Glossary
This glossary is organized by acronym: for example the “Data Encryption Standard” entry says “See—DES.” The “DES” entry contains the definition. This is done because it is the logical approach for a technical book, and allows faster lookups of definitions.
The second reason is to encourage you to learn the mapping of acronyms to terms (and vice-versa). Formal phrases in the Common Body of Knowledge can provide a shortcut to cutting through the clutter in an exam question. Knowing the formal acronyms can provide the fastest roadmap to identifying the crux of a question.
You should understand every term defined in this glossary before taking your exam. A read through of the glossary is a good final exam prep step, as discussed in the “How to Prepare for the Exam” section of the introduction.
802.11 Wireless networking standard
* Integrity axiom Biba property which states “no write up”
* Security property Bell-LaPadula property that states “no write down”
“Bad” blocks/clusters/sectors Good disk blocks marked as bad
4GL Fourth-generation programming language, designed to increase programmer’s efficiency by automating the creation of computer programming code
802.11-1997 The original mode of 802.11, operated at 2 mbps using the 2.4 GHz frequency
802.11a 802.11 mode that operates at 54 mbps using the 5 GHz frequency
802.11b 802.11 mode that operates at 11 mbps using the 2.4 GHz frequency
802.11g 802.11 mode that operates at 54 mbps using the 2.4 GHz frequency
802.11i The first 802.11 wireless security standard that provides reasonable security
802.11n 802.11 mode that uses both 2.4 and 5 GHz frequencies and allows speeds of 144 mbps and beyond
802.1X Port-based Network Access Control, layer 2 authentication
ABM Asynchronous Balanced Mode, HDLC combined mode where nodes may act as primary or secondary, initiating transmissions without receiving permission
Abstraction Hides unnecessary details from the user
Acceptance Testing Testing to ensure the software meets the customer’s operational requirements
Access aggregation The collective entitlements granted by multiple systems to one user. Can lead to authorization creep
Access Control List See—ACLs
Access control matrix Table defining what access permissions exist between specific subjects and objects
Account lockout Disables an account after a set number of failed logins, sometimes during a specific time period
Accountability Holds individuals accountable for their actions
Accountability Principle OECD Privacy Guideline principle which states individuals should have the right to challenge the content of any personal data being held, and have a process for updating their personal data if found to be inaccurate or incomplete
Accreditation The Data Owner’s acceptance of the risk represented by a system
ACK TCP flag, acknowledge received data
ACL Access control lists
Act honorably, honestly, justly, responsibly, and legally Second canon of the (ISC)2® Code of Ethics
Active RFID Powered RFID tags that can operate via larger distances
Active-active cluster Involves multiple systems all of which are online and actively processing traffic or data
Active-passive cluster Involves devices or systems that are already in place, configured, powered on and ready to begin processing network traffic should a failure occur on the primary system
ActiveX controls The functional equivalent of Java applets. They use digital certificates instead of a sandbox to provide security
Ad hoc mode 802.11 peer-to-peer mode with no central AP
Address Space Layout Randomization See—ASLR
Administrative controls Implemented by creating and following organizational policy, procedure, or regulation. Also called directive controls
Administrative law Law enacted by government agencies, aka regulatory law
ADSL Asymmetric Digital Subscriber Line, DSL featuring faster download speeds than upload
Advance and protect the profession Fourth canon of the (ISC)2® Code of Ethics
Advanced Encryption Standard See—AES
AES Advanced Encryption Standard, a block cipher using 128 bit, 192 bit, or 256 bit keys to encrypt 128-bit blocks of data
Agents of law enforcement Private citizens carrying out actions on behalf of law enforcement
Aggregation Mathematical attack where a user is able to use lower-level access to learn restricted information
Agile Software Development Flexible software development model that evolved as a reaction to rigid software development models such as the Waterfall Model
AH Authentication Header, IPsec protocol that provides authentication and integrity for each packet of network data
ALE Annualized Loss Expectancy, the cost of loss due to a risk over a year
All pairs testing See—Pairwise testing
Allocated space Portions of a disk partition that are marked as actively containing data
ALU Arithmetic Logic Unit, CPU component that performs mathematical calculations
Analog Communication that sends a continuous wave of information
ANN Artificial Neural Networks, simulate neural networks found in humans and animals
Annual Rate of Occurrence See—ARO
Annualized Loss Expectancy See—ALE
Antivirus software Software is designed to prevent and detect malware infections
API Application Programming Interface, allows an application to communicate with an another application, or an operating system, database, network, etc. For example, the Google Maps API allows an application to integrate 3rd-party content, such as restaurants overlaid on a Google Map
Applet Small pieces of mobile code that are embedded in other software such as web browsers
Application layer (OSI) Layer 7 of the OSI model, where the user interfaces with the computer application
Application layer (TCP/IP) TCP/IP model layer that combines Layers 5 though 7 of the OSI model
Application-layer proxy Proxy firewall that operates up to Layer 7
Application Programming Interface See—API
ARCNET Attached Resource Computer Network, a legacy LAN technology that uses tokens
Arithmetic Logic Unit See—ALU
ARM Asynchronous Response Mode, HDLC mode where secondary nodes may initiate communication with the primary
ARO Annual Rate of Occurrence, the number of losses suffered per year
ARPAnet The predecessor of the Internet
Artificial Intelligence The science of programming electronic computers to “think” more intelligently, sometimes mimicking the ability of mammal brains
Artificial Neural Networks See—ANN
ASLR Address Space Location Randomization, seeks to decrease the likelihood of successful exploitation by making memory addresses employed by the system less predictable
Assembly language Low-level computer programming language with instructions that are short mnemonics, such as “ADD,”“SUB” (subtract) and “JMP” (jump), that match to machine language instructions
Asset A resource that is valuable to an organization and must be protected
Asset Value See—AV
Asymmetric Digital Subscriber Line See—ADSL
Asymmetric Encryption Encryption that uses two keys: if you encrypt with one you may decrypt with the other
Asynchronous Balanced Mode See—ABM
Asynchronous Dynamic Token Authentication token that is not synchronized with a central server; includes challenge-response tokens
Asynchronous Response Mode See—ARM
Asynchronous Transfer Mode See—ATM
ATA Secure Erase Hardware-level secure erase command available on Solid State Drives (SSDs) that erases all blocks and also generates a new encryption key
ATM Asynchronous Transfer Mode, a WAN technology that uses fixed length cells
Attribute A column in a relational database table
Authentication Proof of an identity claim
Authentication Header See—AH
Authorization Actions an individual can perform on a system
Authorization creep Occurs when employees not only maintain old access rights but also gain new ones as they move from one division to another within an organization
AV Asset Value, the value of a protected asset
Availability Assures information is available when needed
Awareness Security control designed to change user behavior
Backdoor A shortcut in a system that allows a user to bypass security checks
Background checks Verification of a person’s background and experience, also called a pre-employment screening
Backward chaining Expert system mode that starts with begins with a premise, and works backwards
Baseband Network with one channel; can only send one signal at a time
Baseline Uniform ways to implement a safeguard, administrative control
Baselining The process of capturing a point in time understanding of the current system security configuration
Basic Input Output System See—BIOS
Basic Rate Interface See—BRI
Bastion host Any host placed on the Internet that is not protected by another device
Bayesian filtering Uses mathematical formulas to assign probabilities to make decisions such as identifying spam
BCI The Business Continuity Institute
BCP Business Continuity Plan, A long-term plan to ensure the continuity of business operations
BCP/DRP project manager The key point of contact for ensuring that a BCP/DRP is not only completed, but also routinely tested
Bell-LaPadula Security model focused on maintaining the confidentiality of objects
Best evidence rule Requires use of the strongest possible evidence
Best practice A consensus of the best way to protect the confidentiality, integrity and availability of assets
BGP Border Gateway Protocol, the routing protocol used on the Internet
Biba Security model focused on maintaining the integrity of objects
Big Bang testing Integration testing that tests all integrated software components
Binary image Bit-level copy of memory
BIOS Basic Input Output System, typically stored in firmware
Black box software testing Gives the tester no internal details: the software is treated as a black box that receives inputs
Black hat Unethical hacker or researcher
Blowfish Block cipher using from 32 through 448 bit (the default is 128) keys to encrypt 64 bits of data
Bluetooth 802.15 networking, a PAN wireless technology
Bollard A post designed to stop a car, typically deployed in front of building entrances
Book cipher Cryptographic method that uses whole words from a well-known text such as a dictionary as a one-to-one replacement for plaintext
Boot sector virus Virus that infects the boot sector of a PC, which ensures the virus loads upon system startup
BOOTP Bootstrap Protocol, used for bootstrapping via a network by diskless systems
Bootstrap Protocol See—BOOTP
Border Gateway Protocol See—BGP
Bot A computer system running malware that is controlled via a botnet
Botnet A central bot command and control (C&C) network, managed by humans called bot herders
Bottom-Up programming Starts with the low-level technical implementation details and works up to the concept of the complete program
Breach notification Notification of persons whose personal data has been, or is likely to have been, compromised
Brewer-Nash See—Chinese Wall Model
BRI Basic Rate Interface, provides two 64 K digital ISDN channels
Bridge Layer 2 device that has two ports and connects network segments together
Broadband Network with multiple channels; can send multiple signals at a time, like cable TV
Broadcast Traffic that is sent to all stations on a LAN
BRP Business Recovery Plan, details the steps required to restore normal business operations after a recovering from a disruptive event. Also known as the Business Resumption Plan
Brute force attack Attack that attempts every possible key or combination
BS-25999 Continuity standard by the British Standards Institution (BSI)
Buffer overflow Condition where an attacker can insert data beyond the end of a buffer variable
Bus Physical network topology that connects network nodes in a string
Business Continuity Plan See—BCP
Business interruption testing Partial or complete failover to an alternate site
Business Owners Also called Mission Owners, members of senior management who create the information security program and ensure that it is properly staffed, funded, and has organizational priority
Business Recovery Plan See—BRP
Business Resumption Plan See—BRP
Bytecode Machine-independent interpreted code, used by Java
Cable modem Provide Internet access via broadband cable TV
Cache memory The fastest memory on the system, required to keep up with the CPU as it fetches and executes instructions
Caesar Cipher A rot-3 substitution cipher
Callback Modem-based authentication system
Caller ID Identifies the calling phone number, sometimes used as a weak authentication method
Candidate keys Any attribute (column) in the table with unique values
Capability Maturity Model See—CMM
Carrier Sense Multiple Access See—CSMA
CASE Computer-Aided Software Engineering, uses programs to create assist in the creation and maintenance of other computer programs
CBC Cipher Block Chaining, a block mode of DES that XORs the previous encrypted block of ciphertext to the next block of plaintext to be encrypted
CCD Charged Couple Discharge, a digital CCTV
CCMP Counter Mode CBC MAC Protocol, used by WPA2 to create a MIC
CCTV Closed Circuit Television, a detective device used to aid guards in detecting the presence of intruders in restricted areas
CDN Content Distribution Networks (also Content Delivery Networks) use a series of distributed caching servers to improve performance and lower the latency of downloaded online content
Central Processing Unit See—CPU
Centralized access control Concentrates access control in one logical point for a system or organization
CER Crossover Error Rate, describes the point where the False Reject Rate (FRR) and False Accept Rate (FAR) are equal
Certificate Authority PKI component that authenticates the identity of a person or organization before issuing a certificate to them
Certificate Revocation List See—CRL
Certification A detailed inspection that verifies whether a system meets the documented security requirements
CFB Cipher Feedback, a stream mode DES that is similar to block-mode CBC
Chain of custody Requires that once evidence is acquired, full documentation regarding who, what, when, and where evidence was handled is maintained
Chaining Block cipher mechanism that seeds the previous encrypted block into the next block to be encrypted
Challenge Handshake Authentication Protocol See—CHAP
Change management The process of understanding, communicating, and documenting changes
Channel Service Unit/Data Service Unit See—CSU/DSU
CHAP Challenge Handshake Authentication Protocol, a more secure network authentication protocol that uses a shared secret
Charged Couple Discharge See—CCD
Checklist testing Lists all necessary components required for successful recovery, and ensures that they are, or will be, readily available should a disaster occur. Also known as consistency testing
Chinese Wall Model Model designed to avoid conflicts of interest by prohibiting one person, like a consultant, from accessing multiple conflict of interest categories (CoIs)
CIA triad Confidentiality, Integrity, and Availability
CIDR Classless Inter-Domain Routing, allows for many network sizes beyond the arbitrary stateful network sizes
Cipher A cryptographic algorithm
Cipher Block Chaining See—CBC
Cipher disk Cryptographic device that uses two concentric disks, each with an alphabet around the periphery
Cipher Feedback See—CFB
Ciphertext An encrypted message
Circuit-level proxy Proxy firewall that operates at Layer 5
Circuit-switched network Network that provides a dedicated circuit or channel between two nodes
Circumstantial evidence Evidence that serves to establish the circumstances related to particular points or even other evidence
CIRT Computer Incident Response Team, a team that performs incident handling
CISC Complex Instruction Set Computer, CPU instructions that are longer and more powerful
Civil law Law that resolves disputes between individuals or organizations
Civil law (legal system) Legal system that leverages codified laws or statutes to determine what is considered within the bounds of law
Clark-Wilson Real-world integrity model that protects integrity by having subjects access objects via programs
Class I gate Residential gate designed for home use
Class II gate Commercial gate, such as a parking garage gate
Class III gate Industrial/limited access gate, such as a large loading dock
Class IV gate Restricted Access gate, used at an airport or prison
Classful addresses IPv4 networks in classes A through E
Classless Inter-Domain Routing See—CIDR
Clearance A determination, typically made by a senior security professional, about whether or not a user can be trusted with a specific level of information
Client-side attacks Attack where a user downloads malicious content
Clipper Chip (Failed) 1993 Escrowed Encryption Standard (EES), which used the Skipjack algorithm
Clipping level A minimum reporting threshold level
Closed Circuit Television See—CCTV
Closed source Software released in executable form: the source code is kept confidential
Closed system System using proprietary hardware or software
CMM Capability Maturity Model, a maturity framework for evaluating and improving the software development process
CMP Crisis Management Plan
Coaxial Network cabling that has an inner copper core separated by an insulator from a metallic braid or shield
COBIT Control Objectives for Information and related Technology, a control framework for employing information security governance best practices within an organization
COCOM Committee for Multilateral Export Controls, a munitions law which was in effect from 1947 to 1994. It was designed to control the export of critical technologies (including cryptography) to “Iron Curtain” countries during the cold war
Code Repositories Secure service for storing source code of projects, a public example is GitHub
Codebreakers (The) David Kahn’s history of cryptography
Cohesion OOP concept that describes an independent object. Objects with high cohesion have low coupling
Cold site A backup site with raised floor, power, utilities, and physical security, and no configured systems or data
Collection Limitation Principle OECD Privacy Guideline principle which states personal data collection should have limits, be obtained in a lawful manner, and, unless there is a compelling reason to the contrary, with the individuals knowledge and approval
Collision Two or more plaintexts that generate the same hash
Collusion An agreement between two or more individuals to subvert the security of a system
Color of law Acting on the authority of law enforcement
COM Component Object Model, locates, and connects objects locally
Combinatorial software testing Black box testing method that seeks to identify and test all unique combinations of software inputs
Commandments of Computer Ethics The Computer Ethics Institute code of ethics
Commit Makes changes to a database permanent
Common Criteria An internationally agreed upon standard for describing and testing the security of IT products
Common law Legal system that places significant emphasis on particular cases and judicial precedent as a determinant of laws
Common Object Request Broker Architecture See—CORBA
Compartmentalization Technical enforcement of need to know
Compensating controls Additional security controls put in place to compensate for weaknesses in other controls
Compensatory damages Damages provides as compensation
Compiler Convert source code, such as C or Basic, and compile it into machine code
Complex Instruction Set Computer See—CISC
Component Object Model See—COM
Computer bus The primary communication channel on a computer system
Computer crimes Crimes using computers
Computer Fraud and Abuse Act Title 18 United States Code Section 1030
Computer Incident Response Team See—CIRT
Computer Security Incident Response Team See—CSIRT
Computer-Aided Software Engineering See—CASE
Commercial Off-the-Shelf Software See—COTS
Conduct the business impact analysis (BIA) Second step of the NIST SP 800-34 contingency planning process
Confidentiality Seeks to prevent the unauthorized disclosure of information
Configuration management The process of developing a consistent system security configuration that can be leveraged throughout an organization
Confusion The relationship between the plaintext and ciphertext should be as confused (or random) as possible
Consistency testing See—Checklist testing
Constrained user interface Presents a user with limited controls on information, such as an ATM keypad
Containment phase Incident response phase that attempts to keep further damage from occurring as a result of the incident
Content-dependent access control Adds additional criteria beyond identification and authentication: the actual content the subject is attempting to access
Content Distribution Networks See—CDN
Context-dependent access control Adds additional criteria beyond identification and authentication: the context of the access, such as time
Continuity of Operations Plan See—COOP
Continuity of Support Plan Focuses narrowly on support of specific IT systems and applications
Continuity Planning Project Team See—CPPT
Contraband check Seek to identify objects that are prohibited to enter a secure perimeter (such as an airplane)
Control Objectives for Information and related Technology See—COBIT
Control unit CPU component that acts as a traffic cop, sending instructions to the ALU
Convergence All routers on a network agree on the state of routing
COOP Continuity of Operations Plan, a plan to maintain operations during a disaster
Copyright Type of intellectual property that protects the form of expression in artistic, musical, or literary works
CORBA Common Object Request Broker Architecture, an open vendor-neutral networked object broker framework
Corrective controls Controls that correct a damaged system or process
Corroborative evidence Evidence that provides additional support for a fact that might have been called into question
COTS Commercial Off-the-Shelf Software, third-party developed commercial software available to the general public
Counter Mode See—CTR
Counter Mode CBC MAC Protocol See—CCMP
Coupling OOP concept that connects objects to others. Highly coupled objects have low cohesion
Covert channel Any communication that violates security policy
CPPT Continuity Planning Project Team, a team comprised of stakeholders within an organization and focuses on identifying who would need to play a role if a specific emergency event were to occur
CPU Central Processing Unit, the “brains” of the computer, capable of controlling and performing mathematical calculations
Cracker A black hat hacker
Criminal law Law where the victim can be seen as society itself
Crippleware Partially functioning proprietary software, often with key features disabled. The user is typically required to make a payment to unlock the full functionality
Crisis Management Plan See—CMP
CRL Certificate Revocation Lists, PKI component which lists digital certificates that have been revoked
Crossover Genetic algorithm concept that combines two algorithms
Crossover Error Rate See—CER
Cross-Site Request Forgery See—CSRF
Cross-Site Scripting See—XSS
Cryptanalysis The science of breaking encrypted messages (recovering their meaning)
Cryptographic Protocol Governance Describes the process of selecting the right cipher and implementation for the right job
Cryptography Science of creating messages whose meaning is hidden
Cryptology The science of secure communications
CSIRT Computer Security Incident Response Team, the group that is tasked with monitoring, identifying, and responding to security incidents
CSMA Carrier Sense Multiple Access, a method used by Ethernet networks to allowed shared usage of a baseband network, and avoid collisions
CSRF Cross-Site Request Forgery, third-party redirect of static content within the security context of a trusted site
CSU/DSU Channel Service Unit/Data Service Unit, DCE device
CTR Counter, a stream mode of DES that uses a counter for feedback
Custodian Provides hands-on protection of assets
Customary Law Customs or practices that are so commonly accepted by a group that the custom is treated as a law
CWR New TCP flag, Congestion Window Reduced
Cyber Incident Response Plan Plan designed to respond to disruptive cyber events, including network-based attacks, worms, computer viruses, Trojan horses, etc
Cybersquatting Registering Internet domain names associated with another organization’s intellectual property
DAC Discretionary Access Control, gives subjects full control of objects they have or been given access to, including sharing the objects with other subjects
DAD Disclosure, Alteration, and Destruction, the opposite of Confidentiality, Integrity, and Availability
DARPA Defense Advanced Research Projects Agency, funders of the original MILNET and ARPANET
Data controllers Role that creates and manages sensitive data within an organization. Human resources employees are an example: they create and manage sensitive data, such as salary and benefit data, reports from employee sanctions, etc
Data Circuit-Terminating Equipment See—DCE
Data Definition Language See—DDL
Data dictionary Contains a description of the database tables, including the schema, database view information, and information about authorized database administrator and user accounts
Data Encryption Algorithm See—DEA
Data Encryption Standard See—DES
Data Execution Prevention See—DEP
Data hiding See—Encapsulation (object)
Data link layer Layer 2 of the OSI model, handles access to the physical layer as well as local area network communication
Data Manipulation Language See—DML
Data mining Used to search for patterns, such as fraudulent activity, in a data warehouse
Data Owner A management employee responsible for assuring that specific data is protected
Data processor Role that manages data on behalf of data controllers. An outsourced payroll company is an example of a data processor
Data Quality Principle OECD Privacy Guideline principle that states personal data should be complete, accurate, and maintained in a fashion consistent with the purposes for the data collection
Data remanence See—Remanence
Data Terminal Equipment See—DTE
Data warehouse A large collection of data
Database A structured collection of related data
Database Administrators See—DBA
Database journal A log of all database transactions. Should a database become corrupted, the database can be reverted to a backup copy, and then subsequent transactions can be “replayed” from the journal, restoring database integrity
Database Management System See—DBMS
Database replication Mirrors a live database, allowing simultaneous reads and writes to multiple replicated databases by clients
Database shadowing Two or more identical databases that are updated simultaneously
Database view The result of a database query
DBA Database Administrators, role that manages databases
DBMS Database Management System, controls all access to the database and enforces database security
DCE Data Circuit-Terminating Equipment, a device that networks DTEs, such as a router
DCOM Distributed Component Object Model, locates, and connects objects across a network
DDL Data Definition Language, used to create, modify, and delete tables
DDoS Distributed Denial of Service, an availability attack using many systems
DEA Data Encryption Algorithm, described by DES
Deadbolt A rigid locking mechanism that is held in place by a key, and prevents the door from opening or fully closing when extended
Decryption Converts a ciphertext into plaintext
Defense-in-depth Application of multiple safeguards that span multiple domains to protect an asset
Defined CMM phase 3
Degaussing Destroying the integrity of the magnetization of the storage media, making the data unrecoverable
Demarc Demarcation point, where the ISP’s responsibility ends, and the customer’s begins
Demilitarized Zone See—DMZ
Denial of Service See—DoS
DEP Data Execution Prevention, which can be enabled within hardware and/or software, and makes specific pages of the stack non-executable
Depth of field The area that is in focus
DES Data Encryption Standard, a symmetric block cipher using a 56-bit key and 64-bit block size
Detection phase Incident response phase that analyzes events in order to determine whether they might comprise a security incident
Detective controls Controls that alert during or after a successful attack
Deterrent controls Deter users from performing actions on a system
Develop an IT contingency plan Fifth step of the NIST SP 800-34 contingency planning process
Develop recovery strategies Fourth step of the NIST SP 800-34 contingency planning process
Develop the contingency planning policy statement First step of the NIST SP 800-34 contingency planning process
DevOps A more agile development and support model, echoing agile programming methods including Sashimi and Scrum. Developers directly support operational functions
DHCP Dynamic Host Configuration Protocol, assigns temporary IP address leases to systems, as well as DNS and default gateway configuration
Diameter RADIUS’ successor, designed to provide an improved Authentication, Authorization, and Accounting (AAA) framework
Dictionary attack Password cracking method that uses a predefined list of words, like a dictionary, running each word through a hash algorithm
Differential backup An archive of any files that have been changed since the last full backup was performed
Differential cryptanalysis Seeks to find the “difference” between related plaintexts that are encrypted
Diffie-Hellman Key Agreement Protocol Key agreement allows two parties to securely agree on a symmetric key via a public channel with no prior key exchange
Diffusion The order of the plaintext should be dispersed in the ciphertext
Digital Communication that transfers data in bits: ones and zeroes
Digital signature Provides nonrepudiation, which includes authentication of the identity of the signer, and proof of the document’s integrity
Digital Subscriber Line See—DSL
Direct evidence Testimony provided by a witness regarding what the witness actually experienced
Direct Sequence Spread Spectrum See—DSSS
Directory Path Traversal Escaping from the root of a web server (such as /var/www) into the regular file system by referencing directories such as “../..”
Disassembler Attempts to convert machine language into assembly
Disaster Any disruptive event that interrupts normal system, operations
Disaster Recovery Plan See—DRP
Disclosure, Alteration and Destruction See—DAD
Discretionary Access Control See—DAC
Diskless workstation Computer systems that contains CPU, memory and firmware, but no hard drive, type of thin client
Distance vector Routing protocol that uses a simple metric, such as hop count
Distributed Component Object Model See—DCOM
Distributed Denial of Service See—DDoS
Distributed Network Protocol See—DPN3
Divestitures Also known as de-mergers and de-acquisitions, and represent the flip side of acquisitions: one company becomes two or more
DML Data Manipulation Language, used to query and update data stored in the tables
DMZ Demilitarized Zone network, used to separate trusted from untrusted networks
DNP3 Distributed Network Protocol, provides an open standard used primarily within the energy sector for interoperability between various vendors’ SCADA and smart grid applications
DNS Domain Name System, a distributed global hierarchical database that translates names to IP addresses, and vice versa
DNS reflection attack Spoofed DoS attack using third-party DNS servers
DNSSEC Domain Name Server Security Extensions, provides authentication and integrity to DNS responses via the use of public key encryption
Domain Name Server Security Extensions See—DNSSEC
Domain Name System See—DNS
Domains of trust Access control model used by Windows Active Directory
DoS Denial of Service, an attack on availability
DRAM Dynamic Random Access Memory, stores bits in small capacitors (like small batteries), cheaper, and slower than SRAM
DRP Disaster Recovery Plan, a short-term plan to recover from a disruptive event
DSL Digital Subscriber Line, uses existing copper pairs to provide digital service to homes and small offices
DSSS Direct Sequence Spread Spectrum, uses the entire wireless band at once
DTE Data Terminal Equipment, a network “terminal,” such as a desktop, server, or actual terminal
DTE/DCE Connection that spans the demarc
Dual-factor authentication See—Strong authentication
Dual-homed host Host with two network interfaces: one connected to a trusted network, and the other connected to an untrusted network
Due care Requires that key organizational stakeholders are prudent in carrying out their duties, aka the “prudent man rule.”
Due diligence The management of due care
Dumpster diving A physical attack in which a person recovers trash in hopes of finding sensitive information that has been merely discarded in whole rather than being destroyed
Dynamic Host Configuration Protocol See—DHCP
Dynamic password Changes at regular intervals
Dynamic signatures Biometric control that measures the process by which someone signs their name
Dynamic testing Tests code while executing it
E1 Dedicated 2.048 megabit circuit that carries 30 channels
E3 24 E1s
EAP Extensible Authentication Protocol, a layer 2 authentication framework that describes many specific authentication protocols
EAP-FAST EAP-Flexible Authentication via Secure Tunneling, designed by Cisco to replace LEAP
EAP Over LAN See—EAPOL
EAP-Transport Layer Security See—EAP-TLS
EAP Tunneled Transport Layer Security See—EAP-TTLS
EAP-TLS EAP—Transport Layer Security, uses PKI, requiring both server-side and client-side certificates
EAP-TTLS EAP Tunneled Transport Layer Security, simplifies EAP-TLS by dropping the client-side certificate requirement
EAPOL EAP Over LAN, a layer 2 protocol for varying EAP
ECB Electronic Code Book mode, the simplest and weakest mode of DES
ECE New TCP flag, Explicit Congestion Notification Echo
ECPA Electronic Communications Privacy Act, provides search and seizure protection to non-telephony electronic communications
eDiscovery Electronic Discovery, pertains to legal counsel gaining access to pertinent ESI (Electronic Stored Information) during the pre-trial discovery phase of civil legal proceedings
EEPROM Electrically-Erasable Programmable Read Only Memory, electrically erasable memory via the use of flashing program
EF Exposure Factor, the percentage of value an asset lost due to an incident
EGP Exterior Gateway Protocol
Electrically-Erasable Programmable Read Only Memory See—EEPROM
Electronic backups Data that is stored electronically and can be retrieved in case of disruptive event or disaster
Electronic Code Book See—ECB
Electronic Communications Privacy Act See—ECPA
Electronic Discovery See—eDiscovery
Electronic vaulting Batch process of electronically transmitting data that is to be backed up on a routine, regularly scheduled time interval
Emanations Energy which escape an electronic system, and which may be remotely monitored under certain circumstances
Emergency Operations Center See—EOC
Encapsulating Security Payload See—ESP
Encapsulation (network) Takes information from a higher network layer and adds a header to it, treating the higher-layer information as data
Encapsulation (object) Contains and hides the details of an object’s method
Encryption Converts the plaintext to a ciphertext
End-User License Agreement See—EULA
Enigma Rotor machine used by German Axis powers during World war II
Enrollment The process of enrolling with a system (such as a biometric authentication system), creating an account for the first time
Enticement Making the conditions for commission of a crime favorable for those already intent on breaking the law
Entitlements The permissions granted to a user
Entity integrity Requires that each tuple has a unique primary key that is not null
Entrapment A legal defense where the defendant claims an agent of law enforcement persuaded the defendant to commit a crime that he or she would otherwise not have committed
EOC Emergency Operations Center, the command post established during or just after an emergency event
Ephemeral ports TCP/IP ports 1024 and higher
EPROM Erasable Programmable Read Only Memory, memory which may be erased with ultraviolet light
Eradication phase Incident response phase that cleans a compromised system
Erasable Programmable Read Only Memory See—EPROM
ESP Encapsulating Security Payload, IPsec protocol which Payload primarily provides confidentiality by encrypting packet data
Ethernet Dominant local area networking technology that transmits network data via frames
Ethics Doing what is morally right
EU Data Protection Directive Privacy directive which allows for the free flow of information while still maintaining consistent protections of each member nation’s citizen’s data
EULA End-User License Agreement, a form of software licensing agreement
Exclusive Or See—XOR
Executive Succession Planning Determines an organization’s line of succession
Exfiltration Policy-violating removal of sensitive data from a secure perimeter
Exigent circumstances With respect to evidence acquisition, justification for the seizure of evidence without a warrant due to the extreme likelihood that the evidence will be destroyed
Expert systems Seeks to replicate the knowledge and decision-making capability of human experts
Exposure Factor See—EF
Extensible Authentication Protocol See—EAP
Extensible Markup Language See—XML
Exterior Gateway Protocol See—EGP
Extranet A connection between private Intranets
Extreme Programming See—XP
Facial scan Biometric control takes compares a picture of a face to pictures stored in a database
Failover cluster See—High availability cluster
Fair use doctrine Allows someone to duplicate copyrighted material without requiring the payment, consent, or even knowledge of the copyright holder
False Accept Rate See—FAR
False Reject Rate See—FRR
FAR False Accept Rate, occurs when an unauthorized subject is accepted as valid. Also known as a type II error
Faraday Cage Shields enclosed objects from EMI
FCoE Fibre Channel over Ethernet, Storage Area Network (SAN) protocol that leverages Fibre Channel, but can be transmitted across standard Ethernet networks. Does not use TCP/IP
FCIP Fibre Channel over IP, Storage Area Network (SAN) protocol that encapsulates Fibre Channel frames via Ethernet and TCP/IP
FDDI Fiber Distributed Data Interface, legacy LAB technology that uses light
FDE Full Disk Encryption, also called Whole Disk Encryption
FDX See—Fetch and execute
Federated Identity Management See—FIdM
Feedback Stream cipher mechanism that seeds the previous encrypted bit into the next bit to be encrypted
Fetch and execute Mechanism that allows the CPU to receive machine language instructions and execute them. Also called “Fetch, Decode, Execute,” or FDX
FHSS Frequency Hopping Spread Spectrum, uses a number of small frequency channels throughout the wireless band and “hops” through them in pseudorandom order
Fibre Channel Non-Ethernet/IP fiber optic storage technology
Fibre Channel over Ethernet See—FCoE
Fibre Channel over IP See—FCIP
FIdM Federated Identity Management, applies Single Sign On at a much wider scale: ranging from cross-organization to Internet scale
Fiber Distributed Data Interface See—FDDI
Fiber Optic network cable Uses light to carry information
Field of view The entire area viewed by a camera
File Transfer Protocol See—FTP
FIN TCP flag, finish a connection (gracefully)
Fingerprint scan Biometric scan of the minutiae (specific details of the fingerprint)
Firewall Device that filter traffic based on layers 3 (IP addresses) and 4 (ports)
Firmware Stores small programs that do not change frequently, such as a computer’s BIOS
First sale doctrine Allows a legitimate purchaser of copyrighted material to sell it to another person
Fitness function Genetic algorithm concept that assigns a score to an evolved algorithm
Flash memory A specific type of EEPROM, used for small portable disk drives
Flat file Text file that contains multiple lines of data, each in a standard format
Footcandle One lumen per square foot
Foreign key A key in a related database table that matches a primary key in the parent database
Formal access approval Documented approval from the data owner for a subject to access certain objects
Forward chaining Expert system mode that starts with no premise, and works forward to determine a solution
Fourth-generation programming language See—4GL
Fraggle attack Smurf attack variation which uses UDP instead of ICMP
Frame Layer 2 PDU
Free software Controversial term that is defined differently by different groups. “Free” may mean free of charge, or “free” may mean the user is free to use the software in any way they would like, including modifying it
Freeware Software that is free of charge
Frequency Hopping Spread Spectrum See—FHSS
FRR False Reject Rate occurs when an authorized subject is rejected as invalid. Also known as a type I error
FTP File Transfer Protocol, used to transfer files to and from servers
Full backup An archive of all files
Full disclosure The controversial practice of releasing vulnerability details publicly
Full Disk Encryption See—FDE
Full duplex Two-way simultaneous transmission, like two people having a face-to-face conversation
Full knowledge test A penetration test where the tester is provided with inside information at the start of the test
Fuzz testing See—Fuzzing
Fuzzing A type of black box testing that enters random malformed data as inputs into software programs to determine if they will crash
GAN Global Area Network; a global collection of WANs
Genetic algorithms Creating computer algorithms via Darwinian evolution principals
Genetic programming Creating entire software programs (usually in the form of Lisp source code) via Darwinian evolution principals
GFS Grandfather-Father-Son, a backup rotation method
GIG Global Information Grid, the US DoD global network, one of the largest private networks in the world
GLBA Gramm-Leach-Bliley Act, requires financial institutions to protect the confidentiality and integrity of consumer financial information
Global Area Network See—GAN
Global Information Grid See—GIG
Graham-Denning Model Has three parts objects, subjects and rules. It provides a more granular approach for interaction between subjects and objects
Gramm-Leach-Bliley Act See—GLBA
Grandfather-Father-Son See—GFS
Gross negligence The opposite of due care
Guideline A recommendation, administrative control
Hacker Controversial term that may mean explorer or someone who maliciously attacks systems
Hacktivist Hacker activist, someone who attacks computer systems for political reasons
Half duplex Sends or receives at one time only (not simultaneously), like a walkie-talkie
Hand geometry Biometric control that uses measurements from within specific points on the subject’s hand
Hardcopy data Any data that is accessed through reading or writing on paper rather than processing through a computer system
Harrison-Ruzzo-Ullman Model Maps subjects, objects, and access rights to an access matrix. It is considered a variation to the Graham-Denning Model
Hash Function One-way encryption using an algorithm and no key
Hash of Variable Length See—HAVAL
Hashed Message Authentication Code See—HMAC
HAVAL Hash of Variable Length, a hash algorithm that creates message digests of 128, 160, 192, 224, or 256 bits in length, using 3, 4, or 5 rounds
HDLC High-Level Data Link Control, the successor to SDLC
HDSL High-data-rate DSL, matches SDSL speeds using two pairs of copper
Health Insurance Portability and Accountability Act See—HIPAA
Hearsay Second-hand evidence
Hebern Machines Class of cryptographic devices known as rotor machines, includes Enigma and SIGABA
HIDS Host-based Intrusion Detection System, a detective technical control
Hierarchical database Database that forms a tree
High availability cluster Multiple systems that can be seamlessly leveraged to maintain the availability of the service or application being provided. Also called a failover cluster
High-data-rate DSL See—HDSL
High-Level Data Link Control See—HDLC
HIPAA Health Insurance Portability and Accountability Act, United States regulation which protects healthcare information
HIPS Host-based Intrusion Prevention System, preventive device that processes information within the host
HMAC Hashed Message Authentication Code provides integrity by combining symmetric encryption with hashing
Hold-down timer Distance vector routing protocol safeguard that avoids flapping
Honeynet A network of honeypots
Honeypot A system designed to attract attackers
Host-based Intrusion Detection Systems See—HIDS
Host-based Intrusion Prevention System See—HIPS
Host-to-host layer See—Transport layer (TCP/IP)
Host-to-host transport layer See—Transport layer (TCP/IP)
Hot site A backup site with all necessary hardware and critical applications data mirrored in real time
HTML Hypertext Markup Language, used to display web content
HTTP Hypertext Transfer Protocol, a protocol to transmit web data via a network
HTTPS Hypertext Transfer Protocol Secure, HTTP using SSL or TLS
Hub Layer 1 network access device that acts as a multiport repeater
Hybrid attack Password attack that appends, prepends or changes characters in words from a dictionary
Hybrid risk analysis Combines quantitative and qualitative risk analysis
Hypertext Markup Language See—HTML
Hypertext Transfer Protocol See—HTTP
Hypertext Transfer Protocol Secure See—HTTPS
Hypervisor Software or operating system that controls access between virtual guests and host hardware
Hypervisor mode Allows guests to operate in ring 0, controlled by a hypervisor in ring “-1”
I/O Controller Hub See—Southbridge
IaaS Infrastructure as a Service, provides an entire virtualized operating system, which the customer configures from the OS on up
ICC See—Smartcard
ICH See—Southbridge
ICMP Internet Control Message Protocol,
IDaaS Identity as a Service, also called cloud identity, allows organizations to leverage cloud service for identity management
IDEA International Data Encryption Algorithm, a symmetric block cipher using a 128-bit key and 64-bit block size
Identification Association of an individual
Identify preventive controls Third step of the NIST SP 800-34 contingency planning process
Identity as a Service See—IDaaS
IDL Interface Definition Language, used by CORBA objects to communicate
IDS Intrusion Detection System, a detective technical control
IGP Interior Gateway Protocol
IKE Internet Key Exchange, manages the IPsec encryption algorithm
IMAP Internet Message Access Protocol, an email client protocol
Impact The severity of damage, sometimes expressed in dollars (value)
Incremental backup An archive of all files that have changed since the last backup of any kind was performed
Individual Participation Principle OECD Privacy Guideline principle that states individuals should have control over their data
Industrial, Scientific and Medical See—ISM
Inference Deductive attack where a user is able to use lower-level access to learn restricted information
Inference engine Expert system component that follows the tree formed by knowledge base, and fires a rule when there is a match
Information Technology Infrastructure Library See—ITIL
Information Technology Security Evaluation Criteria See—ITSEC
Infrastructure as a Service See—IaaS
Inheritance Objects inherit capabilities from their parent class
Initial CMM phase 1
Installation Testing Testing software as it is installed and first operated
Instance One copy of an object
Integrated Circuit Card See—Smartcard
Integrated Product Team See—IPT
Integrated Services Digital Network See—ISDN
Integration Testing Testing multiple software components as they are combined into a working system
Integrity Seeks to prevent unauthorized modification of information
Intellectual property Intangible property that resulted from a creative act
Interface Definition Language See—IDL
Interface testing Tests all the ways users can interact with the application, and is concerned with appropriate functionality being exposed. From a security-oriented vantage point, the goal is to ensure that security is uniformly applied across the various interfaces
Interior Gateway Protocol See—IGP
International Data Encryption Algorithm See—IDEA
Internet A global collection of peered networks running TCP/IP
Internet Control Message Protocol See—ICMP
Internet Key Exchange See—IKE
Internet layer TCP/IP model layer that aligns with the Layer 3 of the OSI model, describes IP addresses and routing
Internet Message Access Protocol See—IMAP
Internet of Things See—IOT
Internet Protocol See—IP
Internet Protocol Security See—IPsec
Internet Relay Chat See—IRC
Internet Security Association and Key Management Protocol See—ISAKMP
Internet Small Computer System Interface See—iSCSI
Interpreted code Code that is compiled on the fly each time the program is run
Interrupt Indicates an asynchronous CPU event has occurred
Intranet A privately owned network running TCP/IP
Intrusion Detection System See—IDS
Intrusion Prevention System See—IPS
IOT Internet of Things, Internet-connected embedded devices such as thermostats, baby monitors, appliances, light bulbs, smart meters, etc
IP Internet protocol, includes IPv4 and IPv6
IPS Intrusion Prevention System, a preventive device designed to prevent malicious actions
IPsec Internet Protocol Security, a suite of protocols that provide a cryptographic layer to both IPv4 and IPv6
IPT Integrated Product Team, a customer-focused group that focuses on the entire lifecycle of a project
IPv4 Internet Protocol version 4, commonly called IP. It is the fundamental protocol of the Internet
IPv6 Internet Protocol version 6, the successor to IPv4, featuring far larger address space, simpler routing, and simpler address assignment
IPv6 autoconfiguration Autoconfiguration of a unique IPv6 address, omitting the need for static addressing or DHCP
IRC Internet Relay Chat, a global network of chat servers and clients
Iris scan Passive biometric scan of the iris (colored portion of the eye)
ISAKMP Internet Security Association and Key Management Protocol, manages the IPsec Security Association process
iSCSI Internet Small Computer System Interface, Storage Area Network (SAN) protocol transmitted via Ethernet and TCP/IP
ISDN Integrated Services Digital Network, provides digital service via copper pair
ISM Industrial, Scientific, and Medical, wireless bands set aside for unlicensed use
ISO 17799 A broad-based approach for information security code of practice by the International Organization for Standardization
ISO 22301 Management-focused business continuity guideline called “Business continuity management systems - Requirements”
ISO/IEC-27031 Technically-focused business continuity guideline that is part of the ISO 27000 series
ITIL Information Technology Infrastructure Library, is a framework for providing best services in IT Service Management
ITSEC Information Technology Security Evaluation Criteria, the first successful international evaluation model
Java An object-oriented language used not only to write applets, but also as a general-purpose programming language
JavaScript Object Notation See—JSON
Jefferson Disks Cryptographic device invented by Thomas Jefferson that used multiple wheels, each with an entire alphabet along the ridge
JSON JavaScript Object Notation, a data interchange format
KDC Key Distribution Center, a Kerberos service that authenticates principals
Kerberos A third-party authentication service that may be used to support Single Sign On
Kernel The heart of the operating system, that usually runs in ring 0. It provides the interface between hardware and the rest of the operating system, including applications
Key Distribution Center See—KDC
Key lock Preventive device that requires a physical key to unlock
Keyboard dynamics Biometric control that refers to how hard a person presses each key and the rhythm by which the keys are pressed
Keyboard unit The external keyboard
Knowledge base Expert system component that consists of “if/then” statements
L2F Layer 2 Forwarding, designed to tunnel PPP
L2TP Layer 2 Tunneling Protocol, combines PPTP and L2F
Label Security level assigned to an object, such as confidential, secret or top secret
LAN Local Area Network, a comparatively small network, typically confined to a building or an area within one
LAND attack DoS attack which uses a spoofed SYN packet that includes the victim’s IP address as both source and destination
Lattice-Based Access Controls Nondiscretionary access control with defined upper and lower bounds implemented by the system
Layer 2 Tunneling Protocol See—L2TP
Layered defense See—Defense-in-depth
Layering Separates hardware and software functionality into modular tiers
LCP Link Control Protocol, the initial unauthenticated connected used by CHAP
LDAP Lightweight Directory Access Protocol, open protocol for interfacing and querying directory service information provided by network operating systems. Uses port 389 via TCP or UDP
LEAP Lightweight Extensible Authentication Protocol, a Cisco-proprietary protocol released before 802.1X was finalized
Least privilege See—Principle of least privilege
Legal liability Liability enforced through civil law
Lightweight Directory Access Protocol See—LDAP
Lightweight Extensible Authentication Protocol See—LEAP
Linear cryptanalysis Known plaintext attack where the cryptanalyst finds large amounts of plaintext/ciphertext pairs created with the same key
Link Control Protocol See—LCP
Link state Routing protocols that factor in additional metrics for determining the best route, including bandwidth
Live forensics Taking a binary image of physical memory, gathering details about running processes, and gathering network connection data
LLC Logical Link Control, layer 2 protocol that handles LAN communications
Local Area Network See—LAN
Lock bumping Attack on locks using a shaved key, which bumps the pins, allowing the lock to turn
Lock picking The art of unlocking a lock without a key
Logic bomb A malicious program that is triggered when a logical condition is met, such as after a number of transactions have been processes, or on a specific date
Logical Link Control See—LLC
Logical Unit Numbers See—LUN
Lumen The amount of light one candle creates
LUN Logical Unit Numbers, provide a way of addressing storage across the network. Also used for basic access control for network accessible storage
Lux One lumen per square meter
LWP See—Thread
MAC (Access Control) Mandatory Access Control, system-enforced access control based on subject’s clearances and object’s labels
MAC (Telecommunications) Media Access Control, layer 2 protocol that transfers data to and from the physical layer
MAC address Layer 2 address of a NIC
Machine code Software that is executed directly by the CPU
MAD See—MTD
Magnetic stripe card Passive device that contains no circuits. Sometimes called swipe cards: they are used by swiping through a card reader
Maintenance hook Shortcut installed by system designers and programmers to allow developers to bypass normal system checks during development
Malicious Code See—Malware
Malware Malicious software, any type of software which attacks an application or system
MAN Metropolitan Area Network, typically confined to a city, a zip code, or a campus or office park
Managed CMM phase 4
Managed mode 802.11 mode that clients use to connect to an AP
Mandatory Access Control See—MAC
Mandatory leave Forcing staff to take vacation or time away from the office. Also known as forced vacation
Mantrap A preventive physical control with two doors. Each door requires a separate form of authentication to open
Master mode 802.11 mode used by APs
Maximum Allowable Downtime See—MTD
Maximum Tolerable Downtime See—MTD
Maximum Transmission Unit See—MTU
MCH See—Northbridge
MD5 Message Digest 5, a hash function that creates a 128-bit message digest
Mean Time Between Failures See—MTBF
Mean Time to Repair See—MTTR
Media Access Control See—MAC
Memory Volatile or nonvolatile computer storage
Memory Controller Hub See—Northbridge
Mesh Physical network topology that interconnects network nodes to each other
Message Digest 5 See—MD5
Message Integrity Check See—MIC
Method The function performed by an object
Metropolitan Area Network See—MAN
MIC Message Integrity Check, integrity protocol used by WPA2
Microkernels A modular kernel
Microwave motion detector Active motion detector that uses microwave energy
Middleware Connects programs to programs
Minimum Operating Requirements See—MOR
Minutiae Specific fingerprint details that include whorls, ridges, bifurcation, and others
Mirroring Complete duplication of data to another disk, used by some levels of RAID
Mission Owners See—Business Owners
Mobile sites DRP backup site option that is a “data centers on wheels”; towable trailers that contain racks of computer equipment, as well as HVAC, fire suppression and physical security
Modem Modulator/Demodulator; takes binary data and modulates it into analog sound that can be carried on phone networks
Modes of Operation Dedicated, system-high, compartmented, and multilevel modes
Monitor mode 802.11 read-only mode used for sniffing
Monoalphabetic cipher Substitution cipher using one alphabet
Monolithic kernel A statically compiled kernel
MOR Minimum Operating Requirements, describes the minimum environmental and connectivity requirements in order to operate computer equipment
Motherboard Contains computer hardware including the CPU, memory slots, firmware, and peripheral slots such as PCI (Peripheral Component Interconnect) slots
MPLS Multiprotocol Label Switching, provides a way to forward WAN data via labels
MTBF Mean Time Between Failures, quantifies how long a new or repaired system will run on average before failing
MTD Maximum Tolerable Downtime, the total time a system can be inoperable before an organization is severely impacted
MTTR Mean Time to Repair, describes how long it will take to recover a failed system
MTU Maximum Transmission Unit, the maximum PDU size on a network
Multicast One-to-many network traffic, and the “many” is preselected
Multipartite virus Virus that spreads via multiple vectors. Also called multipart virus
Multiprocessing Runs multiple processes on multiple CPUs
Multiprotocol Label Switching See—MPLS
Multitasking Allows multiple tasks (heavy weight processes) to run simultaneously on one CPU
Mutation Genetic algorithm concept that introduces random changes to algorithms
Mutual Aid Agreement See—Reciprocal agreement
NAT Network Address Translation, translates IP addresses
NDA Nondisclosure agreement, a contractual agreement that ensures that an individual or organization appreciates their legal responsibility to maintain the confidentiality of sensitive information
Need to know Requirement that subjects need to know information before accessing it
Network access layer TCP/IP model layer that combines layers 1 and 2 of the OSI model. It describes Layer 1 issues such as energy, bits, and the medium used to carry them
Network Address Translation See—NAT
Network Interface Card See—NIC
Network Intrusion Prevention System See—NIPS
Network layer Layer 3 of the OSI model, describes routing data from a system on one LAN to a system on another
Network model (databases) Type of hierarchical database that allows branches to have two parents
Network model (telecommunications) A description of how a network protocol suite operates
Network stack A network protocol suite programmed in software or hardware
Network-based Intrusion Detection System See—NIDS
NIC Network Interface Card, a card that connects a system to a network
NIDS Network-based Intrusion Detection System, a detective technical control
NIPS Network Intrusion Prevention System, a preventive device designed to prevent malicious network traffic
NIST SP 800-34 NIST Special Publication 800-34 “Contingency Planning Guide for Information Technology Systems”
Nonce Sum See—NS
Nondisclosure agreement See—NDA
Nondiscretionary access control Access control based on subjects’ roles or tasks
Noninterference Model Ensures that data at different security domains remain separate from one another
Non-repudiation Assurance that a specific user performed a specific transaction and assurance that the transaction did not change
Normal Response Mode See—NRM
Normalization Seeks to make the data in a database table logically concise, organized and consistent
Northbridge Connects the CPU to RAM and video memory, also called the Memory Controller Hub (MCH)
NRM Normal response mode, SDLC/HDLC mode where secondary nodes can transmit when given permission by the primary
NS Nonce Sum, the newest TCP flag, used for congestion notification
Object A data file
Object A “black box” that combines code and data, and sends and receives messages
Object encapsulation Treats a process as a “black box”
Object Linking and Embedding See—OLE
Object Request Brokers See—ORBs
Object-Oriented Analysis See—OOA
Object-oriented database Database that combines data with functions (code) in an object-oriented framework
Object-Oriented Design See—OOD
Object-Oriented Programming See—OOP
Occupant Emergency Plan See—OEP
OCSP Online Certificate Status Protocol, a client-server method for looking up revoked certificates
OCTAVE Operationally Critical Threat, Asset, and Vulnerability Evaluation, a risk management framework from Carnegie Mellon University
OECD Privacy Guidelines Organization for Economic Cooperation and Development privacy guidelines, containing eight principles
OEP Occupant Emergency Plan, a facility-based plan focused on safety and evacuation
OFB Output Feedback, a stream mode of DES that uses portions of the key for feedback
OFDM Orthogonal Frequency-Division Multiplexing, a newer wireless multiplexing method, allowing simultaneous transmission using multiple independent wireless frequencies that do not interfere with each other
Offshoring Outsourcing to another country
OLE Object Linking and Embedding, part of DCOM which links documents to other documents
One-Time Pad Theoretically unbreakable encryption using paired pads of random characters
One-time password Password that may be used for a single authentication
Online Certificate Status Protocol See—OCSP
OOA Object-Oriented Analysis, high-level approach to understanding a problem domain that and identifies all objects and their interaction
OOD Object-Oriented Design, a high-level object-oriented approach to designing software
OOP Object-Oriented Programming, changes the older procedural programming methodology, and treats a program as a series of connected objects that communicate via messages
Open Shortest Path First See—OSPF
Open source Software with publicly published source code, allowing anyone to inspect, modify, or compile the code
Open system System using open hardware and standards, using standard components from a variety of vendors
Openness Principle OECD Privacy Guideline principle that states collection and use of personal data should be readily available
Operating system Software that operates a computer
Operationally Critical Threat, Asset, and Vulnerability Evaluation See—OCTAVE
Optimizing CMM phase 5
Orange Book See—TCSEC
ORBs Object Request Brokers, used to locate and communicate with objects
Organizationally Unique Identifier See—OUI
Orthogonal Frequency-Division Multiplexing See—OFDM
OSI model A network model with seven layers: physical, data link, network, transport, session, presentation, and application
OSPF Open Shortest Path First, an open link state routing protocol
OUI Organizationally Unique Identifier, the first 24 bits of a MAC address
Output Feedback See—OFB
Outsourcing Use of a third party to provide Information Technology support services which were previously performed in-house
Overt channel Authorized communication that complies with security policy
PaaS Platform as a Service, provides a pre-configured operating system, and the customer configures the applications
Packet Layer 3 PDU
Packet filter A simple and fast firewall that has no concept of state
Packet-switched network A form of networking where bandwidth is shared and data is carried in units called packets
Pairwise testing Form of combinatorial software testing that tests unique pairs of inputs
PAN Personal Area Network, a very small network with a range of 100 m or much less
Panic bar Egress device that opens externally facing doors from the inside
PAP Password Authentication Protocol, an insecure network authentication protocol that exposes passwords in cleartext
Parallel processing Recovery of critical processing components at an alternate computing facility, without impacting regular production systems
Parent class OOP concept that allows objects to inherit capabilities from parents
Parity A means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance
Partial knowledge test A penetration test where the tester is provided with partial inside information at the start of the test
Passive infrared sensor Passive motion detector that detects infrared energy created by body heat
Passive RFID Unpowered RFID tags
Passphrase A long static password, comprised of words in a phrase or sentence
Password Authentication Protocol See—PAP
Password cracking An offline technique in which the attacker has gained access to the password hashes or database
Password guessing An online technique that involves attempting to authenticate as a particular user to the system
Patch management The process of managing software updates
Patent Intellectual property protection that grants a monopoly on the right to use, make, or sell an invention for a period of time
Payment Card Industry Data Security Standard See—PCI-DSS
PCI-DSS Payment Card Industry Data Security Standard, a security standard created by the Payment Card Industry Security Standards Council (PCI SSC)
PDA Personal Data Assistant, a small networked computer that can fit in the palm of your hand
PDU Protocol Data Unit, a header and data at one layer of a network stack
PEAP Protected EAP, similar to EAP-TTLS, including not requiring client-side certificates
Penetration test Security test designed to determine if an attacker can penetrate an organization
Permutation (Also called transposition) provides confusion by rearranging the characters of the plaintext, anagram-style
Personal Area Network See—PAN
Personal Digital Assistant See—PDA
Personal Identification Number See—PIN
Personally Identifiable Information See—PII
PGP Pretty Good Privacy, software that integrates asymmetric, symmetric and hash cryptography
Phishing Malicious attack that poses as a legitimate site such as a bank, attempting to steal account credentials
Photoelectric motion sensor Active motion detector that sends a beam of light across a monitored space to a photoelectric sensor
Physical controls Implemented with physical devices, such as locks, fences, gates, etc
Physical layer Layer 1 of the OSI model, describes units of data like bits represented by energy, and the medium used to carry them
PII Personally Identifiable Information, data associated with a specific person, such as credit card data
PIN Personal Identification Number, a number-based password
Ping Sends an ICMP Echo Request to a node and listens for an ICMP Echo Reply
Ping of death DoS that sends a malformed ICMP Echo Request (Ping) that is larger than the maximum size of an IP packet
Pipelining CPU feature that combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute and write steps for different instructions
PKI Public Key Infrastructure leverages symmetric, asymmetric and hash-based cryptography to manage digital certificates
Plaintext An unencrypted message
Plan maintenance Seventh step of the NIST SP 800-34 contingency planning process
Plan testing, training, and exercises Sixth step of the NIST SP 800-34 contingency planning process
Platform as a Service See—PaaS
PLD Programmable Logic Device, field-programmable hardware
Point-to-Point Protocol See—PPP
Point-to-Point Tunneling Protocol See—PPTP
Poison reverse Distance vector routing protocol safeguard that sets bad route to infinity
Policy High-level management directives, administrative control
Polyalphabetic cipher Substitution cipher using multiple alphabets
Polyinstantiation Allows two different objects to have the same name. The name is based on the Latin roots for multiple (poly) and instances (instantiation)
Polymorphic virus Virus that changes its signature upon infection of a new system, attempting to evade signature-based antivirus software
Polymorphism OOP concept based on the Greek roots “poly” and “morph,” meaning many and forms, respectively): allows an object to overload an operator, for example
POP Post Office Protocol, an email client protocol
POST Power-On Self-Test, performs basic computer hardware tests, including verifying the integrity of the BIOS, testing the memory, identifying system devices, among other tasks
Post Office Protocol See—POP
POTS Plain Old Telephone Service, analog phone service
Power-On Self-Test See—POST
PPP Point-to-Point Protocol, a Layer 2 protocol that has largely replaced SLIP, adding confidentiality, integrity and authentication
PPTP Point-to-Point Tunneling Protocol, tunnels PPP via IP
Presentation layer Layer 6 of the OSI model, presents data to the application in a comprehensible way
Pretty Good Privacy See—PGP
Preventive controls Prevents actions from occurring
PRI Primary Rate Interface, provides 23 64K digital ISDN channels
Primary key Unique attribute in a relational database table, used to join tables
Primary Rate Interface See—PRI
Principal Kerberos client (user) or service
Principle of least privilege Granting subjects the minimum amount of authorization required to do their jobs, also known as minimum necessary access
Privacy Protection of the confidentiality of personal information
Privacy Act of 1974 Protects US citizens’ data that is being used by the federal government
Private key One half of asymmetric key pair, must be kept secure
Problem domain A specific challenge that needs to be addressed
Procedural languages Programming languages that use subroutines, procedures and functions
Procedure Step-by-step guide for accomplishing a task, administrative control
Process An executable program and its associated data loaded and running in memory
Process isolation Logical control that attempts to prevent one process from interfering with another
Product Owner Scrum role that serves as the voice of the business unit
Programmable Logic Device See—PLD
Programmable Read Only Memory See—PROM
PROM Programmable Read Only Memory, memory that can be written to once, typically at the factory
Promiscuous access The ability to sniff all traffic on a network
Protect society, the commonwealth, and the infrastructure First canon of the (ISC)2® Code of Ethics
Protected EAP See—PEAP
Protocol Data Unit See—PDU
Provide diligent and competent service to principals Third canon of the (ISC)2® Code of Ethics
Proxy firewall Firewalls that terminate connections and act as intermediary servers
Prudent Man Rule Organizations should engage in business practices that a prudent, right thinking, person would consider to be appropriate
Pseudo guard An unarmed security guard
PSH TCP flag, push data to application layer
Public key One half of asymmetric key pair, may be publicly posted
Public Key Infrastructure See—PKI
Punitive damages Damages designed to punish an individual or organization
Purple Allied name for the stepping-switch encryption device used by Japanese Axis powers during World War II
Purpose Specification Principle OECD Privacy Guideline principle that states the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection
PVC Permanent Virtual Circuit, a circuit that is always connected
QoS Quality of Service, gives specific traffic precedence over other traffic on packet-switched networks
Qualitative Risk Analysis RA method which uses approximate values
Quality of Service See—QoS
Quantitative Risk Analysis RA method that uses hard metrics such as dollars
Query language Language that searches and updates a database
Race condition See—TOCTOU
RAD Rapid Application Development, rapidly develops software via the use of prototypes, “dummy” GUIs, back-end databases, and more
Radio-Frequency Identification See—RFID
RADIUS Remote Authentication Dial in User Service, a UDP-based third-party authentication system
RAID Redundant Array of Inexpensive Disks, a method of using multiple disk drives to achieve greater data reliability, greater speed, or both
RAID 0 RAID striped set
RAID 1 RAID mirrored set
RAID 1 + 0 RAID 0 combined with RAID 1, sometimes called RAID 10
RAID 10 See—RAID 1 + 0
RAID 2 RAID Hamming code
RAID 3 RAID striped set with dedicated parity (byte level)
RAID 4 RAID Striped set with dedicated parity (block level)
RAID 5 RAID striped set with distributed parity
RAID 6 RAID striped set with dual distributed parity
Rainbow Table Acts as database that contains the hashed output for most or all possible passwords
RAM Random Access Memory, memory that allows any address to be directly accessed
Random Access Memory See—RAM
Rapid Application Development See—RAD
RAT Remote Access Trojans, Trojan Horses which may be remotely controlled
RBAC Role-Based Access Controls, subjects are grouped into roles and each defined role has access permissions based upon the role, not the individual
RC4 Rivest Cipher 4, used to provide confidentiality by WPA
RC5 Rivest Cipher 5, Symmetric block cipher by RSA Laboratories
RC6 Rivest Cipher 6, Symmetric block cipher by RSA Laboratories, AES finalist
Read Only Memory See—ROM
Real evidence Evidence consisting of tangible or physical objects
Realm A logical Kerberos network
Real-time Transport Protocol See—RTP
Reciprocal agreement A bi-directional agreement between two organizations in which one organization promises another organization it can move in and share space if it experiences a disaster. Also known as mutual aid agreement
Recovery controls Controls that restore a damaged system or process
Recovery phase Incident response phase that restores a previously compromised system to operational status
Recovery Point Objective See—RPO
Recovery Time Objective See—RTO
Reduced Instruction Set Computer See—RISC
Reduction analysis The process of analyzing and lowering risk
Redundant Array of Inexpensive Disks See—RAID
Redundant site An exact production duplicate of a system that has the capability to seamlessly operate all necessary IT operations without loss of services to the end user
Reference monitor Mediates all access between subjects and objects
Referential integrity Requires that every foreign key in a secondary table matches a primary key in the parent table
Registers Small storage locations used by the CPU to store instructions and data
Regression Testing Testing software after updates, modifications or patches
Regulatory law See—Administrative law
Relational database Contains two-dimensional tables of related data
Religious law Legal system that uses religious doctrine or interpretation as a source of legal understanding and statutes
Remanence Data that might persist after removal attempts
Remote Access Trojans See—RAT
Remote Authentication Dial In User Service See—RADIUS
Remote File Inclusion See—RFI
Remote journaling Saves database checkpoints and the database journal to a remote site. In the event of failure at the primary site, the database may be recovered
Remote meeting technology Newer technology that allows users to conduct online meetings via the Internet, including desktop sharing functionality
Remote wipe The ability to remotely erase a mobile device
Repeatable CMM phase 2
Repeater Layer 1 device that receives bits on one port, and “repeats” them out the other port
Reporting phase Incident response phase that provides a final report on the incident
Representational State Transfer See—REST
Reserved ports TCP/IP ports 1023 and lower
Responsible disclosure The practice of privately sharing vulnerability information with a vendor, and withholding public release until a patch is available
REST Representational State Transfer, used to implement web services
Retina scan Biometric laser scan of the capillaries which feed the retina
Return on Investment Money saved by deploying a safeguard
RFC 1918 addresses Private IPv4 addresses which may be used for internal traffic
RFI Remote File Inclusion, altering web URLs to include remote content
RFID Radio-Frequency Identification, a type of contact less card technology
Rijndael Cipher which became AES, named after authors Vincent Rijmen and Joan Daemen
Ring (physical) Physical network topology that connects nodes in a physical ring
Ring model Form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other
RIP Routing Information Protocol, a distance vector routing protocol that uses hop count as its metric
RISC Reduced Instruction Set Computer, CPU instructions which are short and simple
Risk A matched threat and vulnerability
Risk Analysis Matrix A quadrant used to map the likelihood of a risk occurring against the consequences (or impact) that risk would have
Robust Security Network See—RSN
Role-Based Access Controls See—RBAC
Rollback Restores a database after a failed commit
ROM Read Only Memory
Rootkit Malware that replaces portions of the kernel and/or operating system
Rotation Cipher Substitution cipher that shifts each character of ciphertext a fixed amount past each plaintext character
Rotation of duties Requires that critical functions or responsibilities are not continuously performed by the same person without interruption. Also known as job rotation
Router Layer 3 device that routes traffic from one LAN to another, based on IP addresses
Routing Information Protocol See—RIP
RPO Recovery Point Objective, the amount of data loss or system inaccessibility (measured in time) that an organization can withstand
RSN Robust Security Network, part of 802.11i that allows changes to cryptographic ciphers as new vulnerabilities are discovered
RST TCP flag, reset (tear down) a connection
RTO Recovery Time Objective, the maximum time allowed to recover business or IT systems
RTP Real-time Transport Protocol, VoIP protocol designed to carry streaming audio and video
Rule-based access control Uses a series of defined rules, restrictions, and filters for accessing objects within a system
Running-key cipher Cryptographic method that uses whole words from a well-known text such as a dictionary, “adding” letters to plaintext using modular math
S/MIME Secure/Multipurpose Internet Mail Extensions, leverages PKI to encrypt and authenticate MIME-encoded email
SA Security Association, a simplex connection which may be used to negotiate ESP or AH parameters
SaaS Software as a Service, completely configured cloud-based application, from the operating system on up
Salt A random number that is hashed with a password. Allows one password to hash multiple ways
SAML Security Assertion Markup Language, an XML-based framework for exchanging security information, including authentication data
SAN Storage Area Network, provides block-level disk storage via a network
Sanction Action taken as a result of policy violation
Sarbanes-Oxley Act See—SOX
Sashimi Model Development model with highly overlapping steps; it can be thought of as a real-world successor to the Waterfall Model
Savepoint A clean snapshot of the database tables
Schema Describes the attributes and values of the database tables
Scoping The process of determining which portions of a standard will be employed by an organization
Screened host architecture Older flat network design using one router to filter external traffic to and from a bastion host via an ACL
Screened subnet architecture Two firewalls screening a DMZ
Script kiddies Attackers who target computer systems with tools they have little or no understanding of
Scrum Agile development model that uses small teams, roles include Scrum Master and Product Owner
Scrum Master Senior member of the organization who acts as a coach for the Scrum team
SDLC (Applications) Systems Development Life Cycle, a system development model that focuses on security in every phase
SDLC (Telecommunications) Synchronous Data Link Control, a synchronous layer 2 WAN protocol that uses polling to transmit data
SDN Software Defined Networking, separates a router’s control plane from the data (forwarding) plane. Routing decisions are made remotely, instead of on each individual router
SDSL Symmetric Digital Subscriber Line, DSL with matching upload and download speeds
Search warrant Court order that allows a legal search
Secondary evidence Evidence consisting of copies of original documents and oral descriptions
Secure Hash Algorithm 1 See—SHA-1
Secure Hash Algorithm 2 See—SHA-2
Secure Real-time Transport Protocol See—SRTP
Secure Shell See—SSH
Secure Sockets Layer See—SSL
Secure/Multipurpose Internet Mail Extensions See—S/MIME
Security Assertion Markup Language See—SAML
Security assessments A holistic approach to assessing the effectiveness of access control. May use other tests as a subset, including penetration tests and vulnerability scans
Security audit A test against a published standard
Security domain The list of objects a subject is allowed to access
Security Parameter Index See—SPI
Security Safeguards Principle OECD Privacy Guideline principle that states personal data should be reasonably protected against unauthorized use, disclosure, or alteration
Segment Layer 4 PDU
Semantic integrity Requires that each value is consistent with the attribute data type
Separation of duties Dividing sensitive transactions among multiple subjects
Serial Line Internet Protocol See—SLIP
Server-side attack Attack launched directly from an attacker to a listening service. Also called service-side attack
Service Level Agreement See—SLA
Service Set Identifier See—SSID
Servicemark Intellectual property protection that allows for the creation of a brand that distinguishes the source of services
Session hijacking Compromise of an existing network sessions
Session Initiation Protocol See—SIP
Session layer Layer 5 of the OSI model, manages sessions, which provide maintenance on connections
SHA-1 Secure Hash Algorithm 1, a hash function that creates a 160-bit message digest
SHA-2 Secure Hash Algorithm 1, a hash function that includes SHA-224, SHA-256, SHA-384, and SHA-512, named after the length of the message digest each creates
Shadow database Similar to a replicated database, with one key difference: a shadow database mirrors all changes made to a primary database, but clients do not access the shadow
Shareware Fully functional proprietary software that may be initially used free of charge. If the user continues to use the Shareware for a specific period of time, the shareware license typically requires payment
Shielded Twisted Pair See—STP
Shoulder surfing Physical attack where an attacker observes credentials, such as a key combination
Shredding See—Wiping
Side-channel attack Cryptographic attack which uses physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting
SIGABA Rotor machine used by the United States through World War II into the 1950s
Simple integrity axiom Biba property that states “no read down”
Simple Mail Transfer Protocol See—SMTP
Simple Network Management Protocol See—SNMP
Simple Security Property Bell-LaPadula property that states “no read up” (NRU)
Simplex One-way communication, like a car radio tuned to a music station
Simulation test Recovery from a pretend disaster, goes beyond talking about the process and actually has teams carry out the recovery process
Single Loss Expectancy See—SLE
Single Sign-On See—SSO
SIP Session Initiation Protocol, a VoIP signaling protocol
SLA Service Level Agreement, contractual agreement that helps assure availability
Slack space Space on a disk between the end-of-file marker, and the end of the cluster
SLE Single Loss Expectancy, the cost of a single loss
SLIP Serial Line Internet Protocol, a Layer 2 protocol which provides IP connectivity via asynchronous connections such as serial lines and modems
Smart card A physical access control device containing an integrated circuit. Also known as an Integrated Circuit Card (ICC)
SMDS Switched Multimegabit Data Service, an older WAN technology that is similar to ATM
SMTP Simple Mail Transfer Protocol, a store-and-forward protocol used to exchange email between servers
Smurf attack Attack using an ICMP flood and directed broadcast addresses
Sniffing Confidentiality attack on network traffic
SNMP Simple Network Management Protocol, used to monitor network devices
SOAP Originally stood for Simple Object Access Protocol, now simply “SOAP”. Used to implement web services
Social engineering Uses the human mind to bypass security controls
Socket A combination of an IP address and a TCP or UDP port on one node
Socket pair Describes a unique connection between two nodes: source port, source IP, destination port and destination IP
SOCKS Popular circuit-level proxy
Software as a Service See—SaaS
Software Defined Networking See—SDN
Software escrow Source code held by a neutral third party
Software piracy Unauthorized copying of copyrighted software
Solid State Drive See—SSD
SONET Synchronous Optical Networking, carries multiple T-carrier circuits via fiber optic cable
Source code Computer programming language instructions that are written in text that must be translated into machine code before execution by the CPU
Southbridge Connects input/output (I/O) devices, such as disk, keyboard, mouse, CD drive, USB ports, etc
SOX Sarbanes-Oxley Act of 2002, created regulatory compliance mandates for publicly traded companies
SPAN port Switched Port Analyzer, receives traffic forwarded from other switch ports
Spear phishing Targeted phishing attack against a small number of high-value victims
SPI Security Parameter Index, used to identify simplex IPsec security associations
Spiral Model Software development model designed to control risk
Split horizon Distance vector routing protocol safeguard will not send a route update via an interface it learned the route from
Spoofing Masquerading as another endpoint
Spring-bolt lock A locking mechanism that “springs” in and out of the door jamb
SQL Structured Query Language, the most popular database query language
SRAM Static Random Access Memory, expensive and fast memory that uses small latches called “flip-flops” to store bits
SRTP Secure Real-time Transport Protocol, used to provide secure VoIP
SSD Solid State Drive, a combination of flash memory (EEPROM) and DRAM
SSH Secure Shell, a secure replacement for Telnet, FTP and the UNIX “R” commands
SSID Service Set Identifier, acts as a wireless network name
SSL Secure Sockets Layer, authenticates and provides confidentiality to network traffic such as web traffic
SSO Single Sign-On, allows a subject to authenticate once, and then access multiple systems
Standard Describes the specific use of technology, often applied to hardware and software, administrative control
Star Physical network topology that connects each node to a central device such as a hub or a switch
Stateful firewall Firewall with a state table that allows the firewall to compare current packets to previous
Static password Reusable passwords that and may or may not expire
Static Random Access Memory See—SRAM
Static route Fixed routing entries
Static testing Tests code passively: the code is not running
Statutory damages Damages prescribed by law
Stealth virus Virus that hides itself from the OS and other protective software, such as antivirus software
Steganography The science of hidden communication
Storage Area Network See—SAN
Storage channel Covert channel that uses shared storage, such as a temporary directory, to allow two subjects to signal each other
STP Shielded Twisted Pair, network cabling that contains additional metallic shielding around each twisted pair of wires
Strike plate Plate in the door jamb with a slot for a deadbolt or spring-bolt lock
Striping Spreading data writes across multiple disks to achieve performance gains, used by some levels of RAID
Strong authentication Requires that the user present more than one authentication factor. Also called dual-factor authentication
Strong tranquility property Bell-LaPadula property that states security labels will not change while the system is operating
Structured Query Language See—SQL
Structured walkthrough Thorough review of a DRP by individuals that are knowledgeable about the systems and services targeted for recovery. Also known as tabletop exercise
Subject An active entity on an Information System which accesses or changes data
Substitution Cryptographic method that replaces one character for another
SVC Switched Virtual Circuit, a circuit that is established on demand
Swapping Uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory
Switch Layer 2 device that carries traffic on one LAN
Switched Multimegabit Data Service See—SMDS
Symmetric Digital Subscriber Line See—SDSL
Symmetric Encryption Encryption that uses one key to encrypt and decrypt
Synthetic transactions Also called synthetic monitoring, involves building scripts or tools that simulate activities normally performed in an application
System owner A manager responsible for the actual computers that house data. This includes the hardware and software configuration, including updates, patching, etc
SYN TCP flag, synchronize a connection
SYN Flood Resource exhaustion DoS attack that fills a system’s half-open connection table
Synchronous Data Link Control See—SDLC
Synchronous Dynamic Token Use time or counters to synchronize a displayed token code with the code expected by the authentication server
Synchronous Optical Networking See—SONET
System call Allow processes to communicate with the kernel and provide a window between CPU rings
System unit Computer case, containing all of the internal electronic computer components, including motherboard, internal disk drives, power supply, etc
Systems Development Life Cycle See—SDLC
T1 A dedicated 1.544 megabit circuit that carries 24 64-bit DS0 channels
T3 28 Bundled T1s
Table A group of related data in a relational database
Tabletop exercise See—Structured walkthrough
TACACS Terminal Access Controller Access Control System, a SSO method often used for network equipment
Tailgating Following an authorized person into a building without providing credentials. Also known as piggybacking
Tailoring The process of customizing a standard for an organization
Take-Grant Protection Model Determines the safety of a given computer system that follows specific rules
TAP Test Access Port, provides a way to “tap” into network traffic and see all unicast streams on a network
TCP Transmission Control Protocol, uses a 3-way handshake to create reliable connections across a network
TCP/IP model A network model with four layers: network access, Internet, transport and application
TCSEC Trusted Computer System Evaluation Criteria, aka the Orange Book, evaluation model developed by the United States Department of Defense
Teardrop attack A malformed packet DoS attack that targets issues with systems’ fragmentation reassembly
Technical controls Implemented using software, hardware, or firmware that restricts logical access on an information technology system
Telnet Protocol that provides terminal emulation over a network using TCP port 23
TEMPEST A standard for shielding electromagnetic emanations from computer equipment
Temporal Key Integrity Protocol See—TKIP
Terminal Access Controller Access Control System See—TACACS
TFTP Trivial File Transfer Protocol, a simple way to transfer files with no authentication or directory structure
TGS Ticket Granting Service, a Kerberos service which grants access to services
TGT Ticket Granting Ticket, Kerberos credentials encrypted with the TGS’ key
Thicknet Older type of coaxial cable, used for Ethernet bus networking
Thin client applications Use a web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the client’s browser
Thin clients Simple computer systems that rely on centralized applications and data
Thinnet Older type of coaxial cable, used for Ethernet bus networking
Thread A lightweight process (LWP)
Threat A potentially negative occurrence
Threat agents The actors causing the threats that might exploit a vulnerability
Threat vectors Vectors which allow exploits to connect to vulnerabilities
Throughput The process of authenticating to a system (such as a biometric authentication system)
Ticket Data that authenticates a Kerberos principal’s identity
Ticket Granting Service See—TGS
Ticket Granting Ticket See—TGT
Time multiplexing Shares (multiplexes) system resources between multiple processes, each with a dedicated slice of time
Time of Check/Time of Use See—TOCTOU
Timing channel Covert channel that relies on the system clock to infer sensitive information
TKIP Temporal Key Integrity Protocol, used to provide integrity by WPA
TLS Transport Layer Security, the successor to SSL
TNI Trusted Network Interpretation, the Red Book
TOCTOU Time of Check/Time of Use, altering a condition after it has been checked by the operating system, but before it is used
Token Ring Legacy LAN technology that uses tokens
Top-Down programming Starts with the broadest and highest level requirements (the concept of the final program) and works down towards the low-level technical implementation details
Total Cost of Ownership The cost of a safeguard
TPM Trusted Platform Module, a processor that can provide additional security capabilities at the hardware level, allowing for hardware-based cryptographic operations
Traceability Matrix Maps customers’ requirements to the software testing plan: it “traces” the “requirements,” and ensures that are being met
Traceroute Command that uses ICMP Time Exceeded messages to trace a network route
Trade secret Business-proprietary information that is important to an organization’s ability to compete
Trademark Intellectual property protection that allows for the creation of a brand that distinguishes the source of products
Training Security control designed to provide a skill set
Transmission Control Protocol See—TCP
Transport layer (OSI) Layer 4 of the OSI model, handles packet sequencing, flow control and error detection
Transport layer (TCP/IP) TCP/IP model layer that connects the internet layer to the application Layer
Transport Layer Security See—TLS
Transposition See—Permutation
Tree Physical network topology with a root node, and branch nodes that are at least three levels deep
Triple DES 56-bit DES applied three times per block
Trivial File Transfer Protocol See—TFTP
Trojan Malware that performs two functions: one benign (such as a game), and one malicious. Also called Trojan Horses
Trusted Computer System Evaluation Criteria See—TCSEC
Trusted Network Interpretation See—TNI
Trusted Platform Module See—TPM
Truth table Table used to map all results of a mathematical operation, such as XOR
Tuple A row in a relational database table
Turnstile Device designed to prevent tailgating by enforcing a “one person per authentication” rule
Twofish AES finalist, encrypting 128-bit blocks using 128 through 256 bit keys
Type 1 authentication Something you know
Type 2 authentication Something you have
Type 3 authentication Something you are
Type I error See—FRR
Type II error See—FAR
Typosquatting Registering Internet domain names comprised of likely misspellings or mistyping of legitimate domain trademarks
UDP User Datagram Protocol, a simpler and faster cousin to TCP
Ultrasonic motion detector Active motion detector that uses ultrasonic energy
Unallocated space Portions of a disk partition which do not contain active data
Unicast One-to-one network traffic, such as a client surfing the web
Unit Testing Low-level tests of software components, such as functions, procedures or objects
Unshielded Twisted Pair See—UTP
URG TCP flag, packet contains urgent data
USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001
Use Limitation Principle OECD Privacy Guideline principle that states personal data should never be disclosed without either the consent of the individual or legal requirement
User Datagram Protocol See—UDP
UTP Unshielded twisted pair, network cabling that uses pairs of wire twisted together
VDSL Very High Rate Digital Subscriber Line, DSL featuring much faster asymmetric speeds
Vernam Cipher One-time pad using a teletypewriter, invented by Gilbert Vernam
Very High Rate Digital Subscriber Line See—VDSL
Vigenère Cipher Polyalphabetic cipher named after Blaise de Vigenère, using a Vigenère Square
Virtual memory Provides virtual address mapping between applications and hardware memory
Virtual Private Network See—VPN
Virtualization Adds a software layer between an operating system and the underlying computer hardware
Virus Malware that requires a carrier to propagate
Vishing Phishing via voice
VLAN LAN, which can be thought of as a virtual switch
Voice over Internet Protocol See—VoIP
Voice print Biometric control that measures the subject’s tone of voice while stating a specific sentence or phrase
VoIP Voice over Internet Protocol, carries voice via data networks
VPN Virtual Private Network, a method to send private data over insecure network, such as the internet
Vulnerability A weakness in a system
Vulnerability management Management of vulnerability information
Vulnerability scanning A process to discover poor configurations and missing patches in an environment
Walkthrough drill See—simulation test
WAN Wide Area Network, typically covering cities, states, or countries
WAP Wireless Application Protocol, designed to provide secure web services to handheld wireless devices such as smart phones
War dialing Uses modem to dial a series of phone numbers, looking for an answering modem carrier tone
Warded lock Preventive device that turn a key through channels (called wards) to unlock
Warm site A backup site with all necessary hardware and connectivity, and configured computers without live data
Wassenaar Arrangement Munitions law that followed COCOM, beginning in 1996
Watchdog timer Recovers a system by rebooting after critical processes hang or crash
Waterfall Model An application development model that uses rigid phases; when one phase ends, the next begins
WSDL Web Services Description Language, provides details about how Web Services are to be invoked
Weak tranquility property Bell-LaPadula property that states security labels will not change in a way that violates security policy
Web Services Description Language See—WDSL
Well-formed transactions Clark-Wilson control to enforce control over applications
WEP Wired Equivalent Privacy, a very weak 802.11 security protocol
White box software testing Gives the tester access to program source code, data structures, variables, etc
White hat Ethical hacker or researcher
Whole Disk Encryption See—FDE
Wide Area Network See—WAN
Wi-Fi Protected Access See—WPA
Wi-Fi Protected Access 2 See—WPA2
Wiping Writes new data over each bit or block of file data. Also called shredding
Wired Equivalent Privacy See—WEP
Wireless Application Protocol See—WAP
WLAN Wireless Local Area Network
Work factor The amount of time required to break a cryptosystem (decrypt a ciphertext without the key)
Work Recovery Time See—WRT
Worm Malware that self-propagates
WORM Write Once Read Many, memory which can be written to once, and read many times
WPA Wi-Fi Protected Access, a partial implementation of 802.11i
WPA2 Wi-Fi Protected Access 2, the full implementation of 802.11i
Write Once Read Many See—WORM
WRT Work Recovery Time, the time required to configure a recovered system
X.25 Older packet switched WAN protocol
XML Extensible Markup Language, a markup language designed as a standard way to encode documents and data
XOR Exclusive OR, binary operation that is true if one of two inputs (but not both) are true
XP Extreme Programming, an Agile development method that uses pairs of programmers who work off a detailed specification
XSS Cross Site Scripting, third-party execution of web scripting languages such as JavaScript within the security context of a trusted site
Zachman Framework Provides 6 frameworks for providing information security, asking what, how, where, who, when and why, and mapping those frameworks across rules including planner, owner, designer, builder, programmer and user
Zero knowledge test A blind penetration test where the tester has no inside information at the start of the test
Zero-day exploit An exploit for a vulnerability with no available vendor patch
Zombie See—Bot