Glossary
3DES See Triple DES.
3DES-EDE2 A triple DES mode in which each block of data is encrypted with the first key, decrypted with the second key, and encrypted again with the first key.
3DES-EDE3 A triple DES mode in which each block of data is encrypted with the first key, decrypted with the second key, and encrypted with the third key.
3DES-EEE2 A triple DES mode in which each block of data is encrypted with the first key, encrypted with the second key, and encrypted again with the first key.
3DES-EEE3 A triple DES mode in which each block of data is encrypted three times, each time with a different key.
3-D Secure An XML-based protocol designed to provide an additional security layer for online credit and debit card transactions.
6 to 4 An IPv4-to-IPv6 transition method that allows IPv6 sites to communicate with each other over an IPv4 network.
802.1x A standard that defines a framework for centralized port-based authentication.
802.11e An IEEE standard created to provide QoS for packets when they traverse a wireless segment.
A A DNS record that represents the mapping of a single device to an IPv4 address.
A See availability.
AAAA A DNS record that represents the mapping of a single device to an IPv6 address.
AC See Access Complexity.
acceptability The likelihood that users will accept and follow a system.
acceptance testing A type of testing used to verify whether software is doing what the end user expects it to do.
Access Complexity (AC) A base metric that describes the difficulty of exploiting a vulnerability.
access control list (ACL) A list of permissions attached to an object, including files, folders, servers, routers, and so on. Such rule sets can be implemented on firewalls, switches, and other infrastructure devices to control access.
access control matrix A table that consists of a list of subjects, a list of objects, and a list of the actions that a subject can take on each object.
access control policy A defined method for identifying and authenticating users and the level of access that is granted to the users.
Access Vector (AV) A base metric that describes how an attacker would exploit a vulnerability.
accreditation The formal acceptance of the adequacy of a system’s overall security by management.
accuracy The most important characteristic of biometric systems, which indicates how correct the overall readings will be.
ACL See access control list.
acquisition stage The phase of the systems development life cycle in which a series of activities provide input to facilitate making a decision about acquiring or developing a solution; the organization then makes a decision on the solution.
action factor Authentication based on something a person does.
active fingerprinting Fingerprinting tools that transmit packets to remote hosts and analyze the replies for clues about the replying system.
active reader/active tag (ARAT) An RFID system in which active tags are woken with signals from the active reader.
active reader/passive tag (ARPT) An RFID system in which the active reader transmits signals and receives replies from passive tags.
address space layout randomization (ASLR) A technique that can be used to prevent memory attacks. ASLR randomly arranges the address space positions of key data areas.
administrative control A security control that is implemented to administer an organization’s assets and personnel and includes security policies, procedures, standards, and guidelines that are established by management.
advanced persistent threat (APT) A hacking process that targets a specific entity and is carried out over a long period of time.
AES The replacement algorithm for DES.
after-action report A report that serves as a process for handling changes that must be made after an incident.
agile model A development model that emphasizes continuous feedback and cross-functional teamwork.
AIK See attestation identity key.
AJAX See Asynchronous JavaScript and XML.
alert fatigue The effect on the security team that occurs when too many false positives (alerts that do not represent threats) are received.
alert thresholds A setting that causes an alert to be issued only when a specific number of occurrences of the event have occurred.
Android fragmentation Refers to the overwhelming number of versions of Android that are sold.
application sandboxing A process that entails limiting the parts of the operating system and user files the application is allowed to interact with.
application security frameworks Frameworks created to guide the secure development of applications.
application wrappers Policies by which administrators can allow employees with corporate-owned or personal mobile devices to safely download an app, typically from an internal store.
application-level proxy A proxy device that performs deep packet inspection.
APT See advanced persistent threat.
AR See augmented reality.
architecture design A process that uses data flow diagrams and transformation mapping to describe distinct boundaries between incoming and outgoing data. It uses information flowing characteristics and maps them into the program structure.
ASLR See address space layout randomization.
asset management The process of tracking the devices that an organization owns.
asset Any object that is of value to an organization, including personnel, facilities, devices, and so on.
asymmetric encryption An encryption method whereby a key pair performs encryption and decryption. One key performs the encryption, whereas the other key performs the decryption. Also referred to as public key encryption.
Asynchronous JavaScript and XML (AJAX) A group of interrelated web development techniques used on the client side to create asynchronous web applications.
attestation identity key (AIK) TPM versatile memory which ensures the integrity of the endorsement key (EK).
attestation A process that allows changes to a user’s computer to be detected by authorized parties.
Au See Authentication.
audit reduction tools Preprocessors designed to reduce the volume of audit records to facilitate manual review.
augmented reality (AR) A view of a physical, real-world environment whose elements are augmented by computer-generated or extracted real-world sensory input such as sound, video, graphics, or GPS data.
Authentication (Au) A base metric that describes the authentication an attacker would need to get through to exploit a vulnerability.
authentication header (AH) An IPsec component that provides data integrity, data origin authentication, and protection from replay attacks.
authentication period A policy that specifies how long a user can remain logged in.
authentication The act of validating a user with a unique identifier by providing the appropriate credentials.
author identification The process of determining software’s author.
authorization The point after identification and authentication at which a user is granted rights and permissions to resources.
automation The process of using scripting to schedule operations.
Availability (A) A base metric that describes the disruption that might occur if a vulnerability is exploited.
availability A value that describes what percentage of the time a resource or data is available. The tenet of the CIA triad that ensures that data is accessible when and where it is needed.
BACnet (Building Automation and Control Networks) A protocol used by HVAC systems.
base A CVSS metric group of characteristics of a vulnerability that are constant over time and user environments.
baseline An information security governance component that acts as a reference point that is defined and captured to be used as a future reference. Both security and performance baselines are used.
bastion host A host that may or may not be a firewall. The term actually refers to the position of any device. If it is exposed directly to the Internet or to any untrusted network, we would say it is a bastion host.
BCP See business continuity plan.
benchmark An information security governance component that captures the same data as a baseline and can even be used as a new baseline should the need arise. A benchmark is compared to the baseline to determine whether any security or performance issues exist.
best practices Standard procedures that have been found over time to be advantageous based on the industry in which the organization is engaged.
BGP See Border Gateway Protocol.
BIA See business impact analysis.
big data A term for sets of data so large or complex that they cannot be analyzed by traditional data processing applications.
Black Hat convention An annual conference held in Las Vegas and other locations in Europe and Asia that includes four days of training and two days of briefings, providing attendees with the latest in information security research, development, and trends in a vendor-neutral environment.
black hat An entity with malicious intent that breaks into an organization’s system(s).
black-box testing Testing in which the team is provided with no knowledge regarding the organization’s network.
blind test A pen test in which the testing team is provided with limited knowledge (publicly available information) of the network systems and devices.
block cipher A cipher that performs encryption by breaking a message into fixed length units.
blockchain A continuously growing list of records, called blocks, which are linked and secured using cryptography.
block-level encryption Encryption of a disk partition or a file that is acting as a virtual partition. Also known as disk-level encryption.
Blowfish A block cipher that uses 64-bit data blocks using anywhere from 32- to 448-bit encryption keys. Blowfish performs 16 rounds of transformation.
blue team The team that acts as the network defense team in a pen test.
Bluejacking An attack in which unsolicited messages are sent to a Bluetooth-enabled device, often for the purpose of adding a business card to the victim’s contact list.
Bluesnarfing Unauthorized access to a device using a Bluetooth connection. The attacker tries to access information on the device rather than send messages to the device.
Bluetooth A wireless technology that is used to create personal area networks (PANs) in the 2.4 GHz frequency.
BPA See business partnership agreement.
bring your own device (BYOD) An initiative undertaken by many organizations to allow the secure use of personal devices on a corporate network.
browser extension or add-on A small program or script that increases the functionality of a website.
brute-force attack A password attack that entails attempting all possible combinations of numbers and characters.
buffer overflow An attack that occurs when the amount of data that is submitted is larger than the buffer allocated for it.
Build Security In (BSI) An initiative that promotes a process-agnostic approach that makes security recommendations with regard to architectures, testing methods, code reviews, and management processes.
build-and-fix approach A method of developing software as quickly as possible and releasing it right away. This method, which was used in the past, has been largely discredited and is now used as a template for how not to manage a development project.
business continuity plan A plan that considers all aspects that are affected by a disaster, including functions, systems, personnel, and facilities, and lists and prioritizes the services that are needed, particularly the telecommunications and IT functions.
business impact analysis (BIA) A functional analysis that occurs as part of business continuity and disaster recovery and lists the critical and necessary business functions, their resource dependencies, and their level of criticality to the overall organization.
business partnership agreement (BPA) An agreement between two business partners that establishes the conditions of the partner relationship.
BYOD See bring your own device.
C See Confidentiality.
CAST-128 A block cipher that uses a 40- to 128-bit key that performs 12 or 16 rounds of transformation on 64-bit blocks.
CAST-256 A block cipher that uses a 128-, 160-, 192-, 224-, or 256-bit key that performs 48 rounds of transformation on 128-bit blocks.
CBC See Cipher Block Chaining.
CBC-MAC See Cipher Block Chaining MAC.
CCE See Common Configuration Enumeration.
CDP See Cisco Discovery Protocol.
CERT See Computer Emergency Readiness Team.
certificate revocation list (CRL) A list of digital certificates that a CA has revoked.
certificate-based authentication Authentication based on public and private keys that requires the deployment of a PKI.
certification The process of evaluating software for its security effectiveness with regard to the customer’s needs.
certification authority (CA) An entity that creates and signs digital certificates, maintains the certificates, and revokes them when necessary.
CFB See Cipher Feedback.
chain of custody A series of documents that shows who controlled the evidence, who secured the evidence, and who obtained the evidence.
Challenge Handshake Authentication Protocol (CHAP) An authentication protocol that solves the cleartext problem by operating without sending the credentials across the link.
change control process A process used to examine proposed changes for unforeseen consequences and study for proper integration into the current environment.
change management A process used to ensure that all changes are beneficial and approved.
CHAP See Challenge Handshake Authentication Protocol.
characteristic factor Authentication based on something a person is.
CI See configuration item and continuous integrations.
CIA triad The three goals of security: confidentiality, integrity, and availability.
CIP plan See critical infrastructure protection plan.
Cipher Block Chaining (CBC) A DES mode in which 64-bit blocks are chained together because each resultant 64-bit ciphertext block is applied to the next block. Plaintext message block 1 is processed by the algorithm using an initialization vector. The resultant ciphertext message block 1 is XORed with plaintext message block 2, resulting in ciphertext message 2. This process continues until the message is complete.
Cipher Block Chaining MAC (CBC-MAC) A block-cipher MAC that operates in CBC mode.
Cipher Feedback (CFB) A DES mode that works with 8-bit (or smaller) blocks and uses a combination of stream ciphering and block ciphering. As with CBC, the first 8-bit block of the plaintext message is XORed by the algorithm using a keystream, which is the result of an initialization vector and the key. The resultant ciphertext message is applied to the next plaintext message block.
ciphertext An altered form of a message that is unreadable without knowing the key and the encryption system used. Also referred to as a cryptogram.
circuit-level proxy A proxy that operate at the session layer (layer 5) of the OSI model.
Cisco Discovery Protocol (CDP) A proprietary layer 2 protocol, which Cisco devices use to inform each other about their capabilities.
cleanroom model A development model that strictly adheres to formal steps and a more structured method. It attempts to prevent errors and mistakes through extensive testing.
click-jacking An attack that crafts a transparent page or frame over a legitimate-looking page that entices the user to click on something. When he does, he is really clicking on a different URL. In some cases, the attacker may entice the user to enter credentials that the attacker can use later.
client-based application virtualization Virtualization in which the target application is packaged and streamed to the client.
client-side attack An attack that targets vulnerabilities in a client’s applications that work with the server. It can occur only if the client makes a successful connection with the server.
client-side processing Web application design in which processing occurs on the client side, which taxes the web server less and allows it to serve more users.
client-side targets Vulnerabilities in the client’s applications that work with the server.
clipping level A configured baseline threshold above which violations are recorded.
cloud computing Computing in which resources are available in a web-based data center so the resources can be accessed from anywhere.
cloud security broker A software layer that operates as a gatekeeper between an organization’s on-premises network and a provider’s cloud environment. Also called a cloud access security broker (CASB).
cloud-based collaboration A means of collaboration used by enterprises and small teams for storing documents, communicating, and sharing updates on projects.
clustering The process of providing load-balancing services by using multiple servers running the same application and data set.
CMDB See configuration management database.
CMS See content management system.
CNAME A DNS record that represents an additional hostname mapped to an IPv4 address that already has an A record mapped.
code analyzers Automated tools that perform code analysis.
code quality Refers to code that has high quality (documented, maintainable, and efficient).
code reuse The process of reusing previously created code elements.
code review The systematic investigation of code for security and functional problems.
code signing A process that occurs when code creators digitally sign executables and scripts so that the user installing the code can be assured that it comes from the verified author.
cognitive password A password type that is a piece of information that can be used to verify an individual’s identity. This information is provided to the system by the user’s answering a series of questions based on the his or her life, such as favorite color, pet’s name, mother’s maiden name, and so on.
collision An event that occurs when a hash function produces the same hash value on different messages.
combination password A password type that uses a mix of dictionary words, usually two unrelated words.
commissioning The process of implementing an asset on an enterprise network.
Common Configuration Enumeration (CCE) Configuration best practice statements maintained by the NIST.
Common Platform Enumeration (CPE) Methods for describing and classifying operating systems applications and hardware devices.
common vulnerabilities and exposures (CVEs) Vulnerabilities that have been identified and issued standard numbers.
Common Vulnerability Scoring System (CVSS) A system of ranking vulnerabilities that are discovered based on predefined metrics.
common weakness enumeration (CWE) Design flaws in the development of software that can lead to vulnerabilities.
communications analysis The process of analyzing communication over a network by capturing all or part of the communication and searching for particular types of activity.
community cloud A cloud computing model in which the cloud infrastructure is shared among several organizations from a specific group with common computing needs.
compensative control A security control that substitutes for a primary access control and mainly acts as a mitigation to risks.
complex password A password type that forces a user to include a mixture of upper- and lowercase letters, numbers, and special characters.
Computer Emergency Response Team (CERT) An organization that studies security vulnerabilities and provides assistance to organizations that become victims of attacks. Part of the Software Engineering Institute of the Carnegie Mellon University at Pittsburgh, it offers 24-hour emergency response service and shares information for improving web security.
Confidentiality (C) A base metric that describes the information disclosure that may occur if a vulnerability is exploited.
confidentiality The tenet of the CIA triad which ensures that data is protected from unauthorized disclosure.
configuration item (CI) A uniquely identifiable subset of a system that represents the smallest portion to be subject to an independent configuration control procedure.
configuration lockdown A setting that can be configured on a variety of devices that are correctly configured. It prevents any changes to the configuration.
configuration management database (CMDB) A database that keeps track of the state of assets, such as products, systems, software, facilities, and people, as they exist at specific points in time.
configuration management A process that specifically focuses on bringing order out of chaos by requiring all configuration changes to undergo change management processes.
configuration profiles Profiles that control the use of a device that will make changes to settings such as the passcode settings, Wi-Fi passwords, VPN configurations, and more.
container-based virtualization A type of server virtualization in which the kernel allows for multiple isolated user-space instances. Also called operating system virtualization.
containerization A feature of most mobile device management software that creates an encrypted “container” to hold and quarantine the corporate data separately from that of users.
content analysis Analysis of the contents of a drive or software. Drive content analysis gives a report detailing the types of data by percentage. Software content analysis determines the purpose of the software.
content filtering The process of filtering content for malicious or sensitive data.
content management system (CMS) A system that publishes, edits, modifies, organizes, deletes, and maintains content from a central interface.
content-dependent access control A type of access control that makes access decisions based on an object’s data.
context analysis The process of analyzing the environment the software was found in to discover clues related to determining risk.
context-based authentication A type of authentication that takes multiple factors or attributes into consideration before authenticating and authorizing an entity.
context-dependent access control A type of access control that is based on subject or object attributes or environmental characteristics.
continuity of operations plan (COOP) A business continuity document that considers all aspects that are affected by a disaster, including functions, systems, personnel, and facilities and that lists and prioritizes the services that are needed, particularly the telecommunications and IT functions.
continuity planning A type of planning that deals with identifying the impact of any disaster and ensuring that a viable recovery plan is implemented for each function and system.
continuous integration (CI) The practice of merging all developer working copies into a shared mainline several times a day.
contracting The phase of software acquisition in which the organization creates a request for proposal (RFP) or other supplier solicitation forms.
control plane A component of a router that carries signaling traffic originating from or destined for a router. This is the information that allows the routers to share information and build routing tables.
COOP See continuity of operations plan.
COPE See corporate-owned, personally enabled.
corporate-owned, personally enabled (COPE) A strategy in which an organization purchases mobile devices and users manage the devices.
corrective control A security control that reduces the effect of an attack or another undesirable event.
cost/benefit analysis A type of analysis that involves comparing the costs of deploying a particular solution to the benefits that will be gained from its deployment. See also return on investment and total cost of ownership.
counter mode A DES mode similar to OFB mode that uses an incrementing initialization vector counter to ensure that each block is encrypted with a unique keystream. Also, the ciphertext is not chaining into the encryption process. Because this chaining does not occur, CTR performance is much better than with the other modes.
CPE See Common Platform Enumeration.
crisis communications plan A plan that documents standard procedures for internal and external communications in the event of a disruption using a crisis communications plan. It also provides various formats for communications appropriate to the incident.
critical infrastructure protection (CIP) plan A set of policies and procedures that serve to protect and recover assets and mitigate risks and vulnerabilities.
CRM See customer relationship management.
cross-certification A certification topology that establishes trust relationships between CAs so that the participating CAs can rely on the other participants’ digital certificates and public keys.
crossover error rate (CER) The point at which FRR equals FAR. Expressed as a percentage, this is the most important metric.
cross-site request forgery (CSRF) An attack in which the attacker exploits a website’s trust of the browser.
cross-site scripting (XSS) A web attack that v occurs when an attacker locates a website vulnerability and then injects malicious code into the web application.
crypto module A term used to describe the hardware, software, and/or firmware that implements cryptographic logic or cryptographic processes.
crypto processor A processor that is dedicated to performing encryption and typically includes multiple physical measures to prevent tampering.
cryptocurrencies Currencies with no real backing that make use of a process called blockchain.
cryptographic service provider (CSP) A software library that implements the Microsoft CryptoAPI (CAPI) in Windows.
cryptography A science that either hides data or makes data unreadable by transforming it.
CSRF See cross-site request forgery.
customer relationship management (CRM) A process that identifies customers and stores all customer-related data, particularly contact information and data on any direct contacts with customers.
CVEs See common vulnerabilities and exposures.
CVSS See Common Vulnerability Scoring System.
CWE See Common Weakness Enumeration.
cyber incident response plan A plan that establishes procedures to address cyber attacks against an organization’s information system(s).
DAM See database activity monitor.
data aggregation A process that allows data from multiple resources to be queried and compiled together into a summary report.
data archiving The process of identifying old or inactive data and relocating it to specialized long-term archival storage systems.
data breach An incident in which information that is considered private or confidential is released to unauthorized parties.
data clearing A process that renders information unrecoverable by a keyboard. This attack extracts information from data storage media by executing software utilities, keystrokes, or other system resources executed from a keyboard.
data custodian An individual who implements information classification and controls after they are determined by the data owner.
data design Describes choices related to data structures and the attributes and relationships between data objects that drove the selection.
data flow diagram A diagram of the flow of data as transactions occur in an application or a service.
data interface A network interface used to pass regular data traffic and not used for either local or remote management.
data isolation In terms of databases, the process of preventing data from being corrupted by two concurrent operations. In terms of cloud computing, the process of ensuring that tenant data in a multitenant solution is isolated from other tenants’ data, using a tenant ID in the data labels.
data leakage A leak that occurs when sensitive data is disclosed to unauthorized personnel either intentionally or inadvertently.
data loss prevention (DLP) software Software that attempts to prevent disclosure of sensitive data.
data owner An individual who makes decisions on who can access an asset.
data plane The plane on a networking device such as a router or switch that carries user traffic. Also known as the forwarding plane.
data purging The process of using a method such as degaussing to make old data unavailable even with forensics. Purging renders information unrecoverable against laboratory attacks (forensics).
data remnant The residual information left on a drive after a delete process or the data left in terminated virtual machines.
data retention policy A security policy that stipulates how long data is retained by an organization, based on the data type.
data sovereignty The concept that data stored in digital format is subject to the laws of the country in which the data is located.
database activity monitor (DAM) A device that monitors transactions and the activity of database services.
dd command A UNIX/Linux command that is used is to convert and copy files.
DDoS See distributed DOS.
de facto standards Standards that are widely accepted but are not formally adopted.
decommissioning The process of retiring an asset from use on an enterprise network.
deep packet inspection A process in which the data portion of a packet is inspected for signs of malicious code.
DEFCON conference A conference that focuses on hacking and is considered more technical in nature than many of the other popular conferences.
definition files The files that make it possible for software to identify the latest viruses.
degaussing The act of exposing media to a powerful alternating magnetic field.
demilitarized zone (DMZ) A perimeter network where resources are exposed to the Internet while being logically separated from the internal network.
de-perimeterization The process of changing a network boundary to include devices normally considered to be outside the networks perimeter.
design phase The phase of the software development life cycle in which an organization develops a detailed description of how the software will satisfy all functional and security goals.
desktop sharing Describes a group of related technologies that allow for both remote login to a computer and real-time collaboration on the desktop of a remote user.
detection and response The formal process of identifying and responding to security events.
detective control A security control that detects an attack while it is occurring to alert appropriate personnel.
deterrent control A security control that deters potential attacks.
develop phase The phase of the software development life cycle in which the code, or instructions that make the software work, is written.
device fingerprinting Identifying information such as the operating system of a device.
DevOps A development model that aims at shorter development cycles, increased deployment frequency, and more dependable releases in close alignment with business objectives.
dictionary attack An attack in which the attackers use a dictionary of common words to discover passwords.
differential backup A backup in which all files that have been changed since the last full backup are backed up and the archive bit for each file is not cleared.
Diffie-Hellman An algorithm that is responsible for the key agreement process.
dig A Linux command used to troubleshoot DNS.
Digital Encryption Standard (DES) A symmetric algorithm that uses a 64-bit key, 8 bits of which are used for parity. The effective key length for DES is 56 bits. DES divides the message into 64-bit blocks. Sixteen rounds of transposition and substitution are performed on each block, resulting in a 64-bit block of ciphertext.
digital rights management (DRM) An access control method used by hardware manufacturers, publishers, copyright holders, and individuals to control the use of digital content.
Digital Signature Standard (DSS) A federal digital security standard that governs the Digital Security Algorithm (DSA).
digital signature A method of providing sender authentication and message integrity. The message acts as an input to a hash function, and the sender’s private key encrypts the hash value. The receiver can perform a hash computation on the received message to determine the validity of the message.
digital watermarking A process that involves embedding a logo or trademark in documents, pictures, or other objects.
directive control A security control that specifies an acceptable practice in an organization.
directory service A service that stores, organizes, and provides access to information in a computer operating system’s directory.
disaster recovery plan (DRP) An information system[nd]focused plan designed to restore operability of the target system, application, or computer facility infrastructure at an alternate site after an emergency.
discretionary access control (DAC) A system in which the owner of an object specifies which subjects can access the resource.
disk imaging A drive duplication process that involves creating an exact image of the contents of a hard drive.
disk-level encryption Encryption of an entire volume or an entire disk, which may use the same key for the entire disk or in some cases a different key for each partition or volume.
disposal stage The phase of the systems development life cycle that involves removing the solution from the environment when it reaches the end of its usefulness.
disruptive technologies Technologies that are so revolutionary they change the way things are done and create new ways in which people use technology.
distributed DoS (DDoS) A denial-of-service attack that is carried out from multiple attack locations.
DLP software See data loss prevention software.
DMZ See demilitarized zone.
DNS harvesting The process of acquiring the DNS records of an organization to use in mapping the network.
DNS See Domain Name System.
Domain Name System (DNS) A system that provides a hierarchical naming system for computers, services, and any resources connected to the Internet or a private network.
double-blind test A pen test in which the testing team is provided with limited knowledge of the network systems and devices and performs the test using publicly available information only; the organization’s security team does not know that an attack is coming.
downstream liability Liability that an organization accrues due to partnerships with other organizations and customers.
drive-by download attack An attack that entails using exploit kits to redirect users to fake sites so as to enable malware installation.
dronejacking Hacking into a drone and taking control.
DRP See disaster recovery plan.
DSS See Digital Signature Standard.
Dual Stack An IPv4-to-IPv6 transition method that runs both IPv4 and IPv6 on networking devices.
dual-factor authentication A combination of two authentication factors (such as a knowledge factor and a behavioral factor).
dual-homed firewall A firewall that has two network interfaces, one pointing to the internal network and another connected to an untrusted network.
due care Actions exhibited when an organization takes all the actions it can reasonably take to prevent security issues or to mitigate damage if security breaches occur.
due diligence Actions which ensure that an organization understands the security risks it faces.
dynamic routing protocol A routing method that can install routes, react to link outages, and reroute traffic without manual intervention.
dynamic testing Testing performed while software is running.
EAP See Extensible Authentication Protocol.
ECB See Electronic Code Book.
e-discovery Recovering evidence from electronic devices.
eFuse A process used to indicate whether an “untrusted” (non-Samsung) boot path has ever been run.
EK See endorsement key.
El Gamal An asymmetric key algorithm based on the Diffie-Hellman algorithm.
Electronic Code Book (ECB) A version of DES in which 64-bit blocks of data are processed by the algorithm using the key. The ciphertext produced can be padded to ensure that the result is a 64-bit block.
electronic vaulting An electronic backup method that copies files as modifications occur in real time.
elliptic curve cryptography (ECC) An approach to cryptography that provides secure key distribution, encryption, and digital signatures. The elliptic curve’s size defines the difficulty of the problem.
email code review Code review in which code is emailed around to colleagues for them to review when time permits.
email harvesting The process of gathering email addresses as a part of network reconnaissance.
email spoofing The process of sending an email that appears to come from one source when it really comes from another.
emergency response The formal process of anticipating and responding to events, typically those involving safety.
Encapsulating Security Payload (ESP) An IPsec component that provides data integrity, data origin authentication, protection from replay attacks, and data confidentiality.
endorsement key (EK) TPM persistent memory installed by the manufacturer that contains a public/private key pair.
enrollment time The process of obtaining the sample that is used by a biometric system.
enterprise resource planning (ERP) A type of planning that involves collecting, storing, managing, and interpreting data from product planning, product cost, manufacturing or service delivery, marketing/sales, inventory management, shipping, payment, and any other business processes.
enterprise service bus (ESB) A communication system that designs and implements communication between mutually interacting software applications in a service-oriented architecture (SOA).
environmental A CVSS metric group of characteristics of a vulnerability that are relevant and unique to a particular user’s environment.
ERP See enterprise resource planning.
ESB See enterprise service bus.
event reduction The process of reducing the number of logged events to only those that are most serious.
exploit kit A group of tools used to exploit security holes.
exploitation tools Tools used to exploit security holes.
export controls Rules and regulations governing the shipment or transmission of items from one country to another.
Extensible Access Control Markup Language (XACML) A standard for an access control policy language using XML.
Extensible Authentication Protocol (EAP) A framework (rather than a single protocol) for port-based access control that uses the same three components used in RADIUS.
Extensible Messaging and Presence Protocol (XMPP) A secure protocol that can be used to provide presence information.
facial scan A scan that records facial characteristics, including bone structure, eye width, and forehead size.
facilities manager A person who ensures that all organization buildings are maintained, including building maintenance and custodial services.
failover The capacity of a system to switch over to a backup system if a failure occurs in the primary system.
failsoft The capability of a system to terminate noncritical processes when a failure occurs.
false acceptance rate (FAR) A measurement of the percentage of invalid users that will be falsely accepted by the system. This is called a Type II error. Type II errors are more dangerous than Type I errors.
false rejection rate (FRR) A measurement of valid users that will be falsely rejected by the system. This is called a Type I error.
feature extraction An approach to obtaining biometric information from a collected sample of a user’s physiological or behavioral characteristics.
Federal Information Processing Standard (FIPS) 199 A U.S. government standard for categorizing information assets for confidentiality, integrity, and availability.
federated identity A portable identity that can be used across businesses and domains.
FIFO See first in, first out.
file integrity software Software that generates a hash value of each system file and verifies that hash value at regular intervals.
file-level encryption Encryption performed per file, where each file owner has a key.
File Transfer Protocol (FTP) A protocol that provides file transfer services.
finger scan A scan that extracts only certain features from a fingerprint.
fingerprint scan A scan that records the ridges of a finger for matching.
first in, first out (FIFO) A media scheme in which the newest backup is saved to the oldest media.
Foremost A command-line program for Linux that is used to recover files using a process called file carving.
formal code review An extremely thorough, line-by-line code inspection, usually performed by multiple participants using multiple phases.
FTP See File Transfer Protocol.
full backup A backup in which all data is backed up, and the archive bit for each file is cleared.
full-knowledge test A pen test in which the testing team is provided with all available knowledge regarding the organization’s network.
fuzz testing (fuzzing) A testing method that involves injecting invalid or unexpected input (sometimes called faults) into an application to test how the application reacts.
fuzzer A software tool that finds and exploits weaknesses in web applications.
gap analysis An analysis that compares an organization’s security program to overall best security practices.
gather requirements phase The phase of the software development life cycle in which both the functionality and the security requirements of a solution are identified.
generation-based fuzzing Fuzz testing that involves generating the inputs from scratch, based on the specification/format.
geofencing A technology that uses GPS to define geographic boundaries.
geotagging The process of adding geographic identification metadata to various media.
gesture authentication A method in which the user is shown a picture to use as a guide for applying a pattern of gestures on a photo.
GFS See grandfather/father/son.
GNU Privacy Guard (GPG) A rewrite or upgrade of PGP that uses AES.
grandfather/father/son (GFS) A media scheme in which three sets of backups are defined. Most often these three definitions are daily, weekly, and monthly. The daily backups are the sons, the weekly backups are the fathers, and the monthly backups are the grandfathers. Each week, one son advances to the father set. Each month, one father advances to the grandfather set.
graphical password A password that uses graphics as part of the authentication mechanism. Also called CAPTCHA passwords.
gray-box testing Testing in which the team is provided more information than is provided in black-box testing, while not as much as is provided in white-box testing.
gray hat An entity that breaks into an organization’s system(s) that is considered somewhere between a white hat and a black hat. A gray hat breaks into a system, notifies the administrator of the security hole, and offers to fix the security issues for a fee.
hacktivist A person who uses the same tools and techniques as a hacker but does so to disrupt services and bring attention to a political or social cause.
Hadoop An open source software framework used for distributed storage and processing of big data.
hand geometry scan A scan that obtains size, shape, or other layout attributes of a user’s hand and can also measure bone length or finger length.
hand topography scan A scan that records the peaks and valleys of a user’s hand as well as its shape.
hardware security module (HSM) An appliance that safeguards and manages digital keys used with strong authentication and provides crypto processing.
hash MAC A keyed-hash MAC that involves a hash function with a symmetric key.
hash matching A process that involves spoofing hashes, leading to access to arbitrary pieces of other customers’ data.
hash A one-way function that reduces a message to a hash value. If the sender’s hash value is compared to the receiver’s hash value, message integrity is determined. If the resultant hash values are different, the message has been altered in some way, provided that both the sender and receiver used the same hash function.
HAVAL A one-way function that produces variable-length hash values, including 128 bits, 160 bits, 192 bits, 224 bits, and 256 bits and uses 1,024-bit blocks.
heterogeneous computing Refers to systems that use more than one kind of processor or core.
heuristics A method used in malware detection, behavioral analysis, incident detection, and other scenarios in which patterns must be detected in the midst of what might appear to be chaos.
hierarchical storage management (HSM) system A type of backup management system that provides a continuous online backup by using optical or tape “jukeboxes.”
HMAC-Based One-Time Password Algorithm (HOTP) An algorithm that computes a password from a shared secret that is used one time only.
honeynet A network of honeypots.
honeypot A system made attractive to hackers to engage them.
horizontal privilege escalation A process in which a normal user accesses functions or content reserved for other normal users.
host-based firewall A firewall that resides on a single host and is designed to protect that host only.
host-based IDS A system that monitors traffic on a single system. Its primary responsibility is to protect the system on which it is installed.
hot site A leased facility that contains all the resources needed for full operation.
HOTP See HMAC-Based One-Time Password Algorithm.
HSM See hierarchical storage management system or hardware security module.
HTML (Hypertext Markup Language) 5 A version of the markup language that has been used on the Internet for years. It has been improved to support the latest multimedia (which is why it is considered a likely successor to Flash).
HTTP interceptors Software that intercepts web traffic between a browser and a website. Interceptors permit actions that the browser would not permit for testing purposes.
HTTPS See Hypertext Transfer Protocol Secure.
HTTP-Secure See Hypertext Transfer Protocol Secure.
hunt teaming A collection of techniques that are used to bypass traditional security technologies to hunt down other attackers who may have used similar techniques and have successfully flown under the radar. This term is also used to describe a new approach in security that is offensive in nature rather than defensive.
hyperconvergence Refers to using software to perform convergence without requiring hardware changes. It utilizes virtualization as well.
Hypertext Transfer Protocol Secure (HTTPS or HTTP-Secure) A security protocol that layers HTTP on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP.
I See integrity.
IA See interoperability agreement.
identification The step in authentication during which the user makes a claim to be someone.
identity proofing An additional step in the identification part of authentication. An example of identity proofing is the presentation of secret questions to which only the individual undergoing authentication would know the answer.
identity propagation The passing or sharing of a user’s or device’s authenticated identity information from one part of a multitier system to another.
IDS See intrusion detection system.
IETF See Internet Engineering Task Force.
implementation stage The phase of the systems development life cycle in which senior management formally approves of the system and the solution is introduced to the live environment.
imprecise methods DLP methods that can include keywords, lexicons, regular expressions, extended regular expressions, meta data tags, Bayesian analysis, and statistical analysis.
incident response team A group of individuals trained to respond to security incidents.
incremental backup A backup in which all files that have been changed since the last full or incremental backup are backed up, and the archive bit for each file is cleared.
incremental model A refinement to the basic Waterfall model in which software is developed in increments of functional capability.
inductance A process used in NFC to transmit information from the phone to the reader.
INE See inline network encryptor.
information system contingency plan (ISCP) A plan that provides established procedures for the assessment and recovery of a system following a system disruption.
infrared camera A camera that forms an image using infrared radiation and can capture images in the dark.
Infrastructure as a Service (IaaS) A cloud computing model in which the vendor provides the hardware platform or data center and the company installs and manages its own operating systems and application systems. The vendor simply provides access to the data center and maintains that access.
in-house developed Refers to applications that are developed in-house and can be completely customized to the organization.
initiation phase The phase of the systems development life cycle in which the realization is made that a new feature or functionality is desired or required in the enterprise.
inline network encryptor (INE) A type 1 encryption device.
in-memory processing An approach in which all data in a set is processed from memory rather than from the hard drive.
input validation The process of checking all input for things such as proper format and proper length.
insecure direct object reference flaw An attack that can come from an authorized user who is accessing information to which she should not have access.
instant messaging A service often integrated with messaging software that allows real-time text and video communication.
integer overflow Behavior that occurs when an arithmetic operation attempts to create a numeric value that is too large to be represented within the available storage space.
integration enablers Components which ensure that applications and services in an enterprise can communicate as needed.
integration testing Testing that assesses the way in which modules work together and determines whether functional and security specifications have been met.
Integrity (I) A base metric that describes the type of data alteration that might occur if a vulnerability is exploited.
integrity A characteristic which assures that data has not changed in any way. The tenet of the CIA triad which ensures that data is accurate and reliable.
interconnection security agreement (ISA) An agreement between two organizations that
own and operate connected IT systems to document the technical requirements of the interconnection.
interface design A type of design that describes all interfaces, including internal and external program interfaces, as well as the design of the human interface.
interface testing Testing that evaluates whether an application’s systems or components correctly pass data and control to one another.
International Data Encryption Algorithm (IDEA) A block cipher that uses 64-bit blocks, which are divided into 16 smaller blocks. It uses a 128-bit key and performs eight rounds of transformations on each of the 16 smaller blocks.
Internet Engineering Task Force (IETF) An international body of Internet professionals responsible for creating requests for comments (RFCs) that describe research and innovations on the Internet and its systems.
Internet Key Exchange (IKE) A protocol that provides the authentication material used to create the keys exchanged by ISAKMP during peer authentication in IPsec. Also sometimes referred to as IPsec Key Exchange.
Internet Protocol Security (IPsec) A suite of protocols that establishes a secure channel between two devices. IPsec can provide encryption, data integrity, and system-based authentication, which makes it a flexible option for protecting transmissions.
Internet Security Association and Key Management Protocol (ISAKMP) An IPsec component that handles the creation of a security association for a session and the exchange of keys.
interoperability agreement (IA) An agreement between two or more organizations to work together to allow information exchange.
intrusion detection system (IDS) A system responsible for detecting unauthorized access or attacks against systems and networks.
intrusion protection system (IPS) A system responsible for preventing attacks. When an attack begins, an IPS takes actions to prevent and contain the attack.
inventory control The process of tracking and containing inventory.
ipconfig A command used to view the IP configuration of a device and that, when combined with certain switches or parameters, can be used to release and renew the lease of an IP address obtained from a DHCP server.
IPS See intrusion protection system.
IPsec See Internet Protocol Security.
IPv6 An IP addressing scheme designed to provide a virtually unlimited number of IP addresses. It uses 128 bits rather than 32, as in IPv4, and it is represented in hexadecimal rather than dotted-decimal format.
iris scan A scan of the colored portion of the eye, including all rifts, coronas, and furrows.
IriusRisk A threat modeling tool that comes in both community and commercial versions and focuses on the creation and maintenance of a live threat model through the entire SDLC. It connects with other tools to empower automation.
ISA See interconnection security agreement.
ISCP See information system contingency plan.
ISO/IEC 27000 series Standards that provide guidance to organizations in integrating security into the development and maintenance of software application.
isolate The step in incident response during which the affected systems are prevented from affecting other systems.
jailbreaking A process that allows the user to remove some of the restrictions of an Android/Linux device.
Java applet A small server-side component created using Java that runs in a web browser.
It is platform independent and creates intermediate code called byte code that is not processor specific.
JavaScript A dynamic computer programming language commonly used in web browsers to allow the use of client-side scripts.
job rotation A security measure which ensures that more than one person fulfills the job tasks of a single position within an organization. It involves training multiple users to perform the duties of a position to help prevent fraud by any individual employee.
joint analysis (or application) development (JAD) model A development model that uses a team approach. It uses workshops to both agree on requirements and to resolve differences.
jurisdiction The area or region covered by an official power.
Kerberos A ticket-based authentication and authorization system used in UNIX and Active Directory.
kernel proxy firewall A fifth-generation firewall that inspects a packet at every layer of the OSI model but does not introduce the performance hit of an application-layer firewall because it does this at the kernel layer.
key escrow The process of storing keys with a third party to ensure that decryption can occur.
key performance indicator (KPI) A metric that directly relates to specific actions or activities, not the final result.
key recovery The process whereby a key is archived in a safe place by the administrator.
key risk indicator A metric that indicates how risky an activity is or how likely a risk is to occur.
key stretching A cryptographic technique that makes a weak key stronger by increasing the time it takes to test each possible key.
key A parameter that controls the transformation of plaintext into ciphertext or vice versa. Determining the original plaintext data without the key is impossible. Also referred to as a cryptovariable.
keystroke dynamics A biometric authentication technique that measures a user’s typing pattern when inputting a password or other predetermined phrase.
knowledge factor Authentication based on something a person knows.
KPI See key performance indicator.
KRI See key risk indicator.
latency The delay typically incurred in the processing of network data.
least functionality A principle that calls for an organization to configure information systems to provide only essential capabilities and specifically prohibits and/or restricts the use of other functions.
least privilege A security principle which requires that a user or process be given only the minimum access privilege needed to perform a particular task.
legacy systems Old technologies, computers, or applications that are considered outdated but provide a critical function in the enterprise.
legal counsel Attorneys who ensure that an organization complies with all laws and regulations. Legal counsel should provide guidance on the formation of all organizational policies and controls and ensure that they comply with all laws and regulations that affect the organization.
legal holds Any additional legal requirement to maintain archived data for specified periods.
lessons learned report A report that briefly lists and discusses what is currently known either about an attack or about an environment that was formerly unknown.
lightweight code review A cursory code inspection, usually done as a normal part of the development process.
Lightweight Directory Access Protocol (LDAP) A common directory service standard that is based on the earlier standard X.500.
live migration A system’s migration of a VM from one host to another when needed.
load balancing A computer method for distributing workload across multiple computing resources.
local privilege escalation attacks Attacks in which vulnerabilities enable malicious individuals to execute exploits and payloads that they would be unable to do otherwise.
location factor Authentication based on where a person is.
lock picks Tools used to test the ability of physical locks to withstand someone picking them.
log analysis The process of analyzing network traffic logs.
logical control A software or hardware component used to restrict access. See also technical control.
logical deployment diagram A diagram that shows the architecture, including the domain architecture, including the existing domain hierarchy, names, and addressing scheme; server roles; and trust relationships.
mail exchanger (MX) records DNS record that represents a mail server.
maintainability How often a security solution or device must be updated and how long the updates take.
malware sandboxing The process of confining malware to a protected environment until it can be studied, understood, and mitigated.
managed security service provider (MSSP) A third party to which an organization can fully outsource all information assurance.
management controls Controls implemented to administer an organization’s assets and personnel, including security policies, procedures, standards, baselines, and guidelines that are established by management. See also administrative control.
management interface An interface that is used to access a device over a network, using utilities such as SSH and Telnet.
management plane The component or plane on a networking device such as a router or switch that is used to administer the device.
mandatory access control (MAC) A system in which subject authorization is based on security labels.
mandatory vacation A security measure which ensures that personnel take their allotted vacation time.
master service agreement (MSA) A contract between two parties in which the parties agree to most of the terms that will govern future transactions or future agreements.
master test plan A single high-level test plan for a project/product that unifies all other test plans.
maximum tolerable downtime (MTD) The maximum amount of time that an organization can tolerate a single resource or function being down. Also referred to as maximum period time of disruption (MPTD).
MD2 A message digest algorithm that produces a 128-bit hash value and performs 18 rounds of computations.
MD4 A message digest algorithm that produces a 128-bit hash value and performs only 3 rounds of computations.
MD5 A message digest algorithm that produces a 128-bit hash value and performs 4 rounds of computations.
MD6 A message digest algorithm that produces a variable hash value, performing a variable number of computations.
mean time between failures (MTBF) The estimated amount of time a device will operate before a failure occurs. This amount is calculated by the device vendor. System reliability is increased by a higher MTBF and lower MTTR.
mean time to repair (MTTR) The average time required to repair a single resource or function when a disaster or other disruption occurs. Describes the average amount of time it takes to get a device fixed and back online.
Measured Boot (launch) A detailed, reliable log created by anti-malware software or components that loaded prior to the anti-malware driver during startup. This log can be used by anti-malware software or an administrator in a business environment to validate whether there may be malware on the computer or evidence of tampering with boot components.
media disposal The process of destroying media after use.
media librarian A person who tracks all media (backup and other types, such as OS installation discs).
memorandum of understanding (MOU) An agreement between two or more organizations that details a common line of action.
memory card A swipe card issued to a valid user that contains user authentication information.
memory dumping The process of using memory-reading tools to analyze the entire memory content used by an application.
memory leak A memory problem that causes memory to be exhausted over a period of time.
mesh network A network in which all nodes cooperate to relay data and are all connected to one another. To ensure complete availability, continuous connections are provided by using self-healing algorithms to route around broken or blocked paths.
Metasploit An open source framework that ships with hundreds of exploits.
microSD HSM An HSM that connects to the MicroSD port on a device that has such a port.
misuse case testing Testing that evaluates an application to ensure that the application can handle invalid input or unexpected behavior.
mitigation The step in incident response in which immediate countermeasures are performed to stop a data breach in its tracks.
monitoring and accepting The phase of software acquisition in which the organization establishes the contract work schedule, implements change control procedures, and reviews and accepts the software deliverables.
MPTD See maximum tolerable downtime.
MSA See master service agreement.
MSSP See managed-security servicea provider.
MTBF See mean time between failures.
MTD See maximum tolerable downtime.
MTTR See mean time to repair.
multi-factor authentication A combination of multiple factors of authentication that includes something you are, something you have, something you know, somewhere you are, and something you do.
multitenancy cloud model A cloud computing model in which multiple organizations share the resources.
mutation fuzzing Fuzz testing that involves changing the existing input values (blindly).
MX A DNS record that represents an email server mapped to an IPv4 address.
MyAppSecurity A threat modeling tool that identifies threats based on a customizable comprehensive threat library and is intended for collaborative use across all organizational stakeholders.
NAC See network access control.
nbtstat A command used to view NetBIOS information.
NDA See non-disclosure agreement.
Near Field Communication A short-range type of wireless transmission used for mobile payment.
need to know A security principle that defines the minimums for each job or business function.
Nessus One of the more widely used vulnerability scanners.
Netcat A command-line utility that can be used for many investigative operations, including port scanning, transferring files, and port listening.
netstat (network status) A command that is used to see what ports are listening on a TCP/IP-based system.
network access control (NAC) Policies which ensure that client computers attaching to the network have certain security minimums.
network enumerator A network vulnerability tool that scans a network and gathers information about users, groups, shares, and services that are visible.
network intrusion detection system (NIDS) A system that is designed to monitor network traffic and detect and report threats.
network intrusion prevention system (NIPS) A system that can take action to prevent an attack from being realized.
next-generation firewall (NGFW) A category of devices that attempt to address traffic inspection and application awareness shortcomings of a traditional stateful firewall, without hampering performance.
NFC See Near Field Communication.
NGFW See next-generation firewall.
NIDS See network intrusion detection system.
NIPS See network intrusion prevention system.
Nmap A multi-use tool that can identify live devices and open ports.
non-disclosure agreement (NDA) An agreement between two parties that defines what information is considered confidential and cannot be shared outside the two parties.
non-persistent agents Agents that are installed and run as needed on an endpoint.
non-persistent data Data that is gone when an unexpected shutdown occurs.
nonrepudiation Proof of the origin of data, which prevents the sender from denying that he or she sent the message and supports data integrity.
NS A DNS record that represents a DNS server mapped to an IPv4 address.
nslookup A command-line administrative tool for testing and troubleshooting DNS servers.
numeric password A password that includes only numbers.
NX bit (No-Execute) Technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (code) or for storage of data.
OAUTH See Open Authorization.
occupant emergency plan A plan that outlines first-response procedures for occupants of a facility in the event of a threat or an incident to the health and safety of personnel, the environment, or property.
OID See OpenID.
OLA See operating-level agreement.
one-time pad The most secure encryption scheme that can be used. It works likes a running cipher in that the key value is added to the value of the letters. However, it uses a key that is the same length as the plaintext message.
one-time password A password that is used only once to log in to an access control system. Also called a dynamic password.
Online Certificate Status Protocol (OCSP) An Internet protocol that obtains the revocation status of an X.509 digital certificate.
OOB See out-of-band.
Open Authorization (OAUTH) A standard for authorization that allows users to share private resources on one site to another site without using credentials.
open source intelligence (OSINT) Data collected from publicly available sources.
open source software Software that is free but comes with no guarantees and little support other than the help of the user community.
open standards Standards that are available for use by the public.
Open Web Application Security Project An organization that maintains a list of the top 10 errors found in web applications.
OpenID (OID) An open standard and decentralized protocol by the nonprofit OpenID Foundation that allows users to be authenticated by certain cooperating sites.
OpenSSL A library of software functions that support the use of the SSL/TLS protocol.
operating system fingerprinting The process of using some method to determine the operating system running on a host or a server.
operating-level agreement (OLA) An internal organizational document that details the relationships that exist between departments to support business activities.
optical jukebox An electronic backup method that involves storing data on optical disks and uses robotics to load and unload the optical disks as needed. This method is ideal when 24/7 availability is required.
Orange Book A collection of criteria based on the Bell-LaPadula model that is used to grade or rate the security offered by a computer system product.
orchestration The process of automating entire workflows.
order of volatility A concept which prescribes that investigators collect evidence from the components that are most volatile first.
OSINT See open source intelligence.
out-of-band (OOB) An interface connected to a separate and isolated network that is not accessible from the LAN or the outside world.
Output Feedback (OFB) A DES mode that works with 8-bit (or smaller) blocks that uses a combination of stream ciphering and block ciphering. However, it uses the previous keystream with the key to create the next keystream.
overt Not concealed; not secret.
OWASP See Open Web Application Security Project.
ownership factor Authentication based on something a person has.
packet capture The process of using capture tools to collect raw packets from a network.
packet filtering firewall The type of firewall that is the least detrimental to throughput as it only inspects the header of the packet for allowed IP addresses or port numbers.
pair programming code review Code review in which two coders work side-by-side, checking one another’s work as they go.
palm or hand scan A scan that combines fingerprint and hand geometry technologies. It records fingerprint information from every finger as well as hand geometry information.
PAP See Password Authentication Protocol.
partial-knowledge test A pen test in which the testing team is provided with public knowledge regarding the organization’s network.
passive fingerprinting Fingerprinting that involves simply capturing packets from the network and examining them rather than sending packets on the network.
passphrase password A password that requires the use of a long phrase. Because of the password’s length, it is easier to remember but much harder to attack, both of which are definite advantages. Incorporating upper- and lowercase letters, numbers, and special characters in this type of password can significantly increase authentication security.
Password Authentication Protocol (PAP) A protocol that provides authentication but with which the credentials are sent in cleartext and can be read with a sniffer.
password complexity policy A policy that specifies how passwords will be structured. Most organizations require upper- and lowercase letters, numbers, and special characters.
password cracker A program that attempts to guess passwords.
password history policy A policy that specifies the amount of time before a password can be reused.
password length How long a password must be. Most organizations require 8 to 12 characters.
password life policy A policy that specifies the maximum password lifetime.
path tracing The process of tracing the path of a particular traffic packet or traffic type to discover the route used by the attacker.
payloads Individual settings of MDM configuration profiles.
Payment Card Industry Data Security Standard (PCI-DSS) A standard which enumerates requirements that payment card industry players should meet to secure and monitor their networks, protect cardholder data, manage vulnerabilities, implement strong access controls, and maintain security policies.
PCI-DSS See Payment Card Industry Data Security Standard.
PCR See platform configuration register hash.
PDP See policy decision point.
peer review A process in which developers review one another’s code for security issues and code efficiency.
pen test See penetration test.
penetration test A test designed to simulate an attack on a system, a network, or an application.
perfect forward secrecy (PFS) An encryption method which ensures that a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. To work properly, PFS requires two conditions: Keys must not be reused, and new keys must not be derived from previously used keys.
performance The manner in which or the efficiency with which a device or technology reacts or fulfills its intended purpose.
persistent agent An agent installed on each end point that waits to be called into action.
persistent data Data that is available even after you fully close and restart an app or a device.
personally identifiable information (PII) Any piece of data that can be used alone or with other information to identify a particular person.
personnel testing Testing that reviews standard practices and procedures that users follow.
PFS See perfect forward secrecy.
phishing A social engineering attack in which a recipient is convinced to click on a link in an email that appears to go to a trusted site but in fact goes to the hacker’s site. It is used to harvest usernames and passwords or credit card and financial data.
physical control A security control that protects an organization’s facilities and personnel.
physical deployment diagram A diagram that shows the details of physical communication links, such as cable length, grade, and wiring paths; servers, with computer name, IP address (if static), server role, and domain membership; device location, such as printer, hub, switch, modem, router and bridge, and proxy location; communication links and the available bandwidth between sites; and the number of users at each site, including mobile users.
physical testing Testing that reviews facility and perimeter protections.
PII See personally identifiable information.
ping A command that makes use of the ICMP protocol to test connectivity between two devices.
pivoting A technique used by hackers and pen testers alike to advance from the initially compromised host to other hosts on the same network.
PKI See public key infrastructure.
plaintext A message in its original format. Also referred to as cleartext.
plan/initiate phase The phase of the software development life cycle in which the organization decides to initiate a new software development project and formally plans the project.
planning The phase of software acquisition in which the organization performs a needs assessment and develops the software requirements.
Platform as a Service (PaaS) A cloud computing model that involves the vendor providing the hardware platform or data center and the software running on the platform. This includes the operating systems and infrastructure software. The company is still involved in managing the system.
platform configuration register (PCR) hash TPM versatile memory that stores data hashes for the sealing function.
Point-to-Point Protocol (PPP) A layer 2 protocol used to transport multiprotocol datagrams over point-to-point links that provides authentication and multilink capability.
policy decision point (PDP) An XACML entity that retrieves all applicable polices in XACML and compares the request with the policies.
policy enforcement point (PEP) An XACML entity that protects a resource that a subject (a user or an application) is attempting to access.
policy A broad rule that provides the foundation for development of standards, baselines, guidelines, and procedures. A policy is an information security governance component that outlines goals but does not give any specific ways to accomplish the stated goals.
port scanner A tool used to determine the services available on a remote device.
port security A switch security feature that allows you to keep a port enabled for legitimate devices while preventing its use by illegitimate devices.
PPP See Point-to-Point Protocol.
precise method A DLP method that involves content registration and triggers almost no false-positive incidents.
preferred roaming list (PRL) A list of radio frequencies residing in the memory of some kinds of digital phones.
presence A function provided by many collaboration solutions that indicates the availability of a user. It signals to other users whether a user is online, busy, in a meeting, and so forth.
preservation A characteristic of evidence that means that the evidence is not subject to damage or destruction.
Pretty Good Privacy (PGP) A protocol that provides email encryption over the Internet and uses different encryption technologies based on the needs of the organization.
preventive control A security control that prevents attacks from occurring.
PRI See product release information.
private branch exchange (PBX) A private analog telephone network used within a company.
private cloud A cloud computing model in which a private organization implements a cloud on its internal enterprise to be used by its employees and partners.
private key encryption See symmetric encryption.
privilege elevation The process of increasing someone’s privileges to a device.
privilege escalation The process of exploiting a bug or weakness in an operating system to allow a user to receive privileges to which he is not entitled.
PRL See preferred roaming list.
procedural design A design that represents procedural detail and structured programming concepts using graphical, tabular, and textual notations. It forms a blueprint for implementation and the basis for all subsequent software engineering work.
product release information (PRI) Information on the connection between a mobile device and a radio.
protocol analyzer Software that collects raw packets from a network and is used by both legitimate security professionals and attackers.
prototyping The process of using a sample of code to explore a specific approach to solving a problem before investing extensive time and cost in the approach.
provisioning service provider (PSP) In SPML, the entity that responds to RA requests.
provisioning service target (PST) In SPML, the entity that performs provisioning.
proxy firewall A firewall that stands between a connection from the outside and the inside and makes the connection on behalf of the endpoints. With a proxy firewall, there is no direct connection.
public cloud The standard cloud computing model in which a service provider makes resources available to the public over the Internet.
public key encryption See asymmetric encryption.
public key infrastructure (PKI) A security framework that includes systems, software, and communication protocols that distribute, manage, and control public key cryptography.
public key pinning A security mechanism delivered via an HTTP header which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.
purging Using a method such as degaussing to make old data unavailable even with forensics. Purging renders information unrecoverable against laboratory attacks (forensics).
push authentication Authentication that involves sending a notification (via a secure network) to a user’s device, usually a smartphone, when accessing a protected resource.
push notification services Services that allow unsolicited messages to be sent by an application to a mobile device even when the application is not open on the device.
race condition An attack in which the hacker inserts himself between instructions, introduces changes, and alters the order of execution of the instructions, thereby altering the outcome.
RAD See rapid application development.
RAID See redundant array of independent/inexpensive disks.
rainbow table attack An attack in which rainbow tables are used to reverse a hash through the computation of all possible hashes and looking up the matching value.
ransomware Malware that encrypts data and holds the decryption key for ransom.
rapid application development (RAD) A development model in which less time is spent upfront on design, while emphasis is placed on rapidly producing prototypes with the assumption that crucial knowledge can only be gained through trial and error.
RAT See remote-access Trojan.
RC4 A stream cipher that uses a variable key size of 40 to 2,048 bits and up to 256 rounds of transformation.
RC5 A block cipher that uses a key size of up to 2,048 bits and up to 255 rounds of transformation. Block sizes supported are 32, 64, and 128 bits.
RC6 A block cipher based on RC5 that uses the same key size, rounds, and block size.
RDP See Remote Desktop Protocol.
Real-Time Transport Protocol (RTP) A protocol used in the delivery of voice and video traffic.
real user monitoring (RUM) Testing that captures and analyzes every transaction of every application or website user.
reconnaissance The process of gathering information that may be used in an attack.
recoverability The probability that a failed security solution or device can be restored to its normal operable state within a given time frame, using the prescribed practices and procedures.
recovery control A security control that recovers a system or device after an attack has occurred.
recovery point objective (RPO) The point in time to which a disrupted resource or function must be returned.
recovery time objective (RTO) The shortest time period after a disaster or disruptive event within which a resource or function must be restored to avoid unacceptable consequences. RTO assumes that an acceptable period of downtime exists. RTO should be smaller than MTD.
red team The team that acts as the attacking force in a pen test.
redundant array of independent/inexpensive disks (RAID) A hard drive technology in which data is written across multiple disks in such a way that a disk can fail and the data can be quickly made available from the remaining disks in the array without resorting to a backup tape.
regression testing Testing that takes places after changes are made to the code to ensure that the changes have not reduced functionality or security.
release/maintenance phase The phase of the software development life cycle in which includes the implementation of the software into the live environment and the continued monitoring of its operation.
relevant A characteristic of evidence that means it proves a material fact related to the crime in that it shows a crime has been committed, can provide information describing the crime, can provide information regarding the perpetuator’s motives, or can verify what occurred.
reliability A characteristic of evidence that means it has not been tampered with or modified.
remanence Any data left after media has been erased.
remote access Referring to applications that allow users to access an organization’s resources from a remote connection.
Remote Access Dial-in User Service (RADIUS) An authentication framework that allows for centralized authentication functions for all network access devices.
remote-access Trojan (RAT) A Trojan that allows connection through a backdoor.
remote assistance A feature that often relies on the same technology as desktop sharing that allows a technician to share a user’s desktop for the purpose of either teaching the user something or troubleshooting an issue for the user.
Remote Desktop Protocol (RDP) A proprietary protocol developed by Microsoft that provides a graphical interface to connect to another computer over a network connection.
remote journaling An electronic backup method that copies the journal or transaction log offsite on a regular schedule and occurs in batches.
remote wipe Instructions sent remotely to a mobile device that erase all the data when the device is stolen.
remotely triggered black hole (RTBH) routing The application of Border Gateway Protocol (BGP) as a security tool within service provider networks.
replication An electronic backup method that copies data from one storage location to another.
Representational State Transfer (REST) A pattern for interacting with content on remote systems, typically using HTTP.
request authority (RA) In SPML, the entity that makes a provisioning request.
request for comments (RFC) A formal document that describes research or innovations on the Internet or its systems created by the Internet Engineering Task Force (IETF).
request for information (RFI) A bidding-process document that collects written information about the capabilities of various suppliers. An RFI may be used prior to an RFP or RFQ, if needed, but can also be used after these if the RFP or RFQ does not obtain enough specification information.
request for proposal (RFP) A bidding-process document that is issued by an organization that gives details of a commodity, a service, or an asset that the organization wants to purchase.
request for quotation (RFQ) A bidding-process document that invites suppliers to bid on specific products or services. RFQ generally means the same thing as invitation for bid (IFB). RFQs often include item or service specifications.
requirements definition A list of functional and security requirements that must be satisfied during a software development process.
resource exhaustion A state that occurs when a computer is out of memory or CPU cycles.
REST See Representational State Transfer.
retina scan A scan of the retina’s blood vessel pattern.
return on investment (ROI) The money gained or lost after an organization makes an investment.
reverse engineering The process of breaking down software to identify its purpose and design.
reverse proxy A type of proxy server that retrieves resources on behalf of external clients from one or more internal servers.
RFC See request for comments.
RFI See request for information.
RFP See request for proposal.
RFQ See request for quotation.
risk acceptance A method of handling risk that involves understanding and accepting the level of risk as well as the cost of damages that can occur.
risk assessment A tool used in risk management to identify vulnerabilities and threats, assess the impact of those vulnerabilities and threats, and determine which controls to implement.
risk avoidance A method of handling risk that involves terminating the activity that causes a risk or choosing an alternative that is not as risky.
risk mitigation A method of handling risk that involves defining the acceptable risk level the organization can tolerate and reducing the risk to that level.
risk transference A method of handling risk that involves passing the risk on to a third party.
risk The probability that a threat agent will exploit a vulnerability and the impact of the probability.
robo hunter An automated threat seeker that can learn from what it discover and then take appropriate action—for example, by isolating a bad packet or compromised device.
rogue router A router introduced to the network that does not belong to the organization.
ROI See return on investment.
role-based access control An access control model in which access is granted based on a job role.
rooting A process that allows a user to remove some of the restrictions of an Apple/iOS device.
routing tables Tables used by routers to hold information about the paths to other networks.
RPO See recovery point objective.
RSA Conference A conference that covers all facets of security and draws security professionals from across the employment spectrum, including educators, government personnel, and other security professionals.
RTBH See remotely triggered black hole routing.
RTO See recovery time objective.
RTP See Real-Time Transport Protocol.
rule-based access control an access control model In which access is based on global rules imposed for all users.
RUM See real user monitoring.
runtime debugging The process of using a programming tool to not only identify syntactic problems in code but also discover weaknesses that can lead to memory leaks and buffer overflows.
S/flow See sampled flow.
Sampled Flow Also known as S/flow. An industry standard for exporting packets at layer 2 of the OSI model.
SAN See storage-area network.
sandboxing Segregating virtual environments for security proposes.
scalability A characteristic of a device or security solution that describes its capability to cope and perform under an increased or expanding workload.
SCAP See Security Content Automation Protocol.
SCEP See Simple Certificate Enrollment Protocol.
screen mirroring A process typically used to project a computer, tablet, or smartphone screen to a TV and that can also be used to project to a remote support individual.
screened host A firewall that is between the final router and the internal network.
screened subnet A subnet in which two firewalls are used, and traffic must be inspected at both firewalls to enter the internal network.
scrubbing The act of deleting incriminating data from an audit log.
SD Elements A software security requirements management platform that includes automated threat modeling capabilities.
SDD See software design document.
SDLC See systems development life cycle.
SEAndroid The SELinux version that runs on Android devices.
secret key encryption See symmetric encryption.
secure boot A standard developed by the PC industry to help ensure that a PC boots using only software that is trusted by the PC manufacturer.
secure by default The concept that, without changes to any default settings, an application is secure.
secure by deployment The concept that the environment into which an application is introduced was taken into consideration from a security standpoint.
secure by design The concept that an application was designed with security in mind rather than as an afterthought.
Secure Electronic Transaction A protocol that secures credit card transaction information over the Internet.
secure enclave A processor that processes data in its encrypted state.
secure encrypted enclave A part of an operating system that cannot be compromised by compromising the operating system kernel because it has its own CPU and is separated from the rest of the system.
Secure Hash Algorithm (SHA) I A family of four algorithms published by the U.S. NIST.
Secure MIME (S/MIME) A protocol that allows MIME to encrypt and digitally sign email messages and encrypt attachments.
Secure Real-Time Transport Protocol (SRTP) A protocol that provides encryption, integrity, and anti-replay to RTP traffic.
Secure Shell (SSH) An application and protocol that is used to remotely log in to another computer using a secure tunnel. It is a secure replacement for Telnet.
Secure Sockets Layer (SSL) A protocol developed by Netscape to transmit private documents over the Internet that implements either 40-bit (SSL 2.0) or 128-bit encryption (SSL 3.0).
secure volume A volume that is unmounted and hidden until used. Only then is it mounted and decrypted. When edits are complete, the volume is encrypted and unmounted.
securiCAD A threat modeling tool that focuses on threat modeling of IT infrastructures using a CAD-based approach, where assets are automatically or manually placed on a drawing pane.
Security as a Service (SecaaS) A cloud-based service for smaller organizations.
Security Assertion Markup Language (SAML) An XML-based open standard data format for exchanging authentication and authorization data between parties, particularly between an identity provider and a service provider.
security association (SA) A security relationship established between two endpoints in an IPsec protected connection.
Security Content Automation Protocol (SCAP) A standard that the security automation community uses to enumerate software flaws and configuration issues.
security information and event management (SIEM) A process in which utilities receive information from log files of critical systems and centralize the collection and analysis of this data.
security requirements traceability matrix (SRTM) A spreadsheet-like report that documents the security requirements that a new asset must meet.
seizure The act of taking custody of physical or digital components.
SELinux A Linux kernel security module that, when added to the Linux kernel, separates enforcement of security decisions from the security policy itself and streamlines the amount of software involved with security policy enforcement.
sender policy framework (SPF) An email validation system that works by using DNS to determine whether an email sent by someone has been sent by a host sanctioned by that domain’s administrator. If it can’t be validated, it is not delivered to the recipient’s box.
sensor A device used in a SCADA system, which typically has digital or analog I/O, and these signals are not in a form that can be easily communicated over long distances.
separation of duties The concept that sensitive operations should be divided among multiple users so that no one user has the rights and access to carry out a sensitive operation alone. This security measure ensures that one person is not capable of compromising organizational security. It prevents fraud by distributing tasks and their associated rights and privileges between more than one user.
Serial Line Internet Protocol (SLIP) An older layer 2 protocol used to transport multiprotocol datagrams over point-to-point links. It has been made obsolete by PPP.
server-based application virtualization Virtualization in which applications run on servers.
service discovery The process of learning the open ports on a device.
Service Provisioning Markup Language (SPML) An open standard for exchanging authorization information between cooperating organizations.
service-level agreement (SLA) An agreement about the ability of a support system to respond to problems within a certain time frame while providing an agreed level of service.
Session Initiation Protocol (SIP) server A server that is responsible for creating voice and video sessions in a VoIP network.
Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions (SIMPLE) A secure protocol that can be used to provide presence information.
session management attack An attack that can occur when a hacker is able to identify the unique session ID assigned to an authenticated user.
SFC See System File Checker.
SHA-2 A family of hash functions, each of which provides different functional limits.
Shibboleth An SSO system that allows the use of common credentials among sites that are a part of the federation. It is based on SAML.
Short Message Service (SMS) A text messaging service component of most telephone, World Wide Web, and mobile telephony systems.
shoulder surfing An attack in which a person watches while a user enters login or other confidential data.
S-HTTP A protocol that encrypts only the served page data and submitted data like POST fields, leaving the initiation of the protocol unchanged.
side loading A method of installing applications on a mobile device from a computer rather than from an app store such as Google Play or the Apple App Store.
SIEM See security information and event management.
signature dynamics A biometric authentication method that measures stroke speed, pen pressure, and acceleration and deceleration while the user writes his or her signature.
signature-based detection A type of intrusion detection that compares traffic against preconfigured attack patterns known as signatures.
Simple Certificate Enrollment Protocol (SCEP) A protocol used to provision certificates to network devices, including mobile devices.
Simple Object Access Protocol (SOAP) A protocol specification for exchanging structured information in the implementation of web services in computer networks.
SIMPLE See Session Initiation Protocol for Instant Messaging and Presence Leveraging Extensions.
single sign-on (SSO) A system in which a user enters login credentials once and can access all resources in the network.
single-tenancy cloud model A cloud computing model in which a single tenant uses a resource.
SIP See Session Initiation Protocol server.
Skipjack A block-cipher, symmetric algorithm developed by the U.S. NSA that uses an 80-bit key to encrypt 64-bit blocks. It is used in the Clipper chip.
SLA See service-level agreement.
slack space analysis Analysis of the slack (marked as empty or reusable) space on the drive to see whether any old (marked for deletion) data can be retrieved.
smart card A device that accepts, stores, and sends data but can hold more data than a memory card. Smart cards, often known as integrated circuit cards (ICCs), contain memory like a memory card but also contain an embedded chip like bank or credit cards.
SMS See Short Message Service.
sniffing The process of capturing packets for analysis.
SOA A DNS record which represents a DNS server that is authoritative for a DNS namespace.
SOA See service-oriented architecture, Start of Authority, or statement of applicability.
SOC 1 Type 1 report A report that focuses on the auditors’ opinion of the accuracy and completeness of the data center management’s design of controls, system and/or service.
SOC 1 Type 2 report A report that includes a Type 1 and an audit on the effectiveness of controls over a certain time period, normally between six months and a year.
SOC 1 A report on internal controls over financial reporting.
SOC 2 A report on Security, availability, processing integrity, confidentiality, or privacy controls.
SOC 3 A summary report that can be either SOC 1 or SOC 2.
SoC See system on a chip.
social engineering attack An attack that occurs when attackers use believable language and user gullibility to obtain user credentials or some other confidential information.
social media profiling Gathering information through social media as a part of network reconnaissance.
SOCKS firewall A circuit-level firewall that requires a SOCKS client on the computers.
Software as a Service (SaaS) A cloud computing model that involves the vendor providing the entire solution, including the operating system, infrastructure software, and application. An SaaS provider might, for example, provide you with an email system and host and manage everything for you.
software design document (SDD) A document that provides a description of the software and is usually accompanied by an architectural diagram.
software development life cycle A predictable framework of procedures designed to identify all requirements with regard to functionality, cost, reliability, and delivery schedule and ensure that each are met in the final solution.
software patches Updates released by vendors that either fix functional issues with or close security loopholes in operating systems, applications, and versions of firmware that run on network devices.
spam Unrequested email sent out on a mass basis.
spam over Internet telephony An attack that causes unsolicited prerecorded phone messages to be sent.
spear phishing The process of focusing a phishing attack on a specific person rather than a random set of people.
spectrum management The process of managing and allocating radio frequencies for specific uses.
spiral model A meta-model that incorporates a number of software development models. The spiral model is an iterative approach that places emphasis on risk analysis at each stage.
SPIT See spam over Internet telephony.
SQL injection attack An attack that inserts, or “injects,” a SQL query as the input data from a client to an application. It can result in reading sensitive data from a database, modifying database data, executing administrative operations on the database, recovering the content of a given file, and in some cases issuing commands to the operating system.
SRK See storage root key.
SRTM See security requirements traceability matrix.
SRTP See Secure Real-Time Transport Protocol.
SSH See Secure Shell.
SSL See Secure Sockets Layer.
SSO See single sign-on.
standard library A group of common objects and functions used by a language that developers can access and reuse without re-creating them.
standard word password A password that consists of a single word that often includes a mixture of upper- and lowercase letters.
standard An information security governance component that describes how policies will be implemented within an organization.
Start of Authority (SOA) A record that contains information regarding a DNS zone’s authoritative server.
state management The process of making an application remember the interactions the user has had with the application.
stateful firewall A firewall that is aware of the proper functioning of the TCP handshake, keeps track of the state of all connections with respect to this process, and can recognize when packets are trying to enter the network that don’t make sense in the context of the TCP handshake.
stateful protocol analysis detection An intrusion detection method that identifies deviations by comparing observed events with predetermined profiles of generally accepted definitions of benign activity.
statement of applicability (SOA) A document that identifies the controls chosen by an organization and explains how and why the controls are appropriate.
Statement on Auditing Standards (SAS) 70 A document that provides auditors information and verification about data center controls and processes related to the data center user and financial reporting.
static password A password that is the same for each login.
static routing A routing method that uses manually created routes.
static testing Testing or examining software when it is not running.
statistical anomaly-based detection An intrusion detection method that determines the normal network activity and alerts when anomalous (not normal) traffic is detected.
steganography analysis Analysis of the files on a drive to see whether the graphic files have been altered or to discover the encryption used on the files.
steganography The process of hiding a message inside another object, such as a picture or document.
storage area network (SAN) A network of high-capacity storage devices that are connected by a high-speed private network using storage-specific switches.
storage keys TPM versatile memory that contains the keys used to encrypt a computer’s storage, including hard drives, USB flash drives, and so on.
storage root key (SRK) TPM persistent memory that secures the keys stored in the TPM.
stream-based cipher A cipher that performs encryption on a bit-by-bit basis and uses keystream generators.
supervisory control and data acquisition (SCADA) A system used to remotely control industrial equipment with coded signals. It is a type of industrial control system.
surveillance The act of monitoring behavior, activities, or other changing information, usually of people.
swipe pattern A pattern, presumably only known to the user, that can be used to dismiss a screen lock.
switch A device that improves performance over a hub because it eliminates collisions.
symmetric encryption An encryption method whereby a single private key both encrypts and decrypts the data. Also referred to as private, or secret, key encryption.
synthetic transaction monitoring Testing that uses external agents to run scripted transactions against an application.
sysinternals A collection of more than 70 tools that can be used for both troubleshooting and security issues.
system and network testing Testing that reviews systems, devices, and network topology.
System File Checker (SFC) A command-line utility that checks and verifies the versions of system files on your computer.
system on a chip (SoC) An integrated circuit that includes all components of a computer or other electronic systems.
systems development life cycle (SDLC) A process that provides clear and logical steps to follow to ensure that a system that emerges at the end of the development process provides the intended functionality with an acceptable level of security.
tabletop exercise An informal brainstorming session that encourages participation from business leaders and other key employees.
tailored commercial (or commercial customized) A new breed of software that comes in modules, the combination of which can be used to arrive at exactly the components required by the organization.
tape vaulting An electronic backup method that involves creating backups over a direct communication line on a backup system at an offsite facility.
target test A pen test in which both the testing team and the organization’s security team are given maximum information about the network and the type of test that will occur.
TCO See total cost of ownership.
technical control A software or hardware component used to restrict access. See also logical control.
telephony system A system that includes both traditional analog phone systems and digital, or VoIP, systems.
temporal A CVSS metric group of characteristics of a vulnerability that change over time but not among user environments.
Teredo An IPv4-to-IPv6 transition method that assigns addresses and creates host-to-host tunnels for unicast IPv6 traffic when IPv6 hosts are located behind IPv4 network address translators.
test and evaluation phase The phase of the systems development life in which several types of testing occur, including ways to identify both functional errors and security issues.
test coverage analysis Analysis that yields a value that speaks to the percentage of test cases tested.
test/validate phase The phase of the software development life cycle in which several types of testing occur, including ways to identify both functional errors and security issues.
tethering A process in which one mobile device is connected to another mobile device for the purpose of using the Internet connection.
third-party connection agreement A document that spells out exactly the security measures that should be taken with respect to the handling of data exchanged between the parties. Such a document should be executed in any instance where a partnership involves depending on another entity to secure company data.
third-party libraries A third-party repository of code in which the components are sold.
threat A condition that occurs when a vulnerability is identified or exploited.
threat actor An entity that discovers and/or exploits vulnerabilities. Not all threat actors actually exploit identified vulnerabilities.
threat agent An entity that carries out a threat.
threat intelligence A process that is used to inform decisions regarding responses to any menace or hazard presented by the latest attack vectors and actors emerging on the security horizon.
threat model A conceptual design that attempts to provide a framework on which to implement security efforts.
threat modeling tool A tool used to assess the points at which an application faces threats.
Threat Modeling Tool (formerly SDL Threat Modeling Tool) A threat modeling tool that identifies threats based on the STRIDE threat classification scheme.
three-legged firewall A firewall configuration that has three interfaces: one connected to the untrusted network, one to the internal network, and the last to a part of the network called a DMZ.
threshold An information security governance component which ensures that security issues do not progress beyond a configured level.
throughput rate The rate at which a biometric system is able to scan characteristics and complete analysis to permit or deny access. The acceptable rate is 6 to 10 subjects per minute. A single user should be able to complete the process in 5 to 10 seconds.
time of check/time of use An attack in which a system is changed between a condition check and the display of the check’s results, allowing what should be disallowed actions.
time to live (TTL) A setting that determines how long a DNS record will live before it needs to be refreshed.
Time-Based One-Time Password Algorithm (TOTP) An algorithm that computes a password from a shared secret and the current time.
token A hardware device that stores digital certificates and private keys.
token device A handheld device that presents an authentication server with the one-time password.
tokenization An emerging standard for mobile transactions that uses numeric tokens to protect cardholders’ sensitive credit and debit card information.
tool-assisted code review Code review that uses automated testing tools.
topology discovery A process that entails determining the devices in the network, their connectivity relationships to one another, and the internal IP addressing scheme in use.
TOS See trusted operating system.
total cost of ownership (TCO) A measure of the overall costs associated with securing an organization, including insurance premiums, finance costs, administrative costs, and any losses incurred. This value should be compared to the overall company revenues and asset base.
TOTP See Time-Based One-Time Password Algorithm.
TPM See Trusted Platform Module.
tracert A command used to trace the path of a packet through the network. Called traceroute in Linux and UNIX.
Transaction Signature (TSIG) A cryptographic mechanism used with DNSSEC that allows a DNS server to automatically update client resource records if their IP addresses or hostnames change.
transport encryption A type of encryption which ensures that data is protected when it is transmitted over a network or the Internet.
Transport Layer Security (TLS) An open-community standard that provides many of the same services as SSL.
transport mode An IPSec mode that protects only the message payload.
Triple DES (3DES) A version of DES that increases security by using three 56-bit keys.
trunk link A link between switches and between routers and switches that carries the traffic of multiple VLANs.
Trusted Data Format A new technology that uses a protective wrapper containing your content.
trusted operating system (TOS) An operating system that provides sufficient support for multilevel security and evidence of correctness to meet a particular set of government requirements.
Trusted Platform Module (TPM) A security chip installed on a computer’s motherboard that is responsible for managing symmetric and asymmetric keys, hashes, and digital certificates.
trusted third-party, or bridge, model A federation model in which each organization subscribes to the standards of a third party.
TrustedSolaris A set of security extensions incorporated in the Solaris 10 trusted OS.
Tshark A command-line tool that can capture packets on Linux and UNIX platforms, much like tcpdump.
TSIG See Transaction Signature.
TTL See time to live.
tunnel mode An IPsec mode that protects payload, routing, and header information.
Twofish A version of Blowfish that uses 128-bit data blocks using 128-, 192-, and 256-bit keys and performs 16 rounds of transformation.
Type 1 (or native, bare metal) hypervisor A hypervisor that runs directly on the host’s hardware to control the hardware and to manage guest operating systems.
Type 2 hypervisor A hypervisor that runs within a conventional operating system environment.
US-CERT See U.S. Computer Emergency Readiness Team.
U.S. Computer Emergency Readiness Team (US-CERT) A group that works closely with CERT to coordinate responses to cybersecurity threats.
UEFI See unified extensible firmware interface.
unified extensible firmware interface (UEFI) An alternative to using BIOS to interface between the software and the firmware of a system.
unified threat management (UTM) A device that combines a traditional firewall with content inspection and filtering, spam filtering, intrusion detection, and antivirus.
unit testing Testing of pieces or modules of code that are later assembled to yield the final product.
usability The ease with which a security solution or device can be used and how well it suits organization needs and requirements.
USB on-the-GO (USB OTG) A specification first used in late 2001 that allows USB devices, such as tablets or smartphones, to act as either USB hosts or a USB devices.
USB OTG See USB on-the-GO.
US-CERT See U.S. Computer Emergency Readiness Team.
user acceptance testing Testing which ensures that the customer (either internal or external) is satisfied with the functionality of the software.
UTM See unified threat management.
validation testing Testing that determines whether the original purpose of software has been achieved.
vascular scan A scan of the pattern of veins in a user’s hand or face.
VDI See virtual desktop infrastructure.
verification testing Testing that determines whether the original design specifications have been met.
versioning A system that helps ensure that developers are working with the latest versions and eventually that users are using the latest version.
vertical privilege escalation A process in which a lower-privilege user or application accesses functions or content reserved for higher-privilege users or applications.
video conferencing Services and software that allow for online meetings with video capability.
virtual desktop infrastructure (VDI) An infrastructure that hosts desktop operating systems within a virtual environment in a centralized server.
virtual firewall A software or hardware firewall that has been specifically created to operate in the virtual environment.
virtual local area network (VLAN) A logical subdivision of a switch that segregates ports from one another as if they were in different LANs.
Virtual Network Computing (VNC) A remote desktop control system that operates much like RDP but uses the Remote Frame Buffer protocol.
virtual private network (VPN) A network whose connections use an untrusted carrier network but provide protection of the information through strong authentication protocols and encryption mechanisms.
virtual switch A software application or program that offers switching functionality to devices located in a virtual network.
virtual Trusted Platform Module (VTPM) A software object that performs the functions of a TPM chip.
VLAN See virtual local area network.
VM escape An attack in which the attacker “breaks out” of a VM’s normally isolated state and interacts directly with the hypervisor.
VNC See Virtual Network Computing.
Voice over IP (VoIP) A phone system that utilizes the data network and packages voice information in IP packets.
voice pattern or print A scan that measures the sound pattern of a user stating a certain word.
VoIP See Voice over IP.
VPN See virtual private network.
V-shaped model A development method that departs from the Waterfall method in that verification and validation are performed at each step.
VTPM See virtual Trusted Platform Module.
vulnerability cycle A cycle that explains the order of vulnerability types that attackers run through over time.
vulnerability An absence or a weakness of a countermeasure that is in place. Vulnerabilities can occur in software, hardware, or personnel.
vulnerability scanner Software that can probe for a variety of security weaknesses, including misconfigurations, out-of-date software, missing patches, and open ports.
vulnerability test A test that focuses on identifying vulnerabilities without exploiting them.
WAF See web application firewall.
WASC See Web Application Security Consortium.
WAYF See Where Are You From.
web application firewall (WAF) A device that applies rule sets to an HTTP conversation. These sets cover common attack types to which these session types are susceptible.
Web Application Security Consortium (WASC) An organization that provides best practices for web-based applications along with a variety of resources, tools, and information that organizations can make use of in developing web applications.
web conferencing Services and software that allow for chatting, sharing documents, and viewing the screen of a presenter.
Web Services Security (WS-Security) An extension to SOAP that is used to apply security to web services.
whaling A subset of spear phishing that targets a single person who is significant or important.
Where Are You From (WAYF) An SSO system that allows credentials to be used in more than one place. It has been used to allow users of institutions that participate to log in by simply identifying the institution that is their home organization. That organization then plays the role of identity provider to the other institutions.
white-box testing Testing in which the team goes into the process with a deep understanding of the application or system.
white hat An entity that breaks into an organization’s system(s) but does not have malicious intent.
white team A group of technicians who referee the encounter between the red team and the blue team in a pen test.
Whois A protocol used to query databases that contain information about the owners of Internet resources, such as domain names, IP address blocks, and autonomous system (AS) numbers used to identify private Border Gateway Protocol (BGP) networks on the Internet.
wildcard certificate A public key certificate that can be used with multiple subdomains of a domain.
wireless controller A centralized appliance or software package that monitors, manages, and controls multiple wireless access points.
Wireshark One of the most widely used protocol analyzers.
work recovery time (WRT) The difference between RTO and MTD, which is the remaining time that is left over after the RTO before reaching the maximum tolerable downtime.
WRT See work recovery time.
XN bit (never execute bit) A method for specifying areas of memory that cannot be used for execution.
XSS See cross-site scripting.
zero knowledge proof A technique used to ensure that only the minimum needed information is disclosed, without all the details.
zero-day attack An attack on a vulnerable security component of an application or operating system that targets a vulnerability not yet known to the developers of the software.
zero-knowledge test A pen test in which the testing team is provided with no knowledge regarding the organization’s network.
zero-trust model A model in which a privilege is granted to a user only when absolutely required.
zone transfer The replication of the records held by one DNS server to another DNS server.