Glossary

802.11 standard A legacy set of wireless LAN standards developed by Working Group 11 of the IEEE LAN/MAN Standards Committee. 802.11 is known for its use of WEP and RC4.

802.11i standard One of the replacements for 802.11. 802.11i uses WPA and Advanced Encryption Standard (AES) as a replacement for RC4 encryption.

Access control Controls that monitor the flow of information between the subject and object. They ensure that only the operations permitted are performed.

Access control list (ACL) An ACL is a table or list stored by a router to control access to and from a network by helping the device determine whether to forward or drop packets that are entering or exiting it.

Access creep The result of employees moving from one position to another within an organization without losing the privileges of the old position but while gaining the additional access of the new position. Thus, over time, employees build up much more access than they should have.

Access point spoofing The act of pretending to be a legitimate access point with the purpose of tricking individuals to pass traffic by the fake connection so that it can be captured and analyzed.

Accountability The traceability of actions performed on a system to a specific system entity or user.

Accreditation Management’s formal acceptance of a system or application.

ACID test Test that addresses atomicity, consistency, isolation, and durability. Programmers involved in database management use the ACID test to determine whether a database management system has been properly designed to handle transactions.

Active fingerprint An active method of identifying the operating system of a targeted computer or device that involves injecting traffic into the network.

Address resolution protocol (ARP) Protocol used to map a known IP address to an unknown physical address.

Ad-hoc mode An individual computer in ad-hoc operation mode can communicate directly to other client units. No access point is required. Ad-hoc operation is ideal for small networks of no more than 2–4 computers.

Administrative law A body of regulations, rules, orders, and decisions to carry out regulatory powers, created by administrative agencies.

Aggregation The collection of data from disparate sources.

Algorithm A mathematical procedure used for solving a problem. Commonly used in cryptography.

American Standard Code for Information Interchange (ASCII) A standard code for transmitting data, consisting of 128 letters, numerals, symbols, and special codes, each of which is represented by a unique binary number. An ASCII word typically is 8 bits of binary data.

Annualized loss expectancy (ALE) A formula used to calculate a quantifiable measurement of the impact that a threat will have on an organization if it occurs. ALE is used to calculate the possible loss that could occur over a one-year period. The formula is SLE * ARO = ALE.

Anomaly detection A type of intrusion detection that looks at behaviors that are not normal with standard activity. These unusual patterns are identified as suspicious.

Appenders A virus infection type that places the virus code at the end of the infected file.

Applet A small Java program that can be embedded in an HTML page. Applets differ from full-fledged Java applications in that they are not allowed to access certain resources on the local computer, such as files and serial devices (modems, printers, and so on), and are prohibited from communicating with most other computers across a network. The current rule is that an applet can make an Internet connection only to the computer from which the applet was sent.

Application A software program designed to perform a specific task or group of tasks, such as word processing, communications, or database management.

Application controls A category of controls used to verify the accuracy and completeness of records made by manual or automated processes. Controls used for applications include encryption, batch totals, and data input validation.

Application layer Highest layer of the seven-layer OSI model. The application layer is used as an interface to applications or communications protocols.

Application programming interface (API) A set of system-level routines that can be used in an application program for tasks such as basic input/output and file management. In a graphics-oriented operating environment such as Microsoft Windows, high-level support for video graphics output is part of the Windows graphical API.

Arithmetic logic unit (ALU) A device used for logical and arithmetic operations within a computer.

Artificial intelligence Computer software that can mimic the learning capability of a human.

Assembler A program that converts the assembly language of a computer program into the machine language of the computer.

Assessment An evaluation and/or valuation of IT assets based on predefined measurement or evaluation criteria. This does not typically require an accounting or auditing firm to conduct an assessment, such as a risk or vulnerability assessment.

Asset Anything of value owned or possessed by an individual or business.

Asymmetric algorithm A routine that uses a pair of different but related cryptographic keys to encrypt and decrypt data.

Asymmetric encryption In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. The two keys are related mathematically: A message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other. In a sense, one key locks the data, but a different key is required to unlock it.

Asynchronous transfer mode (ATM) Communication technology that uses high-bandwidth, low-delay transport technology and multiplexing techniques. Through dedicated media connections, it provides simultaneous transport of voice, video, and data signals more than 50 times faster than current technology. ATM might be used in phone and computer networks of the future.

Asynchronous transmission The method whereby data is sent and received 1 byte at a time.

Attenuation Occurs with any signal and can be described as a weakening of the signal that increases as the signal travels farther from the source.

Audit A term that typically accompanies an accounting or auditing firm that conforms to a specific and formal methodology and definition for how an investigation is to be conducted, with specific reporting elements and metrics being examined (such as a financial audit according to Public Accounting and Auditing Guidelines and Procedures).

Audit trail A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions.

Authentication A method that enables you to identify someone. Authentication verifies the identity and legitimacy of the individual to access the system and its resources. Common authentication methods include passwords, tokens, and biometric systems.

Authorization The process of granting or denying access to a network resource based on the user’s credentials.

Authorization creep Occurs when employees not only maintain old access rights but gain new ones. This results in too much access over time.

Availability One of the three items considered part of the security triad; the others are confidentiality and integrity. It is a measure of the degree to which data or systems are available to authorized users.

Back orifice A backdoor program that infects the end user with a Trojan and gives the attacker the ability to remotely control the user’s system.

Backup Copies of programs, databases, and other files are made with the purpose of restoring information in case it is lost due to, for instance, a computer failure, a natural disaster, or a virus infection.

Bandwidth The range of frequencies, expressed in hertz (Hz), that can pass over a given transmission channel. The bandwidth determines the rate at which information can be transmitted through the circuit.

Baseband The name given to a transmission method in which the entire bandwidth (the rate at which information travels through a network connection) is used to transmit just one signal.

Baseline A consistent or established base used to establish a minimum acceptable level of security.

Bayesian filter A technique used to detect spam. Bayesian filters give a score to each message based on the words and numbers in a message. They are often employed by antispam software to filter spam based on probabilities. Messages with high scores are flagged as spam and can be discarded, deleted, or placed in a folder for review.

Bell-LaPadula A formal model based on confidentiality. It is defined by two basic properties:

Simple Security Property (ss Property)—This property states that a subject at one level of confidentiality is not allowed to read information at a higher level of confidentiality. It is sometimes referred to as “no read up.”

Star * Security Property—This property states that a subject at one level of confidentiality is not allowed to write information to a lower level of confidentiality. Also known as “no write down.”

Benchmark A standard test or measurement compares the performance of similar components or systems.

Binary code A sequence of 0s and 1s used by computer systems as the basis of communication.

Biometrics A method of verifying a person’s identify for authentication by analyzing a unique physical attribute of the individual, such as a fingerprint, retinal scanning, or palm print.

Blackbox testing This form of testing occurs when the tester has no knowledge of the target or its network structure.

Block cipher An encryption scheme in which the data is divided into fixed-size blocks, each of which is encrypted independently of the others.

Blowfish A symmetric block encryption designed in 1993.

Blu-ray Disc Designed as a replacement for DVDs. Blu-ray is a high-density optical disk that can hold audio, video, or data.

Bluejacking The act of sending unsolicited messages, pictures, or information to a Bluetooth user.

Bluesnarfing The theft of information from a wireless device through a Bluetooth connection.

Bluetooth An open standard for short-range wireless communications of data and voice between both mobile and stationary devices. Used in cell phones, PDAs, laptops, and other devices.

Bollard A heavy round post used to prevent vehicles from ramming buildings or breaching physical security.

Botnet A term used to describe robot-controlled workstations that are part of a collection of other robot-controlled workstations.

Brewer-Nash model This model was developed to prevent conflict of interest (COI) problems.

Bridge A Layer 2 device for passing signals between two LANs or two segments of a LAN.

Broadband A wired or wireless transmission medium capable of supporting a wide range of frequencies, typically from audio up to video frequencies. It can carry multiple signals by dividing the total capacity of the medium into multiple, independent bandwidth channels, with each channel operating on only a specific range of frequencies.

Broadcast A type of transmission used on local and wide area networks in which all devices are sent the information from one host.

Brute-force attack A method of breaking a cipher or encrypted value by trying a large number of possibilities. Brute-force attacks function by working through all possible values. The feasibility of brute-force attacks depends on the key length and strength of the cipher and the processing power available to the attacker.

Buffer An amount of memory reserved for the temporary storage of data.

Buffer overflow In computer programming, this occurs when a software application somehow writes data beyond the allocated end of a buffer in memory. Buffer overflow is usually caused by software bugs and improper syntax and programming, thus opening or exposing the application to malicious code injections or other targeted attack commands.

Bus A common shared channel among multiple computer devices.

Bus LAN configuration A LAN network design that was developed to connect computers used for 10BASE-5 and 10BASE-2 computer networks. All computers and devices are connected along a common bus or single communication line so that transmissions by one device are received by all.

Business case A document developed to establish the merits and desirability of a project. This is the information necessary to enable approval, authorization, and policy-making bodies to assess a project proposal and reach a reasoned decision, as well as justify the commitment of resources to a project.

Business continuity planning (BCP) A system or methodology to create a plan for how an organization will resume partially or completely interrupted critical functions within a predetermined time after a disaster or disruption occurs. The goal is to keep critical functions operational.

Business impact analysis (BIA) A component of the business continuity plan. The BIA looks at all the components that an organization relies on for continued functionality. It seeks to distinguish which are more crucial than others and require a greater allocation of funds in the wake of a disaster.

Capability maturity model (CMM) A structured model designed by Carnegie Mellon’s Software Engineering Institute to improve and optimize the software development life cycle.

Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA) The access method used by local area networking technologies like ethernet.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) The access method used by local area networking technologies like token ring.

Catastrophe A calamity or misfortune that causes the destruction of facility and/or data.

Central processing unit (CPU) One of the central components of a system, the CPU carries out the vast majority of the calculations performed by a computer. It can be thought of as the “brain” of a computer. The CPU is like a manager or boss, telling what the other components of the system should be doing at a given moment.

Certificate A digital certificate is a file that uniquely identifies its owner. A certificate contains owner identity information and its owner’s public key. Certificates are created by the certificate authority.

Certificate authority (CA) Used in the PKI infrastructure to issue certificates and report status information and certificate revocation lists.

Certificate revocation list (CRL) The certificate authority’s listing of invalid certificates, such as compromised, revoked, or superseded certificates. The CRL is used during the digital signature verification process to check the validity of the certificate from which the public verification key is extracted.

Certificate practice statement (CPS) Provides a detailed explanation of how the certificate authority manages the certificates it issues and associated services like key management. The CPS acts as a contact between the CA and users, describing the obligations and legal limitations, and setting the foundation for future audits.

Certification The technical review of the system or application.

Challenge Handshake Authentication Protocol (CHAP) A secure method for connecting to a system. CHAP functions as follows: 1. After the authentication request is made, the server sends a challenge message to the requestor. The requestor responds with a value obtained by using a one-way hash. 2. The server then checks the response by comparing the received hash to one calculated locally by the server. 3. If the values match, the authentication is acknowledged; otherwise, the connection is terminated.

Channel service unit/digital service unit (CSU/DSU) A telecommunications device used to terminate telephone company equipment, such as a T1, and prepare data for a router interface at the customer’s premises.

Ciphertext The form of data after it has been encrypted; contrast with the form before encryption, called plaintext or cleartext.

Civil law A law that usually pertains to the settlement of disputes between individuals, organizations, or groups, and having to do with the establishment, recovery, or redress of private and civil rights. Civil law is not criminal law. It is also called tort law and is mainly for redress or recovery related to wrongdoing.

Clark-Wilson Model An integrity-based model focused on the integrity properties of real-world data; it uses CDIs, UDIs, and TPs.

Client/server Describes the relationship between two computer programs in which one program, the client, makes a service request from another program, the server, which fulfills the request. Clients rely on servers for resources, such as files, devices, and even processing power.

Clipping level The point at which an alarm threshold or trigger occurs.

Cloning Cell phone cloning occurs when a hacker copies the electronic serial numbers from one cell phone to another, thereby duplicating the cell phone.

Closed-circuit television (CCTV) Television cameras used for video surveillance, in which all components are directly linked via cables or other direct means. Also, a system comprising video transmitters that can feed the live or recorded video to one or more receivers. Typically used in banks, casinos, shopping centers, airports, or anywhere that physical security can be enhanced by monitoring events. Placement in these facilities is typically at locations where people enter or leave the facility, or at locations where critical transactions occur.

Closed system A system that is not “open” and, therefore, is a proprietary system. Open systems are those that employ modular designs, are widely supported, and facilitate multivendor, multitechnology integration.

Cloud computing The usage of a network of remote servers hosted on the Internet, rather than local servers, to store, manage, and process data.

Coaxial cable A cable composed of an insulated central conducting wire wrapped in another cylindrical conductor (the shield). The whole thing is usually wrapped in another insulating layer and an outer protective layer. A coaxial cable has great capacity to carry vast quantities of information. It is typically used in high-speed data and cable TV applications.

CobiT An acronym for Control Objectives for Information and Related Technology. CobiT is a framework that was designed by ISACA to aid in information security best practices.

Cohesion The extent to which a system or subsystem performs a single function.

Cold site Location that contains no computing-related equipment except for environmental support, such as air conditioners and power outlets, and a security system made ready for installing computer equipment.

Collision These occur when a hashing algorithm, such as MD5, creates the same value for two or more different files.

Combination lock A lock that can be opened by turning dials in a predetermined sequence.

Committed information rate (CIR) Used when describing the data rate guaranteed by a Frame Relay data communications circuit.

Community cloud Cloud infrastructure that is shared between several sources.

Compact disc (CD) A means of storing video, audio, and data on an optical disk. CDs were originally designed for digital audio.

Compensating control An internal control designed to reduce risk or weakness in an existing control.

Compiler A computer program that translates a computer program written in one computer language (called the source language) into an equivalent program written in another computer language (called the object, output, or target language).

Completely connected (mesh) configuration Type of network configuration designed so that all devices are connected to all others with many redundant interconnections between network devices.

Computer-aided software engineering (CASE) The use of software tools to assist in the development and maintenance of software. Tools used in this way are known as CASE tools.

Computer incident response team (CIRT) An organization developed to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve organizations’ ability to respond to computer and network security issues.

Concurrency control In computer science or, more specifically, in the field of databases, a method used to ensure that database transactions are executed in a safe manner (that is, without data loss). Concurrency control is especially applicable to database management systems, which must ensure that transactions are executed safely and that they follow the ACID rules.

Content-distributed network A high availability, high-performance network used to serve content to end users from multiple data centers.

Confidentiality One of the three items considered part of the security triad; the others are integrity and availability. It is a measure of how well data and systems are protected from access by unauthorized persons.

Confidentiality agreement An agreement that employees, contractors, or third-party users must read and sign prior to being granted access rights and privileges to the organization’s IT infrastructure and its assets.

Contingency planning The process of preparing to deal with calamities and non-calamitous situations before they occur so that the effects are minimized.

Continuity The state or quality of being continuous or unbroken, without interruption.

Cookie A message from a website given to an individual’s web browser on a workstation device. The workstation browser stores this text message in a text file. The message is sent back to the web server each time the browser goes to that website.

Copyright The legal protection given to authors or creators that protects their expressions on a specific subject against unauthorized copying. It is applied to books, paintings, movies, literary works, and any other medium of use.

Corporate governance The method by which a corporation is directed, administered, or controlled. It includes the laws and customs affecting that direction, as well as the goals for which it is governed. How objectives of an organization are set, the means of attaining such objectives, how performance-monitoring guidelines are determined, and ways to emphasize the importance of using resources efficiently are significant issues within the makeup of such method.

Corrective controls Internal controls designed to resolve problems soon after they arise.

Coupling The extent of the complexity of interconnections with other modules.

Covert channel An unintended communication path that allows a process to transfer information in such a way that it violates a system’s security policy.

Cracker A term derived from “criminal hacker”; a hacker who acts in an illegal manner.

Criminal law Laws pertaining to crimes against the state or conduct detrimental to society. Violations of criminal statues are punishable by law and can include monetary penalties and jail time.

Critical path methodology (CPM) Determines what activities are critical and what dependencies exist among the various activities.

Criticality The quality, state, degree, or measurement of the highest importance.

Crossover error rate (CER) The CER is a comparison measurement for different biometric devices and technologies to measure their accuracy. The CER is the point at which FAR and FRR are equal or cross over. The lower the CER, the more accurate the biometric system.

Cryptographic key A value used in the cryptographic process of encryption or decryption.

Cryptology The science of secure communications.

Data breach The exposure of sensitive information to unauthorized individuals.

Data communications The transmission or sharing of data between computers via an electronic medium.

Data custodian Role delegated by the data owner that has the responsibility of maintaining and protecting the organization’s data.

Data dictionary A catalog of all data held in a database, or a list of items giving data names and structures.

Data Encryption Standard (DES) A symmetric encryption standard based on a 64-bit block. DES processes 64 bits of plaintext at a time to output 64-bit blocks of ciphertext. DES uses a 56-bit key and has four modes of operation. Because DES has been broken, 3DES is more commonly used.

Data leakage Any type of computer information loss. This can involve removal of information by CD, floppy disk, or USB thumb drive, or any other method.

Data owner Usually a member of senior management of an organization who is ultimately responsible for ensuring the protection and use of the organization’s data.

Data security The science and study of methods of protecting data in computer and communications systems against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.

Data structure A logical relationship among data elements that is designed to support specific data-manipulation functions.

Data warehouse A large collection of data.

Database A collection of data that is organized and stored on a computer and can be searched and retrieved by a computer program.

Database administrator (DBA) A person (or group of people) responsible for the maintenance activities of a database, including backup and recovery, performance, and design.

Database management system (DBMS) An integrated set of computer programs that provide the capabilities needed to establish, modify, make available, and maintain the integrity of a database.

Deadman door A linked pair of doors that allows one person to enter the first door, then, after it is closed, allows the person to exit the second door. Deadman doors are used to control access and are also known as a mantrap.

Decentralized computing The act of distributing computing activities and computer processing to different locations.

Decision support system (DSS) A now-superseded term for a software application that analyzes business data and presents it so that users can make business decisions more easily.

Decryption The process of converting encrypted content into its original form, often the process of converting ciphertext to plaintext. Decryption is the opposite of encryption.

Defense in depth Multilayered security. The layers may be administrative, technical, or logical.

Demilitarized zone (DMZ) The middle ground between a trusted internal network and an untrusted, external network. Services that internal and external users must use, such as HTTP, are typically placed there.

Denial of service (DoS) Occurs when an attacker consumes the resources on your computer for things it was not intended to be doing, thus preventing normal use of your network resources for legitimate purposes.

Destruction Destroying data so that it is denied to legitimate users.

Detective controls Controls that identify and correct undesirable events.

DevOps The concept of blending development and operations together so that developers, programmers, engineering, and others can work together to build more secure software faster.

Device lock Lock used to secure laptops and other devices from theft.

Dial back A procedure established for positively identifying a terminal that is dialing into a computer system. It works by disconnecting the calling terminal and reestablishing the connection by the computer system dialing the telephone number of the calling terminal. Can be used for personal identification.

Dictionary attack A type of cryptographic attack in which the attacker uses a word list or dictionary list to try to crack an encrypted password. A newer technique is to use a time/memory trade-off, such as in rainbow tables.

Digital certificate Usually issued by trusted third parties, it contains the name of a user or server, a digital signature, a public key, and other elements used in authentication and encryption. X.509 is the most common type.

Digital signature An electronic signature that can be used to authenticate the identity of the sender of a message. A digital signature is usually created by encrypting the user’s private key and is decrypted with the corresponding public key.

Digital watermark A technique that adds hidden copyright information to a document, picture, or sound file.

Direct-sequence spread spectrum (DSSS) A technique used to scramble the signal of wireless devices.

Disaster A natural or man-made event that can include fire, flood, storm, and equipment failure that negatively affects an industry or facility.

Disaster tolerance The amount of time that an organization can accept the unavailability of IT facilities and services.

Discretionary access control (DAC) An access policy that allows the resource owner to determine access.

Diskless workstation A thin client that has no hard drive or local operating system. The system boots from a centralized server and stores files on a network file server.

Distributed denial of service (DDoS) Similar to DoS, except the attack is launched from multiple, distributed agent IP devices.

DNAT Destination NAT alters the destination address in an IP header. DNAT can also change the destination port in the TCP/UDP headers. The purpose of DNAT is to redirect incoming packets with a destination of a public address/port to a private IP address/port inside your network.

DNSSEC A secure version of DNS that provides authentication and integrity.

Domain name system (DNS) A hierarchy of Internet servers that translate alphanumeric domain names into IP addresses and vice versa. Because domain names are alphanumeric, they are easier to remember than IP addresses.

Downloading Transferring information from one computer to another computer and storing it there.

Downtime report A record that tracks the amount of time that a computer or device is not operating because of a hardware or software failure.

Dropper A Trojan horse or program designed to drop a virus into an infected computer and then execute it.

Due care The standard of conduct taken by a reasonable and prudent person. When you see the term due care, think of the first letter of each word and remember “do correct” because due care is about performing the ongoing maintenance necessary to ensure the proper level of security.

Due diligence When you see the term due diligence, think of the first letter of each word and remember “do detect” because due diligence is about performing reasonable examination and research.

Dumb terminal A computer workstation or terminal that consists of a keyboard and screen, but with no processor of its own. It sends and receives its data to and from a large central computer or server.

Dumpster diving The practice of rummaging through the trash of a potential target or victim to gain useful information.

Dynamic Host Configuration Protocol (DHCP) The process of dynamically assigning an IP address to a host device.

Echo reply The second part of an ICMP ping message, officially a Type 0.

Echo request The first part of an ICMP ping message, officially a Type 8.

eDiscovery The process of searching electronic data for evidence for a civil or criminal case.

Edit controls Manual or automated process to check for and allow the correction of data errors before processing. Edit controls detect errors in the input portion of information.

Editing To review for possible errors and make final changes, if necessary, to information in a database.

Electronic Code Book (ECB) A symmetric block cipher that is considered the weakest form of DES. When used, the same plaintext input results in the same encrypted text output.

Electronic serial number (ESN) Used to identify a specific cell phone when it is turned on and requests to join a cell network.

Email bomb A hacker technique that floods the email account of the victim with useless emails.

Email/interpersonal messaging Instant messages, usually text, sent from one person to another, or to a group of people, via computer.

Encapsulation of Objects As used by layered protocols, a technique that applies to a layer adding header information to the protocol data unit (PDU) from the layer above. Think of data encapsulated in a TCP header followed by an IP header as an example.

Encryption The technique of turning plaintext into ciphertext.

Encryption key A sequence of characters used by an encryption algorithm to encrypt plaintext into ciphertext.

Endpoint security A client-server approach to network security that places security controls on end hosts, such as laptops, tablets, and smartphones.

End-user computing The use or development of information systems by the principal users of the systems’ outputs or by their staffs.

End user licensing agreement (EULA) This is the software license that software vendors create to protect and limit their liability, as well as hold the purchaser liable for illegal pirating of the software application. The EULA typically has language in it that protects the software manufacturer from software bugs and flaws and limits the liability of the vendor.

Enterprise architecture A blueprint that defines the business structure and operation of the organization.

Enterprise resource planning (ERP) ERP systems are software systems used for operational planning and administration, and for optimizing internal business processes. The best-known supplier of these systems is SAP.

Enterprise vulnerability management The overall responsibility and management of vulnerabilities within an organization and how that management of vulnerabilities will be achieved through dissemination of duties throughout the IT organization.

Entity relationship diagram (ERD) Helps map the requirements of and define the relationship between elements when designing a software program.

Ethernet A network protocol defining a specific implementation of the physical and data link layers in the OSI model (IEEE 802.3). Ethernet is a local area network standard that provides reliable high-speed communications (maximum of 100 million bps) in a limited geographic area (such as an office complex or university complex).

Ethical hack A term used to describe a type of hack done to help a company or individual identify potential threats to the organization’s IT infrastructure or network. Ethical hackers must obey rules of engagement, do no harm, and stay within legal boundaries.

Ethical hacker A security professional who legally attempts to break into a computer system or network to find its vulnerabilities.

Evasion The act of performing activities to avoid detection.

Evidence Gathered by an auditor during the course of an audit. The information gathered stands as proof that can support conclusions of an audit report.

Exception report A report that uses data selection based on a very specific set of circumstances to identify process exceptions. Reports that identify items with negative quantities of a product are examples of exception reports.

Exclusive-OR (XOR) Exclusive disjunction (usual symbol XOR) is a logical operator that results in true only if one, but not both, of the operands is true.

Expert system An expert system is a class of computer programs developed by researchers in artificial intelligence during the 1970s and applied commercially throughout the 1980s. In essence, they are programs made up of a set of rules that analyze information (usually supplied by the user of the system) about a specific class of problems, as well as provide analysis of the problem(s), and, depending on their design, a recommended course of user action to implement corrections.

Exploit A vulnerability in software or hardware that can be exploited by a hacker to gain access to a system or service.

Exposure factor A value calculated by determining the percentage of loss to a specific asset due to a specific threat.

Extended Binary Coded Decimal Interchange Code (EBCDIC) An IBM-developed 8-bit binary code that can represent 256 characters. It allows control codes and graphics to be represented in a logical format. EBCDIC was created to represent data in particular types of data processing and communications terminal devices.

Extensible authentication protocol (EAP) A method of authentication that can support multiple authentication methods, such as tokens, smart cards, certificates, and one-time passwords.

Extensible Markup Language (XML) An emerging standard for defining, validating, and sharing documents and data distributed on the Web.

Extranet A private network that uses Internet protocols and the public telecommunication system to securely share part of a business’s information or operations with suppliers, vendors, partners, customers, or other businesses. An extranet can be viewed as part of a company’s intranet extended to users outside the company. An extranet requires security and privacy.

False acceptance rate (FAR) This is a type II biometric device error. It is a biometric system measurement that indicates the percentage of individuals who are incorrectly granted access. This is the worst type of error that can occur because it means that unauthorized individuals have been allowed access.

False rejection rate (FRR) This is a biometric device error that is considered a type I error. It is a biometric system measurement that indicates the percentage of authorized individuals who are incorrectly denied access.

Fast infection A type of virus infection that occurs quickly.

FCOE Fibre Channel over Ethernet (FCOE) is a SAN technology that encapsulates Fibre Channel traffic over Ethernet packets.

Feasibility study A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution for a user’s need.

Fiber-optic cable A medium for transmission comprising many glass fibers. Light-emitting diodes or lasers send light through the fiber to a detector that converts the light back to an electrical signal for interpretation. Advantages include huge bandwidth, immunity to electromagnetic interference, and the capability to traverse long distances with minimal signal degradation.

Field In a database, the part of a record reserved for a particular type of data; for example, in a library catalog, author, title, ISBN, and subject headings would all be fields.

File Data stored as a named unit on a data storage medium. Examples include a program, a document, and a database.

File allocation table (FAT) A table or list maintained by an operating system to keep track of the status of various segments of disk space used for file storage.

File infector A type of virus that copies itself into executable programs.

File server A high-capacity disk storage device on a computer that each computer on a network can use to access files. Such computer programs can be set up to accept (or not accept) requests of different programs running on other computers.

File type The kind of data stored in a file.

Finger On some UNIX systems, finger is a command that identifies who is logged on and active and sometimes provides personal information about that individual.

Firewall Security system in hardware or software form used to control both network connectivity and network services. Firewalls act as chokepoints for traffic entering and leaving the network and prevent unrestricted access. Firewalls can be stateful or stateless.

Firmware A computer program stored permanently in PROM or ROM, or semi-permanently in EPROM. Software is “burned in” on the memory device so that it is nonvolatile (will not be lost when power is shut off).

First in first out (FIFO) A method of data and information storage in which the data stored for the longest time will be retrieved first.

Flooding The process of overloading the network with traffic so that no legitimate traffic or activity can occur.

Fourth-generation language (4GL) Programming languages that are easier to use than lower-level languages such as BASIC, Assembly, or FORTRAN. 4GL languages such as SQL and Python are also known as nonprocedural, natural, or very high-level languages.

Frame Relay A type of packet-switching technology that transmits data faster than the X.25 standard. Frame Relay does not perform error correction at each computer in the network. Instead, it simply discards any messages with errors. It is up to the application software at the source and destination to perform error correction and to control for loss of messages.

Frequency-hopping spread spectrum (FHSS) One of the basic modulation techniques used in spread-spectrum signal transmission. FHSS is another technique used to make wireless communication harder to intercept and more resistant to interference.

Function Point Analysis (FPA) An ISO-approved method as a standard to estimate the complexity of software.

Fuzzing A blackbox testing technique that inputs random values and examines the output while looking for failures or exceptions.

Gateway A device that allows for the translation and management of communication between networks that use different protocols or designs. Can also be deployed in a security context to control sensitive traffic.

Gold standard Generally regarded as practices and procedures that are the best of the best.

Governance The planning, influencing, and conducting of the policy and affairs of an organization.

Graybox testing Testing that occurs with only partial knowledge of the network or is performed to see what internal users have access to.

Guidelines Much like standards, these are recommendations; they are not hard-and-fast rules.

Hardware keystroke logger A form of key logger that is a hardware device. When placed in the system, it is hard to detect without a physical inspection. It may be plugged into the keyboard connector or can be built into the keyboard.

Hash A cryptographic sum considered a one-way value. A hash is considerably shorter than the original text and can be used to uniquely identify it. You might have seen a hash value next to applications available for download on the Internet. By comparing the hash of the application with the one on the application vendor’s website, you can make sure that the file has not been changed or altered.

Hashing algorithm Hashing is used to verify the integrity of data and messages. A well-designed hashing algorithm will examine every bit of the data while it is being condensed, and even a slight change to the data will result in a large change in the message hash. It is considered a one-way process. MD5 and SHA-1 are examples of hashing algorithms.

Hearsay Evidence based on what a witness heard someone else say, not what the witness personally observed.

Help desk A support system designed to assist end users with technical and functional questions and problems. Also serves as technical support for hardware and software. Help desks are staffed by people who can either solve the problem directly or forward the problem to someone else. Help desk software provides the means to log problems and track them until solved. It also gives management information regarding support activities.

Heuristic filter An IDS/IPS and antispam filter technology that uses criteria based on a centralized rule database.

Heuristic scanning A form of virus scanning that looks at irregular activity by programs. As an example, a heuristic scanner would flag a word processing program that attempted to format the hard drive, as that is not normal activity for a word processor.

Hierarchical database A database organized in a tree structure, in which each record has one owner. Navigation to individual records takes place through predetermined access paths.

Honeypot An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system.

Hot site A fully prepared and configured site that is ready for use.

Hub A device used for physical connectivity in networks. It provides connectivity, amplification, and signal regeneration.

Hybrid cloud A hybrid cloud uses a combination of public and private cloud services. These services may be private on-premises or public cloud services.

Hypertext Markup Language (HTML) A coding technique used to create documents and web pages for the World Wide Web.

Identify theft An attack in which an individual’s personal, confidential, banking, and financial identity is stolen and compromised by another individual or individuals. Use of your Social Security number without your consent or permission could result in identify theft.

Impact The extent of the consequences should a given event occur.

Impact assessment A study of the potential future effects of a development project on current projects and resources. The resulting document should list the pros and cons of pursuing a specific course of action.

Independence The state or quality of being free from subjection or the influence, control, or guidance of individuals, things, or situations. Auditors and examining officials and their respective organizations must maintain independence and exercise objectivity so that opinions, judgments, conclusions, and recommendations on examined allegations are impartial and are viewed as impartial by disinterested third parties.

Indexed Sequential Access Method (ISAM) A combination or compromise between indexed blocks of data arranged sequentially within each block; used for storing data for fast retrieval.

Internet of Things (IoT) A network of consumer devices, vehicles, building controls (HVAC, etc.) embedded with electronic sensors and network connectivity, so that they have the ability to collect and exchange data.

Inference attack This form of attack relies on the attacker’s ability to make logical connections between seemingly unrelated pieces of information.

Information-processing facility (IPF) The areas where information is processed, usually the computer room and support areas.

Information Technology Security Evaluation Criteria (ITSEC) A European standard that was developed in the 1980s to evaluate confidentiality, integrity, and availability of an entire system.

Infrastructure mode A form of wireless networking in which wireless stations communicate with each other by first going through an access point.

Initial sequence number A number defined during a TCP startup session.

Input controls Computer controls designed to provide reasonable assurance: that transactions are properly authorized before being processed by the computer; that transactions are accurately converted to machine-readable form and recorded in the computer; that data files and transactions are not lost, added, duplicated, or improperly changed; and that incorrect transactions are rejected, corrected, and, if necessary, resubmitted on a timely basis.

Insecure computing habits The bad habits that employees, contractors, and third-party users accumulate over time, and which can be attributed to the organization’s lack of security awareness training, security controls, and security policies or acceptable use policies (AUPs).

Integrated Services Digital Network (ISDN) A system that provides simultaneous voice and high-speed data transmission through a single channel to the user’s premises. ISDN is an international standard for end-to-end digital transmission of voice, data, and signaling.

Integrity One of the three items considered part of the security triad; the others are confidentiality and availability. It is a measure of the accuracy and completeness of data or systems.

Internet An interconnected system of networks that connects computers around the world via the TCP/IP protocol.

Internet Assigned Numbers Authority (IANA) An organization dedicated to preserving the central coordinating functions of the global Internet for the public good. Used by hackers and security specialists to track down domain owners and their contact details.

Internet Control Message Protocol (ICMP) Part of TCP/IP that supports diagnostics and error control. Ping is a type of ICMP message.

Internet Engineering Task Force (IETF) A large, open, international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet’s architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF is the protocol-engineering and development arm of the Internet.

Internet packet spoofing (IP spoofing) A technique used to gain unauthorized access to computers or in denial of service attacks. Newer routers and firewall arrangements can offer protection against IP spoofing.

Internet Protocol (IP) One of the key protocols of TCP/IP. The IP protocol is found at Layer 3 (network layer) of the OSI model.

Intrusion detection A key component of security that includes prevention, detection, and response. It is used to detect anomalies or known patterns of attack.

Intrusion detection system (IDS) A network-monitoring device typically installed at Internet ingress/egress points used to inspect inbound and outbound network activity and identify suspicious patterns that might indicate a network or system attack from someone attempting to break into or compromise a system.

IPSec An IETF standard used to secure TCP/IP traffic. It can be implemented to provide integrity and confidentiality.

Irregularities Intentional violations of established management policy, deliberate misstatements, or omissions of information concerning the area under audit or the organization as a whole.

ISO 17799 A comprehensive security standard that is divided into ten sections. It is considered a leading standard and a code of practice for information security management.

IT Information technology.

IT asset Information technology asset such as hardware, software, or data.

IT asset valuation The act of putting a monetary value to an IT asset.

IT infrastructure A general term to encompass all information technology assets (hardware, software, and data), components, systems, applications, and resources.

IT security architecture and framework A document that defines the policies, standards, procedures, and guidelines for information security.

Key exchange protocol A protocol used to exchange secret keys for the facilitation of encrypted communication. Diffie-Hellman is an example of a key exchange protocol.

Kilo lines of code (KLOC) A software metric used to determine the cost of software development based solely on the length of code.

Latency The delay a packet incurs in travel from one node to another.

Lattice-based access control (LBAC) A lattice-based access-control model deals with confidentiality and integrity. It places upper and lower bounds on subjects and objects.

Librarian The individual in the corporation responsible for storing, safeguarding, and maintaining data, programs, and computer information.

Limit check Test of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used, the test can be called a range check.

Local area network (LAN) A group of wired or wireless computers and associated devices that share a common communications line and typically share the resources of a single processor or server within a small geographic area (for example, within an office building).

Log In computing, the log is equivalent to the history log of ships. The log is an automatic system that records significant events. The files that contain these records are called log files. Generally, the log is a file; what is written on it is a record.

Log on The process of identifying yourself to a computer or an online service; the initial identification procedure to gain access to a system as a legitimate user. The usual requirements are a valid username (or user ID) and password.

Logic bomb One of the most dangerous types of malware in that it waits for a predetermined event or an amount of time to execute its payload. Typically used by disgruntled employees for an insider attack.

Lumen The amount of light one standard candle makes.

Macro infector A type of computer virus that infects macro files. I Love You and Melissa are both examples of macro viruses.

Man-in-the-middle attack A type of attack in which the attacker can read, insert, and change information being passed between two parties without either party knowing that the information has been compromised.

Mandatory access control (MAC) A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (such as clearance) of subjects to access information of such sensitivity.

Man-made threats Threats caused by humans such as hacker attacks, terrorism, or destruction of property.

Mantrap A turnstile or other gated apparatus used to detain an individual between a trusted state and an untrusted state for authentication.

Massive array of inactive disks (MAID) A large array of hard drives that are kept inactive until needed.

Master boot record infector A virus that infects a master boot record.

Materiality An expression of the relative significance or importance of a particular matter in the context of the organization as a whole.

MD5 A hashing algorithm that produces a 128-bit output.

Media Access Control (MAC) The hard-coded address of the physical-layer device that is attached to the network. All network interface controllers must have a hard-coded and unique MAC address. The MAC address is 48 bits long.

Message switching A strategy that enables communication channels to be used simultaneously by more than one node. At each transfer point in the connection, incoming data is stored in its entirety and then forwarded to the next point. This process continues until the data reaches its destination.

Methodology A set of documented procedures used for performing activities in a consistent, accountable, and repeatable manner.

Middleware Software that “glues together” two or more types of software (for example, two applications, their operating systems, and the network on which everything works) by translating information between them and exchanging this information over a network. The interacting applications are not aware of the middleware.

Minimum acceptable level of risk The stake that an organization defines for the seven areas of information security responsibility. Depending on the goals and objectives for maintaining confidentiality, integrity, and availability of the IT infrastructure and its assets, the minimum acceptable level of risk will dictate the amount of information security.

Mobile site Portable data-processing facility transported by trailers to be quickly moved to a business location. Typically used by insurance companies and the military, these facilities provide a ready-conditioned information-processing facility that can contain servers, desktop computers, communications equipment, and even microwave and satellite data links.

Modem A device used to connect a computer to an analog phone line. Modems use the process of modulation.

Modulation Used by modems to convert a digital computer signal into an analog telecommunications signal.

Moore’s law The belief that processing power of computers will double about every 18 months due to technological improvements.

Multicast The process of sending a computer packet to a group of recipients.

Multipartite virus A virus that attempts to attack both the boot sector and executable files.

Network address translation (NAT) A method of connecting multiple computers to the Internet using one IP address so that many private addresses are converted to a single public address.

Network administrator The individual responsible for the installation, management, and control of a network. When problems with the network arise, this is the person to call.

Network operations center (NOC) An organization’s help desk or interface to its end users where trouble calls, questions, and trouble tickets are generated.

NIST 800-42 The purpose of this document is to provide guidance on network security testing. It deals mainly with techniques and tools used to secure systems connected to the Internet.

Noise Any unwanted signal, such as static, that interferes with the clarity of data being transmitted, thus creating the possibility that the receiver will receive a misconstrued message.

Non-attribution The act of not providing a reference to a source of information.

Non-repudiation A system or method put in place to ensure that an individual or system cannot deny his/her/its own actions.

On-premise The process of running computers or a data center on-premises rather than running these services at a remote data center.

One-time pad An encryption mechanism that can be used only once and that is, theoretically, unbreakable. One-time pads function by combining plaintext with a random pad (secret key) that is the same length as the plaintext.

Open Shortest Path First (OSPF) A routing protocol that determines the best path for routing IP traffic over a TCP/IP network. It uses less router-to-router update traffic than the RIP protocol that it has been designed to replace.

Open source Based on the GNU General Public License. Software that is open source is released under an open source license or to the public domain. The source code can be seen and can be modified.

Operating system (OS) identification The practice of identifying the operating system of a networked device through either passive or active techniques.

Operational control Day-to-day controls that are used for normal daily operation of the organization. Operational controls ensure that normal operational objectives are achieved.

Outsourcing A contract arrangement between a third party and the organization for services such as web hosting, application development, or data processing.

OWASP The Open Web Application Security Project (OWASP) is a non-profit organization that is focused on improving application security.

Packet filter A form of stateless inspection performed by some firewalls and routers.

Packet switching A data transmission method that divides messages into standard-sized packets for greater efficiency in routing and transporting them through a network.

Paper shredder A hardware device used for destroying paper and documents by shredding to prevent dumpster diving.

Paper test A type of disaster-recovery test that reviews the steps of the test without actually performing the steps. This type of disaster-recovery test is normally used to help team members review the proposed plan and become familiar with the test and its objectives.

Parallel testing A mode of testing in which a stream of data is fed into two systems to allow processing by both so that the results can be compared.

Passive (OS) fingerprint A passive method of identifying the OS of a targeted computer or device. No traffic or packets are injected into the network; attackers simply listen to and analyze existing traffic.

Password Authentication Protocol (PAP) A form of authentication in which cleartext usernames and passwords are passed.

Patent Exclusive rights granted by the federal government to an inventor to exclude others from making, using, or selling his or her invention.

Pattern matching A method used by IDS systems to identify malicious traffic. It is also called signature matching and works by matching traffic against signatures stored in a database.

Penetration test A method of evaluating the security of a network or computer system by simulating an attack by a malicious hacker but without doing harm and with the owner’s consent.

Personal area network (PAN) Used when discussing Bluetooth devices; refers to the connection that can be made with Bluetooth between these various devices.

Personal digital assistant (PDA) A handheld device that combines computing, telephone/fax, and networking features. A typical PDA can function as a cellular phone, fax sender, and personal organizer. Many PDAs incorporate handwriting and/or voice-recognition features. PDAs also are called palmtops, handheld computers, and pocket computers.

Phishing The act of misleading or tricking an individual into providing personal and confidential information to an attacker masquerading as a legitimate individual or business.

Phreaker An individual who hacks phone systems or phone-related equipment. Phreakers predate computer hackers.

Piggybacking A method of gaining unauthorized access into a facility by following an authorized employee through a controlled access point or door.

Ping sweep The process of sending ping requests to a series of devices or to the entire range of networked devices.

Policy A high-level document that dictates management intentions toward security.

Polyinstantiation Prevents inference attacks by allowing different versions of information to exist at different classification levels. For example, a Navy officer without classified access might want information about a ship and discover that it has left port and is bound for Europe. A Navy officer with classified access then might access the same database and discover that the ship has left port, but is really bound for Asia.

Polymorphic virus A virus that is capable of change and mutation.

Port Ports are used by protocols and applications to assign addresses to services. As an example, port 21 is used for FTP while port 80 is used for HTTP. Port numbers are divided into three ranges : Well-Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well-Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151, and Dynamic and/or Private Ports are those from 49152 through 65535.

Post Office Protocol (POP) A commonly implemented method of delivering email from the email server to the client machine. Other methods include IMAP and Microsoft Exchange.

Prepender A virus type that adds the virus code to the beginning of existing executables.

Pretexting Collecting information about a person under false pretenses.

Preventative controls Controls that reduce risk and are used to prevent undesirable events from happening.

Principle of deny all A process of securing logical or physical assets by first denying all access and then allowing access only on a case-by-case basis.

Privacy impact analysis The process of reviewing the information held by the corporation and assessing the damage that would result if sensitive or personal information were lost, stolen, or divulged.

Private cloud A category of cloud service that is private to a specific organization and is only used by it.

Probability The likelihood of an event happening.

Procedure A detailed, in-depth, step-by-step document that lays out exactly what is to be done and how it is to be accomplished.

Program Evaluation and Review Technique (PERT) A planning and control tool representing, in diagram form, the network of tasks required to complete a project, establishing sequential dependencies and relationships among the tasks.

Protocol A set of formalized rules that describe how data is transmitted over a network. Low-level protocols define the electrical and physical standard, whereas high-level protocols deal with formatting of data. TCP and IP are examples of high-level LAN protocols.

Prototyping The process of quickly putting together a working model (a prototype) to test various aspects of the design, illustrate ideas or features, and gather early user feedback. Prototyping is often treated as an integral part of the development process, where it is believed to reduce project risk and cost.

Proxy server Proxy servers are a type of firewall. They are used to improve performance and for added security. A proxy server intercepts all requests to the real server to see whether it can fulfill the requests itself. If not, it forwards the request to the real server.

Public cloud service A cloud-based service that is available to everyone. DropBox would be an example of a public cloud service.

Public key encryption An encryption scheme that uses two keys. In an email transaction, for example, the public key encrypts the data and a corresponding private key decrypts the data. Because the private key is never transmitted or publicized, the encryption scheme is extremely secure. For digital signatures, the process is reversed: the sender uses the private key to create the digital signature, which anyone who has access to the corresponding public key can read.

Public key infrastructure (PKI) Infrastructure used to facilitate e-commerce and build trust. PKI consists of hardware, software, people, policies, and procedures; it is used to create, manage, store, distribute, and revoke public key certificates. PKI is based on public-key cryptography.

Qualitative assessment An analysis of risk that places the probability results into terms such as none, low, medium, and high.

Qualitative risk assessment A scenario-based assessment in which one scenario is examined and assessed for each critical or major threat to an IT asset.

Quantitative analysis A numerical evaluation and analysis based on monetary valuation.

Quantitative risk assessment A methodical, step-by-step calculation of asset valuation, exposure to threats, and the financial impact or loss in the event of the threat being realized.

Queue Any group of items, such as computer jobs or messages, waiting for service.

Record A collection of data items or fields treated as one unit.

Recovery point objective (RPO) The point in time to which data must be restored to resume processing transactions. RPO is the basis on which a data protection strategy is developed.

Recovery testing Testing aimed at verifying the system’s capability to recover from varying degrees of failure.

Recovery time objective (RTO) During the execution of disaster recovery or business continuity plans, the time goal for the reestablishment and recovery of a business function or resource.

Red team A group of ethical hackers who help organizations to explore network and system vulnerabilities by means of penetration testing.

Redundant array of independent disks (RAID) A type of fault tolerance and performance improvement for disk drives that employs two or more drives in combination.

Registration authority (RA) An entity responsible for the identification and authentication of the PKI certificate. The RA is not responsible for signing or issuing certificates. The most common form of certificate is the X.509 standard.

Remote Authentication Dial-In User Service (RADIUS) A client/server protocol and software that allows remote-access servers to communicate. Used in wireless systems such as 802.1x.

Repeater A network device used to regenerate or replicate a signal. Repeaters are used in transmission systems to regenerate analog or digital signals distorted by transmission loss.

Repository A central place where data is stored and maintained. A repository can be a place where multiple databases or files are located for distribution over a network, or it can be a location that is directly accessible to the user.

Required vacations A security control used to uncover misuse or illegal activity by requiring employees to use their vacation.

Reverse engineering The process of taking a software program apart and analyzing its workings in detail, usually to construct a new device or program that does the same thing without actually copying anything from the original.

Rijndael A symmetric encryption algorithm chosen to be the Advanced Encryption Standard (AES).

Ring topology A topology used by token ring and FDDI networks in which all devices are connected in a ring. Data packets in a ring topology are sent in a deterministic fashion from sender and receiver to the next device in the ring.

Risk The subjective measure of the potential for harm that can result from the action of a person or thing.

Risk acceptance An informed decision to suffer the consequences of likely events.

Risk assessment A process for evaluating the exposure or potential loss or damage to the IT and data assets for an organization.

Risk avoidance A decision to take action to avoid a risk.

Risk management The overall responsibility and management of risk within an organization. Risk management involves dissemination of roles, responsibilities, and accountabilities for risk in an organization.

Risk transference Shifting the responsibility or burden to another party or individual.

Rogue access point An 802.11 access point that has been set up by an attacker for the purpose of diverting legitimate users so that their traffic can be sniffed or manipulated.

Role-based access control (RBAC) A type of discretionary access control in which users are placed into groups to facilitate management. This type of access control is widely used by banks and casinos.

Rotation of assignment A security mechanism that moves employees from one job to another so that one person does not stay in one position forever. This makes it harder for an employee to hide malicious activity.

Rounding down A method of computer fraud that involves rounding down dollar amounts so that small amounts of money are stolen. As an example, the value $1,199.50 might be rounded down to $1,199.00.

Router A device that determines the next network point to which a data packet should be forwarded en route to its destination. The router is connected to at least two networks and determines which way to send each data packet based on its current understanding of the state of the networks it is connected to. Routers create or maintain a table of the available routes and use this information to determine the best route for a given data packet. Routing occurs at Layer 3 (network layer) of the OSI seven-layer model.

Routing Information Protocol (RIP) A widely used distance-vector protocol that determines the best route by hop count.

Rule-based access control (RBAC) A type of mandatory access control that matches objects to subjects. It dynamically assigns roles to subjects based on their attributes and a set of rules defined by a security policy.

SCADA Supervisory Control and Data Acquisition (SCADA) is typically used for remotely monitoring and controlling industrial processes.

Scope creep This is the uncontrolled change in a project’s scope. It causes the assessment to drift away from its original scope and result in budget and schedule overruns.

Script kiddie The least skilled level of criminal hacker, who looks for easy targets or well-worn vulnerabilities.

Screen scraper A type of malware designed to capture data displayed to the screen.

Secure Sockets Layer (SSL) Developed by Netscape for transmitting private documents via the Internet. It works by using a private key to encrypt data that is transferred over the SSL connection. It is widely used and accepted by Netscape and Internet Explorer. Very similar to transport layer security (TLS).

Security breach or security incident The result of a threat or vulnerability being exploited by an attacker.

Security bulletin A memorandum or message from a software vendor or manufacturer documenting a known security defect in the software or application itself. Security bulletins are typically accompanied with instructions for loading a software patch to mitigate the security defect or software vulnerability.

Security by obscurity The controversial use of secrecy to ensure security.

Security controls Policies, standards, procedures, and guideline definitions for various security control areas or topics.

Security countermeasure A security hardware or software technology solution that is deployed to ensure the confidentiality, integrity, and availability of IT assets that need protection.

Security kernel A combination of software, hardware, and firmware that makes up the trusted computing base (TCB). The TCB mediates all access, must be verifiable as correct, and is protected from modification.

Security testing Techniques used to confirm the design and/or operational effectiveness of security controls implemented within a system. Examples include attack and penetration studies to determine whether adequate controls have been implemented to prevent breach-of-system controls and processes, and password strength testing by using tools like password crackers.

Separation of duties Given the seven areas of information security responsibility, separation of duties defines the roles, tasks, responsibilities, and accountabilities for information security uniquely for the different duties of the IT staff and IT security staff.

Service-level agreement (SLA) A contractual agreement between an organization and its service provider. SLAs define and protect the organization in regard to holding the service provider accountable for the requirements as defined in the agreement.

Service Set ID (SSID) The SSID is a sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local area network; it is used to differentiate networks.

SHA-1 A hashing algorithm that produces a 160-bit output.

Shoulder surfing The act of looking over someone’s shoulder to steal their system credentials.

Signature scanning One of the most basic ways of scanning for computer viruses, it works by comparing suspect files and programs to fingerprints or descriptors of known viruses stored in a database.

Simple Network Management Protocol (SNMP) An application layer protocol that facilitates the exchange of management information between network devices. Version 1 uses well-known community strings or passwords of public and private.

Single loss expectancy (SLE) A monetary figure that represents an organization’s cost from a single loss of a given IT asset.

Site survey The process of determining the optimum placement of wireless access points. The objective of the site survey is to create an accurate wireless system design/layout and budgetary quote.

Smurf attack A DDoS attack where an attacker transmits large amounts of ICMP echo request (ping) packets to a targeted IP destination device using the targeted destination’s IP source address. This is called spoofing the IP source address. IP routers and other IP devices that respond to broadcasts will respond back to the targeted IP device with ICMP echo replies, thus multiplying the amount of bogus traffic.

Sniffer A hardware or software device that can be used to intercept and decode network traffic.

Social engineering The practice of tricking employees into revealing sensitive data about their computer system or infrastructure. This type of attack targets people and is the art of human manipulation. Even when systems are physically well protected, social engineering attacks are possible.

Software bug or software flaw An error in software coding or its design; it can result in software vulnerability.

Software vulnerability standard A standard that accompanies an organization’s vulnerability assessment and management policy. This standard typically defines the organization’s vulnerability window definition and how the organization is to provide software vulnerability management and software patch management throughout the enterprise.

Source code A non-executable program written in a high-level language. A compiler or assembler must translate the source code into an object code (machine language) that the computer can understand.

Spam Also known as spamming. The use of any electronic communications medium to send unsolicited messages in bulk. Spamming is a major irritation of the Internet era.

Spoofing The act of masking your identity and pretending to be someone else or another device. Common spoofing methods include ARP, DNS, and IP. It is also implemented by email in what is described as phishing schemes.

Spyware Any software application that covertly gathers information about a user’s Internet usage and activity and then exploits this information by sending adware and pop-up ads based on the user’s Internet usage history.

Stateful inspection An advanced firewall architecture that works at the network layer and can keep track of packet activity. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. One example is a DNS reply that has just been received in response to a DNS request.

Statistical sampling The selection of sample units from a population, and the measurement and/or recording of information about these units, to obtain estimates of population characteristics.

Steganography A cryptographic method of hiding the existence of a message. A commonly used method places information in pictures.

Storage area network (SAN) A high-speed subnetwork that interconnects different data-storage devices with associated data servers for a large network. SANs support disk mirroring, backup and restore, archival and retrieval of archived data, data migration from one storage device to another, and the sharing of data among different servers in a network.

Stream cipher Encrypts data typically one byte at a time.

Structured Query Language (SQL) The standardized relational database language for querying, manipulating, and updating information in a relational database.

Supply chain management (SCM) Intercompany planning control and monitoring of central functions such as procurement, production, and sales to increase their efficiency.

Switch A device that links several separate LANs and provides packet filtering among them. A LAN switch is a device with multiple ports, each of which can support an entire Ethernet or token ring LAN. Operates at Layer 2 of the OSI model.

Symmetric algorithm An encryption algorithm that relies on a single key for encryption and decryption.

Symmetric encryption An encryption standard that requires all parties to have a copy of a shared key. A single key is used for both encryption and decryption.

SYN flood attack A DDoS attack where the attacker sends a succession of SYN packets with a spoof address to a targeted destination IP device, but does not send the last ACK packet to acknowledge and confirm receipt. This leaves half-open connections between the client and the server until all resources are absorbed, rendering the server or targeted IP destination device unavailable because of resource allocation to this attack.

Synchronize sequence number Initially passed to the other party at the start of the three-step startup, it is used to track the movement of data between parties. Every byte of data sent over a TCP connection has a sequence number.

Synchronous transmission A method of communication in which data is sent in blocks, without the need for start and stop bits between each byte. Synchronization is achieved by sending a clock signal along with the data and by sending special bit patterns to denote the start of each block.

System development life cycle (SDLC) A method for developing information systems. It has five main stages: analysis, design, development, implementation, and evaluation. Each stage has several components; for example, the development stage includes programming (coding, including internal documentation, debugging, testing, and documenting) and acquiring equipment (selection, acquisition [purchase or lease], and testing).

System software The software that controls the operations of a computer system. It is a group of programs instead of one program. The operating system controls the hardware in the computer and peripherals, manages memory and files and multitasking functions, and is the interface between applications and the computer.

System testing Bringing together all the programs that a system comprises, for testing purposes. Programs are typically integrated in a top-down, incremental fashion.

TCO Total cost of ownership is the total cost of a safeguard.

TCP handshake A three-step process computers go through when negotiating a connection with one another. The process is a target of attackers and others with malicious intent.

Telecommunications Systems that transport information over a distance, sending and receiving audio, video, and data signals by electronic means.

TEMPEST A method of shielding equipment to prevent the capture and use of stray electronic signals to reconstruct them into useful intelligence.

Terminal Access Controller Access Control System (TACACS) A UDP-based access control protocol that provides authentication, authorization, and accountability.

Test data Data that is run through a computer program to test the software. Test data can be used to test compliance with controls in the software.

Threat Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset.

Throughput The amount of data transferred from one place to another or processed in a specified amount of time. Data transfer rates for disk drives and networks are measured in terms of throughput. Typically, throughputs are measured in kilobits per second, megabits per second, and gigabits per second.

Time-to-live (TTL) A counter used within an IP packet that specifies the maximum number of hops that a packet can traverse. When a TTL is decremented to zero, a packet expires.

Traceroute A way of tracing hops or computers between the source and target computer you are trying to reach. Gives the path the packets are taking.

Trademark Legal protection for a logo, name, or characteristic that can be identified as exclusive.

Trans-border data flow The term used to describe the fact that data no longer stays in one place in the course of storage or use.

Transmission Control Protocol (TCP) One of the main protocols of IP. It is used for reliability and guaranteed delivery of data.

Transmission Control Protocol/Internet Protocol (TCP/IP) A collection of protocols used to provide the basis for Internet and World Wide Web services.

Trapdoor function One-way function that is the mechanism by which asymmetric encryption algorithms function.

Trojan A Trojan is a program that does something undocumented that the programmer or designer intended, but that the end user would not approve of if he or she knew about it.

Trusted computing base (TCB) All the protection mechanisms within a computer system. This includes hardware, firmware, and software that are responsible for enforcing a security policy.

Trusted Computer System Evaluation Criteria (TCSEC) A publication of the United States Department of Defense; also called the Orange Book. TCSEC is designed to evaluate standalone systems. It places them into one of four levels: A, B, C, or D. Its basis of measurement is confidentiality.

Trusted Network Interpretation (TNI) Also known as the Red Book. A document that is part of the Rainbow Series.

Trusted Platform Module Trusted Platform Module (TPM) is an international standard for a secure hardware device that has integrated cryptographic keys installed. TPM uses a dedicated microprocessor.

Tumbling The process of rolling through various electronic serial numbers on a cell phone to attempt to find a valid set to use.

Tunneling A technology that enables one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft’s PPTP technology enables organizations to use the Internet to transmit data across a VPN. It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet. Tunneling is also called encapsulation. Can also be used covertly, as with STUNNEL and other programs.

Turnstile A one-way gate or access control mechanism used to limit traffic and control the flow of people.

Uninterruptible power supply (UPS) A device designed to provide a backup power supply during a power failure. Basically, a UPS is a battery backup system with an ultra-fast sensing device.

Universal Serial Bus (USB) A specification standard for connecting peripherals to a computer. It can connect up to 127 devices to a computer and transfers data at a slower rate, a maximum of 12Mbps.

User Datagram Protocol (UDP) A connectionless protocol that provides very few error recovery services, but offers a quick and direct way to send and receive datagrams.

Utility programs A standard set of routines that assist in the operation of a computer system by performing some frequently required process, such as copying, sorting, or merging.

Verification The process of confirming that data is correct and accurate before it is processed or entered.

Virtual machine (VM) The emulation of a physical machine in a virtual workspace.

VLAN A Virtual LAN (VLAN) is technology typically built into a switch that allows the broadcast domain to be restricted to a specific number of switch ports. VLANs allow the segmentation of traffic that is typically done at OSI layer 3 to be performed at OSI layer 2.

VSAN A virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, which form a virtual fabric. These ports can be partitioned into multiple VSANs.

Virtual private network (VPN) A private network that uses a public network to connect remote sites and users.

Virus A computer program with the capability to generate copies of itself and thereby spread. Viruses usually require the interaction of an individual and can have rather benign results, such as flashing a message to the screen, or malicious results that destroy data, systems, integrity, or availability.

Virus hoax A chain letter designed to trick you into forwarding to many other people warning of a virus that does not exist. The Good Times virus is an example.

Voice over IP (VolP) The capability to convert voice or fax calls into data packets for transmission over the Internet or other IP-based networks.

Vulnerability The absence or weakness of a safeguard in an asset.

Vulnerability assessment A methodical evaluation of an organization’s IT weaknesses in infrastructure components and assets, and how those weaknesses can be mitigated through proper security controls and recommendations.

Vulnerability management The overall responsibility for and management of vulnerabilities within an organization through dissemination of duties throughout the IT organization.

War dialing The process of using a software program to automatically call thousands of telephone numbers to look for any that have a modem attached.

War driving The process of driving around a neighborhood or area to identify wireless access points.

Warm site An alternate computer facility that is partially configured and can be made ready in a few days.

Whitebox testing A security assessment or penetration test in which all aspects of the network are known.

Wide area network (WAN) Network that spans the distance between buildings, cities, and even countries. WANs are LANs connected using wide area network services from telecommunications carriers; they typically use technologies such as standard phone lines—called plain old telephone service (POTS) or public switched telephone network (PSTN)—Integrated Services Digital Network (ISDN), Frame Relay, Asynchronous Transfer Mode (ATM), or other high-speed services.

Wi-Fi Protected Access (WPA) A security standard for wireless networks designed to be more secure than WEP. Developed from the draft 802.11i standard.

Wired Equivalent Privacy (WEP) WEP is based on the RC4 encryption scheme. It was designed to provide the same level of security as that of a wired LAN. Because of 40-bit encryption and problems with the initialization vector, it was found to be insecure.

Work breakdown structure (WBS) Process oriented; shows what activities need to be completed in a hierarchical manner.

Worm A self-replicating program that spreads by inserting copies of itself into other executable codes, programs, or documents. Worms typically flood a network with traffic and result in a denial of service.

Wrapper A type of program used to bind a Trojan program to a legitimate program. The objective is to trick the user into running the wrapped program and installing the Trojan.

Written authorization One of the most important parts of the ethical hack. It gives you permission to perform the tests agreed to by the client.

XP Extreme programming, an Agile development method.

Zero day exploit An exploit for a vulnerability with no available vendor patch.

Zone transfer The mechanism used by DNS servers to update each other by transferring Resource Record. The transfer contains IP addresses that are mapped to the corresponding domain name. This should be a controlled process between two DNS servers to prevent hackers from stealing the organization’s DNS information.