Glossary
802.11 standard A legacy set of wireless LAN standards developed by Working Group 11 of the IEEE LAN/MAN Standards Committee. 802.11 is known for its use of WEP and RC4.
802.11i standard One of the replacements for 802.11. 802.11i uses WPA and AES.
A
Acceptable use policy (AUP) A policy that defines what employees, contractors, and third parties are authorized to do on an organization’s IT infrastructure and its assets. AUPs are common for access to IT resources, systems, applications, Internet access, email access, and so on.
Access control A control that monitors the flow of information between a subject and an object. It ensures that only the operations permitted are performed.
Access control list (ACL) A table or list stored by a router to control access to and from a network by helping the device determine whether to forward or drop packets that are entering or exiting it.
Access creep The result of employees moving from one position to another within an organization without losing the privileges of the old position but gaining additional access in the new position. Thus, over time, employees build up much more access than they should have.
Access point spoofing The act of pretending to be a legitimate access point in order to trick individuals to pass traffic using the fake connection so that it can be captured and analyzed.
Accountability The traceability of actions performed on a system to a specific system entity or user.
Accreditation Management’s formal acceptance of a system or an application.
ACID test A test that addresses atomicity, consistency, isolation, and durability. Programmers involved in database management use the ACID test to determine whether a database management system has been properly designed to handle transactions.
Active fingerprint An active method of identifying the operating system of a targeted computer or device that involves injecting traffic into the network.
Address Resolution Protocol (ARP) A protocol used to map a known IP address to an unknown physical address.
Ad hoc mode A mode that makes it possible for an individual computer to communicate directly with other client units, with no access point required. Ad hoc operation is ideal for small networks of no more than two to four computers.
Administrative law A body of regulations, rules, orders, and decisions to carry out regulatory powers, created by administrative agencies.
Advanced Encryption Standard (AES) The encryption standard that was originally known as Rijndael and serves as the replacement to DES.
Aggregation Collection of data from disparate sources.
Algorithm A mathematical procedure used for solving a problem. Commonly used in cryptography.
American Standard Code for Information Interchange (ASCII) A standard code for transmitting data, consisting of 128 letters, numerals, symbols, and special codes, each of which is represented by a unique binary number. An ASCII word typically is 8 bits of binary data.
Annualized loss expectancy (ALE) A quantifiable measurement of the impact that a threat will have on an organization if it occurs. ALE is used to calculate the possible loss that could occur over a one-year period. The formula is SLE × ARO = ALE.
Anomaly detection A type of intrusion detection that looks at behaviors that are not normal with standard activity. These unusual patterns are identified as suspicious.
Appender A virus infection type that places the virus code at the end of the infected file.
Applet A small Java program that can be embedded in an HTML page. Applets differ from full-fledged Java applications in that they are not allowed to access certain resources on the local computer, such as files and serial devices (modems, printers, and so on), and they are prohibited from communicating with most other computers across a network. An applet can make an Internet connection only to the computer from which the applet was sent.
Application A software program designed to perform a specific task or group of tasks, such as word processing, communication, or database management.
Application controls A category of controls used to verify the accuracy and completeness of records made using manual or automated processes. Controls used for applications include encryption, batch totals, and data input validation controls.
Application layer The highest layer of the seven-layer OSI model. The application layer is used as an interface to applications or communications protocols.
Application programming interface (API) A set of system-level routines that can be used in an application program for tasks such as basic input/output and file management. In a graphics-oriented operating environment such as Microsoft Windows, high-level support for video graphics output is part of the Windows graphical API.
Arithmetic logic unit (ALU) A device used for logical and arithmetic operations within a computer.
Artificial intelligence (AI) Computer software that can mimic the learning capability of a human.
Assembler A program that converts the assembly language of a computer program into the machine language of the computer.
Assessment An evaluation and/or valuation of IT assets based on predefined measurement or evaluation criteria. It is not typically necessary for an accounting or auditing firm to conduct an assessment, such as a risk or vulnerability assessment.
Asset Anything of value owned or possessed by an individual or a business.
Asymmetric algorithm A routine that uses a pair of different but related cryptographic keys to encrypt and decrypt data.
Asymmetric encryption In cryptography, a form of encryption in which an asymmetric key algorithm is used with a pair of cryptographic keys to encrypt and decrypt. The two keys are related mathematically: A message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other. In a sense, one key locks the data, and a different key is required to unlock it.
Asynchronous Transfer Mode (ATM) Communication technology that uses high-bandwidth, low-delay transport technology and multiplexing techniques.
Asynchronous transmission A method whereby data is sent and received 1 byte at a time.
Attenuation A weakening of a signal that increases as the signal travels farther from the source.
Attribute-based access control (ABAC) A modern access control methodology in which access rights are granted by means of policies made up of attributes mapped to subjects and objects.
Audit An examination typically done by an accounting or auditing firm that conforms to a specific and formal methodology and definition for how an investigation is to be conducted, with specific reporting elements and metrics being examined (such as a financial audit according to public accounting and auditing guidelines and procedures).
Audit trail A set of records that collectively provide documentary evidence of processing that is used to aid in tracing from original transactions forward to related records and reports and/or backward from records and reports to their component source transactions.
Authentication A method of verifying that someone is who he or she purports to be. Authentication involves verifying the identity and legitimacy of an individual to access the system and its resources. Common authentication methods include passwords, tokens, and biometric systems.
Authorization The process of granting or denying access to a network resource based on a user’s credentials.
Authorization creep A phenomenon that occurs when employees not only maintain old access rights but gain new ones. It results in too much access over time.
Availability One of the three items considered part of the security triad, in addition to confidentiality and integrity. It is a measure of the degree to which data or systems are available to authorized users.
B
Backdoor A piece of software that allows access to a computer without using the conventional security procedures. Backdoors are often associated with Trojans.
Back Orifice A backdoor program that infects the end user with a Trojan and gives the attacker the ability to remotely control the user’s system.
Backup A copy of programs, databases, and other files that is made so that information can be restored in the event that it is lost due to, for instance, a computer failure, a natural disaster, or a virus infection.
Bandwidth The range of frequencies, expressed in hertz (Hz), that can pass over a given transmission channel. The bandwidth determines the rate at which information can be transmitted through the circuit.
Baseband The name given to a transmission method in which the entire bandwidth (the rate at which information travels through a network connection) is used to transmit just one signal.
Baseline A consistent or established base used to establish a minimum acceptable level of security.
Bayesian filter A technique used to detect spam. A Bayesian filter gives a score to each message based on the words and numbers in a message. These filters are often used by antispam software to filter spam based on probabilities. Messages with high scores are flagged as spam and can be discarded, deleted, or placed in a folder for review.
Bell-LaPadula A formal security model based on confidentiality that is defined by two basic properties:
Simple security property (ss property): This property states that a subject at one level of confidentiality is not allowed to read information at a higher level of confidentiality. It is sometimes referred to as “no read up.”- Star (*) security property: This property states that a subject at one level of confidentiality is not allowed to write information to a lower level of confidentiality. Also known as “no write down.”
Benchmark A standard test or measurement used to compare the performance of similar components or systems.
Binary code A sequence of 0s and 1s used by computer systems as the basis of communication.
Biometrics A method of verifying a person’s identity for authentication by analyzing a unique physical attribute of the individual, such as a fingerprint, retina, or palm print.
Blackbox testing A form of testing in which the tester has no knowledge of the target or its network structure.
Block cipher An encryption scheme in which data is divided into fixed-size blocks, each of which is encrypted independently of the others.
Blowfish A form of symmetric block encryption designed in 1993.
Blu-ray disc A storage medium designed as a replacement for DVDs. Blu-ray is a high-density optical disk that can hold audio, video, or data.
Bluejacking The act of sending unsolicited messages, pictures, or information to a Bluetooth user.
Bluesnarfing The theft of information from a wireless device through a Bluetooth connection.
Bluetooth An open standard for short-range wireless communications of data and voice between both mobile and stationary devices. Used in cell phones, PDAs, laptops, and other devices.
Bollard A heavy round post used to prevent vehicles from ramming buildings or breaching physical security.
Botnet A term used to describe a collection of robot-controlled workstations.
Brewer and Nash model A security model developed to prevent conflict of interest (COI) problems.
Bridge A Layer 2 device for passing signals between two LANs or two segments of a LAN.
Broadband A wired or wireless transmission medium capable of supporting a wide range of frequencies, typically from audio up to video frequencies. It can carry multiple signals by dividing the total capacity of the medium into multiple independent bandwidth channels, with each channel operating on only a specific range of frequencies.
Broadcast A type of transmission used on local and wide area networks in which all devices are sent the information from one host.
Brute-force attack A method of breaking a cipher or an encrypted value that involves trying a large number of possibilities. Brute-force attacks function by working through all possible values. The feasibility of brute-force attacks depends on the key length and strength of the cipher and the processing power available to the attacker.
Buffer An amount of memory reserved for the temporary storage of data.
Buffer overflow In computer programming, a problem that occurs when a software application somehow writes data beyond the allocated end of a buffer in memory. Buffer overflow is usually caused by software bugs and improper syntax and programming that open or expose the application to malicious code injections or other targeted attack commands.
Bus A common channel shared among multiple computer devices.
Bus LAN configuration A LAN network design that was developed to connect computers used for 10BASE-5 and 10BASE-2 computer networks. All computers and devices are connected along a common bus or single communication line so that transmissions by one device are received by all.
Business case A document developed to establish the merits and desirability of a project. It contains the information necessary to enable approval, authorization, and policymaking bodies to assess a project proposal and reach a reasoned decision, as well as justify the commitment of resources to a project.
Business continuity plan (BCP) A document that describes how an organization will resume partially or completely interrupted critical functions within a predetermined time after a disaster or disruption occurs. The goal is to keep critical functions operational.
Business impact analysis (BIA) A component of a business continuity plan that looks at all the components that an organization relies on for continued functionality. It seeks to distinguish which components are more crucial than others and require more funds in the wake of a disaster.
C
Caesar cipher A basic ROT3 cipher that works by means of a substitution. Each letter is replaced with another letter from a fixed number of letters down the alphabet. A Caesar cipher is easily cracked.
Capability Maturity Model (CMM) A structured model designed by Carnegie Mellon’s Software Engineering Institute to improve and optimize the software development lifecycle.
Carrier-sense multiple access with collision avoidance (CSMA/CA) An access method used by local area networking technologies such as Ethernet.
Carrier-sense multiple access with collision detection (CSMA/CD) An access method used by local area networking technologies such as token ring.
Catastrophe A calamity or misfortune that causes the destruction of a facility and/or data.
Central processing unit (CPU) One of the central components of a computer system, which carries out the vast majority of the calculations performed by the computer. It can be thought of as the “brain” of a computer or as a manager or boss that tells what the other components of the system should be doing at a given moment.
Certificate A digital file that uniquely identifies its owner. A certificate contains owner identity information and its owner’s public key. Certificates are created by certificate authorities.
Certificate authority (CA) An entity in the PKI infrastructure that issues certificates and reports status information and certificate revocation lists.
Certificate Practice Statement (CPS) A detailed explanation of how a certificate authority manages the certificates it issues and associated services such as key management. The CPS acts as a contract between the CA and users, describing obligations and legal limitations and setting the foundation for future audits.
Certificate revocation list (CRL) A certificate authority’s list of invalid certificates, such as compromised, revoked, or superseded certificates. The CRL is used during the digital signature verification process to check the validity of a certificate from which a public verification key is extracted.
Certification The technical review of a system or an application.
Challenge-Handshake Authentication Protocol (CHAP) A protocol for securely connecting to a system. CHAP functions as follows: (1) After the authentication request is made, the server sends a challenge message to the requestor. The requestor responds with a value obtained by using a one-way hash. (2) The server checks the response by comparing the received hash to a hash calculated locally by the server. (3) If the values match, the authentication is acknowledged; otherwise, the connection is terminated.
Channel service unit/data service unit (CSU/DSU) A telecommunications device used to terminate telephone company equipment, such as a T1, and prepare data for a router interface at the customer’s premises.
Ciphertext The form of data after it has been encrypted; contrast with the form before encryption, called plaintext.
Civil law A type of law that usually pertains to the settlement of disputes between individuals, organizations, or groups and having to do with the establishment, recovery, or redress of private and civil rights. Civil law is not criminal law. It is also called tort law and is mainly for redress or recovery related to wrongdoing.
Clark-Wilson model An integrity-based security model focused on the integrity properties of real-world data; it uses CDIs, UDIs, and TPs.
Client/server Describes the relationship between two computer programs in which one program, the client, makes a service request from another program, the server, which fulfills the request. Clients rely on servers for resources such as files, devices, and processing power.
Clipping level The point at which an alarm threshold or trigger occurs.
Cloning A process that occurs when a hacker copies the electronic serial numbers from one cell phone to another, thereby duplicating the cell phone.
Closed-circuit television (CCTV) A system of television cameras used for video surveillance, in which all components are directly linked via cables or other direct means. Also, a system comprising video transmitters that can feed the live or recorded video to one or more receivers. CCTV is typically used in banks, casinos, shopping centers, airports, and anywhere that physical security can be enhanced by monitoring events. Placement is typically at locations where people enter or leave a facility or at locations where critical transactions occur.
Closed system A system that is not “open” and, therefore, is a proprietary system. Open systems employ modular designs, are widely supported, and facilitate multivendor, multitechnology integration.
Cloud computing The use of a network of remote servers hosted on the Internet, rather than local servers, to store, manage, and process data.
Coaxial cable A cable composed of an insulated central conducting wire wrapped in another cylindrical conductor (the shield). The whole thing is usually wrapped in another insulating layer and an outer protective layer. A coaxial cable has great capacity to carry vast quantities of information. It is typically used in high-speed data and cable TV applications.
COBIT A framework that was designed by ISACA to aid in information security best practices. COBIT is an acronym for Control Objectives for Information and Related Technology.
Cohesion The extent to which a system or subsystem performs a single function.
Cold site A location that contains no computing-related equipment except for environmental support, such as air conditioners and power outlets, and a security system made ready for installing computer equipment.
Collision A problem that occurs when a hashing algorithm, such as MD5, creates the same value for two or more different files.
Combination lock A physical lock that can be opened by turning dials in a predetermined sequence.
Committed information rate (CIR) The data rate guaranteed by a Frame Relay data communications circuit.
Community cloud Cloud infrastructure that is shared between several sources.
Compact disc (CD) An optical disc that can store video, audio, and other data. CDs were originally designed for digital audio.
Compensating control An internal control designed to reduce risk or weakness in an existing control.
Compiler A computer program that translates a computer program written in one computer language (called the source language) into an equivalent program written in another computer language (called the object, output, or target language).
Completely connected (mesh) configuration A type of network configuration in which all devices are connected to all others with many redundant interconnections between network devices.
Computer-aided software engineering (CASE) The use of software tools to assist in the development and maintenance of software. Tools used in this way are known as CASE tools.
Computer incident response team (CIRT) An organization developed to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve the ability of organizations to respond to computer and network security issues.
Concurrency control In computer science, a method used to ensure that database transactions are executed in a safe manner (that is, without data loss). Concurrency control is especially applicable to database management systems, which must ensure that transactions are executed safely and that they follow the ACID rules.
Confidentiality One of the three parts of the security triad, in addition to integrity and availability. Confidentiality is a measure of how well data and systems are protected against access by unauthorized persons.
Confidentiality agreement An agreement that employees, contractors, or third-party users must read and sign prior to being granted access rights and privileges to an organization’s IT infrastructure and assets.
Content delivery network (CDN) A high-availability, high-performance network used to serve content to end users from multiple data centers.
Contingency planning The process of preparing to deal with calamities and non-calamitous situations before they occur in order to minimize the effects.
Continuity The state or quality of being continuous or unbroken, without interruption.
Cookie A message from a website given to an individual’s web browser on a workstation device. The workstation browser stores this text message in a text file, and the message is sent back to the web server each time the browser goes to that website.
Copyright Legal protection given to authors or creators that protects their expressions on a specific subject against unauthorized copying. It is applied to books, paintings, movies, literary works, and any other medium of use.
Corporate governance The method by which a corporation is directed, administered, or controlled. It includes the laws and customs affecting that direction, as well as the goals for which the organization is governed. How objectives of an organization are set, the means of attaining such objectives, how performance-monitoring guidelines are determined, and ways to emphasize the importance of using resources efficiently are significant issues of corporate governance.
Corrective controls Controls designed to resolve problems soon after they arise.
Coupling The extent of the complexity of interconnections with other modules.
Covert channel An unintended communication path that allows a process to transfer information in such a way that it violates a system’s security policy.
Cracker A hacker who acts in an illegal manner. The term is derived from “criminal hacker.”
Criminal law A type of law pertaining to crimes against the state or conduct that is detrimental to society. Violations of criminal statutes are punishable by law and can include monetary penalties and jail time.
Critical path methodology (CPM) A methodology that helps in determining what activities are critical and what dependencies exist among the various activities.
Criticality The quality, state, degree, or measurement of the highest importance.
Crossover error rate (CER) A comparison measurement for different biometric devices and technologies that measures their accuracy. The CER is the point at which FAR and FRR are equal or cross over. The lower the CER, the more accurate the biometric system.
Cryptographic key A string of bits used by a cryptographic algorithm during the encryption or decryption process.
Cryptology The science of secure communications.
D
Data analytics The process of reviewing data for the purpose of making conclusions about the information.
Data breach The exposure of sensitive information to unauthorized individuals.
Data communications The transmission or sharing of data between computers via an electronic medium.
Data custodian A data owner who has the responsibility for maintaining and protecting an organization’s data.
Data dictionary A catalog of all data held in a database, or a list of items that includes data names and structures.
Data Encryption Standard (DES) A symmetric encryption standard based on a 64-bit block. DES processes 64 bits of plaintext at a time to output 64-bit blocks of ciphertext. DES uses a 56-bit key and has four modes of operation. Because DES has been broken, AES is now the standard.
Data leakage Any type of computer information loss. It can involve removal of information by CD, floppy disk, USB thumb drive, or any other method.
Data owner A person, usually a member of senior management, in an organization who is ultimately responsible for ensuring the protection and use of the organization’s data.
Data security The science and study of methods of protecting data in computer and communications systems against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.
Data structure A logical relationship among data elements that is designed to support specific data-manipulation functions.
Data warehouse A large collection of data from a variety of sources used to make business decisions and support business intelligence activities.
Database A collection of data that is organized and stored on a computer and can be searched and retrieved by a computer program.
Database administrator (DBA) A person (or group of people) responsible for maintenance activities related to a database, including backup and recovery, performance, and design.
Database management system (DBMS) An integrated set of computer programs that provides the capabilities needed to establish, modify, make available, and maintain the integrity of a database.
Deadman door A linked pair of doors that allows one person to enter the first door and then, after it is closed, allows the person to exit the second door. Deadman doors are used to control access and are also known as a mantrap.
Decentralized computing A type of computing in which activities and computer processing are distributed to different locations.
Decision support system (DSS) A software application that analyzes business data and presents it so that users can make business decisions more easily.
Decryption The process of converting encrypted content into its original form, which is often plaintext. Decryption is the opposite of encryption.
Defense in depth Multilayered security in which the layers may be administrative, technical, or logical.
Demilitarized zone (DMZ) The middle ground between a trusted internal network and an untrusted external network. Services that internal and external users must use, such as HTTP, are typically placed in a DMZ.
Denial of service (DoS) A type of attack that occurs when an attacker consumes the resources on a computer or network for things it was not intended to be doing, thus preventing normal use of the computer or network resources for legitimate purposes.
Destination NAT (DNAT) A type of network translation that alters the destination address in an IP header. DNAT can also change the destination port in the TCP/UDP headers. The purpose of DNAT is to redirect incoming packets with the destination of a public address/port to a private IP address/port inside a network.
Destruction The act of destroying data so that it is denied to legitimate users.
Detective controls Controls that identify and correct undesirable events.
Device lock A physical lock used to secure laptops and other devices from theft.
DevOps The concept of blending development and operations together so that developers, programmers, engineers, and others can work together to build more secure software faster.
Dial back A procedure established for positively identifying a terminal that is dialing in to a computer system. It works by disconnecting the calling terminal and reestablishing the connection by the computer system dialing the telephone number of the calling terminal. Dial back can be used for personal identification.
Dictionary attack A type of cryptographic attack in which the attacker uses a word list or dictionary list to try to crack an encrypted password. A newer technique is to use a time/memory trade-off, such as in rainbow tables.
Digital certificate A certificate, typically issued by a trusted third party, that contains the name of a user or server, a digital signature, a public key, and other elements used in authentication and encryption. An X.509 certificate is the most common type of digital certificate.
Digital signature An electronic signature that can be used to authenticate the identity of the sender of a message. A digital signature is usually created by encrypting the user’s private key and is decrypted with the corresponding public key.
Digital watermark A hidden indicator of copyright information added to a document, picture, or sound file.
Direct-sequence spread spectrum (DSSS) A technique used to scramble wireless signals.
Disaster A natural or human-caused event such as fire, flood, or storm that causes equipment failure that negatively affects an industry or a facility.
Disaster tolerance The amount of time that an organization can accept the unavailability of IT facilities and services.
Discretionary access control (DAC) An access policy that allows the resource owner to determine access.
Diskless workstation A thin client that has no hard drive or local operating system. The system boots from a centralized server and stores files on a network file server.
Distributed denial of service (DDoS) An attack that is similar to DoS, except that it is launched from multiple distributed agent IP devices.
DNSSEC A secure version of DNS that provides authentication and integrity.
Domain Name System (DNS) A hierarchy of Internet servers that translate alphanumeric domain names into IP addresses and vice versa. Because domain names are alphanumeric, they are easier to remember than IP addresses.
Downloading The process of transferring information from one computer to another computer and storing it there.
Downtime report A record that tracks the amount of time a computer or other device is not operating because of a hardware or software failure.
Dropper A Trojan horse or program designed to drop a virus into an infected computer and then execute it.
Due care The standard of conduct taken by a reasonable and prudent person. When you see the term due care, think of the first letter of each word and remember “do correct” because due care is about performing the ongoing maintenance necessary to ensure the proper level of security.
Due diligence Reasonable examination and research. When you see the term due diligence, think of the first letter of each word and remember “do detect.”
Dumb terminal A computer workstation or terminal that consists of a keyboard and screen but that has no processor of its own. It sends and receives data to and from a large central computer or server.
Dumpster diving The practice of rummaging through the trash of a potential target or victim to gain useful information.
Dynamic Host Configuration Protocol (DHCP) A protocol that dynamically assigns IP addresses to host devices.
E
Eavesdropping The unauthorized capture and reading of network traffic.
Echo reply The second part of an ICMP ping message, officially a Type 0.
Echo request The first part of an ICMP ping message, officially a Type 8.
eDiscovery The process of searching electronic data for evidence for a civil or criminal case.
Edit control A control that detects errors in the input portion of information. A manual or automated process can be used to check for and allow the correction of data errors before processing.
Editing The process of reviewing for possible errors and making final changes, if necessary, to information in a database.
Electronic Code Book (ECB) A symmetric block cipher that is considered the weakest form of DES. With ECB, the same plaintext input results in the same encrypted text output.
Electronic serial number (ESN) A number that is used to identify a specific cell phone when it is turned on and requests to join a cell network.
Email bomb A hacker technique that involves flooding the email account of a victim with useless emails.
Email/interpersonal messaging Instant messages, usually text, sent from one person to another, or to a group of people, via computer.
Encapsulation of objects A technique used by layered protocols that involves adding header information to the protocol data unit (PDU) from the layer above. Think of data encapsulated in a TCP header followed by an IP header as an example.
Encryption The process of turning plaintext into ciphertext.
Encryption key A sequence of characters used by an encryption algorithm to encrypt plaintext into ciphertext.
Endpoint security A client/server approach to network security that places security controls on end hosts, such as laptops, tablets, and smartphones.
End-user computing The use or development of information systems by the principal users of the systems’ outputs or by their staffs.
End-user licensing agreement (EULA) A software license that a software vendor creates to protect and limit its liability and hold the purchaser liable for illegal pirating of the software application. The EULA typically has language in it that protects the software manufacturer from software bugs and flaws and limits the liability of the vendor.
Enterprise architecture A blueprint that defines the business structure and operation of an organization.
Enterprise resource planning (ERP) A software system used for operational planning and administration and for optimizing internal business processes. The best-known supplier of ERP systems is SAP.
Enterprise vulnerability management The overall responsibility and management of vulnerabilities within an organization and how that management of vulnerabilities will be achieved through dissemination of duties throughout the IT organization.
Entity relationship diagram (ERD) A diagram that helps map the requirements of and define the relationship between elements when designing a software program.
Ethernet A network protocol that defines a specific implementation of the physical and data link layers in the OSI model. Ethernet is a local area network standard that provides reliable high-speed communications (a maximum of 100 Mbps) in a limited geographic area (such as an office complex or a university complex).
Ethical hack A term used to describe a type of hack conducted to help a company or an individual identify potential threats to the organization’s IT infrastructure or network.
Ethical hacker Ethical hackers must obey rules of engagement, do no harm, and stay within legal boundaries. A security professional who legally attempts to break into a computer system or network to find its vulnerabilities.
Evasion The performance of activities to avoid detection.
Evidence Information gathered by an auditor during the course of an audit that stands as proof to support the conclusions of an audit report.
Exception report A report that uses data selection based on a very specific set of circumstances to identify process exceptions. Reports that identify items with negative quantities of a product are examples of exception reports.
Exclusive-OR (XOR) A logical operation that results in true only if one, but not both, of the operands is true.
Expert system A class of computer programs developed by researchers in artificial intelligence during the 1970s and applied commercially throughout the 1980s. In essence, an expert system is a program made up of a set of rules that analyze information (usually supplied by the user of the system) about a specific class of problems, as well as provide analysis of the problem(s), and, depending on the design, a recommended course of user action to implement corrections.
Exploit A vulnerability in software or hardware that can be used by a hacker to gain access to a system or service.
Exposure factor A value calculated by determining the percentage of loss to a specific asset due to a specific threat.
Extended Binary Coded Decimal Interchange Code (EBCDIC) An IBM-developed 8-bit binary code that can represent 256 characters. It allows control codes and graphics to be represented in a logical format. EBCDIC was created to represent data in particular types of data processing and communications terminal devices.
Extensible Authentication Protocol (EAP) A protocol that supports multiple authentication methods, such as tokens, smart cards, certificates, and one-time passwords.
Extensible Markup Language (XML) A standard for defining, validating, and sharing documents and data distributed on the Web.
Extranet A private network that uses Internet protocols and the public telecommunication system to securely share part of a business’s information or operations with suppliers, vendors, partners, customers, or other businesses. An extranet can be viewed as part of a company’s intranet that is extended to users outside the company. An extranet requires security and privacy.
Extreme Programming (XP) An Agile development method.
F
Failsafe In a logical sense, the process of discovering a system error, terminating the process, and preventing the system from being compromised. The system enters a state in which no access is allowed. In a physical system, an item such as a controlled-access door that unlocks in the event of a power failure so that people can leave the facility and are not locked in.
False acceptance rate (FAR) A biometric system measurement that indicates the percentage of individuals who are incorrectly granted access. This is the worst type of error that can occur because it means that unauthorized individuals have been allowed access.
False rejection rate (FRR) A biometric device error that indicates the percentage of authorized individuals who are incorrectly denied access.
Fast infection A type of virus infection that occurs quickly.
Feasibility study A phase of the SDLC methodology that involves researching the feasibility and adequacy of resources for the development or acquisition of a system solution for a user’s need.
Fiber-optic cable A medium for transmission comprising many glass fibers. Light-emitting diodes or lasers send light through the fiber to a detector that converts the light back to an electrical signal for interpretation. Advantages of this medium include huge bandwidth, immunity to electromagnetic interference, and the capability to traverse long distances with minimal signal degradation.
Fibre Channel over Ethernet (FCOE) A SAN technology that encapsulates Fibre Channel traffic over Ethernet packets.
Field In a database, the part of a record reserved for a particular type of data; for example, in a library catalog, author, title, ISBN, and subject headings would all be fields.
File Data stored as a named unit on a data storage medium. Examples include a program, a document, and a database.
File allocation table (FAT) A table or list maintained by an operating system to keep track of the status of various segments of disk space used for file storage.
File infector A type of virus that copies itself into executable programs.
File server A high-capacity disk storage device on a computer that each computer on a network can use to access files. Such computer programs can be set up to accept or not accept requests of different programs running on other computers.
File type The kind of data stored in a file.
Finger On some UNIX systems, a command that identifies who is logged on and active and that may also provide personal information about that individual.
Firewall Hardware or software used to control network connectivity and network services. Firewalls act as chokepoints for traffic entering and leaving a network and prevent unrestricted access. Firewalls can be stateful or stateless.
Firmware A computer program stored permanently in PROM or ROM or semi-permanently in EPROM. Software is “burned in” on the memory device so that it is nonvolatile (that is, so it will not be lost when power is shut off).
First-in/first-out (FIFO) A method of data and information storage in which the data stored for the longest time is retrieved first.
Flooding The process of overloading a network with traffic so that no legitimate traffic or activity can occur.
Fourth-generation language (4GL) A programming language that is easier to use than a lower-level language such as BASIC, assembly language, or Fortran. 4GL languages such as SQL and Python are also known as nonprocedural, natural, or very high-level languages.
Frame Relay A packet-switching technology that transmits data faster than the X.25 standard. Frame Relay does not perform error correction at each computer in a network. Instead, it simply discards any messages that contain errors. It is up to the application software at the source and destination to perform error correction and to control for loss of messages.
Frequency-hopping spread spectrum (FHSS) A basic modulation technique used in spread-spectrum signal transmission. FHSS makes wireless communication harder to intercept and more resistant to interference.
Function Point Analysis (FPA) An ISO-approved method of estimating the complexity of software.
Fuzzing A blackbox testing technique that involves inputting random values and examining the output while looking for failures or exceptions.
G
Gap analysis Analysis of the differences between two different states, often for the purpose of determining how to get from point A to point B. The aim is to look at ways to bridge the gap.
Gateway A device that allows for the translation and management of communication between networks that use different protocols or designs. A gateway can also be deployed in a security context to control sensitive traffic.
Gold standard Practices and procedures that are generally regarded as the best of the best.
Governance The planning, influencing, and conduct of the policy and affairs of an organization.
Graybox testing Testing that occurs with only partial knowledge of the network or is performed to see what internal users have access to.
Guidelines Recommendations, as opposed to hard-and-fast rules. Guidelines are much like standards.
H
Hardware The physical equipment of a computer system, including the central processing unit, data storage devices, terminals, and printers.
Hardware keystroke logger A form of key logger that is a hardware device. When placed in a system, it is hard to detect without a physical inspection. A logger may be plugged in to the keyboard connector or can be built in to the keyboard.
Hash A cryptographic sum that is considered a one-way value. A hash is considerably shorter than the original text and can be used to uniquely identify it. You might have seen a hash value next to applications available for download on the Internet. By comparing the hash of an application with the one on the application vendor’s website, you can make sure that the file has not been changed or altered.
Hashing algorithm An algorithm that examines every bit of data while it is being condensed so that even a slight change to the data will result in a large change in the message hash. It is considered a one-way process. MD5 and SHA-1 are examples of hashing algorithms.
Hearsay Evidence based on what a witness heard someone else say, not on what the witness personally observed.
Help desk A support system designed to assist end users with technical and functional questions and problems. A help desk also provides technical support for hardware and software. Help desks are staffed by people who can either solve a problem directly or forward the problem to someone else. Help desk software provides the means to log problems and track them until they are solved. It also gives management information regarding support activities.
Heuristic filter An IDS/IPS and antispam filter technology that uses criteria based on a centralized rule database.
Heuristic scanning A form of virus scanning that looks at irregular activity by programs. For example, a heuristic scanner would flag a word processing program that attempted to format the hard drive, as that is not normal activity for a word processor.
Hierarchical database A database organized in a tree structure, in which each record has one owner. Navigation to individual records takes place through predetermined access paths.
Honeypot An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system.
Hot site A fully prepared and configured off-site location that is fully configured and supplied and ready for use in case of disaster.
Hub A device used for physical connectivity in networks that provides connectivity, amplification, and signal regeneration.
Human-caused threats Threats caused by humans such as hacker attacks, terrorism, or destruction of property.
Hybrid cloud A type of cloud that involves a combination of public and private cloud services. These services may be private on-premises or public cloud services.
Hypertext Markup Language (HTML) A markup language used to create documents and web pages for the World Wide Web.
I
Identity theft An attack in which an individual’s personal, confidential, banking, and financial information is stolen and compromised by another individual or individuals. For example, use of a person’s Social Security number without that person’s consent or permission could result in identity theft.
Impact The extent of the consequences that would result if a given event occurred.
Impact assessment A study of the potential future effects of a development project on current projects and resources. The resulting document should list the pros and cons of pursuing a specific course of action.
Independence The state or quality of being free from subjection or the influence, control, or guidance of individuals, things, or situations. Auditors and examining officials and their respective organizations must maintain independence and exercise objectivity so that opinions, judgments, conclusions, and recommendations on examined allegations are impartial and are viewed as impartial by disinterested third parties.
Indexed sequential access method (ISAM) A combination or compromise between indexed blocks of data arranged sequentially within each block; used for storing data for fast retrieval.
Inference attack A form of attack that relies on the attacker’s ability to make logical connections between seemingly unrelated pieces of information.
Information-processing facility (IPF) Areas where information is processed, usually including a computer room and support areas.
Information technology (IT) The use of technology (computer systems, software, and networks) to solve organizational or business concerns.
Information Technology Security Evaluation Criteria (ITSEC) A European standard that was developed in the 1980s to evaluate confidentiality, integrity, and availability of an entire system.
Infrastructure mode A form of wireless networking in which wireless stations communicate with each other by first going through an access point.
Initial sequence number A number defined during a TCP startup session.
Input controls Computer controls designed to provide reasonable assurance that transactions are properly authorized before being processed by the computer; that transactions are accurately converted to machine-readable form and recorded in the computer; that data files and transactions are not lost, added, duplicated, or improperly changed; and that incorrect transactions are rejected, corrected, and, if necessary, resubmitted in a timely manner.
Insecure computing habits Bad habits that employees, contractors, and third-party users accumulate over time and that can be attributed to an organization’s lack of security awareness training, security controls, and security policies or acceptable use policies (AUPs).
Integrated Services Digital Network (ISDN) A system that provides simultaneous voice and high-speed data transmission through a single channel to the user’s premises. ISDN is an international standard for end-to-end digital transmission of voice, data, and signaling.
Integrity One of the three items considered part of the security triad, along with confidentiality and availability. Integrity is a measure of the accuracy and completeness of data or systems.
Internet An interconnected system of networks that connects computers around the world via the TCP/IP protocol.
Internet Assigned Numbers Authority (IANA) An organization dedicated to preserving the central coordinating functions of the global Internet for the public good. IANA oversees three key aspects of the Internet: top-level domains (TLDs), IP address allocation, and port number assignments. IANA is used by hackers and security specialists to track down domain owners and their contact details.
Internet Control Message Protocol (ICMP) A protocol that supports diagnostics and error control. A ping is a type of ICMP message.
Internet Engineering Task Force (IETF) A large, open, international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet’s architecture and the smooth operation of the Internet. It is open to any interested individual and engineers and develops protocols for the Internet.
Internet of Things (IoT) A network of consumer devices, vehicles, building controls (such as HVAC controls) embedded with electronic sensors and network connectivity so that they have the ability to collect and exchange data.
Internet packet spoofing A technique used to gain unauthorized access to computers or in denial of service attacks. Newer routers and firewall arrangements can offer protection against IP spoofing.
Internet Protocol (IP) One of the key protocols of TCP/IP. IP is found at Layer 3 (network layer) of the OSI model.
Internet Protocol Security (IPsec) An IETF standard used to secure TCP/IP traffic. It can be implemented to provide integrity and confidentiality.
Intrusion detection A key component of security that includes prevention, detection, and response. It is used to detect anomalies or known patterns of attack.
Intrusion detection system (IDS) A network-monitoring device typically installed at an Internet ingress/egress point that is used to inspect inbound and outbound network activity and identify suspicious patterns that might indicate network or system attack from someone attempting to break in to or compromise a system.
Irregularities Intentional violations of established management policy, deliberate misstatements, or omissions of information concerning an area under audit or an organization as a whole.
ISO 17799 A comprehensive security standard that is divided into ten sections. It is considered a leading standard and a code of practice for information security management.
IT asset An asset such as hardware, software, or data.
IT asset valuation The act of putting a monetary value to an IT asset.
IT infrastructure A general term that encompasses all information technology assets (hardware, software, and data), components, systems, applications, and resources.
IT security architecture and framework A document that defines an organization’s policies, standards, procedures, and guidelines for information security.
J–K
Just a bunch of disks (JBOD) A technique that is somewhat like RAID in that two or more hard drives are combined into one storage array. However, JBOD offers none of the fault tolerance advantages of RAID.
Key exchange protocol A protocol used to exchange secret keys for the facilitation of encrypted communication. Diffie-Hellman is an example of a key exchange protocol.
Kilo lines of code (KLOC) A software metric used to determine the cost of software development based solely on the length of code.
L
Last-in/first-out (LIFO) A data-processing method that applies to buffers. The last item in the buffer is the first to be removed.
Latency The delay a packet incurs in traveling from one node to another.
Lattice-based access control (LBAC) A security model that deals with confidentiality and integrity and places upper and lower bounds on subjects and objects.
Librarian An individual in an organization who is responsible for storing, safeguarding, and maintaining data, programs, and computer information.
Limit check A test of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used, the test can be called a range check.
Local area network (LAN) A group of wired or wireless computers and associated devices that share a common communications line and typically share the resources of a single processor or server within a small geographic area (for example, within an office building).
Log A system that automatically records significant events. The files that contain these records are called log files or simply logs; what is written on a log is a record.
Log on The process of identifying oneself to a computer or an online service to gain access to a system as a legitimate user. The usual requirements are a valid username (or user ID) and password.
Logic bomb A dangerous type of malware that waits for a predetermined event or amount of time to execute its payload. Typically used by disgruntled employees for insider attacks.
Lumen The amount of light one standard candle makes.
M
MAC filtering A method of controlling access on a wired or wireless network by denying access to any device whose MAC address does not match an address from a pre-approved list.
Macro infector A type of computer virus that infects macro files. I Love You and Melissa are examples of macro viruses.
Man-in-the-middle attack A type of attack in which the attacker can read, insert, and change information being passed between two parties without either party knowing that the information has been compromised.
Mandatory access control (MAC) A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (such as clearance) of subjects to access information of such sensitivity.
Mantrap See Deadman door.
Massive array of inactive disks (MAID) A large array of hard drives that are kept inactive until needed.
Master boot record infector A virus that infects a master boot record.
Materiality An expression of the relative significance or importance of a particular matter in the context of an organization as a whole.
MD5 A hashing algorithm that produces a 128-bit output.
Media Access Control (MAC) The hard-coded address of a physical layer device that is attached to a network. Every network interface controller must have a hard-coded and unique MAC address. The MAC address is 48 bits long.
Message switching A strategy that enables communication channels to be used simultaneously by more than one node. At each transfer point in the connection, incoming data is stored in its entirety and then forwarded to the next point. This process continues until the data reaches its destination.
Methodology A set of documented procedures used for performing activities in a consistent, accountable, and repeatable manner.
Microsegmentation The practice of splitting up a network into many isolated segments. This activity is used with software-defined networks to integrate access control lists and increased security.
Middleware Software that “glues together” two or more types of software (for example, two applications, their operating systems, and the network on which everything works) by translating information between them and exchanging this information over a network. The interacting applications are not aware of the middleware.
Minimum acceptable level of risk The stake that an organization defines for the seven areas of information security responsibility. Depending on the goals and objectives for maintaining confidentiality, integrity, and availability of the IT infrastructure and its assets, the minimum acceptable level of risk will dictate the amount of information security.
Mobile site A portable data-processing facility transported by trailers to be quickly moved to a business location. Typically used by insurance companies and the military, these information-processing facilities can contain servers, desktop computers, communications equipment, and even microwave and satellite data links.
Modem A device used to connect a computer to an analog phone line. Modems use the process of modulation.
Modulation A process used by modems to convert a digital computer signal into an analog telecommunications signal.
Moore’s law The belief that processing power of computers will double about every 18 months due to technological improvements.
Multicast The process of sending a computer packet to a group of recipients.
Multipartite virus A virus that attempts to attack both the boot sector and executable files.
N
Natural threats Threats posed by nature; for example, fire, floods, and storms.
Network Address Translation (NAT) A method of connecting multiple computers to the Internet using one IP address so that many private addresses are converted to a single public address.
Network administrator An individual responsible for the installation, management, and control of a network. When problems with the network arise, this is the person to call.
Network operations center (NOC) An organization’s help desk or interface to its end users where trouble calls, questions, and trouble tickets are generated.
NIST 800-42 A document that provides guidance on network security testing. It deals mainly with techniques and tools used to secure systems connected to the Internet.
Noise Any unwanted signal, such as static, that interferes with the clarity of data being transmitted, thus creating the possibility that the receiver will receive a misconstrued message.
Non-attribution The act of not providing a reference to a source of information.
Non-repudiation A system or method put in place to ensure that an individual or a system cannot deny his/her/its own actions.
O
Off-site storage A storage facility that is not located at an organization’s primary facility. The idea behind off-site storage is to protect information and prevent damage that might occur at the primary facility. Off-site storage facilities are used to store computer media, backup data, and files.
On premises At the organization’s physical site. For example, computers or a data center may be run on premises rather than running at a remote data center or in the cloud.
One-time pad An encryption mechanism that can be used only once and that is, theoretically, unbreakable. One-time pads function by combining plaintext with a random pad (secret key) that is the same length as the plaintext.
Open Shortest Path First (OSPF) A routing protocol that determines the best path for routing IP traffic over a TCP/IP network. It uses less router-to-router update traffic than RIP, which it was designed to replace.
Open source Software that is released under an open-source license or to the public domain. The source code can be seen and can be modified.
Open Web Application Security Project (OWASP) A nonprofit organization that is focused on improving application security.
Operating system (OS) identification The practice of identifying the operating system of a networked device using either passive or active techniques.
Operational control A control that is used for normal daily operation of the organization. Operational controls ensure that normal operational objectives are achieved.
Outsourcing A contract arrangement between a third party and an organization for services such as web hosting, application development, or data processing.
Packet or packet data unit (PDU) A block of data sent over a network that transmits the identities of the sending and receiving stations for error control.
Packet filter A form of stateless inspection performed by some firewalls and routers.
Packet switching A data transmission method that divides messages into standard-sized packets for greater efficiency in routing and transport through a network.
Paper shredder A hardware device used for destroying paper and documents by shredding to prevent Dumpster diving.
Paper test A type of disaster-recovery test that reviews the steps of the test without actually performing the steps. This type of disaster-recovery test is normally used to help team members review the proposed plan and become familiar with the test and its objectives.
Parallel testing A testing mode in which a stream of data is fed into two systems to allow processing by both so that the results can be compared.
Passive (OS) fingerprint A passive method of identifying the OS of a targeted computer or device. No traffic or packets are injected into the network; attackers simply listen to and analyze existing traffic.
Password Authentication Protocol (PAP) An insecure, obsolete protocol for authentication in which cleartext usernames and passwords are used without encryption.
Patent Exclusive rights granted by the federal government to an inventor to exclude others from making, using, or selling that person’s invention.
Pattern matching A method used by IDSs to identify malicious traffic. It is also called signature matching and works by matching traffic against signatures stored in a database.
Penetration test A method of evaluating the security of a network or computer system by simulating an attack by a malicious hacker but without doing harm and with the owner’s consent.
Personal area network (PAN) A connection that can be made with Bluetooth between various devices.
Phishing The act of misleading or tricking an individual into providing personal and confidential information to an attacker masquerading as a legitimate individual or business.
Phreaker An individual who hacks phone systems or phone-related equipment. Phreakers predate computer hackers.
Piggybacking A method of gaining unauthorized access into a facility by following an authorized employee through a controlled access point or door.
Ping sweep The process of sending ping requests to a series of devices or to the entire range of networked devices.
Policy A high-level document that dictates management intentions toward security.
Polyinstantiation A strategy that involves preventing inference attacks by allowing different versions of information to exist at different classification levels. For example, a Navy officer without classified access might want information about a ship and discover that it has left port and is bound for Europe. A Navy officer with classified access might access the same database and discover that the ship has left port but is really bound for Asia.
Polymorphic virus A virus that is capable of change and mutation.
Port An interface used by protocols and applications to assign addresses to services. For example, port 21 is used for FTP, and port 80 is used for HTTP. Port numbers are divided into three ranges: well-known ports, registered ports, and dynamic and/or private ports. Well-known ports are those from 0 through 1023. Registered ports are those from 1024 through 49151, and dynamic and/or private ports are those from 49152 through 65535.
Post Office Protocol (POP) A commonly implemented method of delivering email from an email server to a client machine. Other methods include IMAP and Microsoft Exchange.
Prepender A virus type that adds virus code to the beginning of existing executables.
Pretexting Collecting information about a person under false pretenses.
Preventive controls Controls that reduce risk and are used to prevent undesirable events from happening.
Principle of deny all The idea of securing logical or physical assets by first denying all access and then allowing access only on a case-by-case basis.
Privacy impact analysis A review of the information held by a corporation and assessment of the damage that would result if sensitive or personal information were lost, stolen, or divulged.
Private cloud A category of cloud service that is private to a specific organization and is used only by that organization.
Probability The likelihood of an event happening.
Procedure A detailed, in-depth, step-by-step document that lays out exactly what is to be done and how it is to be accomplished.
Program Evaluation and Review Technique (PERT) A planning and control tool that represents, in diagram form, a network of tasks required to complete a project, establishing sequential dependencies and relationships among the tasks.
Protocol A set of formalized rules that describe how data is transmitted over a network. Low-level protocols define electrical and physical standards, whereas high-level protocols deal with formatting of data. TCP and IP are examples of high-level LAN protocols.
Prototyping The process of quickly putting together a working model (a prototype) to test various aspects of a design, illustrate ideas or features, and gather early user feedback. Prototyping is often treated as an integral part of the development process, where it is believed to reduce project risk and cost.
Proxy server A firewall that is used to improve performance security. A proxy server intercepts all requests to a real server to see whether it can fulfill the requests itself. It forwards to the real server any requests that it can’t fulfill.
Public cloud service A cloud-based service that is available to everyone. Dropbox is an example of a public cloud service.
Public key encryption An encryption scheme that uses two keys. In an email transaction, for example, the public key encrypts the data, and a corresponding private key decrypts the data. Because the private key is never transmitted or publicized, the encryption scheme is extremely secure. For digital signatures, the process is reversed: The sender uses the private key to create the digital signature, and anyone who has access to the corresponding public key can read it.
Public key infrastructure (PKI) Infrastructure used to facilitate e-commerce and build trust. PKI consists of hardware, software, people, policies, and procedures; it is used to create, manage, store, distribute, and revoke public key certificates. PKI is based on public key cryptography.
Q
Qualitative analysis A weighted factor or nonmonetary evaluation and analysis based on a weighting or criticality factor valuation.
Qualitative assessment An analysis of risk that places the probability results into terms such as none, low, medium, and high.
Qualitative risk assessment A scenario-based assessment in which one scenario is examined and assessed for each critical or major threat to an IT asset.
Quantitative analysis A numeric evaluation and analysis based on monetary valuation.
Quantitative risk assessment A methodical, step-by-step calculation of asset valuation, exposure to threats, and the financial impact or loss that would occur if threats were realized.
Queue A group of items, such as computer jobs or messages, waiting for service.
R
Radio frequency identification (RFID) A set of components that include a reader and a small device referred to as a tag. The tag can be used to hold information for inventory, management, tracking, or other purposes. RFID provides a method to transmit and receive data over a short range from one point to another.
Record A collection of data items or fields treated as one unit.
Recovery point objective (RPO) The point in time to which data must be restored to resume processing transactions. RPO is the basis on which a data protection strategy is developed.
Recovery testing Testing aimed at verifying a system’s capability to recover from varying degrees of failure.
Recovery time objective (RTO) During the execution of disaster recovery or business continuity plans, the time goal for the reestablishment and recovery of a business function or resource.
Red team A group of ethical hackers who help organizations to explore network and system vulnerabilities by means of penetration testing.
Redundant array of independent disks (RAID) A type of fault tolerance and performance improvement for disk drives that employs two or more drives in combination.
Registration authority (RA) An entity responsible for the identification and authentication of a PKI certificate. The RA is not responsible for signing or issuing certificates. The most common form of certificate is the X.509 standard.
Remote Authentication Dial-In User Service (RADIUS) A client/server protocol and software that allows remote-access servers to communicate. Used in wireless systems such as 802.1x.
Repeater A network device used to regenerate or replicate a signal. Repeaters are used in transmission systems to regenerate analog or digital signals distorted by transmission loss.
Repository A central place where data is stored and maintained. A repository can be a place where multiple databases or files are located for distribution over a network, or it can be a location that is directly accessible to users.
Required vacations A security control used to uncover misuse or illegal activity by requiring employees to use their vacation time.
Reverse engineering The process of taking apart a device or a software program and analyzing its workings in detail, usually to construct a new device or program that does the same thing without actually copying anything from the original.
Rijndael A symmetric encryption algorithm chosen for Advanced Encryption Standard (AES).
Ring topology A topology used by token ring and FDDI networks in which all devices are connected in a ring. Data packets in a ring topology are sent in a deterministic fashion from sender and receiver to the next device in the ring.
Risk The subjective measure of the potential for harm that can result from the action of a person or thing.
Risk acceptance An informed decision to suffer the consequences of likely events.
Risk assessment A process for evaluating the exposure or potential loss or damage to the IT and data assets of an organization.
Risk avoidance A decision to take action to avoid a risk.
Risk management The overall responsibility and management of risk within an organization. Risk management involves dissemination of roles, responsibilities, and accountabilities for risk in an organization.
Risk transference The process of shifting the responsibility for or burden of risk to another party or individual.
Rogue access point An 802.11 access point that has been set up by an attacker for the purpose of diverting legitimate users so that their traffic can be sniffed or manipulated.
Role-based access control (RBAC) A type of discretionary access control in which users are placed into groups to facilitate management. This type of access control is widely used by banks and casinos.
Rotation of assignment A security mechanism that involves moving employees from one job to another so that one person does not stay in one position forever. This makes it harder for an employee to hide malicious activity.
Rounding down A method of computer fraud that involves rounding down dollar amounts so that small amounts of money are stolen. For example, the value $1,199.50 might be rounded down to $1,199.00, and the extra 50 cents would be kept by the perpetrator.
Router A device that determines the next network point to which a data packet should be forwarded en route to its destination. The router is connected to at least two networks and determines which way to send each data packet, based on its current understanding of the state of the networks it is connected to. A router creates or maintains a table of the available routes and uses this information to determine the best route for a given data packet. Routing occurs at Layer 3 (the network layer) of the seven-layer OSI model.
Routing Information Protocol (RIP) A widely used distance-vector protocol that determines the best route based on hop count.
Rule-based access control A type of mandatory access control that matches objects to subjects. It dynamically assigns roles to subjects based on their attributes and a set of rules defined by a security policy.
S
Scope creep Uncontrolled change in a project’s scope, which causes an assessment to drift away from its original scope and result in budget and schedule overruns.
Screen scraper A type of malware designed to capture data displayed to the screen.
Script kiddie The least skilled level of criminal hacker, who looks for easy targets or well-worn vulnerabilities.
Secure Sockets Layer (SSL) A cryptographic protocol developed by Netscape for transmitting private documents via the Internet. It works by using a private key to encrypt data that is transferred over the SSL connection. Very similar to Transport Layer Security (TLS).
Security Assertion Markup Language (SAML) An XML open standard data format for exchanging authentication and authorization data.
Security breach or security incident The result of a threat or vulnerability being exploited by an attacker.
Security bulletin A memorandum or message from a software vendor or manufacturer documenting a known security defect in software or an application. Security bulletins are typically accompanied by instructions for loading a software patch to mitigate the security defect or software vulnerability.
Security by obscurity The controversial use of secrecy to ensure security.
Security controls Policies, standards, procedures, and guideline definitions for various security control areas or topics.
Security countermeasure A security hardware or software technology solution that is deployed to ensure the confidentiality, integrity, and availability of IT assets that need protection.
Security kernel A combination of software, hardware, and firmware that makes up the trusted computing base (TCB), which mediates all access, must be verifiable as correct, and is protected from modification.
Security testing Techniques used to confirm the design and/or operational effectiveness of security controls implemented within a system. Examples include attack and penetration studies to determine whether adequate controls have been implemented to prevent breach-of-system controls and processes, and password strength testing using tools like password crackers.
Separation of duties Unique definition of the roles, tasks, responsibilities, and accountabilities for information security for the different duties of the IT staff and IT security staff.
Service-level agreement (SLA) A contractual agreement between an organization and its service provider that holds the service provider accountable for the requirements defined in the agreement.
Service set ID (SSID) A sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local area network; it is used to differentiate networks.
SHA-1 A hashing algorithm that produces a 160-bit output.
Shoulder surfing The act of looking over someone’s shoulder to steal the user’s system credentials.
Signature scanning One of the most basic ways of scanning for computer viruses, which works by comparing suspect files and programs to fingerprints or descriptors of known viruses stored in a database.
Simple Network Management Protocol (SNMP) An application layer protocol that facilitates the exchange of management information between network devices. Version 1 uses well-known community strings or passwords of public and private.
Single loss expectancy (SLE) A monetary figure that represents an organization’s cost for a single loss of a given IT asset.
Site survey The process of determining the optimum placement of wireless access points. The objective of a site survey is to create an accurate wireless system design/layout and budgetary quote.
Smurf attack A DDoS attack in which an attacker transmits large amounts of ICMP echo request (ping) packets to a targeted IP destination device using the targeted destination’s IP source address. This is called spoofing the IP source address. IP routers and other IP devices that respond to broadcasts respond back to the targeted IP device with ICMP echo replies, thus multiplying the amount of bogus traffic.
Sniffer A hardware or software device that can be used to intercept and decode network traffic.
Social engineering The practice of tricking employees into revealing sensitive data about their computer system or infrastructure. This type of attack targets people and involves human manipulation. Even when systems are physically well protected, social engineering attacks are possible.
Software bug or software flaw An error in software coding or its design that can result in software vulnerability.
Software-defined networks An approach to networking that uses application programming interfaces (APIs) to converse with underlying hardware infrastructure to enable improved network performance and monitoring, making it more like cloud computing than traditional network management.
Software development lifecycle (SDLC) A method for developing software that has five main stages: analysis, design, development, implementation, and evaluation. Each stage has several components; for example, the development stage includes programming (coding, including internal documentation, debugging, testing, and documenting) and acquiring equipment (selection, acquisition [purchase or lease], and testing).
Software vulnerability standard A standard that accompanies an organization’s vulnerability assessment and management policy. This standard typically defines the organization’s vulnerability window and how the organization is to provide software vulnerability management and software patch management throughout the enterprise.
Source code A non-executable program written in a high-level language. A compiler or an assembler must translate the source code into an object code (machine language) that the computer can understand.
Spam Unsolicited electronic communication sent in bulk.
Spoofing Masking one’s identity and pretending to be someone or something else. Common spoofing methods include ARP, DNS, and IP. Spoofing is also implemented by email in phishing schemes.
Spyware A software application that covertly gathers information about a user’s Internet usage and activity and exploits this information by sending adware and pop-up ads based on the user’s Internet usage history.
Stateful inspection An advanced firewall architecture that works at the network layer and can keep track of packet activity. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. One example is a DNS reply that has just been received in response to a DNS request.
Statistical sampling The selection of sample units from a population and the measurement and/or recording of information about these units to obtain estimates of population characteristics.
Steganography A cryptographic method of hiding the existence of a message. A commonly used method places information in pictures.
Storage area network (SAN) A high-speed subnetwork that interconnects different data-storage devices with associated data servers for a large network. SANs support disk mirroring, backup and restore, archival and retrieval of archived data, data migration from one storage device to another, and the sharing of data among different servers in a network.
Stream cipher A symmetric key cipher that encrypts data, typically one byte at a time.
Structured Query Language (SQL) A standardized relational database language for querying, manipulating, and updating information in a relational database.
Supervisory Control and Data Acquisition (SCADA) A control system architecture that is typically used for remotely monitoring and controlling industrial processes.
Supply chain management (SCM) Intercompany planning control and monitoring of central functions such as procurement, production, and sales to increase their efficiency.
Switch A device that links several separate LANs and provides packet filtering among them. A LAN switch is a device with multiple ports, each of which can support an entire Ethernet or token ring LAN. A switch operates at Layer 2 of the OSI model.
Symmetric algorithm An encryption algorithm that relies on a single key for encryption and decryption.
Symmetric encryption An encryption standard in which every party must have a copy of a shared key. A single key is used for both encryption and decryption.
SYN flood attack A DDoS attack in which the attacker sends a succession of SYN packets with a spoof address to a targeted destination IP device but does not send the last ACK packet to acknowledge and confirm receipt. This leaves half-open connections between the client and the server until all resources are absorbed, rendering the server or targeted IP destination device unavailable due to resource allocation.
Synchronized sequence number A number that is initially passed to the other party at the start of the three-step startup and is used to track the movement of data between parties. Every byte of data sent over a TCP connection has a sequence number.
Synchronous transmission A method of communication in which data is sent in blocks, without the need for start and stop bits between bytes. Synchronization is achieved by sending a clock signal along with the data and by sending special bit patterns to denote the start of each block.
System software Software that controls the operations of a computer system. It is a group of programs instead of one program. The operating system controls the hardware in the computer and peripherals, manages memory and files and multitasking functions, and is an interface between applications and the computer.
System testing The process of bringing together all the programs that a system comprises for testing purposes. Programs are typically integrated in a top-down, incremental fashion.
T
Target of engagement (TOE) The assessment or pen test target.
TCP handshake A three-step process computers go through when negotiating a connection with each other. The process is a target of attackers and others with malicious intent.
Telecommunications Systems that transport information over a distance, sending and receiving audio, video, and data signals by electronic means.
TEMPEST A method of shielding equipment to prevent the capture and use of stray electronic signals and later reconstruction of the signals into useful intelligence.
Terminal Access Controller Access Control System (TACACS) A UDP-based access control protocol that provides authentication, authorization, and accountability.
Test data Data that is run through a computer program to test the software. Test data can be used to test compliance with controls in the software.
Threat Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset.
Throughput The amount of data transferred from one place to another or processed in a specified amount of time. Data transfer rates for disk drives and networks are measured in terms of throughput. Typically, throughput is measured in kilobits per second, megabits per second, and gigabits per second.
Time-to-live (TTL) A counter used in an IP packet that specifies the maximum number of hops that a packet can traverse. When a TTL is decremented to zero, a packet expires.
Total cost of ownership (TCO) The value of the asset plus the cost of operation and the cost of all safeguards and controls.
traceroute A tool for tracing hops or computers between the source and the target computer that shows the path the packets are taking.
Trademark Legal protection for a logo, name, or characteristic that can be identified as exclusive.
Trans-border data flow The flow of data in the course of its storage or use.
Transmission Control Protocol (TCP) One of the main protocols of the Internet. It is used for reliability and guaranteed delivery of data.
Transmission Control Protocol/Internet Protocol (TCP/IP) A collection of protocols used to provide the basis for Internet and World Wide Web services.
Trapdoor function A one-way function that is the mechanism by which asymmetric encryption algorithms function.
Trojan A program that does something undocumented that the programmer or designer intended but that the end user would not approve of if he or she knew about it.
Trusted Computer System Evaluation Criteria (TCSEC) A publication of the U.S. Department of Defense, also called the Orange Book, that is designed to evaluate standalone systems. It places systems into one of four levels—A, B, C, or D—and its basis of measurement is confidentiality.
Trusted computing base (TCB) All the protection mechanisms within a computer system, including the hardware, firmware, and software responsible for enforcing a security policy.
Trusted Network Interpretation (TNI) Also known as the Red Book, a document that is part of the Rainbow Series.
Trusted Platform Module (TPM) An international standard for a secure hardware device that has integrated cryptographic keys installed. TPM uses a dedicated microprocessor.
Tumbling The process of rolling through various electronic serial numbers on a cell phone to attempt to find a valid set to use.
Tunneling A technology that enables one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft’s PPTP technology enables organizations to use the Internet to transmit data across a VPN. It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet. Tunneling is also called encapsulation. Tunneling can also be used covertly, as with STUNNEL and other programs.
Turnstile A one-way gate or access control mechanism used to limit traffic and control the flow of people.
U
Uniform resource locator (URL) The global address of a web page.
Uninterruptible power supply (UPS) A device designed to provide a backup power supply during a power failure. Basically, a UPS is a battery backup system with an ultra-fast sensing device.
Universal Serial Bus (USB) A specification standard for connecting peripherals to a computer. It can connect up to 127 devices to a computer and transfers data at a slower rate, up to a maximum of 12 Mbps.
User Datagram Protocol (UDP) A connectionless protocol that provides very few error recovery services but offers a quick and direct way to send and receive datagrams.
Utility programs Standard sets of routines that assist in the operation of a computer system by performing some frequently required process, such as copying, sorting, or merging.
V
Vandalism The willful destruction of property.
Verification The process of confirming that data is correct and accurate before it is processed or entered.
Virtual local area network (VLAN) Technology typically built into a switch that allows the broadcast domain to be restricted to a specific number of switch ports. VLANs allow the segmentation of traffic that is typically done at OSI Layer 3 to be performed at OSI Layer 2.
Virtual machine (VM) An emulation of a physical machine in a virtual workspace.
Virtual private network (VPN) A private network that uses a public network to connect remote sites and users.
Virtual storage area network (VSAN) A collection of ports from a set of connected Fibre Channel switches that form a virtual fabric. These ports can be partitioned into multiple VSANs.
Virus A computer program that can generate copies of itself and thereby spread. Viruses usually require the interaction of an individual and can have rather benign results, such as flashing a message to the screen, or malicious results that destroy data, systems, integrity, or availability.
Virus hoax A chain letter designed to trick someone into forwarding it to many other people, warning of a virus that does not exist. The Good Times virus is an example.
Voice over IP (VolP) A technology that converts voice or fax calls into data packets for transmission over the Internet or other IP-based networks.
Vulnerability The absence or weakness of a safeguard in an asset.
Vulnerability assessment A methodical evaluation of an organization’s IT weaknesses in infrastructure components and assets and how those weaknesses can be mitigated by using proper security controls and recommendations.
Vulnerability management The overall responsibility for and management of vulnerabilities within an organization through dissemination of duties throughout the IT organization.
W–X–Y–Z
War chalking The process of marking on a wall or sidewalk near a building to indicate the presence of wireless access.
War dialing The process of using a software program to automatically call thousands of telephone numbers to look for any that have a modem attached.
War driving The process of driving around a neighborhood or an area, looking for wireless access points.
Warm site An alternate computer facility that is partially configured and can be made ready in a few days.
Whitebox testing A security assessment or penetration test in which all aspects of the network are known.
Wide area network (WAN) A network that spans the distance between buildings, cities, and even countries. WANs are LANs that are connected using wide area network services from telecommunications carriers.
Wi-Fi Protected Access (WPA) A security standard for wireless networks that is designed to be more secure than WEP. Developed from the draft 802.11i standard.
Wired Equivalent Privacy (WEP) A security standard based on the RC4 encryption scheme that was designed to provide the same level of security as a wired LAN. Because of 40-bit encryption and problems with the initialization vector, it was found to be insecure.
Work breakdown structure (WBS) A breakdown of a process that shows what activities need to be completed in a hierarchical manner.
Worm A self-replicating program that spreads by inserting copies of itself into other executable codes, programs, or documents. Worms typically flood a network with traffic and result in denial of service.
Wrapper A type of program used to bind a Trojan program to a legitimate program. The objective is to trick the user into running the wrapped program and installing the Trojan.
Written authorization Permission to perform penetration tests for a client. This authorization is important in ethical hacking.
Zero-day exploit An exploit for a vulnerability for which there is not yet a vendor patch.
Zone transfer A mechanism DNS servers use to update each other by transferring resource records. The transfer contains IP addresses that are mapped to the corresponding domain name. Zone transfer should be a controlled process between two DNS servers to prevent hackers from stealing an organization’s DNS information.