Glossary
See triple DES.
Operates in a different frequency (5 GHz) 802.11 and by using OFDM supports speeds up to 54 Mbps.
Amendment dropped support for FHSS and enabled an increase of speed to 11 Mbps.
Amendment addressed problems introduced when wireless clients roam from one AP to another.
Amendment added seaport for OFDM, which made it capable of 54 Mbps.
Standard uses several new concepts to achieve up to 650 Mbps, including MIMO and a wider transmission channel.
A
Addresses the entire primary memory space.
The means by which a subject’s ability to communicate with or access an object is allowed or denied based on an organization’s security requirements.
A table that consists of the access rights that subjects have to a particular object. An ACL is about the object.
A table that consists of a list of subjects, a list of objects, and a list of the actions that a subject can take upon each object.
A security policy that defines the method for identifying and authenticating users and the level of access that is granted to users.
A wireless transmitter and receiver that hooks into the wired portion of the network and provides an access point to this network for wireless devices.
An organization’s ability to hold users responsible for the actions they perform.
The formal acceptance of the adequacy of a system’s overall security by the management.
See access control list.
Detection systems that use strategically placed microphones to detect any sound made during a forced entry.
Made of polycarbonate acrylic, is much stronger than regular glass but produces toxic fumes when burned.
A Microsoft technology that uses object-oriented programming (OOP) and is based on the COM and DCOM.
There is no AP and the stations communicate directly with one another.
Address Resolution Protocol (ARP)
Resolves the IP address placed in the packet to a physical or layer 2 address (called a MAC address in Ethernet).
A security control that is implemented to administer the organization’s assets and personnel and includes security policies, procedures, standards, and guidelines that are established by management.
A type of law where standards of performance or conduct are set by government agencies for organizations and industries to follow. Common areas that are covered by administrative law include public utilities, communications, banking, environmental protection, and healthcare.
See asymmetric DSL.
A security policy that provides instruction on acceptable and unacceptable activities.
Tracks your Internet usage in an attempt to tailor ads and junk emails to your interests.
Assembling or compiling units of information at one sensitivity level and having the resultant totality of data being of a higher sensitivity level than the individual components.
This is a development model that puts more emphasis on continuous feedback and cross-functional teamwork.
See authentication header.
The expected risk factor of an annual threat event. The acronym stands for annualized loss expectancy. The equation used is ALE = SLE × ARO.
A mathematical function that encrypts and decrypts data. Also referred to as a cipher.
Represents the data as sound and is what is used in analog telephony.
See ALE.
See ARO.
Where the encapsulation process begins. This layer receives the raw data from the application in use and provides services such as file transfer and message exchange to the application (and thus the user).
Perform deep packet inspection. This type of firewall understands the details of the communication process at layer 7 for the application of interest.
architectural description (AD)
Comprises the set of documents that convey the architecture in a formal manner.
Describes the organization of the system, including its components and their interrelationships along with the principles that guided its design and evolution.
The estimate of how often a given threat might occur annually. This acronym stands for annualized rate of occurrence.
See Address Resolution Protocol.
Languages that use symbols or mnemonics to represent sections of complicated binary code. Consequently these languages use an assembler to convert the code to machine level.
Searches for a specific data value in memory rather than using a specific memory address.
Usually provides uploads from 128Kbps–384 Kbps and downloads up to 768 Kbps.
An encryption method whereby a key pair, one private key and one public key, performs encryption and decryption. One key performs the encryption, whereas the other key performs the decryption. Also referred to as public key encryption.
In this mode a processor is dedicated to a specific process or application and when work is done for that process it always is done by the same processor.
When encryption or decryption requests are processed from a queue
A token that generates the password based on a challenge/response technique with the authentication server, with the token device providing the correct answer to the authentication server’s challenge.
Asynchronous Transfer Mode (ATM)
A cell switching technology. It transfers fixed size (53 bytes) cells rather than packets and after a path is established it will use the same path for the entire communication.
Uses start and stop bits to communicate when each byte is starting and stopping.
Either all operations are complete or the database changes are rolled back.
The weakening of the signal as it travels down the cable and meets resistance. Occurs when the signal meets resistance as it travels through the cable. This weakens the signal and at some point (different in each cable type) the signal is no longer strong enough to be read properly at the destination.
ATM (Asynchronous Transfer Mode)
A cell switching technology. It transfers fixed size (53 bytes) cells rather than packets and after a path is established it will use the same path for the entire communication.
The RADIUS server and the authenticator (AP, switch, remote access server) is the RADIUS client.
The act of validating a user with a unique identifier by providing the appropriate credentials.
Part of IPSec that provides data integrity, data origin authentication, and protection from replay attacks.
The component in a RADIUS environment to which an applicant is attempting to connect (AP, switch, remote access server).
The point after identification and authentication at which a user is granted the rights and permissions to resources.
A mechanism that automatically causes an alarm originating in a data center to be transmitted over the local municipal fire or police alarm circuits for relaying to both the local police/fire station and the appropriate headquarters.
This acronym stands for asset value.
A value that describes what percentage of the time the resource or the date is available. The tenet of the CIA triad that ensures that data is accessible when and where it is needed.
The condition where any change in the key or plaintext, no matter how minor, will significantly change the ciphertext.
B
A mechanism implemented in many devices or applications that gives the user who uses the backdoor unlimited access to the device or application. A piece of software installed by a that allows him to return later and connect to the computer without going through the normal authentication process.
In SQL, a relation that is actually existent in the database.
Transmissions where the entire medium is used for a single transmission and then multiple transmission types are assigned time slots to use this single circuit.
Recommendations from a banking association that affect financial institutions. They address minimum capital requirements, supervisory review, and market discipline with the purpose of protecting against risks the banks and other financial institutions face.
An information security governance component that acts as a reference point that is defined and captured to be used as a future reference. Both security and performance baselines are used.
Solution that provides three channels, two B channels that provide 64 Kbps each and a D channel that is 16 kbps for a total of 144 Kbps.
Device exposed directly to the Internet or to any untrusted network.
Any measurable actions that are performed by a user.
First mathematical model of a multilevel system that used both the concepts of a state machine and those of controlling information flow.
States that when evidence, such as a document or recording, is presented, only the original will be accepted unless a legitimate reason exists for why the original cannot be used.
An exterior routing protocol considered to be a path vector protocol.
Concerns itself more with the integrity of information rather than the confidentiality of that information.
The likelihood that users will accept and follow the system.
How correct the overall biometric readings will be.
The rate at which the biometric system will be able to scan characteristics and complete the analysis to permit or deny access.
A prolonged power outage.
A cipher that performs encryption by breaking the message into fixed-length units.
A block cipher that uses 64-bit data blocks using anywhere from 32- to 448-bit encryption keys. Blowfish performs 16 rounds of transformation.
When an unsolicited message is sent to a Bluetooth-enabled device.
The unauthorized access to a device using the Bluetooth connection.
A wireless technology that is used to create Personal Area Networks (PANs).
Short vertical posts placed at the entrance way to building and lining sidewalks that help to provide protection from vehicles that might either intentionally or unintentionally crash into or enter the building or injure pedestrians.
These infect the boot sector of a computer and either overwrite files or install code into the sector so the virus initiates at startup.
An exterior routing protocol considered to be a path vector protocol.
A collection of computers that act together in an attack; the individual computers are called zombies.
Brewer-Nash (Chinese Wall) model
Model that introduced the concept of allowing access controls to change dynamically based on a user’s previous actions.
bridge federated identity model
See trusted third-party federated identity model.
Solution that provides three channels, two B channels that provide 64 Kbps each and a D channel that is 16 kbps for a total of 144 Kbps.
Divides the medium into different frequencies.
This is a transmission sent by a single system to all systems in the network. It is considered one to all.
A prolonged drop in power that is below normal voltage.
Occurs when too much data is accepted as input to a specific process. Hackers can take advantage of this phenomenon by submitting too much data, which can cause an error, or in some cases execute commands on the machine if he can locate an area where commands can be executed.
A development method that while certainly used in the past has been largely discredited and is now used as a template for how not to manage a development project. Simply put, using this method, the software is developed as quickly as possible and released.
An initiative that promotes a process-agnostic approach that makes security recommendations with regard to architectures, testing methods, code reviews, and management processes.
The earliest Ethernet topology used. In this topology all devices are connected to a single line that has two definitive endpoints.
C
See Certification Authority.
Vinyl-coated steel cables that connect to the laptop and then lock around an object.
Internet access solution that can provide up to 50 Mbps over the coaxial cabling used for cable TV.
A relatively small amount (when compared to primary memory) of very high speed RAM, which holds the instructions and data from primary memory, that has a high probability of being accessed during the currently executing portion of a program.
See Communications Assistance for Law Enforcement Act (CALEA) of 1994.
An attribute in one relation that has values matching the primary key in another relation.
Capability Maturity Model Integration (CMMI)
This comprehensive set of guidelines addresses all phases of the software development life cycle. It describes a series of stages or maturity levels that a development process can advance as it goes from the ad hoc (build and fix) model to one that incorporates a budgeted plan for continuous improvement
A table that lists the access rights that a particular subject has to objects. A capability table is about the subject.
These devices emit a magnetic field and monitor that field. If the field is disrupted, which occurs when a person enters the area, the alarm will sound.
The number of rows in a relation.
Carrier Sense Multiple Access Collision Avoidance (CSMA/CA)
Contention method used in an 802.11 wireless network.
Carrier Sense Multiple Access Collision Detection (CSMA/CD)
Contention method used in 802.3 networks.
A block cipher that uses a 40- to 128-bit key that will perform 12 or 16 rounds of transformation on 64-bit blocks.
A block cipher that uses 128-, 160-, 192-, 224-, or 256-bit key that will perform 48 rounds of transformation on 128-bit blocks.
A disaster that has a wide and long impact.
See cipher block chaining.
See cipher block chaining MAC.
See closed circuit television system.
See Code Division Multiple Access.
An access control type in which a central department or personnel oversees the access for all organizational resources.
See crossover error rate.
A list of digital certificates that a CA has revoked.
The technical evaluation of a system. The process of evaluating the software for its security effectiveness with regard to the customer’s needs.
The entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary.
See Computer Fraud and Abuse Act (CFAA) of 1986.
See cipher feedback.
Challenge Handshake Authentication Protocol (CHAP)
Method for validating a password without sending the password across an untrusted network, where the server sends the client a set of random text called a challenge. The client encrypts the text with the password and sends it back. The server then decrypts it with the same password and compares the result with what was sent originally. If the results match then the server can be assured that the user or system possesses the correct password without ever needing to send it across the untrusted network.
Channel Service Unit/Data Service unit (CSU/DSU)
Used to connect a LAN to a WAN.
See Challenge Handshake Authentication Protocol.
Factors that are something a person is, such as a fingerprint or facial geometry
An attack that occurs when an attacker chooses the ciphertext to be decrypted to obtain the plaintext.
An attack that occurs when an attacker chooses the plaintext to get encrypted to obtain the ciphertext.
See algorithm.
A DES mode in which each 64-bit block is chained together because each resultant 64-bit ciphertext block is applied to the next block. So plaintext message block one is processed by the algorithm using an initialization vector (IV). The resultant ciphertext message block one is XORed with plaintext message block two, resulting in ciphertext message two. This process continues until the message is complete.
A block-cipher MAC that operates in CBC mode.
A DES mode that works with 8-bit (or smaller) blocks and uses a combination of stream ciphering and block ciphering. Like CBC, the first 8-bit block of the plaintext message is XORed by the algorithm using a keystream, which is the result of an IV and the key. The resultant ciphertext message is applied to the next plaintext message block.
Use a key pad that requires the correct code to open the lock.
An altered form of a message that is unreadable without knowing the key and the encryption system used. Also referred to as a cryptogram.
An attack that occur when an attacker uses several encrypted messages (ciphertext) to figure out the key used in the encryption process.
Firewall that operates at the session layer (layer 5) of the OSI model.
Establish a set path to the destination and only use that path for the entire communication.
Evidence that provides inference of information from other intermediate relevant facts.
A type of law based on written laws. It is a rule-based law and does not rely on precedence in any way.
The intentional refusal to obey certain laws, demands, and commands of a government and is commonly, though not always, defined as being nonviolent resistance.
A type of law where the liable party owes a legal duty to the victim. It deals with wrongs that have been committed against an individual or organization.
Developed after the Biba model this model also concerns itself with data integrity.
A gate suitable for residential use.
A gate suitable for commercial usage.
A gate suitable for industrial usage.
Used for ordinary combustibles.
Used for flammable liquids and flammable gases.
Used for electrical equipment.
Used for combustible metals.
Used for cooking oil or fat.
A development model that strictly adheres to formal steps and a more structured method. It attempts to prevent errors and mistakes through extensive testing.
See plaintext.
closed circuit television system (CCTV)
Uses sets of cameras that can either be monitored in real time or can record days of activity that can be viewed as needed at a later time.
The centralization of data in a web environment that can be accessed from anywhere anytime. Approach that makes resources available in a web-based data center so the resources can be accessed from anywhere.
CMMI (Capability Maturity Model Integration)
This comprehensive set of guidelines addresses all phases of the software development life cycle. It describes a series of stages or maturity levels that a development process can advance as it goes from the ad hoc (build and fix) model to one that incorporates a budgeted plan for continuous improvement.
One of the earliest cable types to be used for networking was coaxial, the same basic type of cable that brought cable TV to millions of homes.
Framework that deals with IT governance.
Code Division Multiple Access (CDMA)
A modulation technique used in mobile wireless.
A term used to describe how many different tasks a module can carry out. If it is limited to a small number or a single function it is said to have high cohesion.
A leased facility that contains only electrical and communications wiring, air conditioning, plumbing, and raised flooring.
An event that occurs when a hash function produces the same hash value on different messages. Occurs when two employees work together to accomplish a theft of some sort that could not be accomplished without their combined knowledge or responsibilities.
A column in a table.
Lock requires rotating the lock in a pattern, which if correct lines up the tumblers, opening the lock.
Software that is licensed by a commercial entity for purchase in a wholesale or retail market.
System that uses Evaluation Assurance Levels (EALs) to rate systems with each representing a successively higher level of security testing and design in a system.
A type of law based on customs and precedent because no written laws were available. Common law reflects on the morals of the people and relies heavily on precedence.
Common Object Request Broker Architecture (CORBA)
An open object-oriented standard developed by the Object Management Group (OMG).
Communications Assistance for Law Enforcement Act (CALEA) of 1994
A U.S. law that affects law enforcement and intelligence agencies. It requires telecommunications carriers and manufacturers of telecommunications equipment to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities.
A security control that substitutes for a primary access control and mainly act as a mitigation to risks.
Damages that compensate the victim for his losses.
A model for communication between processes on the same computer.
Computer Fraud and Abuse Act (CFAA) of 1986
A U.S. act that affects any entities that might engage in hacking of “protected computers” as defined in the Act.
A crime that occurs due to the fact that computers are so widely used in today’s world. This type of crime occurs only because computers exist.
A U.S. act that was the first law written to require a formal computer security plan. It was written to protect and defend any of the sensitive information in the federal government systems and provide security for that information.
When a person’s actions are reported or captured using digital information, such as audit logs.
A crime that occurs when a computer is used as a tool to help commit a crime.
A crime that occurs when a computer is the victim of an attack whose sole purpose is to harm the computer and its owner.
A cipher that interspersed plaintext somewhere within other written material. Also referred to as a null cipher.
Approach that relies on creating layers of physical barriers to information.
Evidence that does not require any other corroboration.
The tenet of the CIA triad that ensures that data is protected from unauthorized disclosure.
A characteristic provided if the data cannot be read.
The process of changing a key value during each round of encryption. Confusion is often carried out by substitution.
The transaction follows an integrity process that ensures that data is consistent in all places where it exists.
The intermingling or mixing of data of one sensitivity or need-to-know level with that of another.
Analyzes the contents of a drive or software. If drive content analysis, it gives a report detailing the types of data by percentage. If software content analysis, it determines the purpose of the software.
context-dependent access control
A type of access that is based on subject or object attributes or environmental characteristics. Bases the access to data on multiple factors to help prevent inference.
A backup that backs up all the files, similar to full backups, but does not reset the file’s archive bit.
An intellectual property type that ensures that a work that is authored is protected for any form of reproduction or use without the consent of the copyright holder, usually the author or artist that created the original work.
See Common Object Request Broker Architecture.
A security control that reduces the effect of an attack or other undesirable event.
Evidence that supports another piece of evidence.
A DES mode similar to OFB mode that uses an incrementing IV counter to ensure that each block is encrypted with a unique keystream. Also, the ciphertext is not chaining into the encryption process. Because this chaining does not occur, CTR performance is much better than the other modes.
A control that is implemented to reduce potential risk.
Describes how much interaction one module requires from another module to do its job. Low or loose coupling indicates a module does not need much help from other modules whereas high coupling indicates the opposite.
See Crime Prevention through Environmental Design.
Crime Prevention through Environmental Design (CPTED)
Refers to designing the facility from the ground up to support security.
The environment in which potential evidence exists.
A type of law that covers any actions that are considered harmful to others. It deals with conduct that violates public protection laws.
See Certificate Revocation List.
cross-certification federated identity model
A federated identity model in which each organization certifies that every other organization is trusted.
The point in a biometric system at which FRR equals FAR.
Occurs when the signals from the two wires (or more) interfere with one another and distort the transmission.
The science of decrypting ciphertext without prior knowledge of the key or cryptosystem used. The purpose of cryptanalysis is to forge coded signals or messages that will be accepted as authentic.
See ciphertext.
A science that either hides data or makes data unreadable by transforming it.
The science that studies encrypted communication and data.
The entire cryptographic process, including the algorithm, key, and key management functions. The security of a cryptosystem is measured by the size of the keyspace and available computational power.
See key.
See Carrier Sense Multiple Access Collision Avoidance.
See Carrier Sense Multiple Access Collision Detection.
See Channel Service Unit/Data Service unit.
See counter mode.
A type of law based on the customs of a country or region.
When domain names are registered with no intent to use them but with intent to hold them hostage.
D
See discretionary access control.
A backup in which a file’s time stamp is used to determine whether it needs archiving.
Renders information unrecoverable by a keyboard. This attack extracts information from data storage media by executing software utilities, keystrokes, or other system resources executed from a keyboard.
Responsible for determining what MAC addresses should be at each hop and adding them to part of the packet.
A process of using special tools to organize the data into an even more useable format. It analyzes large data sets in a data warehouse to find non-obvious patterns.
Uses a method such as degaussing to make the old data unavailable even with forensics. Purging renders information unrecoverable against laboratory attacks (forensics).
Refers to the logical relationship between elements of data. It describes the extent to which elements, methods of access, and processing alternatives are associated and the organization of data elements.
A repository of information from heterogeneous databases.
A process of combining data from multiple databases or data sources in a central location called a warehouse. The warehouse is used to carry out analysis. The data is not simply combined but is processed and presented in a more useful and understandable way.
Used when one user is accessing a record that prevents another user from accessing the record at the same time to prevent edits until the first user is finished.
Refers to the given set of data that a user or group of users can even see when they access the database.
data-over-cable service interface specifications (DOCSIS)
Standard for cable modem communications.
See Distributed Component Object Model.
See Distributed Denial of Service.
An access control type in which personnel closest to the resources, such as department managers and data owners, oversee the access control for individual resources.
The process of changing an encoded message back into its original format.
The process of converting data from ciphertext to plaintext. Also referred to as deciphering.
The default security stance that is used by an organization. An allow-by-default stance permits access to any data unless a need exists to restrict access. A deny-by-default stance is much stricter because it denies any access that is not explicitly permitted.
A security approach refers to deploying layers of protection.
The number of columns in a table.
Allows large amounts of water to be released into the room, which obviously makes it not a good choice for where computing equipment will be located.
Network where systems are placed that will be accessed regularly from the untrusted network.
Takes a single input signal that carries many channels and separates those over multiple output.
See Digital Encryption Standard.
A variant of DES that uses multiple 64-bit keys in addition to the 56-bit DES key. The first 64-bit key is XORed to the plaintext, which is then encrypted with DES. The second 64-bit key is XORed to the resulting cipher.
A security control that detects an attack while it is occurring to alert appropriate personnel.
A security control that deters potential attacks.
See Dynamic Host Configuration Protocol.
One that uses the PSTN. If it is initiated over an analog phone line it requires a modem that converts the digital data to analog on the sending end with a modem on the receiving end converting it back to digital.
A backup in which all files that have been changed since the last full backup will be backed up and the archive bit for each file is not cleared.
The process of changing the location of the plaintext within the ciphertext. Diffusion is often carried out using transposition.
An electronic document that identifies the certificate holder.
A symmetric algorithm that uses a 64-bit key, 8 bits of which are used for parity. The effective key length for DES is 56 bits. DES divides the message into 64-bit blocks. Sixteen rounds of transposition and substitution are performed on each block, resulting in a 64-bit block of ciphertext.
Signaling that is the type used in most computer transmissions has not an infinite number of possible values but only two, on and off.
A method of providing sender authentication and message integrity. The message acts an input to a hash function, and the sender’s private key encrypts the hash value. The receiver can perform a hash computation on the received message to determine the validity of the message.
A federal digital security standard that governs the Digital Security Algorithm (DSA).
Digital Subscribers Line (DSL)
A very popular option that provides a high-speed connection from a home or small office to the ISP. While it uses the existing phone lines it is an always-on connection.
Evidence that proves or disproves a fact through oral testimony based on information gathered through the witness’s senses.
Direct Sequence Spread Spectrum (DSSS)
One of two modulation technologies (along with FSSS) that were a part of the original 802.11 standard.
A security control that specifies an acceptable practice within an organization.
A suddenly occurring event that has a long-term negative impact on life.
An access control model in which the owner of the object specifies which subjects can access the resource.
Creates an exact image of the contents of the hard drive.
Any unplanned event that results in the temporary interruption of any organizational asset, including processes, functions, and devices.
Routing protocols that share their entire routing table with their neighboring routers on a schedule, thereby creating the most traffic of the three categories. They also use a metric called hop count. Hop count is simply the number of routers traversed to get to a network.
Distributed Component Object Model (DCOM)
A model for communication between processes in different parts of the network.
Distributed Denial of Service (DDoS)
Attack where the perpetuator enlists the aid of other machines.
distributed object-oriented systems
When an application operates in a client-server framework as many do, the solution is performing distributed computing. This means that components on different systems must be able to both locate each other and communicate on a network.
See demilitarized zone.
See Domain Name System.
The attacker attempts to refresh or update that record when it expires with a different address than the correct address.
One of the newer approaches to preventing DNS attacks. Many current implementations of DNS software contain this functionality. It uses digital signatures to validate the source of all messages to ensure they are not spoofed.
The set of allowable values that an attribute can take.
Occurs when individuals register a domain name of a well-known company before the company has the chance to do so.
Resolves a computer name (or in the case of the web a domain name) to an IP address.
A DES version that used a 112-bit key length.
A type of liability that an organization accrues due to partnerships with other organizations and customers.
In this system the water is not held in the pipes but in a holding tank. The pipes hold pressurized air, which is reduced when fire is detected, allowing the water to enter the pipe and the sprinklers. This minimizes the chance of an accidental discharge.
See Digital Subscribers Line.
See Digital Signature Standard.
See Direct Sequence Spread Spectrum.
A security measure that requires that two employees must be available to complete a specific task to complete the job. This security measure is part of separation of duties.
One that has two network interfaces, one pointing to the internal network and another connected to the untrusted network.
A legal term that is used when an organization took all reasonable measures to prevent security breaches and also took steps to mitigate damages caused by successful breaches.
A legal term that is used when an organization investigated all vulnerabilities.
A social engineering attack that occurs when attackers examine garbage contents to obtain confidential information.
After it’s verified, the transaction is committed and cannot be rolled back.
Dynamic Host Configuration Protocol (DHCP)
A service that can be used to automate the process of assigning an IP configuration to the devices in the network.
dynamic packet filtering firewall
Keeps track of that source port and dynamically adds a rule to the list to allow return traffic to that port.
E
In Europe, a similar technology to T-carrier lines.
See Extensible Authentication Protocol.
See Electronic Code Book.
Economic Espionage Act of 1996
A U.S. act that affects companies that have trade secrets and any individuals who plan to use encryption technology for criminal activities.
See Electronic Communications Privacy Act (ECPA) of 1986.
The percent value or functionality of an asset that will be lost when a threat event occurs. This acronym stands for exposure factor.
See Enhanced IGRP.
Detection systems that operate by detecting a break in an electrical circuit. For example, the circuit might cross a window or door and when the window or door is opened the circuit is broken, setting off an alarm of some sort.
A version of DES in which 64-bit blocks of data are processed by the algorithm using the key. The ciphertext produced may be padded to ensure that the result is a 64-bit block.
Interference from power lines and other power sources.
Electronic Communications Privacy Act (ECPA) of 1986
A U.S. act that affects law enforcement and intelligence agencies. It extended government restrictions on wiretaps from telephone calls to include transmissions of electronic data by computer and prohibited access to stored electronic communications.
The process of sending an email that appears to come from one source when it really comes from another.
A piece of software built into a larger piece of software that is in charge of performing some specific function on behalf of the larger system.
Lighting systems with their own power source to use when power is out.
See electromagnetic interference.
Encapsulating Security Payload (ESP)
Part of IPsec that provides data integrity, data origin authentication, protection from replay, and encryption.
Process where information is added to the header at each layer and then a trailer is placed on the packet before transmission.
The process of changing data into another form using code.
The process of converting data from plaintext to ciphertext. Also referred to an enciphering.
A classless Cisco propriety routing protocol that is considered a hybrid or advanced distance vector protocol.
The process of obtaining the sample that is used by a biometric system.
An error called that causes a system to be vulnerable because of the environment in which it is installed.
See Encapsulating Security Payload.
A widest used layer 2 protocol, described in the 802.3 standard.
See penetration testing.
A condition that occurs when an organizational asset is exposed to losses.
See EF.
Extensible Authentication Protocol (EAP)
Not a single protocol but a framework for port-based access control that uses the same three components that are used in RADIUS.
Extensible Markup Language (XML)
The most widely used web language.
Threats from perimeter security or access to the building or room.
A network logically separate from the intranet. It is an area where resources that will be accessed from the outside world are made available.
F
A biometric scan that records facial characteristics, including bone structure, eye width, and forehead size.
Leaving system processes and components in a secure state when a failure occurs or is detected in the system.
The termination of selected, non-critical processing when a hardware or software failure occurs.
The capacity of a system to switch over to a backup system if a failure in the primary system occurs.
A measurement of the percentage of invalid users that will be falsely accepted by the system. This is called a Type II error.
A measurement of valid users that will be falsely rejected by a biometric system. This is called a Type I error.
See false acceptance rate.
A momentary power outage.
A concept that includes redundancy but refers to any process that allows a system to continue making information assets available in the case of a failure.
The approach to obtaining biometric information from a collected sample of a user’s physiological or behavioral characteristics.
See Fiber Distributed Data Interface.
See Frequency Division Multiplexing.
See Frequency Division Multiple Access.
Federal Information Security Management Act (FISMA) of 2002
A U.S. act that affects every federal agency. It requires the federal agencies to develop, document, and implement an agency-wide information security program.
Federal Intelligence Surveillance Act (FISA) of 1978
A U.S. act that affects law enforcement and intelligence agencies. It gives procedures for the physical and electronic surveillance and collection of “foreign intelligence information” between “foreign powers” and “agents of foreign powers” and only applies to traffic within the United States.
A U.S. act that affects any computer that contains records used by a federal agency. It provides guidelines collection, maintenance, use, and dissemination of personally identifiable information (PII) about individuals that is maintained in systems of records by federal agencies on collecting, maintaining, using, and distributing PII that is maintained in systems of records by federal agencies.
A portable identity that can be used across businesses and domains
A measurement of lighting.
When a CPU gets an instructions from memory.
See Frequency Hopping Spread Spectrum.
Fiber Distributed Data Interface (FDDI)
Another layer 2 protocol that uses a ring topology and a fiber infrastructure.
Cabling that uses a source of light that shoots down an inner glass or plastic core of the cable.
A type of programmable logic device (PLD) that is programmed by blowing fuse connections on the chip or using an antifuse that makes a connection when a high voltage is applied to the junction.
Used to transfer files from one system to another.
A biometric scan that extracts only certain features from a fingerprint.
A biometric scan that scans the ridges of a finger for matching.
Device that inspects and controls the type of traffic allowed.
Type of ROM where a program is stored.
See Federal Intelligence Surveillance Act (FISA) of 1978.
See Federal Information Security Management Act (FISMA) of 2002.
Optical devices that “look at” the protected area. They generally react faster to a fire than nonoptical devices do.
A type of electrically programmable ROM.
Lighting system that uses very low pressure mercury-vapor, gas-discharge lamp that uses fluorescence to produce visible light.
An attribute in one relation that has values matching the primary key in another relation. Matches between the foreign key to primary key are important because they represent references from one relation to another and establish the connection among these relations.
See Federal Privacy Act of 1974.
See field-programmable gate array.
A part of a T1.
A layer 2 protocol used for WAN connections. The frame relay network is shared by customers of the provider.
Software available free of charge, including all rights to copy, distribute, and modify the software.
Frequency Division Multiple Access (FDMA)
One of the modulation techniques used in cellular wireless networks.
Frequency Division Multiplexing (FDM)
A process used in multiplexing that divides the medium into a series of non-overlapping frequency sub-bands, each of which is used to carry a separate signal.
Frequency Hopping Spread Spectrum (FHSS)
One of two technologies (along with DSSS) that were a part of the original 802.11 standard. It is unique in that it changes frequencies or channels every few seconds in a set pattern that both transmitter and receiver know.
See false rejection rate.
See File Transfer Protocol.
FTP that adds support for the Transport Layer Security (TLS) and the Secure Sockets Layer (SSL) cryptographic protocols.
A backup in which all data is backed up and the archive bit for each file is cleared.
G
Any device that performs some sort of translation or acts as a control point to entry and exit.
See Gramm-Leach-Bliley Act (GLBA) of 1999.
A type of cell phone that contains a Subscriber Identity Module (SIM) chip.
Gramm-Leach-Bliley Act (GLBA) of 1999
A U.S. act that affects all financial institutions, including banks, loan companies, insurance companies, investment companies, and credit card providers. It provides guidelines for securing all financial information and prohibits sharing financial information with third parties.
The process of harnessing the CPU power of multiple physical machines to perform a job.
See Global System Mobile.
An information security governance component that gives recommended actions that are much more flexible than standards, thereby providing allowance for circumstances that can occur.
H
A biometric scan that obtains size, shape, or other layout attributes of a user’s hand but can also measure bone length or finger length.
A biometric scan that records the peaks and valleys of the hand and its shape.
Model that deals with access rights and restricts the set of operations that can be performed on an object to a finite set to ensure integrity.
A one-way function that reduces a message to a hash value. If the sender’s hash value is compared to the receiver’s hash value, message integrity is determined. If the resultant hash values are different, then the message has been altered in some way, provided that both the sender and receiver used the same hash function.
A keyed-hash MAC that involves a hash function with symmetric key.
A one-way function that produces variable-length hash values, including 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits, and uses 1,024-bit blocks.
See High-Bit-Data-Rate DSL.
Health Care and Education Reconciliation Act of 2010
A U.S. law that affects healthcare and educational organizations. It increased some of the security measures that must be taken to protect healthcare information.
Health Insurance Portability and Accountability Act (HIPAA)
A U.S. act that affects all healthcare facilities, health insurance companies, and healthcare clearing houses. It provides standards and procedures for storing, using, and transmitting medical information and healthcare data.
Evidence that is secondhand where the witness does not have direct knowledge of the fact asserted but knows it only from being told by someone.
Also called heat-sensing. Operates by detecting temperature changes. These can either alert when a predefined temperatures is met or alert when the rate of rise is a certain value.
In this model data is organized into a hierarchy. An object can have one child (an object that is a subset of the parent object), multiple children, or no children.
hierarchical storage management (HSM) system
A type of backup management system that provides a continuous online backup by using optical or tape “jukeboxes.”
Form of DSL that provides T1 speeds.
These instructions use abstract statements (for example, IF-THEN-ELSE) and are processor independent. They are easier to work with and their syntax is more similar to human language.
See Health Insurance Portability and Accountability Act (HIPAA).
See Hash MAC.
Networks that are configured to be attractive to hackers.
Systems that are configured to be attractive to hackers and lure them into spending time attacking them while information is gathered about the attack.
An IDS that monitors traffic on a single system.
A leased facility that contains all the resources needed for full operation.
See hierarchical storage management system.
Found on both routers and multiplexers and provides a connection to services like frame relay and ATM. It operates at speeds up to 52 Mbps.
This protocol is used to view and transfer web pages or web content.
See HTTP-Secure.
The implementation of HTTP running over the SSL/TLS protocol, which establishes a secure session using the server’s digital certificate.
A physical device (layer 1) that functions as a junction point for devices in a star topology. It is considered physical in that it has no intelligence.
A combination of network topologies, including bus, star, and ring.
hybrid or advanced distance vector protocols
Exhibit characteristics of both distance vector and link state routing protocols.
An alert system that monitors humidity.
Hypertext Transfer Protocol Secure (HTTPS)
Layers the HTTP on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP.
I
See infrastructure as a service.
See Internet Message Control Protocol.
By crafting ICMP redirect packets the attacker alters the route table of the host that receives the redirect message. This will change the way packets are routed in the network to his advantage.
See International Data Encryption Algorithm.
The act of a user professing an identity to an access control system.
See intrusion detection system.
See Internet Group Management Protocol.
See Internet Key Exchange.
See Internet Message Access Protocol.
Refers to registers usually contained inside the CPU.
A crime that occurs when a computer is involved in a computer crime without being the victim of the attack or the attacker.
A refinement to the basic waterfall model that states that software should be developed in increments of functional capability.
A backup in which all files that have been changed since the last full or incremental backup will be backed up and the archive bit for each file is cleared.
The type of memory addressing where the address location that is specified in the program instruction contains the address of the final desired location.
Occurs when someone has access to information at one level that allows them to infer information about another level.
Recipes, processes, trade secrets, product plans, and any other type of information that enables the enterprise to maintain competitiveness within its industry.
Model that focuses on controlling flows that relate two versions of the same object.
Information Technology Security Evaluation Criteria (ITSEC)
Addresses integrity and availability as well as confidentiality.
A security policy that provides information on certain topics and act as an educational tool.
Short distance wireless process that uses light rather than radio waves, in this case infrared light.
infrastructure as a service (IaaS)
Involves the vendor providing the hardware platform or data center and the company installs and manages their own operating systems and application systems. The vendor simply provides access to the data center and maintains that access.
In this mode all transmissions between stations go through the access point (AP) and no direct communication between stations occurs.
Include intellectual property, data, and organizational reputation.
Integrated Services Digital Network (ISDN)
Sometimes referred to as digital dial-up. The really big difference between ISDN and analog dial up is the performance.
A characteristic provided if you can be assured that the data has not changed in any way. The tenet of the CIA triad that ensures that data is accurate and reliable.
An obsolete classful Cisco propriety routing protocol.
intermediate system to intermediate system (IS-IS)
A complex interior routing protocol that is based on OSI protocols rather than IP.
Threats from those who might have some access to the room or building.
International Data Encryption Algorithm
A block cipher that uses 64-bit blocks, which are divided into 16 smaller blocks. It uses a 128-bit key and performs eight rounds of transformations on each of the 16 smaller blocks.
Internet Group Management Protocol (IGMP)
Used when multicasting, which is a form of communication whereby one host sends to a group of destination hosts rather than a single host (called a unicast transmission) or to all hosts (called a broadcast transmission).
Also sometimes referred to as IPsec Key Exchange, provides the authenticated material used to create the keys exchanged by ISAKMP used to perform peer authentication.
Internet Message Access Protocol (IMAP)
An application layer protocol for email retrieval.
Internet Message Control Protocol (ICMP)
Used by the network devices to send a message regarding the success or failure of communications and used by humans for troubleshooting. When you use the programs PING or TRACEROUTE you are using ICMP.
Responsible for putting the source and destination IP addresses in the packet and for routing the packet to its destination.
Internet Security Association and Key Management Protocol (ISAKMP)
Handles the creation of a security association for the session and the exchange of keys.
A signal used by an in/out device when it requires the CPU to perform some action.
The internal network of the enterprise.
A system responsible for detecting unauthorized access or attacks against systems and networks.
intrusion prevention system (IPS)
A system responsible for preventing unauthorized access or attacks against systems and networks.
See internet protocol.
One of the techniques used by hackers to hide their trail or to masquerade as another computer. The hacker alters the IP address as it appears in the packet.
See intrusion prevention system.
Can provide encryption, data integrity, and system-based authentication, which makes it a flexible option for protecting transmissions.
A biometric scan that scans the colored portion of the eye, including all rifts, coronas, and furrows.
See Internet Security Association and Key Management Protocol.
See Integrated Services Digital Network.
These standards provide guidance to organizations in integrating security into the development and maintenance of software applications. Series establishes information security standards published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).
Transactions do not interact with other transactions until completion.
issue-specific security policy
A security policy that addresses specific security issues.
See Information Technology Security Evaluation Criteria.
J
A small component created using Java that runs in a web browser. It is platform independent and creates intermediate code called byte code that is not processor-specific.
Java Database Connectivity (JDBC)
Makes it possible for Java applications to communicate with a database.
Java Platform, Enterprise Edition (J2EE)
A distributed component model that relies on the Java programming language. It is a framework used to develop software that provides APIs for networking services and uses an interprocess communication process that is based on CORBA.
See Java Database Connectivity.
A security measure that ensures that more than one person fulfills the job tasks of a single position within an organization. Refers to training of multiple users to perform the duties of a position to help prevent fraud by any individual employee.
joint analyses development model
Also called the Joint Application Development (JAD), this is a development model that uses a team approach. It uses workshops to both agree on requirements and to resolve differences. The theory is that by bringing all parties together at all stages that a more satisfying product will emerge at the end of the process.
K
See Health Insurance Portability and Accountability Act (HIPAA).
An authentication protocol that uses a client-server model developed by MIT’s Project Athena. It is the default authentication model in the recent editions of Windows Server and is also used in Apple, Sun, and Linux operating systems.
An example of a fifth-generation firewall. It inspects the packet at every layer of the OSI model but does not introduce the performance hit that an application layer firewall will because it does this at the kernel layer.
A parameter that controls the transformation of plaintext into ciphertext or vice versa. Determining the original plaintext data without the key is impossible. Also referred to as a cryptovariable.
Occurs when different encryption keys generate the same ciphertext from the same plaintext message.
All the possible key values when using a particular algorithm or other security measure. A 40-bit key would have 240 possible values, whereas a 128-bit key would have 2,128 possible values.
A biometric system that measures the typing pattern that a user uses when inputting a password or other pre-determined phrase.
Factors that are something a person knows.
Also called expect systems, they use artificial intelligence to emulate human logic when solving problems. Rules-based programming instructs the system how to react through if-then statements.
An attack that occurs when an attacker uses the plaintext and ciphertext versions of a message to discover the key used.
L
A newer protocol that operates at layer 2 of the OSI model. It can use various authentication mechanisms like PPTP can but does not provide any encryption. It is typically used with IPsec, a very strong encryption mechanism.
Two sheets of glass with a plastic film between that it makes it more difficult to break.
A group of systems that are connected with a fast network connection. For purposes of this discussion that is any connection over 10Mbps and usually in a single location.
See L2TP.
A switch with the routing function also built in.
Provide additional routing above layer 3 by using the port numbers found in the Transport layer header to make routing decisions.
In such a model reliance should not be based on any single physical security concept but on the use of multiple approaches that support one another.
A security principle that requires that a user or process is given only the minimum access privilege needed to perform a particular task.
The status of being legally responsible to another entity because of your actions or negligence.
Routing protocols that only share network changes (link outages and recoveries) with neighbors, thereby greatly reducing the amount of traffic generated. They also use a much more sophisticated metric that is based on many factors such as the bandwidth of each link on the path and the congestion on each link.
Shares characteristics with the Clark-Wilson model in that it separates objects into data and programs.
A type of malware that executes when an event talks place.
Software or hardware components used to restrict access
M
See mandatory access control.
Languages that deliver instructions directly to the processor.
These infect programs written in Word Basic, Visual Basic, or VBScript that are used to automate functions. These viruses infect Microsoft Office files. They are easy to create because the underlying language is simple and intuitive to apply. These are especially dangerous in that they infect the operating system itself. They also can be transported between different operating systems as the languages are platform independent.
A set of instructions built into the code that allows for one who knows about the so-called “back door” to use the instructions to connect to view and edit the code without using the normal access controls.
A term that describes any software that harms a computer, deletes data, or takes actions the user did not authorize.
See Metropolitan Area Network.
See administrative control.
An access control model in which subject authorization is based on security labels.
Disasters that occur through human intent or error.
Physical threats faced from malicious and careless humans.
A series of two doors with a small room between them.
Organizes tables of subjects and objects indicating what actions individual subjects can take upon individual objects.
The maximum amount of time that an organization can tolerate a single resource or function being down.
A message digest algorithm that produces a 128-bit hash value and performs 18 rounds of computations.
A message digest algorithm that produces a 128-bit hash value and performs only 3 rounds of computations.
A message digest algorithm that produces a 128-bit hash value and performs 4 rounds of computations.
A message digest algorithm that produces a variable hash value, performing a variable number of computations.
mean time between failure (MTBF)
The estimated amount of time a device will operate before a failure occurs. Describes how often a component fails on average.
The average time required to repair a single resource or function when a disaster or disruption occurs. Describes the average amount of time it will take to get a device fixed and back online.
How the crime was carried out by the suspect.
Media Access Control (MAC) addresses
In Ethernet these are called physical addresses because these 48-bit addresses expressed in hexadecimal are permanently assigned to the network interfaces of devices.
A swipe card that contains user authentication information and is issued to valid users.
Lighting system that uses an electric arc through vaporized mercury to produce light.
The most fault tolerant and the most expensive to deploy. In this topology all devices are connected to all other devices.
The use of Ethernet technology over a wide area.
Metropolitan Area Network (MAN)
A type of LAN that encompasses a large area such as the downtown of a city.
Software in a distributed environment that ties the client and server software together.
See Multiple Input Multiple Output.
See redundant site.
A type of law that combines two or more of the other law types. The most often mixed law uses civil law and common law.
Instructions passed across the network and executed on a remote system. A code type that can be transferred across a network and then executed on a remote system or device.
mono-alphabetic substation cipher
A cipher that uses only one alphabet.
Why the crime was committed and who committed the crime. MOM stands for motive, opportunity, and means.
Lighting that can be repositioned as needed.
Mean time between failure.
See maximum tolerable downtime.
See mean time to repair.
This is a signal received by all others in a group called a multicast group. It is considered one-to-many.
Developed mainly to deal with confidentiality issues and focuses itself mainly on information flow.
Fiberoptic that uses several beams of light at the same time and uses LEDs as a light source.
Viruses that can infect both program files and boot sectors.
Multiple Input Multiple Output (MIMO)
Using multiple antennas, which allow for up to four spatial streams at a time.
A physical (layer 1) device that combines several input information signals into one output signal, which carries several communication channels, by means of some multiplex technique.
The process of carrying out more than one task at a time.
A pre-arranged agreement between two organizations in which each organization agrees to provide assistance to the other in the event of a disaster.
N
See network attached storage.
A service that changes the private IP address to a public address that is routable on the Internet. When the response is returned from the Web, the NAT service receives it and translates the address back to the original private IP address and sends it back to the originator.
This concept applies to the entrances of the facility. It encompasses the placement of the doors, lights, fences, and even landscaping. It aims to satisfy security goals in the least obtrusive and ascetically appealing manner.
Disasters that occur because of a natural hazard.
Languages whose goal is to create software that can solve problems on its own rather than require a programmer to create code to deal with the problem. Although it’s not fully realized it is a goal worth pursuing using knowledge-based processing and artificial intelligence.
The use of physical environmental features to promote visibility of all areas and thus discourage crime in those areas. The idea is to encourage the flow of people such that the largest possible percentage of the building is always populated, because people in an area discourage crime.
natural territorials reinforcement
Goal is to create a feeling of community in the area. It attempts to extend the sense of ownership to the employees.
Physical threats that must be addressed and mitigated that are caused by the forces of nature.
A security principle that defines what the minimums for each job or business function are.
Concept that users should only be given access to resources required to do their job.
A term that means that an organization was careless, resulting in some person or organization being injured.
Device that controls access to a network.
See NAT.
network attached storage (NAS)
A form of network storage that uses the existing LAN network for access using file access protocols such as NFS or SMB.
Like the hierarchical model, data is organized into a hierarchy but unlike the hierarchical model objects can have multiple parents.
Information required to route the packet is added. This will be in the form of a source and destination logical address.
An IDS that monitors network traffic on a local network segment.
A term used to cover several types of interference than can be introduced to the cable that causes problems.
Temporary interruptions that occur due to malfunction or failure.
Model less concerned with the flow of information and more concerned with a subject’s knowledge of the state of the system at a point in time; it concentrates on preventing the actions that take place at one level from altering the state presented to another level.
Provides proof of the origin of data, thereby preventing the sender from denying that he sent the message and supporting data integrity.
O
object linking and embedding (OLE)
A method for sharing objects on a local computer that uses COM as its foundation.
object linking and embedding database (OLE DB)
A replacement for ODBC, extending its functionality to non-relational databases.
This model has the ability to handle a variety of data types and is more dynamic than a relational database. Object-oriented database (OODB) systems are useful in storing and manipulating complex data, such as images and graphics.
In OOP, objects are organized in a hierarchy in classes with characteristics called attributes attached to each. OOP emphasizes the employment of objects and methods rather than types or transformations as in other software approaches.
This model is the marriage of object-oriented and relational technologies combining the attributes of both.
See Online Certificate Status Protocol.
See open database connectivity.
See Output Feedback.
See Orthogonal Frequency Division Multiplexing.
See object linking and embedding.
See object linking and embedding database.
An Online Transaction Processing system is used to monitor for problems such as processes that stop functioning. Its main goal is to prevent transactions that don’t happen properly or are not complete from taking effect. An ACID test ensures that each transaction has certain properties before it is committed.
The most secure encryption scheme that can be used. It works likes a running cipher in that the key value is added to the value of the letters. However, it uses a key that is the same length as the plaintext message.
A mathematical function that can be more easily performed in one direction than in the other.
online certificate status protocol
An Internet protocol that obtains the revocation status of an X.509 digital certificate.
See object-oriented programming.
open database connectivity (ODBC)
An API that allows communication with databases either locally or remotely.
open shortest path first (OSPF)
A standards-based link state protocol.
open systems interconnect (OSI) model
Created in the 1980s by the International Standards Organization (ISO) as a part of its mission to create a protocol set to be used as a standard for all vendors.
Open Web Application Security Project (OWASP)
An open-source application security project. This group creates guidelines, testing procedures, and tools to assist with web security. A group that monitors attacks, specifically web attacks. OWASP maintains a list of top 10 attacks on an ongoing basis.
Comprises the activities that support continual maintenance of the security of the system on a daily basis.
Evidence that is based on what the witness thinks, feels, or infers regarding the facts.
Where and when the crime occurred.
A collection of criteria based on the Bell-LaPadula model that is used to grade or rate the security offered by a computer system product.
organizational security policy
The highest level security policy adopted by an organization that outlines security goals.
Orthogonal Frequency Division Multiplexing (OFDM)
A more advanced technique of modulation in where a large number of closely spaced orthogonal sub-carrier signals are used to carry the data on several parallel data streams. It is used in 802.11a and 802.11g. It makes speed up to 54 Mbps possible.
See open systems interconnect model.
See open shortest path first.
See Open Web Application Security Project.
A DES mode that works with 8-bit (or smaller) blocks that uses a combination of stream ciphering and block ciphering. However, OFB uses the previous keystream with the key to create the next keystream.
Factors that are something a person possess, such as a password.
P
Only inspect the header of the packet for allowed IP addresses or port numbers.
packet switching networks (such as the Internet or a LAN)
Establish an optimal path per-packet.
A biometric scan that records fingerprint information from every finger as well as hand geometry information. Also referred to as a hand scan.
See Password Authentication Protocol.
This is a virus that attaches itself to a file, usually an executable file, and then delivers the payload when the program is used.
passive infrared systems (PIR)
Detection systems that operate by identifying changes in heat waves in an area.
Password Authentication Protocol (PAP)
Provides authentication but the credentials are sent in clear text and can be read with a sniffer.
See Port Address Translation.
Operate at the physical layer of the OSI model and simply function as a central termination point for all the cables running through the walls from wall outlets, which in turn are connected to computers with cables.
An intellectual property type that covers an invention described in a patent application and is granted to an individual or company.
Payment Card Industry Data Security Standard (PCI DSS)
A standard that affects any organizations that handle cardholder information for the major credit card companies. The latest version is version 2.0.
See private branch exchange.
See Payment Card Industry Data Security Standard (PCI DSS).
Any client/server solution in which any platform may act as a client or server or both.
A test that simulates an attack to identify any risks that can stem from the vulnerabilities of a system or device.
See transposition.
Personal Information Protection and Electronic Documents Act (PIPEDA)
An act from Canada that affects how private sector organizations collect, use, and disclose personal information in the course of commercial business. The Act was written to address European Union concerns over the security of PII.
personally identifiable information (PII)
Any piece of data that can be used alone or with other information to identify a single person.
A social engineering attack, similar to phishing, that actually pollutes the contents of a computer’s DNS cache so that requests to a legitimate site are actually routed to an alternate site.
A social engineering attack in which attackers try to learn personal information, including credit card information and financial data. A social engineering attack where a recipient is convinced to click on a link in an email that appears to go to a trusted site but in fact goes to the hacker’s site.
A process where copies of the SIM chip are made allowing another user to make calls as the original user.
systems that operate by detecting changes in light and thus are used in windowless areas. It sends a beam of light across the area and if the beam is interrupted (by a person, for example) the alarm is triggered.
A security control that protects an organization’s facilities and personnel.
Responsible for turning the information into bits (ones and zeros) and sending it out on the medium.
When a person’s actions are reported or captured using cameras, direct observance, or closed-circuit TV.
Any unique physical attribute of the user, including iris, retina, and fingerprints.
See personally identifiable information.
Sends several oversized packets, which can cause the victim system to be unstable at the least and possibly freeze up.
Basically pings every IP address and keeps track of which IP addresses respond to the ping.
See Personal Information Protection and Electronic Documents Act.
Overlaps the steps of different instructions whereas a scalar processor executes one instruction at a time.
A message in its original format. Also referred to as cleartext.
Involves the vendor providing the hardware platform or data center and the software running on the platform. The company is still involved in managing the system.
A layer 2 protocol that performs framing and encapsulation of data across point-to-point connections.
An information security governance component that outlines goals but does not give any specific ways to accomplish the stated goals.
Contention method where a primary device polls each other device to see whether it needs to transmit.
polyalphabetic substation cipher
A cipher that uses multiple alphabets.
A process used to prevent data inference violations It does this by enabling a relation to contain multiple tuples with the same primary keys with each instance distinguished by a security level. It prevents low-level database users from inferring the existence of higher level data. The development of a detailed version of an object from another object using different values in the new object, which prevents low-level database users from inferring the existence of higher level data.
This virus makes copies of itself, and then makes changes to those copies. It does this in hopes of avoiding detection of antivirus software.
The ability of different objects with a common name to react to the same message or input with different output.
See Post Office Protocol.
Port Address Translation (PAT)
A specific version of NAT that uses a single public IP address to represent multiple private IP addresses.
This attack basically pings every address and port number combination and keeps track of which ports are open on each device as the pings are answered by open ports with listening services and not answered by closed ports.
An application layer email retrieval protocol.
Go between the wall outlet and the device and smooth out the fluctuations of power delivered to the device protecting against sags and surges.
Point-to-point tunneling protocol (PPTP)
A Microsoft protocol based on PPP. It uses built-in Microsoft Point-to-Point encryption and can use a number of authentication methods, including CHAP, MS-CHAP, and EAP-TLS.
See Point to Point Protocol.
See point-to-point tunneling protocol.
Operates like a dry pipe system except that the sprinkler head holds a thermal-fusible link that must be melted before the water is released. This is currently the recommended system for a computer room.
Responsible for the manner in which the data from the application layer is represented (or presented) to the application layer on the destination device. If any translation between formats is required it will take care of it.
A security control that prevents an attack from occurring.
See Primary Rate ISDN (PRI).
Columns that make each row unique.
Solution that provides up to 23 B channels and a D channel for a total of 1.544 Mbps.
A private telephone switch that resides on the customer premises. It has a direct connection to the telecommunication provider’s switch. It performs call routing within the internal phone system.
Three ranges of IPv4 addresses set aside to be used only within private networks and are not routable on the Internet.
See symmetric encryption.
The process of exploiting a bug or weakness in an operating system to allow a user to receive privileges to which they are not entitled.
An information security governance component that includes all the detailed actions that personnel are required to follow.
A set of threads that are part of the same larger piece of work done for a specific application.
A computer used exclusively by a financial institution or the United States government or used in or affecting interstate or foreign commerce or communication, including a computer located outside the United States that is used in a manner that affects interstate or foreign commerce or communication of the United States.
The use of a sample of code to explore a specific approach to solving a problem before extensive time and cost have been invested in the approach.
proximity authentication device
A programmable card used to deliver an access code to the device either by swiping the card or in some cases just being in the vicinity of the reader.
Creates the web connection between systems on their behalf but they can typically allow and disallow traffic on a more granular basis. Proxy firewalls actually stand between each connection from the outside to the inside and make the connection on behalf of the endpoints.
See public switched telephone network.
Public Company Accounting Reform and Investor Protection Act of 2002
See Sarbanes-Oxley (SOX) Act.
See asymmetric encryption.
public switched telephone network (PSTN)
Also referred to as the Plain Old Telephone Service (POTS), this is the circuit-switched network that has been used for analog phone service for years and is now mostly a digital operation.
Damages that are handed down by juries to punish the liable party.
Q
A method of analyzing risk whereby intuition, experience, and best practice techniques are used to determine risk.
A lamp consisting of an ultraviolet light source, such as mercury vapor, contained in a fused-silica bulb that transmits ultraviolet light with little absorption.
R
See registration authority.
radio frequency interference (RFI)
Interference from radio sources in the area.
An remote authentication standard defined in RFC 2138. RADIUS is designed to provide a framework that includes three components: supplicant, authenticator, and authenticating server.
Also called disk striping, this method writes the data across multiple drives but while it improves performance its does not provide fault tolerance.
Also called disk mirroring, it uses two disks and writes a copy of the data to both disks, providing fault tolerance in the case of a single drive failure.
In this system the data is striped across all drives at the bit level and uses a hamming code for error detection. Hamming codes can detect up to two-bit errors or correct one-bit errors without detection of uncorrected errors.
Requires at least three drives. The data is written across all drives like striping and then parity information is written to a single dedicated drive; the parity information is used to regenerate the data in the case of a single drive failure.
Requires at least three drives. The data is written across all drives like striping and then parity information is spread across all drives as well. The parity information is used to regenerate the data in the case of a single drive failure.
While not a standard but a proprietary implementation, this system incorporates the same principles as RAID 5 but enables the drive array to continue to operate if any disk or any path to any disk fails. The multiple disks in the array operate as a single virtual disk.
Rapid Application Development (RAD)
A development model in which less time is spent upfront on design while emphasis is placed on rapidly producing prototypes with the assumption that crucial knowledge can only be gained through trial and error.
See role-based access control.
A stream cipher that uses a variable key size of 40 to 2,048 bits and up to 256 rounds of transformation.
A block cipher that uses a key size of up to 2,048 bits and up to 255 rounds of transformation. Block sizes supported are 32, 64, or 128 bits.
A block cipher based on RC5 that uses the same key size, rounds, and block size.
An agreement between two organizations that have similar technological needs and infrastructures.
Collection of related data items.
A security control that recovers a system or device after an attack has occurred.
The point in time to which the disrupted resource or function must be returned.
The shortest time period after a disaster or disruptive event within which a resource or function must be restored to avoid unacceptable consequences.
A collection of criteria based on the Bell-LaPadula model that addresses network security.
Refers to providing multiple instances of either a physical or logical component such that a second component is available if the first fails.
A site that is identically configured as the primary site.
A system component that enforces access controls on an object.
Requires that for any foreign key attribute, the referenced relation must have a tuple with the same value for its primary key.
The entity in a PKI that verifies the requestor’s identity and registers the requestor.
See administrative law.
A security policy that addresses specific industry regulations, including mandatory standards.
Fundamental entity in a relational database in the form of a table.
Uses attributes (columns) and tuples (rows) to organize the data in two-dimensional tables.
The ability of a function or system to consistently perform according to specifications.
A type of law based on religious beliefs.
Any data left after the media has been erased.
Remote Access Dial In User Service (RADIUS)
See RADIUS.
Risk that is left over after safeguards have been implemented.
A biometric scan that scans the retina’s blood vessel pattern.
See radio frequency interference.
Uses three block sizes of 128, 192, and 256 bits. A 128-bit key with a 128-bit block size undergoes 10 transformation rounds. A 192-bit key with a 192-bit block size undergoes 12 transformation rounds. Finally, a 256-bit key with a 256-bit block size undergoes 14 transformation rounds.
A physical ring topology is one in which the devices are daisy-chained one to another in a circle or ring.
A message digest algorithm that produces a 160-bit hash value after performing 160 rounds of computations on 512-bit blocks.
The probability that a threat agent will exploit a vulnerability and the impact of the probability.
A method of handling risk that involves understanding and accepting the level of risk as well as the cost of damages that can occur.
A method of handling risk that involves terminating the activity that causes a risk or choosing an alternative that is not as risky.
The process that occurs when organizations identify, measure, and control organizational risks.
A method of handling risk that involves defining the acceptable risk level the organization can tolerate and reducing the risk to that level.
A method of handling risk that involves passing the risk on to a third party.
An access control model in which each subject is assigned to one or more roles.
A set of tools that a hacker can use on a computer after he has managed to gain access and elevate his privileges to administrator.
Use a routing table that tells the router in which direction to send traffic destined for a particular network.
Routing Information Protocol (RIP)
Standards-based distance vector protocol that has two versions, RIPv1 and RIPv2. Both use hop count as a metric.
A row in a table.
See recovery point objective.
See recovery time objective.
An access control model in which a security policy is based on global rules imposed for all users.
A cipher that uses a physical component, usually a book, to provide the polyalphabetic characters.
S
See software as a service.
See Sherwood Applied Business Security Architecture.
See countermeasure.
See storage area networks.
A U.S. act that controls the accounting methods and financial reporting for the organizations and stipulates penalties and even jail time for executive officers and affects any organization that is publicly traded in the United States.
Description of a relational database.
A firewall that is between the final router and the internal network.
In this case, two firewalls are used and traffic must be inspected at both firewalls to enter the internal network.
The act of pursuing items or information.
Evidence that has been reproduced from an original or substituted for an original item.
See symmetric encryption.
A protocol that secures credit card transaction information over the Internet.
Secure European System for Applications in a Multi-vendor Environment (SESAME)
A project that extended Kerberos functionality to fix Kerberos weaknesses. It uses both symmetric and asymmetric cryptography to protect interchanged data and a trusted authentication server at each host.
Secure File Transfer Protocol (SFTP)
This is an extension of the Secure Shell Protocol (SSH). There have been a number of different versions with version 6 being the latest. Because it uses SSH for the file transfer its uses TCP port 22.
An application and protocol that is used to remotely log in to another computer using a secure tunnel.
A protocol developed by Netscape to transmit private documents over the Internet that implements either 40-bit (SSL 2.0) or 128-bit encryption (SSL 3.0).
Security Assertion Markup Language (SAML)
An XML-based open standard data format for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider.
A set of resources that follow the same security policies and are available to a subject.
The hardware, firmware, and software elements of a trusted computing base that implements the reference monitor concept.
The dividing line between the trusted parts of the system and those that are untrusted.
The act of taking custody of physical or digital components.
The concept that prescribes that sensitive operations be divided among multiple users so that no one user has the rights and access to carry out the operation alone. A security measure that ensures that one person is not capable of compromising organizational security. It prevents fraud by distributing tasks and their associated rights and privileges between more than one user.
Serial Line Interface Protocol (SLIP)
See SLIP.
Service Oriented Architecture (SOA)
An approach that operates on the theory of providing web-based communication functionality without requiring redundant code to be written per application. It uses standardized interfaces and components called service brokers to facilitate communication among web-based applications.
A name or value assigned to identify the WLAN from other WLANs.
See Secure European System for Applications in a Multi-vendor Environment.
The hacker attempts to place himself in the middle of an active conversation between two computers for the purpose of taking over the session of one of the two computers thus receiving all data sent to that computer.
Session Initiation Protocol (SIP)
To control call sessions and multimedia over VoIP networks.
Responsible for adding information to the packet that makes a communication session between a service or application on the source device possible with the same service or application on the destination device.
See Secure Electronic Transaction.
See Secure File Transfer Protocol.
Software that is shared for a limited time. After a certain amount of time (the trial period), the software requires that the user purchase the software to access all the software’s features. This is also referred to as trialware.
Sherwood Applied Business Security Architecture (SABSA)
A model for guiding the creation and design of a security architecture. It attempts to enhance the communication process between stakeholders.
A social engineering attack that occurs when an attacker watches when a user enters login or other confidential data.
Encrypts only the served page data and submitted data like POST fields, leaving the initiation of the protocol unchanged.
See Session Initiation Protocol.
Protocol to set up, control the signaling, and tear down a PSTN phone call.
A biometric system that measures stroke speed, pen pressure, and acceleration and deceleration while the user writes his signature.
Simple Mail Transfer Protocol (SMTP)
A standard application layer protocol used between email servers. This is also the protocol used by clients to send email.
Simple Network Management Protocol (SNMP)
An application layer protocol that is used to retrieve information from network devices and to send configuration changes to those devices.
See SLE.
Fiberoptic that uses a single beam of light provided by a laser as a light source.
A system in which a user enters his login credentials once and can access all resources in the network.
A block-cipher, symmetric algorithm developed by the U.S. NSA that uses an 80-bit key to encrypt 64-bit blocks. It is used in the Clipper chip.
Analyzes the slack (marked as empty or reusable) space on the drive to see whether any old (marked for deletion) data can be retrieved.
The monetary impact of each threat occurrence. This acronym stands for single loss expectancy. The equation used is SLE = AV × EF.
An older remote access protocol that had been made obsolete by Point to Point protocol (PPP).
An integrated circuit card (ICC) that contains memory like a memory card but also contains an embedded chip like bank or credit cards.
Operates using a photoelectric device to detect variations in light caused by smoke particles.
See Simple Mail Transfer Protocol.
This attack is also a denial of service attack that uses a type of ping packet called an ICMP ECHO REQUEST.
In this attack an attacker sends a large amount of UDP echo traffic to an IP broadcast address, all of it having a fake source address, which will, of course, be the target system.
See Simple Network Management Protocol.
An example of a circuit-level firewall.
Lighting system that uses sodium in an excited state to produce light.
Involves the vendor providing the entire solution. They might provide you with an email system, for example, whereby they host and manage everything for you.
Software Development Life Cycle
The goal of the software development life cycle is to provide a predictable framework of procedures designed to identify all requirements with regard to functionality, cost, reliability, and delivery schedule and ensure that each are met in the final solution.
Updates released by vendors that either fix functional issues with or close security loopholes in operating systems, applications, and versions of firmware that run on the network devices.
The unauthorized reproduction or distribution of copyrighted software.
See synchronous optical networks.
See Sarbanes-Oxley (SOX) Act.
When email is sent out on a mass basis that is not requested.
A phishing attack carried out against a specific target by learning about the target’s habits and likes. The process of foisting a phishing attack on a specific person rather than a random set of people.
A development model that is an iterative approach but places more emphasis on risk analysis at each stage.
A security measure that ensures no single employee knows all the details to perform a task. This security measure is part of separation of duties.
Tracks your activities and can also gather personal information that could lead to identity theft.
See secure shell.
See secure sockets layer.
See single sign-on.
Individuals, teams, and departments, including groups outside the organization, with interests or concerns that should be considered.
An information security governance component that describes how policies will be implemented within an organization.
Used in residential areas and is easily broken.
A type of system that illuminates only at certain times or on a schedule.
The most common in use today. In this topology all devices are connected to a central device (either a hub or a switch).
By examining every possible state the system could be in and ensuring that the system maintains the proper security relationship between objects and subjects in each state, the system is said to be secure.
Aware of the proper functioning of the TCP handshake, keeps track of the state of all connections with respect to this process and can recognize when packets are trying to enter the network that don’t make sense in the context of the TCP handshake.
Damages established by laws.
This is a virus that hides the modifications that it is making to the system to help avoid detection.
When a message is hidden inside another object, such as a picture or document.
Analyzes the files on a drive to see whether the files have been altered or to discover the encryption used on the file.
Comprised of high-capacity storage devices that are connected by a high-speed private (separate from the LAN) network using storage-specific switches.
Plans that guide the long-term security activities (3–5 years or more).
A cipher that performs encryption on a bit-by-bit basis and use keystream generators.
The process of exchanging one byte in a message for another.
A cipher that uses a key to substitute characters of character block with different characters or character blocks.
A computer architecture characterized by a processor that enables concurrent execution of multiple instructions in the same pipeline stage.
Mode used when a computer system processes input/output instructions.
The component in a RADIUS environment seeking authentication.
A prolonged high voltage.
The act of the monitoring behavior, activities, or other changing information, usually of people.
Switched Multimegabit Data Service (SMDS)
A connectionless packet switched technology that communicates across an established public network.
Intelligent and operate at layer 2 of the OSI model. We say they map to this layer because they make switching decisions based on MAC addresses, which reside at layer 2.
An encryption method whereby a single private key both encrypts and decrypts the data. Also referred to as a private or secret key encryption.
In this mode the processors or cores are handed work on a round-robin basis, thread by thread.
In this attack, the hacker sends a large number of packets with the SYN flag set, which causes the receiving computer to set aside memory for each ACK packet it expects to receive in return. These packets never come and at some point the resources of the receiving computer are exhausted, making this a form of DOS attack.
When encryption or decryption occurs immediately.
synchronous optical networks (SONET)
Use fiber-based links that operate over lines measured in optical carrier (OC) transmission rates.
A token generates a unique password at fixed time intervals with the authentication server.
Uses a clocking mechanism to synch up the sender and receiver.
Process that provides clear and logical steps that should be followed to ensure the system that emerges at the end of the development process provides the intended functionality with an acceptable level of security.
Threats that exist not from the forces of nature but from failures in systems that provide basic services such as electricity and utilities.
system-specific security policy
A security policy that addresses security for a specific computer, network, technology, or application
T
Dedicated lines to which the subscriber has private access and does not share with another customer.
A Cisco proprietary authentication service that operates on Cisco devices, providing a centralized authentication solution.
Plans that achieve the goals of the strategic plan and are shorter in length (6–18 months).
Include computers, facilities, supplies, and personnel.
See Trusted Computer Base.
Process of creating a state of connection between the two hosts before any data is transferred.
Model has only four layers and is useful to study because it focuses its attention on TCP/IP.
See Trusted Computer System Evaluation Criteria.
The hacker sends malformed fragments of packets that when reassembled by the receiver cause the receiver to crash or become unstable.
Disasters that occur when a device fails.
A remote access protocol used to connect to a device for the purpose of executing commands on the device.
Created by heating the glass which gives it extra strength.
A secondary backup site that provides an alternate in case the hot site, warm site, or cold site is unavailable.
Deals with the delegation and transfer of rights.
Type of coaxial with an official name of 10Base5.
Coaxial also called 10Base2; operates at 10 Mbps and although when it was named it was anticipated to be capable of running 200 feet, this was later reduced to 185 feet.
An individual piece of work done for a specific process.
A condition that occurs when a vulnerability is identified or exploited.
The entity that carries out a threat.
Uses three interfaces, one connected to the untrusted network, one to the internal network, and other to a part of the network called a Demilitarized Zone (DMZ).
A hash function that produces 128-, 160-, or 192-bit hash values after performing 24 rounds of computations on 512-bit blocks.
Time Division Multiplexing (TDM)
Multiplexing where the transmissions take turns rather than send at the same.
time-of-check/time-of-use attacks
An attack that attempts to take advantage of the sequence of events that take place as the system completes common tasks.
See transport layer security/secure sockets layer.
(Open Group Architecture Framework); has its origins in the U.S. Department of Defense and calls for an Architectural Development Method (ADM) that employs an iterative process that calls for individual requirements to be continuously monitored and updated as needed.
Contention method used is called in both FDDI and token ring. In this process a special packet called a token is passed around the network. A station cannot send until the token comes around and is empty.
A proprietary layer 2 protocol that enjoyed some small success and is no longer widely used.
See civil/tort law.
The risk that an organization could encounter if it decides not to implement any safeguards.
See Trusted Platform Module.
An intellectual property type that ensures that proprietary technical or business information remains confidential. Trade secrets include recipes, formulas, ingredient listings, and so on that must be protected against disclosure.
An intellectual property type that ensures that symbol, sound, or expression that identifies a product or an organization is protected from being used by another organization.
A backup that captures all transactions that have occurred since the last backup.
Receives all the information from layers 7, 6, and 5 and adds information that identifies the transport protocol in use and the specific port number that identifies the required layer 7 protocol.
transport layer security/secure sockets layer (TLS/SSL)
This is another option for creating secure connections to servers. It works at the application layer of the OSI model. It is used mainly to protect HTTP traffic or web servers.
The process of shuffling or reordering the plaintext to hide the original message. Also referred to as permutation.
A cipher that scrambles the letters of the original message in a different order.
See backdoor.
A secret mechanism that allows the implementation of the reverse function in a one-way function.
See shareware.
A version of DES that increases security by using three 56-bit keys.
A program or rogue application that appears to or is purported to do one thing but it does another when executed.
Comprises the components (hardware, firmware, and/or software) that are trusted to enforce the security policy of the system and that if compromised jeopardize the security properties of the entire system.
Trusted Computer System Evaluation Criteria (TCSEC)
Developed by the National Computer Security Center (NCSC) for the U.S. department of Defense to evaluate products.
A communication channel between the user or the program through which he is working and the trusted computer base.
A security chip installed on computer motherboard that is responsible for managing symmetric and asymmetric keys, hashes, and digital certificates.
The response of a system to a failure (such as crash or freeze) that leaves the system in a secure state.
A secure interface to a system.
trusted third-party federated identity model
A federated identity model in which each organization subscribes to the standards of a third party.
Lock with more moving parts than the warded lock with the key raising the lock metal piece to the correct height.
The most common type of network cabling found today is called twisted-pair cabling. It is called this because inside the cable is four pairs of smaller wires that are braided or twisted.
A version of blowfish that uses 128-bit data blocks using 128-, 192-, and 256-bit keys and performs 16 rounds of transformation.
U
This is a transmission from a single system to another single system. It is considered one-to-one.
uninterruptible power supplies (UPS)
Goes between the wall outlet and the device and uses a battery to provide power if the source from the wall is lost.
United States Federal Sentencing Guidelines of 1991
A U.S. act that affects individuals and organizations convicted of felonies and serious (Class A) misdemeanors.
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001
A U.S. law that affects law enforcement and intelligence agencies in the United States. Its purpose is to enhance the investigatory tools that law enforcement can use, including email communications, telephone records, Internet communications, medical records, and financial records.
See uninterruptible power supplies.
This attack takes advantage of the ability to embed URLs in web pages and email.
See Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001.
V
A biometric scan that scans the pattern of veins in the user’s hand or face.
See Very-High–Bit-Data-Rate DSL.
very long instruction word processor
A processor in which a single instruction specifies more than one concurrent operation.
Very-High–Bit-Data-Rate DSL (VDSL)
Form of DSL capable of supporting HDTV and VoIP.
A fourth generation of languages that focuses on abstract algorithms that hide some of the complexity from the programmer. This frees the programmer to focus on the real-world problems they are trying to solve rather than the details that go on behind the scenes.
The representation of the system from the perspective of a stakeholder or a set of stakeholders. Security is enforced through the use of views, which is the set of data available to a given user.
A template use to develop individual views that establish the audience, techniques, and assumptions made.
Software that has been specifically written to operate in the virtual environment.
See VLAN.
Connections are those that use an untrusted carrier network but provide protection of the information through strong authentication protocols and encryption mechanisms.
Virtual Router Redundancy Protocol (VRRP)
Used to provide multiple gateways to clients for fault tolerance in the case of a router going down.
A self-replicating program that infects software. It uses a host application to reproduce and deliver its payload and typically attaches itself to a file.
These are logical subdivisions of a switch that segregate ports from one another as if they were in different LANs. These VLANs can also span multiple switches, meaning that devices connected to switches in different parts of a network can be placed in the same VLAN regardless of physical location.
A biometric system that measures the sound pattern of a user stating a certain words.
When voice is encapsulated in packets and sent across packet switching networks.
See Virtual Private network.
A development model that differs primarily from the waterfall method in that verification and validation are performed at each step.
An absence or weakness of a countermeasure that is in place.
A assessment method whereby an organization’s network is tested for countermeasure absences or other security weaknesses.
W
A practice that is typically used to accompany war driving. After the war driver has located a WLAN he would indicate in chalk on the sidewalk the SSID and the types of security used on the network.
Driving around and locating WLANs with a laptop and a high-power antenna.
Lock with a spring-loaded bolt with a notch in it. The lock has wards or metal projection inside the lock with which the key will match and enable opening the lock.
A leased facility that contains electrical and communications wiring, full utilities, and networking equipment.
See wide area networks.
See Web Application Security Consortium.
A development model breaks the process up into distinct phases. While somewhat of a rigid approach it sees the process as a sequential series of steps that are followed without going back to earlier steps. This approach is called incremental development.
These devices generate a wave pattern in the area and detect any motion that disturbs the excepted wave pattern. When the pattern is disturbed an alarm sounds.
Web Application Security Consortium (WASC)
An organization that provides best practices for web-based applications along with a variety of resources, tools, and information that organizations can make use of in developing web applications.
See wired equivalent privacy.
Use water contained in pipes to extinguish the fire. In some areas the water might freeze and burst the pipes causing damage. These are also not recommended for rooms where equipment will be damaged by the water.
Targets a single person who is someone of significance or importance. It might be a CEO, a COO, or CTO, for example.
Used to connect LANs together (including MANs).
Created to address the widespread concern with the inadequacy of WEP.
wired equivalent privacy (WEP)
The first security measure used with 802.11. It was specified as the algorithm in the original specification. It can be used to both authenticate a device and encrypt the information between the AP and the device.
The amount of time and resources that would be needed to break the encryption.
The difference between RTO and MTD, which is the remaining time that is left over after the RTO before reaching the maximum tolerable.
A type of malware that can spread without the assistance of the user.
See Wi-Fi protected access.
An improvement over WPA. WPA2 uses CCMP, based on Advanced Encryption Standard (AES) rather than TKIP.
See work recovery time.
X-Z
Somewhat like frame relay in that traffic moves through a packet switching network. Uses mechanisms for reliability that are no longer required in today’s phone lines and that create overhead.
See Extensible Markup Language.
Allows XML applications to interact with more traditional databases, such as relational databases.
A two-dimensional model that intersects communication interrogatives (such as what, why, and where) with various viewpoints (such as planner, owner, and designer).