAP See Password Authentication Protocol (PAP).
parallel test A test that involves bringing a recovery site to a state of operational readiness but maintaining operations at the primary site.
parasitic virus A virus that attaches itself to a file, usually an executable file, and then delivers the payload when the program is used.
partial-knowledge test A test in which the testing team is provided with public knowledge regarding the organization’s network. Boundaries might be set for this type of test.
passive infrared (PIR) system A detection system that operates by identifying changes in heat waves in an area.
passive vulnerability scanner (PVS) Monitors network traffic at the packet layer to determine topology, services, and vulnerabilities.
Password Authentication Protocol (PAP) A protocol that provides authentication but in which credentials are sent in cleartext and can be read with a sniffer.
password masking A measure that prevents a password from being learned through shoulder surfing by obscuring the characters entered except for the last one.
PAT See port address translation (PAT).
patch panel A panel that operates at the Physical layer of the OSI model and simply functions as a central termination point for all the cables running through the walls from wall outlets, which in turn are connected to computers with cables.
patent An intellectual property type that covers an invention described in a patent application and is granted to an individual or company.
Payment Card Industry Data Security Standard (PCI DSS) Applies to all entities that store, process, and/or transmit cardholder data. It covers technical and operational system components included in or connected to cardholder data. If an organization accepts or processes payment cards, then PCI DSS applies to that organization.
PBX See private branch exchange (PBX).
peer-to-peer computing A client/server solution in which any platform may act as a client or server or both.
penetration test A test that simulates an attack to identify any risks that can stem from the vulnerabilities of a system or device.
permutation See transposition.
personal area network (PAN) Includes devices, such as computers, telephones, tablets, and mobile phones, that are in close proximity with one another. PANs are usually implemented using Bluetooth, Z-Wave, Zigbee, and Infrared Data Association (IrDA).
Personal Information Protection and Electronic Documents Act (PIPEDA) An act from Canada that affects how private sector organizations collect, use, and disclose personal information in the course of commercial business. The act was written to address European Union concerns over the security of PII.
personally identifiable information (PII) Any piece of data that can be used alone or with other information to identify a single person.
pharming A social engineering attack, similar to phishing, that actually pollutes the contents of a computer’s DNS cache so that requests to a legitimate site are actually routed to an alternate site.
PHI See protected health information.
phishing A social engineering attack in which attackers try to obtain personal information, including credit card information and financial data. For example, an attack where a recipient is convinced to click on a link in an email that appears to go to a trusted site but in fact goes to the hacker’s site.
phone cloning A process in which copies of a SIM chip are made, allowing another user to make calls as the original user.
photometric system A detection system that operates by detecting changes in light and thus is used in windowless areas. It sends a beam of light across the area, and if the beam is interrupted (by a person, for example), the alarm is triggered.
physical assets Assets that can be touched, including equipment or computers.
physical control A security control, such as a guard, that protects an organization’s facilities and personnel.
Physical layer (layer 1) The OSI reference model layer responsible for turning the information into bits (ones and zeros) and sending it out on the medium.
PII See personally identifiable information (PII).
ping of death attack An attack that involves sending several oversized packets, which can cause the victim’s system to be unstable at the least and possibly freeze up.
ping scanning An attack that basically pings every IP address and keeps track of which IP addresses respond to the ping.
PIPEDA See Personal Information Protection and Electronic Documents Act (PIPEDA).
pipelined processor A processor that overlaps the steps of different instructions, as opposed to a scalar processor, which executes one instruction at a time.
plaintext A message in its original format. Also referred to as cleartext.
platform as a service (PaaS) A cloud computing service that involves the vendor providing the hardware platform or data center and the software running on the platform. The company is still involved in managing the system.
Point-to-Point Protocol (PPP) A layer 2 protocol that performs framing and encapsulation of data across point-to-point connections.
Point-to-Point Tunneling Protocol (PPTP) A Microsoft protocol based on PPP. It uses built-in Microsoft Point-to-Point encryption and can use a number of authentication methods, including CHAP, MS-CHAP, and EAP-TLS.
policy An information security governance component that outlines goals but does not give any specific ways to accomplish the stated goals.
polling Contention method where a primary device polls each other device to see whether it needs to transmit.
polyalphabetic substation cipher A cipher that uses multiple alphabets.
polyinstantiation A process used to prevent data inference violations. It does this by enabling a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. It prevents low-level database users from inferring the existence of higher level data. The development of a detailed version of an object from another object using different values in the new object.
polymorphic virus A virus that makes copies of itself and then makes changes to those copies. It does this in hopes of avoiding detection by antivirus software.
polymorphism The ability of different objects with a common name to react to the same message or input with different output.
POP See Post Office Protocol (POP).
Port Address Translation (PAT) A specific version of NAT that uses a single public IP address to represent multiple private IP addresses.
port isolation A private VLAN that is only for accessing a guest system.
port scan An attack that basically pings every address and port number combination and keeps track of which ports are open on each device as the pings are answered by open ports with listening services and not answered by closed ports.
Post Office Protocol (POP) An Application layer email retrieval protocol.
POTS (Plain Old Telephone Service) See public switched telephone network (PSTN).
power conditioner A device that goes between a wall outlet and an electronic device and smooths out the fluctuations of power delivered to the electronic device, protecting against sags and surges.
PPP See Point-to-Point Protocol (PPP).
PPTP See Point-to-Point Tunneling Protocol (PPTP).
preaction extinguisher An extinguisher that operates like a dry pipe system except that the sprinkler head holds a thermal-fusible link that must be melted before the water is released. This is currently the recommended system for a computer room.
Presentation layer (layer 6) The OSI reference model layer responsible for the manner in which the data from the Application layer is represented (or presented) to the Application layer on the destination device. If any translation between formats is required, this layer takes care of it.
preventive control A security control that prevents an attack from occurring.
PRI ISDN See Primary Rate ISDN (PRI).
Primary Rate ISDN (PRI) A solution that provides up to 23 B channels and a D channel for a total of 1.544 Mbps.
private branch exchange (PBX) A private telephone switch that resides on a customer’s premises. It has a direct connection to the telecommunication provider’s switch and performs call routing within the internal phone system.
private cloud A cloud deployment solution owned and managed by one company solely for that company’s use.
private IP addresses Three ranges of IPv4 addresses set aside to be used only within private networks and not on the Internet.
private key encryption See symmetric encryption.
privilege creep See access aggregation.
privilege escalation The process of exploiting a bug or weakness in an operating system to allow users to receive privileges to which they are not entitled.
procedure An information security governance component that includes all the detailed actions that personnel are required to follow.
process A set of actions, steps, or threads that are part of the same larger piece of work done for a specific application or to achieve a particular end.
protected health information (PHI) Any individually identifiable health information.
prototyping Using a sample of code to explore a specific approach to solving a problem before investing extensive time and money in the approach.
provisioning The act of creating an access account.
provisioning life cycle A formal process for creating, changing, and removing users.
proximity authentication device A programmable card used to deliver an access code to the device either by swiping the card or in some cases just being in the vicinity of the reader.
proxy firewall A firewall that creates a web connection between systems on their behalf typically lets the systems allow and disallow traffic on a more granular basis. Proxy firewalls actually stand between each connection from the outside to the inside and make the connection on behalf of the endpoints.
PSTN See public switched telephone network (PSTN).
public cloud A cloud deployment solution provided by a third party that offloads the details to that third party but gives up some control and can introduce security issues.
public key encryption See asymmetric encryption.
public switched telephone network (PSTN) Also referred to as the Plain Old Telephone Service (POTS), the circuit-switched network that has been used for analog phone service for years and is now mostly a digital operation.
QoS See quality of service (QoS).
qualitative risk analysis A method of analyzing risk whereby intuition, experience, and best practice techniques are used to determine risk.
quality of service (QoS) A technology that manages network resources to ensure a predefined level of service. It assigns traffic priorities to the different types of traffic on a network.
quantitative risk analysis A risk analysis method that assigns monetary and numeric values to all facets of the risk analysis process, including asset value, threat frequency, vulnerability severity, impact, safeguard costs, and so on.
quartz lamp A lamp consisting of an ultraviolet light source, such as mercury vapor, contained in a fused-silica bulb that transmits ultraviolet light with little absorption.
RA See registration authority (RA).
RAD See Rapid Application Development (RAD).
radio frequency interference (RFI) Interference from radio sources in the area.
RADIUS See Remote Access Dial-In User Service (RADIUS).
RAID 0 Also called disk striping, a method that writes the data across multiple drives but while it improves performance, it does not provide fault tolerance.
RAID 1 Also called disk mirroring, a method that uses two disks and writes a copy of the data to both disks, providing fault tolerance in the case of a single drive failure.
RAID 2 A system in which the data is striped across all drives at the bit level and uses a hamming code for error detection. Hamming codes can detect up to two-bit errors or correct one-bit errors without detection of uncorrected errors.
RAID 3 A method that requires at least three drives. The data is written across all drives like striping and then parity information is written to a single dedicated drive; the parity information is used to regenerate the data in the case of a single drive failure.
RAID 5 A method that requires at least three drives. The data is written across all drives like striping and then parity information is spread across all drives as well. The parity information is used to regenerate the data in the case of a single drive failure.
RAID 7 While not a standard but a proprietary implementation, a system that incorporates the same principles as RAID 5 but enables the drive array to continue to operate if any disk or any path to any disk fails. The multiple disks in the array operate as a single virtual disk.
RAID 10 Also called disk striping with mirroring, a method that requires at least four drives and is a combination of RAID 0 and RAID 1. First, a RAID 1 volume is created by mirroring two drives together. Then a RAID 0 stripe set is created on each mirrored pair.
rainbow table attack An attack in which comparisons are used against known hash values. However, in a rainbow attack, a rainbow table is used that contains the cryptographic hashes of passwords.
ransomware Malware that prevents or limits user access to their system or device. Usually it forces victims to pay the ransom for the return of system access.
Rapid Application Development (RAD) A development model in which less time is spent up front on design, while emphasis is placed on rapidly producing prototypes, with the assumption that crucial knowledge can be gained only through trial and error.
RBAC See role-based access control (RBAC).
RC4 A stream cipher that uses a variable key size of 40 to 2,048 bits and up to 256 rounds of transformation.
RC5 A block cipher that uses a key size of up to 2,048 bits and up to 255 rounds of transformation. Block sizes supported are 32, 64, or 128 bits.
RC6 A block cipher based on RC5 that uses the same key size, rounds, and block size.
RC7 A block cipher based on RC6 that uses the same key size and rounds but has a block size of 256 bits. In addition, it uses six working registers instead of four. As a result, it is much faster than RC6.
read-through test A test that involves the teams that are part of any recovery plan. These teams read through the plan that has been developed and attempt to identify any inaccuracies or omissions in the plan.
real user monitoring (RUM) A type of passive monitoring that captures and analyzes every transaction of every application or website user.
reciprocal agreement An agreement between two organizations that have similar technological needs and infrastructures.
record A collection of related data items.
recovery control A security control that recovers a system or device after an attack has occurred.
recovery point objective The point in time to which the disrupted resource or function must be returned.
recovery time objective The shortest time period after a disaster or disruptive event within which a resource or function must be restored to avoid unacceptable consequences.
Red Book A collection of criteria based on the Bell-LaPadula model that addresses network security.
redundancy Refers to providing multiple instances of either a physical or logical component such that a second component is available if the first fails.
redundant site A site that is configured identically to the primary site.
reference monitor A system component that enforces access controls on an object.
referential integrity A characteristic which requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for its primary key.
registration authority The entity in a PKI that verifies the requestor’s identity and registers the requestor.
regulatory investigation An investigation that occurs when a regulatory body investigates an organization for a regulatory infraction.
regulatory law See administrative law.
regulatory security policy A security policy that addresses specific industry regulations, including mandatory standards.
relation A fundamental entity in a relational database in the form of a table.
relational database A database that uses attributes (columns) and tuples (rows) to organize the data in two-dimensional tables.
reliability The ability of a function or system to consistently perform according to specifications.
religious law A type of law based on religious beliefs.
remanence Any data left after the media has been erased.
remote access Allows users to access an organization’s resources from a remote connection. These remote connections can be direct dial-in connections but more commonly use the Internet as the network over which the data is transmitted.
Remote Access Dial In User Service (RADIUS) A remote authentication standard defined in RFC 2138. RADIUS is designed to provide a framework that includes three components: supplicant, authenticator, and authenticating server.
residual risk Risk that is left over after safeguards have been implemented.
resource provisioning The process in security operations which ensures that the organization deploys only the assets that it currently needs.
reverse ARP (RARP) Resolves MAC addresses to IP addresses.
revocation The process whereby a certificate, access account, group account, or role is revoked or terminated.
RFI See radio frequency interference (RFI).
Rijndael algorithm An algorithm that uses three block sizes of 128, 192, and 256 bits. A 128-bit key with a 128-bit block size undergoes 10 transformation rounds. A 192-bit key with a 192-bit block size undergoes 12 transformation rounds. Finally, a 256-bit key with a 256-bit block size undergoes 14 transformation rounds.
ring A physical topology in which the devices are daisy-chained one to another in a circle or ring.
RIP See Routing Information Protocol (RIP).
RIPEMD-160 A message digest algorithm that produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks.
risk The probability that a threat agent will exploit a vulnerability and the impact of the probability.
risk acceptance A method of handling risk that involves understanding and accepting the level of risk as well as the cost of damages that can occur.
risk avoidance A method of handling risk that involves terminating the activity that causes a risk or choosing an alternative that is not as risky.
risk management The process that occurs when organizations identify, measure, and control organizational risks.
risk mitigation A method of handling risk that involves defining the acceptable risk level the organization can tolerate and reducing the risk to that level.
risk transfer A method of handling risk that involves passing the risk on to a third party.
role-based access control (RBAC) An access control model in which each subject is assigned to one or more roles.
root-cause analysis A type of investigation that is completed to determine the root cause so that steps can be taken to prevent this incident in the future.
router A device that uses a routing table to determine which direction to send traffic destined for a particular network.
Routing Information Protocol (RIP) A standards-based distance vector protocol that has two versions, RIPv1 and RIPv2. Both use hop count as a metric.
row A row in a table.
RPO See recovery point objective.
RTO See recovery time objective.
rule-based access control An access control model in which a security policy is based on global rules imposed for all users.
RUM See real user monitoring (RUM).
running key cipher A cipher that uses a physical component, usually a book, to provide the polyalphabetic characters.
SaaS See software as a service (SaaS).
safeguard See countermeasure.
salting Randomly adding data to a one-way function that “hashes” a password or passphrase to defend against dictionary attacks versus a list of password hashes and against precomputed rainbow table attacks.
SAML See Security Assertion Markup Language (SAML).
SAN See storage area network (SAN).
sandboxing A software virtualization technique that allows applications and processes to run in an isolated virtual environment.
Sarbanes-Oxley (SOX) Act A U.S. act that controls the accounting methods and financial reporting for the organizations and stipulates penalties and even jail time for executive officers and affects any organization that is publicly traded in the United States.
schema A description of a relational database.
screened host A firewall that is between the final router and the internal network.
screened subnet Two firewalls used to inspect traffic before it can enter the internal network.
SDN See software-defined networking (SDN).
search The act of pursuing items or information.
secondary evidence Evidence that has been reproduced from an original or substituted for an original item.
secondary memory Magnetic, optical, or flash-based media or other storage devices that contain data that must first be read by the operating system and stored into memory.
secret key encryption See symmetric encryption.
Secure European System for Applications in a Multi-vendor Environment (SESAME) A project that extended Kerberos functionality to fix Kerberos weaknesses. It uses both symmetric and asymmetric cryptography to protect interchanged data and a trusted authentication server at each host.
Secure File Transfer Protocol (SFTP) An extension of the SSH that uses TCP port 22.
Secure HTTP (S-HTTP) A protocol that encrypts only the served page data and submitted data like POST fields, leaving the initiation of the protocol unchanged.
Security Assertion Markup Language (SAML) An XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
security domain A set of resources that follow the same security policies and are available to a subject.
security kernel The hardware, firmware, and software elements of a trusted computing base that implements the reference monitor concept.
sensitivity See data sensitivity.
separation of duties A security measure that involves dividing sensitive operations among multiple users so that no one user has the rights and access to carry out the operation alone. It ensures that one person is not capable of compromising organizational security and prevents fraud by distributing tasks and their associated rights and privileges between more than one user.
Serial Line Interface Protocol (SLIP) An older remote access protocol that had been made obsolete by PPP.
service-level agreement (SLA) An agreement between an organization and a service provider (whether internal or external) about the ability of the support system to respond to problems within a certain timeframe while providing an agreed level of service.
service-oriented architecture (SOA) An approach that provides web-based communication functionality without requiring redundant code to be written per application. It uses standardized interfaces and components called service brokers to facilitate communication among web-based applications.
service set identifier (SSID) A name or value assigned to identify the WLAN from other WLANs.
SESAME See Secure European System for Applications in a Multi-vendor Environment (SESAME).
session hijacking attack An attack in which a hacker attempts to place himself in the middle of an active conversation between two computers for the purpose of taking over the session of one of the two computers, thus receiving all data sent to that computer.
Session layer (layer 5) The OSI reference model layer responsible for adding information to the packet that makes a communication session between a service or application on the source device possible with the same service or application on the destination device.
SFTP See Secure File Transfer Protocol (SFTP).
shoulder surfing A social engineering attack that occurs when an attacker watches when a user enters login or other confidential data.
S-HTTP See Secure HTTP (S-HTTP).
Signaling System 7 (SS7) A protocol that sets up, controls the signaling, and tears down a PSTN phone call.
Simple Mail Transfer Protocol (SMTP) A standard Application layer protocol used between email servers. This is also the protocol used by clients to send email.
Simple Network Management Protocol (SNMP) An Application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.
simulation test A test that operations and support personnel execute in a role-playing scenario. This test identifies omitted steps and threats.
single-factor authentication An authentication type that includes only one type of authentication factor. Adding more factor types increases the security of authentication.
single-mode Fiber optic that uses a single beam of light provided by a laser as a light source.
single sign-on (SSO) A system in which a user enters login credentials once and can then access all resources in the network.
SIP See Session Initiation Protocol (SIP).
Skipjack A block-cipher, symmetric algorithm developed by the U.S. NSA that uses an 80-bit key to encrypt 64-bit blocks. It is used in the Clipper chip.
SLA See service-level agreement (SLA)
slack space analysis Analysis of the slack (marked as empty or reusable) space on a drive to see whether any old (marked for deletion) data can be retrieved.
SLIP See Serial Line Interface Protocol (SLIP).
SMDS See Switched Multimegabit Data Service (SMDS).
smoke-activated sensor A sensor that operates using a photoelectric device to detect variations in light caused by smoke particles.
SMTP See Simple Mail Transfer Protocol (SMTP).
smurf attack An attack in which an attacker sends a large amount of UDP echo traffic to an IP broadcast address, all of it having a fake source address, which will, of course, be the target system.
SNMP See Simple Network Management Protocol (SNMP).
SOA See service-oriented architecture (SOA).
SOCKS firewall An example of a circuit-level firewall.
sodium vapor A lighting system that uses sodium in an excited state to produce light.
software as a service (SaaS) A cloud computing service that involves the vendor providing the entire solution. They might provide you with an email system, for example, whereby they host and manage everything for you.
software-defined networking (SDN) A technology that accelerates software deployment and delivery, thereby reducing IT costs through policy-enabled workflow automation. It enables cloud architectures by delivering automated, on-demand application delivery and mobility at scale.
Software Development Life Cycle A predictable framework of procedures designed to identify all requirements with regard to functionality, cost, reliability, and delivery schedule and ensure that all these requirements are met in the final solution.
software piracy The unauthorized reproduction or distribution of copyrighted software.
SONET See Synchronous Optical Networking (SONET).
source code A collection of computer instructions written using some human-readable computer language.
SOX Act See Sarbanes-Oxley (SOX) Act.
sniffer attack An attack in which a sniffer is used to capture an unencrypted or plaintext password.
spam Sending out email that is not requested on a mass basis.
spear phishing A phishing attack carried out against a specific target by learning about the target’s habits and likes. The process of foisting a phishing attack on a specific person rather than a random set of people.
Spiral A development model that is an iterative approach but places more emphasis on risk analysis at each stage.
spyware Malware that tracks activities and can also gather personal information that could lead to identity theft.
SSID See service set identifier (SSID).
SSO See single sign-on (SSO).
standard An information security governance component that describes how policies will be implemented within an organization.
standard glass Glass that is used in residential areas and is easily broken.
standby lighting A type of system that illuminates only at certain times or on a schedule.
star topology The most common physical topology in use today, in which all devices are connected to a central device (either a hub or a switch).
state machine models A model that examines every possible state a system could be in and ensures that the system maintains the proper security relationship between objects and subjects in each state to determine whether the system is secure.
stateful firewalls A firewall that is aware of the proper functioning of the TCP handshake, keeps track of the state of all connections with respect to this process, and can recognize when packets are trying to enter the network that don’t make sense in the context of the TCP handshake.
stateful NAT (SNAT) Implements two or more NAT devices to work together as a translation group. One member provides network translation of IP address information. The other member uses that information to create duplicate translation table entries. It maintains a table about the communication sessions between internal and external systems.
static NAT Maps an internal private IP address to a specific external public IP address. This is a one-to-one-mapping.
static testing Analyzes software security without actually running the software. This is usually provided by reviewing the source code or compiled application.
stealth virus A virus that hides the modifications that it is making to the system to help avoid detection.
steganography The process of hiding a message inside another object, such as a picture or document.
steganography analysis Analysis of the files on a drive to see whether the files have been altered or to discover the encryption used on the files.
storage area network (SAN) A network comprising high-capacity storage devices that are connected by a high-speed private (separate from the LAN) network using storage-specific switches.
stream-based cipher A cipher that performs encryption on a bit-by-bit basis and uses keystream generators.
structured walk-through test A test that involves representatives of each department or functional area thoroughly reviewing the BCP’s accuracy.
subject The user or process requesting access.
substitution The process of exchanging one byte in a message for another.
substitution cipher A cipher that uses a key to substitute characters or character blocks with different characters or character blocks.
superscalar A computer architecture characterized by a processor that enables concurrent execution of multiple instructions in the same pipeline stage.
supervisor mode A mode used when a computer system processes input/output instructions.
supplicant The component in a RADIUS environment seeking authentication.
surge A prolonged high voltage.
surveillance The act of monitoring behavior, activities, or other changing information, usually of people.
Switched Multimegabit Data Service (SMDS) A connectionless packet-switched technology that communicates across an established public network.
switches An intelligent device that operates at layer 2 of the OSI model and makes switching decisions based on MAC addresses, which reside at layer 2.
symmetric encryption An encryption method whereby a single private key both encrypts and decrypts the data. Also referred to as a private or secret key encryption.
symmetric mode A mode in which the processors or cores are handed work on a round-robin basis, thread by thread.
SYN ACK attack An attack in which a hacker sends a large number of packets with the SYN flag set, which causes the receiving computer to set aside memory for each ACK packet it expects to receive in return. These packets never come and at some point the resources of the receiving computer are exhausted, making this a form of DoS attack.
synchronous encryption A form of encryption in which encryption or decryption occurs immediately.
Synchronous Optical Networking (SONET) A technology that uses fiber-based links that operate over lines measured in optical carrier (OC) transmission rates.
synchronous transmission A type of transmission that uses a clocking mechanism to sync up the sender and receiver.
synthetic transaction monitoring A type of proactive monitoring often preferred for websites and applications. It provides insight into the availability and performance of an application and warns of any potential issue before users experience any degradation in application behavior.
System Development Life Cycle A process that provides clear and logical steps that should be followed to ensure that the system which emerges at the end of the development process provides the intended functionality, with an acceptable level of security.
system owner The individual who owns a system and may need to work with data owners and data custodians to ensure that data on the system is properly managed.
system resilience The ability of a system, device, or data center to recover quickly and continue operating after an equipment failure, power outage, or other disruption.
system-specific security policy A security policy that addresses security for a specific computer, network, technology, or application.
system threats Threats that exist not from the forces of nature but from failures in systems that provide basic services such as electricity and utilities.
TACACS+ See Terminal Access Controller Access-Control System Plus (TACACS+).
tactical plans (or goals) Plans that achieve the goals of the strategic plan and are shorter in length (6–18 months).
tangible assets Any assets that you can physically touch, including computers, facilities, supplies, and personnel.
target test A test in which both the testing team and the organization’s security team are given maximum information about the network and the type of test that will occur. This is the easiest test to complete but does not provide a full picture of the organization’s security.
T-carrier A dedicated line to which the subscriber has private access and does not share with another customer.
TCB See Trusted Computer Base (TCB).
TCP three-way handshake A process that involves creating a state of connection between the two hosts before any data is transferred.
TCP/IP A four-layer model that focuses on TCP/IP.
TCSEC See Trusted Computer System Evaluation Criteria (TCSEC).
TDM See Time Division Multiplexing (TDM).
teardrop A process in which a hacker sends malformed fragments of packets that, when reassembled by the receiver, cause the receiver to crash or become unstable.
technological disasters Disasters that occur when a device fails.
Telnet An unsecure remote access protocol used to connect to a device for the purpose of executing commands on the device.
tempered glass Glass that is heated to give it extra strength.
Terminal Access Controller Access-Control System Plus (TACACS+) A Cisco proprietary authentication service that operates on Cisco devices, providing a centralized authentication solution.
tertiary site A secondary backup site that provides an alternative in case the hot site, warm site, or cold site is unavailable.
test coverage analysis Uses test cases that are written against the application requirements specifications.
Thicknet A type of coaxial, also called 10Base5, that operates at 10 Mbps and is capable of running 500 meters.
Thinnet A type of coaxial, also called 10Base2, that operates at 10 Mbps and is capable of running 185 feet.
thread An individual piece of work done for a specific process.
threat A condition that occurs when a vulnerability is identified or exploited.
threat agent The entity that carries out a threat.
three-legged firewall A firewall that uses three interfaces: one connected to the untrusted network, one to the internal network, and another to a part of the network called a DMZ.
tiger A hash function that produces 128-, 160-, or 192-bit hash values after performing 24 rounds of computations on 512-bit blocks.
Time Division Multiplexing (TDM) Multiplexing in which the transmissions take turns rather than send at the same time.
time-of-check/time-of-use attack An attack that attempts to take advantage of the sequence of events that take place as the system completes common tasks.
TLS/SSL See Transport Layer Security/Secure Sockets Layer (TLS/SSL).
TOGAF The Open Group Architecture Framework; has its origins in the U.S. Department of Defense and calls for an Architectural Development Method (ADM) that employs an iterative process that calls for individual requirements to be continuously monitored and updated as needed.
token passing A contention method used is called in both FDDI and Token Ring. In this process, a special packet called a token is passed around the network. A station cannot send until the token comes around and is empty.
Token Ring A proprietary layer 2 protocol that enjoyed some small success and is no longer widely used.
topology discovery Entails determining the devices in the network, their connectivity relationships to one another, and the internal IP addressing scheme in use.
tort law See civil/tort law.
total risk The risk that an organization could encounter if it decides not to implement any safeguards.
TPM See Trusted Platform Module (TPM).
trade secret An intellectual property type that ensures that proprietary technical or business information remains confidential. Trade secrets include recipes, formulas, ingredient listings, and so on that must be protected against disclosure.
trademark An intellectual property type that ensures that the symbol, sound, or expression that identifies a product or an organization is protected from being used by another organization.
transaction log backup A backup that captures all transactions that have occurred since the last backup.
Transport layer (layer 4) The OSI reference model layer that receives all the information from layers 7, 6, and 5 and adds information that identifies the transport protocol in use and the specific port number that identifies the required layer 7 protocol.
Transport Layer Security/Secure Sockets Layer (TLS/SSL) A protocol for creating secure connections to servers. It works at the Application layer of the OSI model and is used mainly to protect HTTP traffic or web servers.
transposition The process of shuffling or reordering the plaintext to hide the original message. Also referred to as permutation.
transposition cipher A cipher that scrambles the letters of the original message in a different order.
trapdoor See backdoor.
trapdoor (encryption) A secret mechanism that allows the implementation of the reverse function in a one-way function.
Triple DES (3DES) A version of DES that increases security by using three 56-bit keys.
Trojan horse A program or rogue application that appears to or is purported to do one thing but does another when executed.
Trusted Computer Base (TCB) The components (hardware, firmware, and/or software) that are trusted to enforce the security policy of a system that, if compromised, jeopardizes the security properties of the entire system.
Trusted Computer System Evaluation Criteria (TCSEC) A system security evaluation model developed by the National Computer Security Center (NCSC) for the U.S. Department of Defense to evaluate products.
trusted path A communication channel between the user or the program through which she is working and the trusted computer base.
Trusted Platform Module (TPM) A security chip installed on a computer motherboard that is responsible for managing symmetric and asymmetric keys, hashes, and digital certificates.
trusted recovery The response of a system to a failure (such as a crash or freeze) that leaves the system in a secure state.
trusted third-party federated identity model A federated identity model in which each organization subscribes to the standards of a third party.
tumbler lock A lock with more moving parts than a warded lock, in which a key raises a metal piece to the correct height.
twisted pair The most common type of network cabling today. It is called this because inside the cable are four pairs of smaller wires that are braided or twisted.
two-person control Also referred to as a two-man rule, this occurs when certain access and actions require the presence of two authorized people at all times.
Twofish A version of Blowfish that uses 128-bit data blocks using 128-, 192-, and 256-bit keys and performs 16 rounds of transformation.
unicast A transmission from a single system to another single system. It is considered one-to-one.
uninterruptible power supply (UPS) A device that goes between the wall outlet and an electronic device and uses a battery to provide power if the source from the wall is lost.
United States Federal Sentencing Guidelines of 1991 A U.S. act that affects individuals and organizations convicted of felonies and serious (Class A) misdemeanors.
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 A U.S. law that affects law enforcement and intelligence agencies in the United States. Its purpose is to enhance the investigatory tools that law enforcement can use, including email communications, telephone records, Internet communications, medical records, and financial records.
UPS See uninterruptible power supply (UPS).
URL hiding An attack that takes advantage of the ability to embed URLs in web pages and email.
USA PATRIOT Act See Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001.
VDSL See Very High Bit-Rate DSL (VDSL).
verification The process whereby an application verifies that a certificate is valid.
Very High Bit-Rate DSL (VDSL) A form of DSL capable of supporting HDTV and VoIP.
very-high-level languages A fourth generation of languages that focuses on abstract algorithms that hide some of the complexity from the programmer. This frees the programmer to focus on the real-world problems she is trying to solve rather than the details that go on behind the scenes.
view The representation of the system from the perspective of a stakeholder or a set of stakeholders. Security is enforced through the use of views, which is the set of data available to a given user.
virtual firewall Software that has been specifically written to provide a security firewall in the virtual environment.
virtual LAN (VLAN) A logical subdivision of a switch that segregates ports from one another as if they were in different LANs. VLANs can also span multiple switches, meaning that devices connected to switches in different parts of a network can be placed in the same VLAN regardless of physical location.
virtual private network (VPN) A network that uses an untrusted carrier network but provides protection of information through strong authentication protocols and encryption mechanisms.
Virtual Router Redundancy Protocol (VRRP) A protocol that is used to provide multiple gateways to clients for fault tolerance in the case of a router going down.
virtual storage area network (VSAN) A software-defined storage method that allows pooling of storage capabilities and instant and automatic provisioning of virtual machine storage.
virus A self-replicating program that infects software. It uses a host application to reproduce and deliver its payload and typically attaches itself to a file.
vishing A type of phishing that uses a phone system or VoIP technologies. The user initially receives a call, text, or email saying to call a specific number and provide personal information such as name, birth date, Social Security number, and credit card information.
VLAN See virtual LAN (VLAN).
Voice over IP (VoIP) A technology that involves encapsulating voice in packets and sending them across packet-switching networks.
VoIP See Voice over IP (VoIP).
volatile memory Memory that is emptied when the device shuts down.
VPN See virtual private network (VPN).
VPN screen scraper An application that allows an attacker to capture what is on the user’s display.
VRRP See Virtual Router Redundancy Protocol (VRRP).
VSAN See virtual storage area network (VSAN).
V-shaped A development model that differs from the Waterfall method primarily in that verification and validation are performed at each step.
vulnerability An absence or a weakness of a countermeasure that is in place.
vulnerability assessment An assessment method whereby an organization’s network is tested for countermeasure absences or other security weaknesses.
WAN See wide area network (WAN).
war chalking A practice that is typically used to accompany war driving. After the war driver has located a WLAN, he indicates in chalk on the sidewalk the SSID and the types of security used on the network.
war driving Driving around and locating WLANs with a laptop and a high-power antenna.
warded lock A lock with a spring-loaded bolt that has a notch in it. The lock has wards, or metal projections, inside the lock with which the key matches to enable opening the lock.
warm site A leased facility that contains electrical and communications wiring, full utilities, and networking equipment.
WASC See Web Application Security Consortium (WASC).
Waterfall A development model that breaks the process up into distinct phases. While somewhat of a rigid approach, it sees the process as a sequential series of steps that are followed without going back to earlier steps. This approach is called incremental development.
wave motion detector A device that generates a wave pattern in the area and detects any motion that disturbs the accepted wave pattern. When the pattern is disturbed, an alarm sounds.
Web Application Security Consortium (WASC) An organization that provides best practices for web-based applications along with a variety of resources, tools, and information that organizations can make use of in developing web applications.
WEP See Wired Equivalent Privacy (WEP).
wet pipe extinguisher An extinguisher that uses water contained in pipes to extinguish fire. In some areas, the water might freeze and burst the pipes causing damage. Such a system is not recommended for rooms where equipment would be damaged by the water.
whaling A practice that involves targeting a single person who is someone of significance or importance, such as a CEO, CFO, CSO, COO, or CTO.
white-box testing The testing team goes into the testing process with a deep understanding of the application or system. Using this knowledge, the team builds test cases to exercise each path, input field, and processing routine. This term is used to refer to network security tests as well as application tests.
whitelisting Configuring acceptable email addresses, Internet addresses, websites, applications, or some other identifiers as good senders or as allowed.
wide area network (WAN) A network used to connect LANs together (including MANs).
Wi-Fi Protected Access (WPA) A security measure created to address the widespread concern with the inadequacy of WEP.
Wired Equivalent Privacy (WEP) The first security measure used with 802.11. It was specified as the algorithm in the original specification. It can be used to both authenticate a device and encrypt the information between the AP and the device. However, WEP is considered insecure today, and the use of WPA2 is recommended.
wireless local area network (WLAN) Allows devices to connect wirelessly to each other via a wireless access point (WAP). Multiple WAPs can work together to extend the range of the WLAN.
work factor (encryption) The amount of time and resources needed to break encryption.
worm A type of malware that can spread without assistance from the user.
WPA See Wi-Fi Protected Access (WPA).
WPA2 An improvement over WPA that uses CCMP, based on Advanced Encryption Standard (AES) rather than TKIP.
X.25 A protocol somewhat like Frame Relay in that traffic moves through a packet-switching network. Uses mechanisms for reliability that are no longer required in today’s phone lines and that create overhead.
XML See Extensible Markup Language (XML).
Zachman Framework An enterprise architecture framework that uses a two-dimensional classification system based on six communication questions (What, Where, When, Why, Who, and How) that intersect with different perspectives (Executive, Business Management, Architect, Engineer, Technician, and Enterprise).
zero-knowledge test A test in which the testing team is provided with no knowledge regarding the organization’s network. The testing team can use any means available to obtain information about the organization’s network. This is also referred to as closed- or black-box testing.