Appendix B

Glossary

3DES (Triple DES): An enhancement to the original DES algorithm that uses multiple keys to encrypt plaintext. See also Data Encryption Standard (DES).

AAA: Shorthand for the system controls authentication, authorization, and accountability.

abstraction: A process that involves viewing an application from its highest-level functions, which makes lower-level functions abstract.

access control: The capability to permit or deny the use of an object (a passive entity, such as a system or file) by a subject (an active entity, such as a person or process).

access control list (ACL): Lists the specific rights and permissions assigned to a subject for a given object.

Access Matrix Model: Provides object access rights (read/write/execute or R/W/X) to subjects in a DAC system. An access matrix consists of ACLs and capability lists. See also access control list (ACL) and discretionary access control (DAC).

accreditation: An official, written approval for the operation of a specific system in a specific environment, as documented in a certification report.

active-active: A clustered configuration in which all of the nodes in a system or network are load balanced, synchronized, and active. If one node fails, the other node(s) continue providing services seamlessly.

active-passive: A clustered configuration in which only one node in a system or network is active. If the primary node fails, a passive node becomes active and continues providing services, usually after a short delay.

Address Resolution Protocol (ARP): The network protocol used to query and discover the MAC address of a device on a LAN.

address space: A programming instruction that specifies where memory is located in a computer system.

administrative controls: The policies and procedures that an organization implements as part of its overall information security strategy.

administrative (or regulatory) laws: Legal requirements passed by government institutions that define standards of performance and conduct for major industries (such as banking, energy, and healthcare), organizations, and officials.

Advanced Encryption Standard (AES): A block cipher based on the Rijndael cipher, which is expected to eventually replace DES. See also Data Encryption Standard (DES).

adware: Legitimate, albeit annoying, software that’s commonly installed with a freeware or shareware program. It provides a source of revenue for the software developer and runs only when you’re using the associated program or until you purchase the program (in the case of shareware).

agent: A software component that performs a particular service.

aggregation: A database security issue that describes the act of obtaining information classified at a high sensitivity level by combining other items of low-sensitivity information.

Annualized Loss Expectancy (ALE): A standard, quantifiable measure of the impact that a realized threat will have on an organization’s assets. ALE is determined by the formula Single Loss Expectancy (SLE) × Annualized Rate of Occurrence (ARO) = ALE.

Single Loss Expectancy (SLE): Asset Value × Exposure Factor (EF). A measure of the loss incurred from a single realized threat or event, expressed in dollars.

Exposure Factor (EF): A measure, expressed as a percentage, of the negative effect or impact that a realized threat or event would have on a specific asset.

Annualized Rate of Occurrence (ARO): The estimated annual frequency of occurrence for a specific threat or event.

antivirus software: Software that’s designed to detect and prevent computer viruses and other malware from entering and harming a system.

applet: A component in a distributed environment (various components are located on separate systems) that’s downloaded into and executed by another program, such as a web browser.

application firewall: A firewall that inspects OSI Layer 7 content in order to block malicious content from reaching or leaving an application server.

application scan: A test used to identify weaknesses in a software application.

application software: Computer software that a person uses to accomplish a specific task.

application-level firewall: See application firewall.

archive: In a PKI, an archive is responsible for long-term storage of archived information from the CA. See also Certification Authority (CA) and Public Key Infrastructure (PKI).

asset: A resource, process, product, system, and so on that has some value to an organization and must therefore be protected. Assets can be hard goods, such as computers and equipment, but can also be information and intellectual property.

asset valuation: The process of assigning a financial value to an organization’s information assets.

asymmetric key system (or asymmetric algorithm; public key): A cryptographic system that uses two separate keys — one key to encrypt information and a different key to decrypt information. These keys are known as public and private key pairs.

Asynchronous Transfer Mode (ATM): A very high-speed, low-latency, packet-switched communications protocol.

audit: The independent verification of any activity or process.

audit trail: The auxiliary records that document transactions and other events.

authentication: The process of verifying a subject’s claimed identity in an access control system.

Authentication Header (AH): In IPSec, a protocol that provides integrity, authentication, and non-repudiation. See also Internet Protocol Security (IPSec).

authorization (or establishment): The process of defining the rights and permissions granted to a subject (what you can do).

automatic controls: Controls that are automatically performed by information systems.

availability: The process of ensuring that systems and data are accessible to authorized users when they need it.

background check: The process of verifying a person’s professional, financial, and legal backgrounds, usually in connection with employment.

baseline: A process that identifies a consistent basis for an organization’s security architecture, taking into account system-specific parameters, such as different operating systems.

Bell-LaPadula model: A formal confidentiality model that defines two basic properties:

simple security property (ss property): A subject can’t read information from an object that has a higher sensitivity label than the subject (no read up, or NRU).

star property (* property): A subject can’t write information to an object that has a lower sensitivity label than the subject (no write down, or NWD).

best evidence: Original, unaltered evidence, which is preferred by the court over secondary evidence. See also best evidence rule.

best evidence rule: Defined in the Federal Rules of Evidence; states that “to prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is (ordinarily) required.”

Biba model: A formal integrity model that defines two basic properties:

simple integrity property: A subject can’t read information from an object that has a lower integrity level than the subject (no read down, or NRD).

star integrity property (*-integrity property): A subject can’t write information to an object that has a higher integrity level than the subject (no write up, or NWU).

biometrics: Any of various means used, as part of an authentication mechanism, to verify the identity of a person. Types of biometrics used include fingerprints, palm prints, signatures, retinal scans, voice scans, and keystroke patterns.

Birthday Attack: A type of attack that attempts to exploit the probability of two messages using the same hash function and producing the same message digest. See also hash function.

black-box testing: A security test wherein the tester has no prior knowledge of the system being tested.

blackout: Total loss of electric power.

block cipher: An encryption algorithm that divides plaintext into fixed-size blocks of characters or bits, and then uses the same key on each fixed-size block to produce corresponding ciphertext.

bridge: A network device that forwards packets to other devices on a network.

brownout: Prolonged drop in voltage from an electric power source, such as a public utility.

brute-force attack: A type of attack in which the attacker attempts every possible combination of letters, numbers, and characters to crack a password, passphrase, or PIN.

buffer (or stack) overflow attack: A type of attack in which the attacker enters an out-of-range parameter or intentionally exceeds the buffer capacity of a system or application to effect a Denial of Service (DoS) or exploit a vulnerability.

bus (computer architecture): The logical interconnection between basic components in a computer system, including Central Processing Unit (CPU), memory, and peripherals.

bus (network topology): A network topology in which all devices are connected to a single cable.

Business Impact Assessment (BIA): A risk analysis that, as part of a Business Continuity Plan, describes the impact to business operations that the loss of various IT systems would impose.

caller ID: The protocol used to transmit the calling party’s telephone number to the called party’s telephone equipment during the establishment of a telephone call.

CAN: Campus area network.

Central Processing Unit (CPU): The electronic circuitry that performs a computer’s arithmetic, logic, and computing functions.

certification: A formal methodology that uses established evaluation criteria to conduct comprehensive testing and documentation of information system security safeguards, both technical and nontechnical, in a given environment.

Certification Authority (CA): In a PKI, the CA issues certificates, maintains and publishes status information and Certificate Revocation Lists (CRLs), and maintains archives. See also Public Key Infrastructure (PKI).

chain of custody (or chain of evidence): Provides accountability and protection for evidence throughout that evidence’s entire life cycle.

Challenge Handshake Authentication Protocol (CHAP): A remote access control protocol that uses a three-way handshake to authenticate both a peer and a server. See also three-way handshake.

Change Management: The formal business process that ensures all changes made to a system are properly requested, reviewed, approved, and implemented.

chosen plaintext attack: An attack technique in which the cryptanalyst selects the plaintext to be encrypted and then analyzes the resulting ciphertext.

C-I-A: Confidentiality, integrity, and availability.

cipher: A cryptographic transformation.

Cipher Block Chaining (CBC): One of four operating modes for DES. Operates on 64-bit blocks of plaintext to produce 64-bit blocks of ciphertext. Each block is XORed with the ciphertext of the preceding block, creating a dependency (or chain), thereby producing a more random ciphertext result. CBC is the most common mode of DES operation. See also Cipher Feedback (CFB), Data Encryption Standard (DES), Electronic Code Book (ECB), Exclusive Or (XOR), and Output Feedback (OFB).

Cipher Feedback (CFB): One of four operating modes for DES. CFB is a stream cipher most often used to encrypt individual characters. In this mode, previously generated ciphertext is used as feedback for key generation in the next keystream, and the resulting ciphertext is chained together. See also Cipher Block Chaining (CBC), Data Encryption Standard (DES), Electronic Code Book (ECB), and Output Feedback (OFB).

ciphertext: A plaintext message that has been transformed (encrypted) into a scrambled message that’s unintelligible.

circumstantial evidence: Relevant facts that can’t be directly or conclusively connected to other events, but about which a reasonable inference can be made.

civil (or tort) law: Legal codes that address wrongful acts committed against an individual or business, either willfully or negligently, resulting in damage, loss, injury, or death. Unlike criminal law, U.S. civil law cases are determined based on a preponderance of evidence, and punishments are limited to fines.

Clark-Wilson model: A formal integrity model that addresses all three goals of integrity (preventing unauthorized users from making any changes, preventing authorized users from making incorrect changes, and maintaining internal and external consistency) and identifies special requirements for inputting data.

classification: The process of assigning to a document a security label that defines how the document should be handled.

closed system: A system that uses proprietary hardware and/or software that may not be compatible with other systems or components. See also open system.

cluster: A system or network configuration containing multiple redundant nodes for resiliency. See also active-active and active passive.

clustering (or key clustering): When identical ciphertext messages are generated from a plaintext message by using the same encryption algorithm but different encryption keys.

code of ethics: A formal statement that defines ethical behavior in a given organization or profession.

cold site: An alternative computer facility that has electricity and HVAC, but no computer equipment located onsite. See also hot site, HVAC, and warm site.

Common Criteria: An international effort to standardize and improve existing European and North American information systems security evaluation criteria.

compensating controls: Controls that are implemented as an alternative to other preventive, detective, corrective, deterrent, or recovery controls.

compensatory damages: Actual damages to the victim including attorney/legal fees, lost profits, investigative costs, and so on.

Complex-Instruction-Set-Computing (CISC): A microprocessor instruction set architecture in which each instruction can execute several low-level operations. See also Reduced-Instruction-Set-Computing (RISC).

Computer Emergency Response Team (CERT): See Computer Incident Response Team (CIRT).

Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT): A team that comprises individuals who are properly trained in incident response and investigation.

concealment cipher: A technique of hiding a message in plain sight. The key is knowing where the message lies.

concentrator: See hub.

conclusive evidence: Incontrovertible and irrefutable . . . you know, the smoking gun.

confidentiality: Prevents the unauthorized use or disclosure of information, ensuring that information is accessible only to those authorized to have access to the information.

confidentiality agreement. See non-disclosure agreement (NDA).

Configuration Management: The process of recording all changes to information systems.

Continuity of Operations Planning (COOP): A blending of Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) into a single coordinated activity.

copyright: A form of legal protection granted to the author(s) of “original works of authorship,” both published and unpublished.

corrective controls: Controls that remedy violations and incidents or improve existing preventive and detective controls.

corroborative evidence: Evidence that supports or substantiates other evidence presented in a legal case.

countermeasure: A device, control, or action required to reduce the impact or probability of a security incident.

covert channel: An unintended communications path; it may be a covert storage channel or a covert timing channel.

criminal law: Defines those crimes committed against society, even when the actual victim is a business or individual(s). Criminal laws are enacted to protect the general public. Unlike civil law, U.S. criminal cases are decided when a party is guilty beyond a reasonable doubt and punishments may include fines, incarceration, and even execution.

Criticality Assessment: The part of a BIA that ranks the criticality of business processes and IT systems. See also Business Impact Assessment (BIA).

cross-frame scripting (XFS): See frame injection.

Crossover Error Rate (CER): In biometric access control systems, the point at which the FRR equals the FAR, stated as a percentage. See also False Accept Rate (FAR; or Type II Error) and False Reject Rate (FRR; or Type I Error).

cross-site request forgery (CSRF): An attack where an attacker is attempting to trick a victim into clicking a link that will perform an action the victim would not otherwise approve.

cross-site scripting (XSS): An attack where an attacker is attempting to inject client-side script into web pages viewed by other intended victims.

cryptanalysis: The science of deciphering ciphertext without using the cryptographic key.

cryptography: The science of encrypting and decrypting information, such as a private message, to protect its confidentiality, integrity, and/or authenticity.

cryptology: The science that encompasses both cryptography and cryptanalysis.

cryptosystem: The hardware or software implementation that transforms plaintext into ciphertext (encrypts) and back into plaintext (decrypts).

cryptovariable (or key): A secret value applied to a cryptographic algorithm. The strength and effectiveness of the cryptosystem is largely dependent on the secrecy and strength of the cryptovariable.

culpable negligence: A legal term that may describe an organization’s failure to follow a standard of due care in the protection of its assets and thereby expose the organization to a legal claim. See also due care.

custodian: An individual who has day-to-day responsibility for protecting information assets.

data dictionary: A database of databases.

Data Encryption Standard (DES): A commonly used symmetric key algorithm that uses a 56-bit key and operates on 64-bit blocks. See also Advanced Encryption Standard (AES).

data warehouse: A special-purpose database used for decision support or research purposes.

database management system (DBMS): Restricts access by different subjects to various objects in a database.

DCE: Data Communications Equipment. See also DTE.

decryption: The process of transforming ciphertext into plaintext.

defense in depth: The principle of protecting assets by using layers of dissimilar mechanisms.

Defense Information Technology Security Certification and Accreditation Process (DITSCAP): A program that formalizes the certification and accreditation process for U.S. Department of Defense information systems.

demonstrative evidence: Evidence that is used to aid the court’s understanding of a legal case.

Denial of Service (DoS): An attack on a system or network with the intention of making the system or network unavailable for use.

detective controls: Controls that identify violations and incidents.

deterrent controls: Controls that discourage violations.

Diameter: The next-generation RADIUS protocol. See also Remote Authentication Dial-In User Service (RADIUS).

dictionary attack: A focused type of brute-force attack in which a predefined word list is used. See also brute-force attack.

Diffie-Hellman: A key-agreement algorithm based on discrete logarithms.

digital certificate: A certificate that binds an identity with a public encryption key.

Digital Signature Standard (DSS): Published by NIST in Federal Information Processing Standard (FIPS) 186-1, DSS specifies two acceptable algorithms in its standard: The RSA Digital Signature Algorithm and the Digital Signature Algorithm (DSA). See also NIST and Rivest, Shamir, Adleman (RSA).

Digital Subscriber Line (xDSL): A high-bandwidth communications protocol that operates over analog telecommunications voice lines.

direct evidence: Oral testimony or a written statement based on information gathered through the witness’s five senses that proves or disproves a specific fact or issue.

discretionary access control (DAC): An access policy determined by the owner of a file or other resource. See also mandatory access control (MAC) system.

disk mirroring (RAID Level 1): When a duplicate copy of all data is written to another disk or set of disks.

disk striping (RAID Level 0): When data is written across multiple disks but doesn’t provide redundancy or fault tolerance.

disk striping with parity (RAID Level 5): When data is written across multiple disks, along with parity data that provides fault tolerance if one disk fails.

distributed application: A software application whose components reside in several systems or locations.

Distributed Denial of Service (DDoS): An attack where the attacker initiates simultaneous denial of service attacks from many systems.

documentary evidence: Evidence that is used in legal proceedings, including originals and copies of business records, computer-generated and computer-stored records, manuals, policies, standards, procedures, and log files.

domain: A collection of users, computers, and resources that have a common security policy and single administration.

DTE: Data Terminal Equipment. See also DCE.

due care: The steps that an organization takes to implement security best practices.

due diligence: The prudent management and execution of due care.

dumpster diving: The process of examining garbage with the intention of finding valuable goods or information.

dynamic password: A password that changes at some regular interval or event.

Electromagnetic Interference (EMI): Electrical noise generated by the different charges between the three electrical wires (hot, neutral, and ground) and can be common-mode noise (caused by hot and ground) or traverse-mode noise (caused by hot and neutral).

Electronic Code Book (ECB): One of four operating modes for DES. ECB operates on 64-bit blocks of plaintext independently and produces 64-bit blocks of ciphertext, and it’s the native mode for DES operation. See also Cipher Block Chaining (CBC), Cipher Feedback (CFB), Data Encryption Standard (DES), and Output Feedback (OFB).

Encapsulating Security Payload (ESP): In IPSec, a protocol that provides confidentiality (encryption) and limited authentication. See also Internet Protocol Security (IPSec).

encryption: The process of transforming plaintext into ciphertext.

end-to-end encryption: A process by which packets are encrypted once at the original encryption source and then decrypted only at the final decryption destination.

enticement: Luring someone toward certain evidence after that individual has already committed a crime.

entrapment: Encouraging someone to commit a crime that the individual may have had no intention of committing.

escalation of privilege: An attack where the attacker is using some means to bypass security controls in order to attain a higher privilege level on the target system.

Escrowed Encryption Standard (EES): Divides a secret key into two parts, and places those two parts into escrow with two separate, trusted organizations. Published by NIST in FIPS PUB 185 (1994). See also NIST.

espionage: The practice of spying or using spies to obtain proprietary or confidential information.

Ethernet: A common bus-topology network transport protocol.

ethics: Professional principles and duties that guide decisions and behavior. See also code of ethics.

European Information Technology Security Evaluation Criteria (ITSEC): Formal evaluation criteria that address confidentiality, integrity, and availability for an entire system.

evidence life cycle: The various phases of evidence, from its initial discovery to its final disposition. The evidence life cycle has the following five stages: collection and identification; analysis; storage, preservation, and transportation; presentation in court; and return to victim (owner).

Exclusive Or (XOR): A binary operation applied to two input bits. If the two bits are equal, the result is zero. If the two bits are not equal, the result is one.

exigent circumstances: If probable cause exists and the destruction of evidence is imminent, property or people may be searched and/or evidence may be seized by law enforcement personnel without a search warrant.

expert systems: A type of artificial intelligence system based on an inference engine (a program that attempts to derive answers) and knowledge base.

Extensible Authentication Protocol (EAP): A remote access control protocol that implements various authentication mechanisms, including MD5, S/Key, generic token cards, and digital certificates. Often used in wireless networks.

extranet: An intranet that has been extended to include external parties, such as customers, partners, and suppliers. See also intranet.

fail closed: A control failure that results in all accesses being blocked.

fail open: A control failure that results in all accesses being permitted.

failover: A failure mode in which the system automatically transfers processing to a hot backup component, such as a clustered server, if a hardware or software failure is detected.

fail-safe: A failure mode in which program execution is terminated, and the system is protected from compromise, if a hardware or software failure is detected.

fail-soft (or resilient): A failure mode in which certain, noncritical processing is terminated, and the computer or network continues to function in a degraded mode, if a hardware or software failure is detected.

False Accept Rate (FAR; or Type II Error): In biometric access control systems, the percentage of unauthorized users who are incorrectly granted access. See also Crossover Error Rate (CER) and False Reject Rate (FRR; or Type I Error).

False Reject Rate (FRR; or Type I Error): In biometric access control systems, the percentage of authorized users who are incorrectly denied access. See also Crossover Error Rate (CER) and False Accept Rate (FAR; or Type II Error).

fault: Momentary loss of electric power.

fault-tolerant: A system that continues to operate after the failure of a computer or network component.

Fiber Distributed Data Interface (FDDI): A star topology, token-passing, network transport protocol.

FIPS: Federal Information Processing Standard. Standards and guidelines published by the U.S. National Institute of Standards and Technology (NIST) for federal computer systems. See also NIST.

firewall: A device or program that controls traffic flow between networks.

firmware: A program or code that’s stored in ROM memory.

forensics (or computer forensics): The science of conducting a computer crime investigation in order to determine what’s happened and who’s responsible for what’s happened. One major component of computer forensics involves collecting legally admissible evidence for use in a computer crime case.

frame injection: An attack where the attacker is attempting to load arbitrary code into a browser in order to steal data from other frames in the browser session.

Frame Relay (FR): A packet-switched network protocol used to transport WAN communications.

fraud: Any deceptive or misrepresented activity that results in illicit personal gain.

fuzzy logic: An artificial intelligence method that’s used to address uncertain situations to determine whether a given condition is true or false.

gateway: A system, connected to a network, which performs any real-time translation or interface function; for example, a system that converts Exchange e-mail to Lotus Notes e-mail.

goals: Specific milestones that an organization hopes to accomplish.

gray-box testing: A security test wherein the tester has some prior knowledge of the system being tested.

guidelines: Similar to standards, but considered recommendations, rather than compulsory requirements.

hardware: The physical components in a computer system.

hardware segmentation: The practice of isolating functions by placing them on separate hardware platforms.

hash function: A mathematical function that creates a unique representation of a larger set of data (such as a digest). Hash functions are often used in cryptographic algorithms and to produce checksums and message digests. See also message digest.

Health Insurance Portability and Accountability Act (HIPAA): A federal Act that addresses security and privacy requirements for medical systems and information.

hearsay evidence: Evidence that isn’t based on the witness’s personal, first-hand knowledge, but was instead obtained through other sources.

hearsay rule: Under the Federal Rules of Evidence, hearsay evidence is normally not admissible in court.

heterogeneous environment: A systems environment that consists of a variety of types of systems. See also homogeneous environment.

hidden code: An attack in which secret (and usually malicious) computer code is embedded within another program.

High-Speed Serial Interface (HSSI): A point-to-point WAN connection protocol.

homogeneous environment: A systems environment that consists largely of one type of system. See also heterogeneous environment.

honeypot: A decoy system deployed by a security administrator to discover the attack methods of potential hackers.

hot site: A fully configured alternative computer facility that has electrical power, HVAC, and functioning file/print servers and workstations. See also cold site, HVAC, and warm site.

hub: A network device used to connect several LAN devices together. Also known as a concentrator.

HVAC: Heating, ventilation, and air conditioning.

identification: The means by which a user claims a specific, unproven identity to a system. See also authentication.

identity management: The processes and procedures that support the life cycle of people’s identities in an organization.

IETF: Internet Engineering Task Force.

inference: The ability of users to figure out information about data at a sensitivity level for which they’re not authorized.

inference channel: A link that allows inference to occur.

inference engine: An artificial intelligence system that derives answers from a knowledge base.

information custodian (or custodian): The individual who has the day-to-day responsibility of protecting information assets.

information flow model: A lattice-based model in which each object is assigned a security class and value, and their direction of flow is controlled by a security policy.

information owner (or owner): The individual who decides who’s allowed access to a file and what privileges are granted.

inrush: Initial electric power surge experienced when electrical equipment is turned on.

Integrated Services Digital Network (ISDN): A low-bandwidth communications protocol that operates over analog telecommunications voice lines.

integrity: Safeguards the accuracy and completeness of information and processing methods, and ensures that

Modifications to data aren’t made by unauthorized users or processes.

Unauthorized modifications to data aren’t made by authorized users or processes.

Data is internally and externally consistent, meaning a given input produces an expected output.

intellectual property: Includes patents, trademarks, copyrights, and trade secrets.

Internet: The worldwide, publicly accessible network that connects the networks of organizations.

Internet Control Message Protocol (ICMP): An Internet Protocol used to transmit diagnostic messages.

Internet Protocol (IP): The Open Systems Interconnection (OSI) Layer 3 protocol that’s the basis of the modern Internet.

Internet Protocol Security (IPSec): An IETF open-standard Virtual Private Network (VPN) protocol for secure communications over public IP-based networks.

Internetwork Packet Exchange (IPX): A network packet-oriented protocol that’s the basis for Novell Netware networks. IPX is analogous to IP.

intranet: An organization’s private network that’s used to securely share information among the organization’s employees.

intrusion detection system (IDS): A hardware or software application that detects and reports on suspected network or host intrusions.

intrusion prevention system (IPS): A hardware or software application that both detects and blocks suspected network or host intrusions.

job rotation: The practice of moving employees from one position to another, for cross-training and security reasons.

Kerberos: A ticket-based authentication protocol, in which “tickets” are used to identify users, developed at the Massachusetts Institute of Technology (MIT).

key logging: The practice of recording keystrokes, usually for illicit purposes, such as acquiring user IDs, passwords, and other confidential information.

known-plaintext attack: An attack technique in which the cryptanalyst has a given plaintext message and the resulting ciphertext.

KryptoKnight: A ticket-based single sign-on (SSO) authentication system, in which “tickets” are used to identify users, developed by IBM.

LAN: Local area network.

lattice-based access controls: A method for implementing mandatory access controls in which a mathematical structure defines greatest lower-bound and least upper-bound values for a pair of elements: for example, subject and object.

Layer 2 Forwarding Protocol (L2F): A Virtual Private Network (VPN) protocol similar to Point-to-Point Tunneling Protocol (PPTP).

Layer 2 Tunneling Protocol (L2TP): A Virtual Private Network (VPN) protocol similar to Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding Protocol (L2F).

least privilege: A principle requiring that a subject is granted only the minimum privileges necessary to perform an assigned task.

Lightweight Directory Access Protocol (LDAP): An Internet Protocol (IP) and data storage model that supports authentication and directory functions.

link encryption: Packet encryption and decryption at every node along the network path; requires each node to have separate key pairs for its upstream and downstream neighbors.

logic bomb: A program, or portion thereof, designed to perform some malicious function when a predetermined circumstance occurs.

maintenance hook: A back door that allows a software developer or vendor to bypass access control mechanisms in order to perform maintenance. These back doors are often well known and pose a significant security threat if not properly secured.

malware: Malicious software that typically damages, takes control of, or collects information from a computer. This classification of software broadly includes viruses, worms, Trojan horses, logic bombs, spyware, and (to a lesser extent) adware.

MAN: Metropolitan area network.

mandatory access control (MAC) system: A type of access control system in which the access policy is determined by the system, rather than by the owner. See also discretionary access control (DAC).

Man-in-the-Middle Attack: A type of attack in which an attacker intercepts messages between two parties and forwards a modified version of the original message.

mantrap: A physical access control method consisting of a double set of locked doors or turnstiles.

manual controls: Controls that must be performed manually by people.

Maximum Tolerable Downtime (MTD): An extension of a Criticality Assessment that specifies the maximum period of time that a given business process can be inoperative before experiencing unacceptable consequences. See also Criticality Assessment.

Maximum Tolerable Period of Disruption (MTPD). See Maximum Tolerable Downtime (MTD).

media controls: Controls that are used to manage information classification and physical media.

Meet-in-the-Middle Attack: A type of attack in which an attacker encrypts known plaintext with each possible key on one end, decrypts the corresponding ciphertext with each possible key, and then compares the results in the middle.

memory addressing: The method used by the Central Processing Unit (CPU) to access the contents of memory.

memory space: The amount of memory available in a computer system.

message digest: A condensed representation of a message that is produced by using a one-way hash function. See also hash function.

metadata: “Data about data” that may present a security risk by revealing private information about a document or its history.

MIME Object Security Services (MOSS): Provides confidentiality, integrity, identification and authentication, and non-repudiation by using MD2 or MD5, RSA asymmetric keys, and DES. See also Data Encryption Standard (DES), Multipurpose Internet Mail Extensions (MIME), and Rivest, Shamir, Adleman (RSA).

mission statement: A statement that defines an organization’s reason for existence.

mobile app: An application that runs on a mobile device and has the capability to interact with the user, communicate over the Internet, and store data locally.

mobile device: A general term encompassing all smaller devices such as smartphones and tablet computers, which run operating systems such as iOS and Android.

monitoring: Activities that verify processes, procedures, and systems.

monoalphabetic substitution: A cryptographic system that uses a single alphabet to encrypt and decrypt an entire message.

multi-level system: A single computer system that handles multiple classification levels between subjects and objects.

multiprocessing: A system that executes multiple programs on multiple processors simultaneously.

multiprogramming: A system that alternates execution of multiple programs on a single processor.

Multi-Protocol Label Switching (MPLS): An extremely fast method of forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in the packet.

Multipurpose Internet Mail Extensions (MIME): An IETF standard that defines the format for messages that are exchanged between e-mail systems over the Internet. See also IETF.

multitasking: A system that alternates execution of multiple subprograms or tasks on a single processor.

National Information Assurance Certification and Accreditation Process (NIACAP): Formalizes the certification and accreditation process for U.S. government national security information systems.

NCSC: National Computer Security Center. A U.S. government organization, within the U.S. National Security Agency (NSA), that is responsible for evaluating computing equipment and applications that are used to process classified data.

need-to-know: A status, granted to an individual, that defines the essential information needed to perform his or her assigned job function.

Network Address Translation (NAT): The process of converting internal, privately used addresses in a network to external, public addresses.

network interface card (NIC): An adaptor that permits a computer or other system to be connected to a network.

neural network: A type of artificial intelligence system that approximates the function of the human nervous system.

NIST: U.S. National Institute of Standards and Technology. A federal agency, within the U.S. Department of Commerce, that is responsible for promoting innovation and competitiveness through standards, measurement science, and technology.

non-compete agreement: A legal agreement in which an employee agrees not to accept employment in a competing organization.

non-disclosure agreement (NDA): A legal agreement in which one or more parties agrees to refrain from disseminating confidential information related to other parties.

non-interference model: Ensures that the actions of different objects and subjects aren’t seen by, and don’t interfere with, other objects and subjects on the same system.

non-repudiation: The inability for a user to deny an action; his or her identity is positively associated with that action.

object: A passive entity, such as a system or file.

object reuse: The process of protecting the confidentiality of objects that are reassigned after initial use. See also Trusted Computer System Evaluation Criteria (TCSEC).

objectives: Specific milestones that an organization wants to perform in order to meet its goals. See also goals.

one-time pad: A cryptographic keystream that can be used only once.

one-time password: A password that’s valid for only one log-on session.

one-way function: A problem that’s easy to compute in one direction but not in the reverse direction.

open message format: A message encrypted in an asymmetric key system by using the sender’s private key. The sender’s public key, which is available to anyone, is used to decrypt the message. This format guarantees the message’s authenticity. See also secure and signed message format and secure message format.

open system: A vendor-independent system that complies with an accepted standard, which promotes interoperability between systems and components made by different vendors. See also closed system.

Open Systems Interconnection (OSI) model: The seven-layer reference model for networks. The layers are Physical, Data Link, Network, Transport, Session, Presentation, and Application.

operating system (OS): Software that controls computer hardware and resources and facilitates the operation of application software. See also application software.

Orange Book: See Trusted Computer System Evaluation Criteria (TCSEC).

Output Feedback (OFB): One of four operating modes for DES. OFB is a stream cipher often used to encrypt satellite communications. In this mode, previous plaintext is used as feedback for key generation in the next keystream; however, the resulting ciphertext isn’t chained together (unlike with CFB). See also Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Data Encryption Standard (DES).

owner: An individual in an organization who’s responsible for management of an asset, including classification, handling, and access policy.

Packet (or password) sniffing: A type of attack in which an attacker uses a sniffer to capture network packets and analyze their contents.

packet-filtering firewall: A type of firewall that examines the source and destination addresses of an incoming packet, and then either permits or denies the packet based on an ACL. See also access control list (ACL).

PAN: Personal area network.

password: A string of characters (a word or phrase) that a subject provides to an authentication mechanism in order to authenticate to a system.

Password Authentication Protocol (PAP): A remote access control protocol that uses a two-way handshake to authenticate a peer to a server when a link is initially established.

patent: As defined by the U.S. Patent and Trademark Office (PTO), a patent is “the grant of a property right to the inventor.”

penetration testing: A test that attempts to penetrate a system and identify potential software vulnerabilities. Also known as pen testing.

personal identification number (PIN): A numeric-only password, usually used when only a numeric keypad (versus an alphanumeric keyboard) is available. See also password.

pharming: A phishing attack that’s targeted towards a specific organization. See also phishing.

phishing: A social-engineering cyber-attack technique widely used in identity-theft crimes. An e-mail, purportedly from a known legitimate business (typically financial institutions, online auctions, retail stores, and so on), requests the recipient to verify personal information online at a forged or hijacked website. See also pharming and spear phishing.

physical controls: Controls that ensure the safety and security of the physical environment.

plaintext: A message in its original readable format or a ciphertext message that’s been properly decrypted (unscrambled) to produce the original readable plaintext message.

Point-to-Point Protocol (PPP): A protocol used in remote access service (RAS) servers to encapsulate Internet Protocol (IP) packets and establish dial-in connections over serial and Integrated Services Digital Network (ISDN) links.

Point-to-Point Tunneling Protocol (PPTP): A Virtual Private Network (VPN) protocol designed for individual client-server connections.

policy: A formal high-level statement of an organization’s objectives, responsibilities, ethics and beliefs, and general requirements and controls.

polyinstantiation: Allows different versions of the same data to exist at different sensitivity levels.

port scan: A test used to determine which Transmission Control Protocol/Internet Protocol (TCP/IP) service ports on a system are running.

prepared statement: A canned database command that can be called by an application.

Pretty Good Privacy (PGP): A freely available, open-source e-mail application that provides confidentiality and authentication by using the International Data Encryption Algorithm (IDEA) cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution. See also Rivest, Shamir, Adleman (RSA).

preventive controls: Controls that prevent unwanted events.

privacy: The security and protection of personal information.

Privacy Enhanced Mail (PEM): A protocol that provides confidentiality and authentication by using 3DES for encryption, MD2 or MD5 message digests, X.509 digital certificates, and the RSA asymmetric system for digital signatures and secure key distribution. See also 3DES (Triple DES) and Rivest, Shamir, Adleman (RSA).

privilege escalation: See escalation of privilege.

procedures: Detailed instructions about how to implement specific policies and meet the criteria defined in standards.

process isolation: An operating system feature whereby different user processes are unable to view or modify information related to other processes.

process table: The collection of processes that are active in an operating system.

promiscuous mode: A setting on a network adapter that passes all network traffic to the associated device for processing, not just traffic that is specifically addressed to that device. See also sniffing.

Protected Extensible Authentication Protocol (PEAP): An open standard used to transmit authentication information in a protected manner.

protection domain: Prevents other programs or processes from accessing and modifying the contents of an address space that has already been assigned to an active program or process.

protection rings: A security architecture concept that implements multiple domains that have increasing levels of trust near the center.

proximate causation: An action taken or not taken as part of a sequence of events that result in negative consequences.

proxy server: A system that transfers data packets from one network to another.

prudent man rule: Under the Federal Sentencing Guidelines, senior corporate officers are required to perform their duties in good faith, in the best interests of the enterprise, and with the care and diligence that ordinary, prudent people in a similar position would exercise in similar circumstances.

pseudo flaw: A form of social engineering in which the attacker attempts to trick people into performing certain actions to remedy a supposed security situation.

public key cryptography: A cryptographic method that permits parties to communicate with each other without exchanging a secret key in advance.

Public Key Infrastructure (PKI): A system that enables secure e-commerce through the integration of digital signatures, digital certificates, and other services necessary to ensure confidentiality, integrity, authentication, non-repudiation, and access control.

punitive damages: Determined by a jury and intended to punish the offender.

Radio Frequency Interference (RFI): Electrical noise caused by electrical components, such as fluorescent lighting and electric cables.

real (or physical) evidence: Tangible objects from the actual crime, such as the tools or weapons used and any stolen or damaged property.

recovery controls: Controls that restore systems and information.

Recovery Point Objective (RPO): The maximum period of time in which data may be lost if a disaster occurs.

Recovery Time Objective (RTO): The period of time in which a business process must be recovered (during a disaster) in order to ensure the survival of the organization.

Reduced-Instruction-Set-Computing (RISC): A microprocessor instruction set architecture that utilizes a smaller and simpler instruction set than CISC, which makes RISC more efficient than CISC. See also Complex-Instruction-Set-Computing (CISC).

redundancy: Multiple systems, nodes, or network paths that provide the same functionality for resiliency and availability in the event of failure.

reference monitor: An abstract machine (a theoretical model for a computer system or software program) that mediates all access to an object by a subject.

Registration Authority (RA): In a PKI, the RA is responsible for verifying certificate contents for the CA. See also Certification Authority (CA) and Public Key Infrastructure (PKI).

remote access service (RAS): A remote access protocol typically used over dial-up facilities.

Remote Authentication Dial-In User Service (RADIUS): An open-source, User Datagram Protocol (UDP)–based client-server protocol used to authenticate remote users.

remote backup: A backup operation where the target backup media is located in a remote location.

replication: The process of copying data transactions from one system to another.

repository: In a PKI infrastructure, a repository is a system that accepts certificates and Certificate Revocation Lists (CRLs) from a CA and distributes them to authorized parties. See also Certification Authority (CA) and Public Key Infrastructure (PKI).

Reverse Address Resolution Protocol (RARP): A protocol used by diskless workstations to query and discover their own IP addresses.

Rijndael: The encryption algorithm used by the AES. See also Advanced Encryption Standard (AES).

ring: A network topology in which all devices are connected to a closed loop.

risk acceptance: Accepting the loss associated with a potential risk.

risk analysis: A method used to identify and assess threats and vulnerabilities in a business, process, system, or activity.

risk assignment (or transference): Transferring the potential loss associated with a risk to a third party, such as an insurance company.

risk mitigation: Reducing risk to a level that’s acceptable to an organization.

risk reduction: Mitigating risk by implementing the necessary security controls, policies, and procedures to protect an asset.

Rivest, Shamir, Adleman (RSA): A key transport algorithm based on the difficulty of factoring a number that’s the product of two large prime numbers.

role-based access control (RBAC): A method for implementing discretionary access controls in which access decisions are based on group membership, according to organizational or functional roles.

rotation of duties (or job rotation): Regularly transferring key personnel into different positions or departments within an organization.

router: A network device that forwards packets among dissimilar networks.

rule-based access control: A method for applying mandatory access control by matching an object’s sensitivity label and a subject’s sensitivity label to determine whether access should be granted or denied.

safeguard: A control or countermeasure implemented to reduce the risk or damage associated with a specific threat.

sag: A short drop in voltage.

scan: A technique used to identify vulnerabilities in a system, usually by transmitting data to it and observing its response.

scareware: A type of social engineering attack wherein a Trojan horse program or a browser popup is intended to trick the user into thinking that there is a security problem in their computer. The intended victim is asked or tricked to click a button or link to fix a security problem; in reality the consenting user is enabling malware to run on the computer.

screening router: A firewall architecture that consists of a router that controls packet flow through the use of ACLs. See also access control list (ACL) and firewall.

script injection: An attack in which the attacker injects script code, in hopes that the code will be executed on a target system.

secondary evidence: A duplicate or copy of evidence, such as a tape backup, screen capture, or photograph.

secure and signed message format: A message encrypted in an asymmetric key system by using the recipient’s public key and the sender’s private key. This encryption method protects the message’s confidentiality and guarantees the message’s authenticity. See also open message format and secure message format.

Secure Electronic Transaction (SET): Developed by MasterCard and Visa to provide secure e-commerce transactions by implementing authentication mechanisms while protecting the confidentiality and integrity of cardholder data.

Secure European System and Applications in a Multi-vendor Environment (SESAME): A ticket-based authentication protocol similar to Kerberos, with additional security enhancements. See also Kerberos.

Secure HyperText Transfer Protocol (S-HTTP): An Internet protocol that provides a method for secure communications with a webserver.

secure message format: A message encrypted in an asymmetric key system by using the recipient’s public key. Only the recipient’s private key can decrypt the message. This encryption method protects the message’s confidentiality. See also open message format and secure and signed message format.

Secure Multipurpose Internet Mail Extensions (S/MIME): Provides confidentiality and authentication for e-mail by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates. See also Rivest, Shamir, Adleman (RSA).

Secure Shell (SSH): A secure character-oriented protocol that’s a secure alternative to Telnet and rsh. See also Telnet.

Secure Sockets Layer/Transport Layer Security (SSL/TLS): A transport layer protocol that provides session-based encryption and authentication for secure communication between clients and servers on the Internet.

security awareness: The process of providing basic security information to users in an organization to help them make prudent decisions regarding the protection of the organization’s assets.

security kernel: The combination of hardware, firmware, and software elements in a TCB that implements the reference monitor concept. See also Trusted Computing Base (TCB).

security modes of operation: Designations for U.S. military and government computer systems based on the need to protect secrets stored within them. The modes are Dedicated, System High, Multi-Level, and Limited Access.

security perimeter: The boundary that separates the TCB from the rest of the system. See also Trusted Computing Base (TCB).

segregation of duties. See separation of duties and responsibilities.

Sensitive but Unclassified (SBU): A U.S. government data classification level for information that’s not classified but requires protection, such as private or personal information.

sensitivity label: In a MAC-based system, a subject’s sensitivity label specifies that subject’s level of trust, whereas an object’s sensitivity label specifies the level of trust required for access to that object. See also mandatory access control (MAC) system.

separation of duties and responsibilities: A concept that ensures no single individual has complete authority and control of a critical system or process.

Serial Line Internet Protocol (SLIP): An early Point-to-Point Protocol (PPP) used to transport Internet Protocol (IP) over dial-up modems. PPP is more commonly used for this purpose.

Service-Level Agreement (SLA): Formal minimum performance standards for systems, applications, networks, or services.

session hijacking: Similar to a Man-in-the-Middle Attack, except that the attacker impersonates the intended recipient instead of modifying messages in transit. See also Man-in-the-Middle Attack.

shoulder surfing: A social engineering technique that involves looking over someone’s shoulder to obtain information such as passwords or account numbers.

Simple Key Management for Internet Protocols (SKIP): A protocol used to share encryption keys.

single sign-on (SSO): A system that allows a user to present a single set of log-on credentials, typically to an authentication server, which then transparently logs the user on to all other enterprise systems and applications for which that user is authorized.

smartphone: See mobile device.

Smurf: A Denial of Service attack in which the attacker sends forged Internet Control Message Protocol (ICMP) echo request packets into a network with the intention of having large numbers of nodes on the network sending ICMP echo replies to the target system. See also Denial of Service (DoS).

sniffing: The practice of intercepting communications for usually covert purposes.

social engineering: A low-tech attack method that employs techniques such as dumpster diving and shoulder surfing.

software: Computer instructions that enable the computer to accomplish tasks. See also application software and operating system (OS).

software development life cycle (SDLC): The business-level process used to develop and maintain software.

SONET: See Synchronous Optical Networking (SONET).

spam (or Unsolicited Commercial E-mail [UCE]): Junk e-mail, which currently constitutes about 85 percent of all worldwide e-mail.

spear phishing: A phishing attack that’s highly targeted; for example, at a particular organization or part of an organization. See also phishing.

spike: A momentary rush of electric power.

SPIM: Spam over instant messaging.

SPIT: Spam over Internet telephony.

spoofing: A technique used to forge TCP/IP packet information or e-mail header information. In network attacks, IP spoofing is used to gain access to systems by impersonating the IP address of a trusted host. In e-mail spoofing, the sender address is forged to trick an e-mail user into opening or responding to an e-mail (which usually contains a virus or spam).

spyware: A form of malware that’s installed on a user’s computer, usually without his or her knowledge, often for the purpose of collecting information about a user’s Internet usage or for taking control of his or her computer. Spyware increasingly includes keystroke loggers and Trojan horses.

SQL injection: A type of attack where the attacker injects SQL commands into a computer input field, in hopes that the SQL command will be passed to the database management system.

standards: Specific, mandatory requirements that further define and support high-level policies.

star: A network topology in which all devices are directly connected to a central hub or concentrator.

state attack: An attack where the attacker is attempting to steal other users’ session identifiers, in order to access a system using the stolen session identifier.

state machine model: An abstract model in which a secure state is defined and maintained during transitions between secure states.

stateful inspection firewall: A type of firewall that captures and analyzes data packets at all levels of the Open Systems Interconnection (OSI) model to determine the state and context of the data packet and whether it’s to be permitted access to the network.

static password: A password that’s the same for each log-on.

statutory damages: Mandatory damages determined by law and assessed for violating the law.

steganography: The art of hiding the very existence of a message; for example, in a picture.

stored procedure: A subroutine that is accessible by software programs, and which is stored in a relational database management system.

stream cipher: An encryption algorithm that operates on a continuous stream of data, typically bit-by-bit.

strong authentication: A means of authentication that requires two or more independent means of identification. See also two-factor authentication.

Structured Query Language (SQL): A computer language used to manipulate data in a database management system.

subject: An active entity, such as an individual or a process.

substitution cipher: Ciphers that replace bits, characters, or character blocks in plaintext with alternate bits, characters, or character blocks to produce ciphertext.

Supervisor mode: A level of elevated privilege, usually intended for only system administration use. See also User mode.

surge: A prolonged rush of electric power.

switch: An intelligent hub that transmits data to only individual devices on a network, rather than all devices (in the way that hubs do). See also hub.

Switched Multimegabit Data Service (SMDS): A high-speed, packet-switched, connectionless-oriented, datagram-based technology available over public switched networks.

symmetric key system (or symmetric algorithm, secret key, single key, private key): A cryptographic system that uses a single key to both encrypt and decrypt information.

SYN flood: An attack in which the attacker sends large volumes of Transmission Control Protocol (TCP) SYN (synchronize) packets to a target system. A SYN flood is a type of Denial of Service attack. See also Denial of Service (DoS).

Synchronous Optical Networking (SONET): A telecommunications carrier-class protocol used to communicate digital information over optical fiber.

system access control: A control that prevents a subject from accessing a system unless the subject can present valid credentials.

system high mode: A state in which a system operates at the highest level of information classification.

Take-Grant model: A security model that specifies the rights that a subject can transfer to or from another subject or object.

Teardrop attack: A type of stack overflow attack that exploits vulnerabilities in the Internet Protocol (IP).

technical (or logical) controls: Hardware and software technology used to implement access control.

Telnet: A network protocol used to establish a command line interface on another system over a network. See also Secure Shell (SSH).

Terminal Access Controller Access Control System (TACACS): A User Datagram Protocol (UDP)–based access control protocol that provides authentication, authorization, and accounting.

threat: Any natural or man-made circumstance or event that can have an adverse or undesirable impact, whether minor or major, on an organizational asset.

threat modeling: A systematic process used to identify likely threats, vulnerabilities, and countermeasures for a specific application and its uses during the design phase of the application (or software) development life cycle.

three-way handshake: The method used to establish and tear down network connections in the Transmission Control Protocol (TCP).

token: A hardware device used in two-factor authentication.

Token-Ring: A star-topology network transport protocol.

trade secret: Proprietary or business-related information that a company or individual uses and has exclusive rights to.

trademark: As defined by the U.S. Patent and Trademark Office (PTO), a trademark is “any word, name, symbol, or device, or any combination, used, or intended to be used, in commerce to identify and distinguish the goods of one manufacturer or seller from goods manufactured or sold by others.”

traffic analysis: A method of attack in which an attacker observes network traffic patterns in order to make deductions about network utilization, architecture, behavior, or other discernable characteristics.

transient: A momentary electrical line noise disturbance.

Transmission Control Protocol (TCP): A connection-oriented network protocol that provides reliable delivery of packets over a network.

transposition cipher: Ciphers that rearrange bits, characters, or character blocks in plaintext to produce ciphertext.

trap door: A feature within a program that performs an undocumented function (usually a security bypass, such as an elevation of privilege).

Trojan horse: A program that purports to perform a given function, but which actually performs some other (usually malicious) function.

trusted computer system: A system that employs all necessary hardware and software assurance measures and meets the specified requirements for reliability and security.

Trusted Computer System Evaluation Criteria (TCSEC): Commonly known as the Orange Book. Formal systems evaluation criteria developed for the U.S. Department of Defense by the National Computer Security Center (NCSC) as part of the Rainbow Series.

Trusted Computing Base (TCB): The total combination of protection mechanisms within a computer system — including hardware, firmware, and software — that are responsible for enforcing a security policy.

Trusted Network Interpretation (TNI): Commonly known as the Red Book (of the Rainbow Series). Addresses confidentiality and integrity in trusted computer/communications network systems. See also Trusted Computer System Evaluation Criteria (TCSEC).

trusted path: A direct communications path between the user and the Trusted Computing Base (TCB) that doesn’t require interaction with untrusted applications or operating system layers.

trusted recovery: Safeguards to prevent the disclosure of information during the recovery of a system after a failure.

two-factor authentication: An authentication method that requires two ways of establishing identity.

uninterruptible power supply (UPS): A device that provides continuous electrical power, usually by storing excess capacity in one or more batteries.

USA PATRIOT Act (Uniting [and] Strengthening America [by] Providing Appropriate Tools Required [to] Intercept [and] Obstruct Terrorism Act of 2001): A U.S. law that expands the authority of law enforcement agencies for the purpose of combating terrorism.

user: A person who has access to information and/or information systems.

User Datagram Protocol (UDP): A network protocol that doesn’t guarantee packet delivery or the order of packet delivery over a network.

user entitlement: The data access privileges that are granted to an individual user.

User mode: A level of privilege, usually intended for ordinary users. See also Supervisor mode.

vernam cipher: See one-time pad.

view: A logical operation that can be used to restrict access to specific information in a database, hide attributes, and restrict queries available to a user. Views are a type of constrained user interface that restricts access to specific functions by not allowing a user to request it.

violation analysis: The process of examining audit logs and other sources in order to discover inappropriate activities.

virtual memory: A type of secondary memory addressing that uses both installed physical memory and available hard drive space to present a larger apparent memory space than actually exists to the Central Processing Unit (CPU).

Virtual Private Network (VPN): A private network used to communicate privately over public networks. VPNs utilize encryption and encapsulation to protect and simplify connectivity.

Virtual Tape Library (VTL): A disk-based storage system that is used like magnetic tape storage for use in backup operations.

virus: A set of computer instructions whose purpose is to embed itself within another computer program in order to replicate itself.

Voice over Internet Protocol (VoIP): Telephony protocols that are designed to transport voice communications over TCP/IP networks.

vulnerability: The absence or weakness of a safeguard in an asset, which makes a threat potentially more harmful or costly, more likely to occur, or likely to occur more frequently.

WAN: Wide area network.

war dialing: A brute-force attack that uses a program to automatically dial a large block of phone numbers (such as an area code), searching for vulnerable modems or fax machines.

war driving: A brute-force attack that involves driving around, looking for vulnerable wireless networks.

warm site: An alternative computer facility that’s readily available and equipped with electrical power, HVAC, and computers, but not fully configured. See also cold site, hot site, and HVAC.

white-box testing: A security test in which the tester has complete knowledge of the system being tested.

WiFi (wireless fidelity): Wireless network technology that utilizes 802.11 protocols.

Wired Equivalent Privacy (WEP): A means of encrypting communications; specifically, 802.11/WiFi networks.

Wireless Transport Layer Security (WTLS): A protocol that provides security services for the Wireless Application Protocol (WAP) commonly used for Internet connectivity by mobile devices.

WLAN: Wireless local area network. See also WiFi.

work factor: The difficulty (in terms of time, effort, and resources) of breaking a cryptosystem.

worm: Malware that usually has the capability to replicate itself from computer to computer without the need for human intervention.

X.25: The first wide-area, packet-switching network.