Glossary
Numbers
802.11 standard A legacy set of wireless LAN standards developed by working group 11 of the IEEE LAN/MAN Standards Committee. 802.11 is known for its use of WEP and RC4.
802.11i standard This is one of the replacements for 802.11. It uses WPA and Advanced Encryption Standard (AES) as a replacement for RC4 encryption.
A
Acceptable Use Policy (AUP) A policy that defines what employees, contractors, and third parties are authorized to do on the organization’s IT infrastructure and its assets. AUPs are common for access to IT resources, systems, applications, Internet access, email access, and so on.
Access Control List (ACL) A table or list stored by a router to control access to and from a network by helping the device determine whether to forward or to drop packets that are entering or exiting it.
access creep The result of an employee moving from one position to another within an organization without losing privileges from the old position, while at the same time gaining additional access in the new position. Thus, over time, the employee builds up much more access than he or she should have.
access point spoofing This form of man-in-the-middle attack works by pretending to be a legitimate access point for the purpose of tricking a user into passing traffic, by using the fake connection to have the traffic captured and analyzed.
accountability The traceability of actions performed on a system to a specific system entity or user.
accreditation Management’s formal acceptance of a system or application.
ACID test Test that addresses atomicity, consistency, isolation, and durability. Programmers involved in database management use the ACID test to determine whether a database-management system has been properly designed to handle transactions.
active fingerprint An active method of identifying the OS of a targeted computer or device that involves injecting traffic into the network and then sniffing the response.
activity blocker Similar to an activity monitor, it not only alerts the user to unusual or dangerous computer operations, but it also can block the user’s activity.
Address Resolution Protocol (ARP) Protocol used to map a known IP address to an unknown physical address.
ad-hoc mode Refers to wireless LAN communication. An individual computer is in a wireless ad-hoc operation mode if the user can communicate directly with other client units. No access point is required. Ad-hoc operation mode is ideal for smaller networks of no more than two to four computers. It is not usually used in the business world because of the potential security risks.
adware A software program that automatically forces pop-up windows of Internet marketing messages to users’ browsers on their workstation devices. Adware is different from spyware; it does not examine a user’s individual browser usage and does not exploit such information on the user’s browser.
algorithm A mathematical procedure used for solving a problem. It is commonly used in cryptography.
Annualized Loss Expectancy (ALE) An annual expected financial loss to an organization’s IT asset because of a particular threat being realized within that same calendar year.
anomaly detection A type of intrusion detection that looks at behavior that is not normal with standard activity. These unusual patterns are identified as suspicious.
ANSI X12 Developed by ANSI to standardize the electronic data interchange (EDI) transactions within North America.
appenders A type of virus infection that places the virus code at the end of an infected file.
applet A small Java program that can be embedded in an HTML page. Applets differ from full-fledged Java applications, in that they are not allowed to access certain resources on the local computer, such as files and serial devices (modems, printers, and so on), and are prohibited from communicating with most other computers across a network. The current rule is that an applet can make an Internet connection only to the computer from which the applet was sent.
application A software program designed to perform a specific task or group of tasks, such as word processing, communications, or database management.
application controls Category of controls used to verify the accuracy and completeness of records made by manual or automated processes. Controls used for applications include encryption, batch totals, and data input validation.
application layer Highest layer of the seven-layer OSI model. The application layer is used as an interface to applications or communications protocols.
application programming The process of developing, updating, and maintaining programs.
Application Programming Interface (API) A set of system-level routines that can be used in an application program for tasks such as basic input/output and file management. In a graphics-oriented operating environment such as Microsoft Windows, high-level support for video graphics output is part of the Windows graphical API.
Arithmetic Logic Unit (ALU) A device used for logical and arithmetic operations within a computer.
artificial intelligence Computer software that can mimic the learning capability of a human, such as reasoning and learning.
ASCII (American Standard Code for Information Interchange) A standard code for transmitting data, consisting of 128 letters, numerals, symbols, and special codes, each of which is represented by a unique binary number. An ASCII word typically is 8 bits of binary data.
assembler A program that converts the assembly language of a computer program into the machine language of the computer.
assessment An evaluation and/or valuation of IT assets based on predefined measurement or evaluation criteria. This does not typically require an accounting or auditing firm to conduct an assessment, such as a risk or vulnerability assessment.
asset Anything of value that an individual or business owns or possesses.
asymmetric algorithm Though keys are related, an asymmetric key algorithm uses a pair of different cryptographic keys to encrypt and decrypt data.
asymmetric encryption In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. The two keys are related mathematically; a message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other. In a sense, one key “locks” a lock (encryption), but a different key is required to unlock it (decryption).
Asynchronous Transfer Mode (ATM) Communication technology that uses high-bandwidth, low-delay transport technology and multiplexing techniques. Through dedicated media connections, it provides simultaneous transport of voice, video, and data signals more than 50 times faster than current technology. ATM might be used in phone and computer networks of the future.
asynchronous transmission The method whereby data is sent and received 1 byte at a time.
attenuation Occurs with any signal and can be described as a weakening of the signal that increase as the signal travels farther from the source.
attribute sampling Technique used in auditing that selects certain samples that have specific attributes or characteristics.
audit Term that typically accompanies an accounting or auditing firm. It refers to a specific and formal methodology and definition on how an investigation should be conducted, with specific reporting elements and metrics being examined. An example is a financial audit conducted according to the Public Accounting and Auditing Guidelines and Procedures.
audit evidence The auditor gathers information in the course of performing an audit. Once collected, all information is used to meet the audit’s objectives.
audit objective The purpose of the audit, or what the audit expects to achieve.
audit program A listing of audit procedures to be performed to complete an audit.
audit risk The risk that the auditor will fail to draw attention to a material misstatement, deficiency, abuse, or other unacceptable matter in an audit.
audit trail A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions.
authentication A method used to enable one to identify an individual. Authentication verifies the identity and legitimacy of the individual who wants to access the system and its resources. Common authentication methods include passwords, tokens, and biometric systems.
authorization The process of granting or denying access to a network resource based on the user’s credentials.
availability Ensures that the system is responsible for delivering, storing, and processing data, as well as being available and accessible to individuals who are authorized to use its resources.
B
back door Type of software that allows access to a computer without using conventional security procedures. Back doors are often associated with either hardcoded user/passwords in a vendor product left over from debugging, or with Trojans and other forms of malware.
backup Copies of programs, databases, other files, and so on are made with the purpose of restoring information in case it is lost, for instance, because of a computer failure, a natural disaster, or a virus infection.
balanced score card A method developed by Robert Kaplan and David Norton to measure the organization’s performance in meeting goals tied to the company’s mission statement and strategy.
bandwidth The range of frequencies, expressed in hertz (Hz), that can pass over a given transmission channel. The bandwidth determines the rate at which information can be transmitted through the circuit.
bar code A series of bars and spaces that are encoded to represent characters. Bar codes are designed to be machine readable.
base test case Data created for testing purposes. Used to validate production application systems and to perform ongoing testing to verify the accuracy of the system.
baseband The name given to a transmission method in which the entire bandwidth (the rate at which information travels through a network connection) is used to transmit just one signal.
baseline A consistent or established base used to establish a minimum acceptable level of security.
batch control The application of sequential automation and control to repetitive processes.
batch processing The performing of a group of computer tasks at the same time.
bayesian filter A technique used to detect spam. Bayesian filters give a score to each message based on the words and numbers in a message. They are often employed by antispam software to filter spam based on probabilities. Messages with high scores are flagged as spam and can be discarded, deleted, or placed in a folder for review.
benchmark A standard test or measurement to compare the performance of similar components or systems.
binary code A sequence of 0s and 1s used by computer systems as the basis of communication.
biometrics A method of verifying an individual’s identity for authentication by analyzing a unique physical attribute of that individual’s fingerprint, retinal scan, or palm print.
black-box testing Type of testing that occurs when the auditor has little or no knowledge of the organization’s network structure.
block cipher An encryption scheme in which the data is divided into fixed-size blocks, with each encrypted independently from the others.
Blowfish A symmetric block encryption designed in 1993. It is similar to Twofish, which was designed to meet the specifications for AES.
Blu-ray Disc Designed as a replacement for DVDs. Blu-ray is a high-density optical disk that can hold audio, video, or data.
Bluejacking The act of sending unsolicited messages, pictures, or information to a Bluetooth user.
Bluesnarfing The act of stealing information from a wireless device by using a Bluetooth connection.
Bluetooth An open standard for short-range wireless communication of data and voice between both mobile and stationary devices that comes in several configurations, the strongest of which is rated for 100 meters. Used in cell phones, PDAs, laptops, and other devices.
bollard Usually placed in the path of doorways, a heavy round post used to prevent automobiles from ramming buildings or breaching physical security.
bottom-up testing Testing that works up from the bottom starting with code, then modules, programs, and all the way to systems. The advantage of bottom-up testing is that it can be started as soon as modules are complete. This approach also allows errors in modules to be discovered early.
bridge A Layer 2 device for passing signals between two LANs or two segments of a LAN.
broadband A wired or wireless transmission medium capable of supporting a wide range of frequencies, typically from audio up to video frequencies. It can carry multiple signals by dividing the total capacity of the medium into multiple, independent bandwidth channels, with each channel operating on only a specific range of frequencies.
broadcast A type of transmission used on local and wide area networks in which all devices are sent the information from one host.
brute-force attack A method of breaking a cipher or encrypted value by trying a large number of possibilities. Brute-force attacks function by working through all possible values. The feasibility of brute-force attacks depends on the key length and strength of the cipher and the processing power available to the attacker. This type of attack can also be targeted against user/password credentials at a login.
buffer An amount of memory reserved for the temporary storage of data.
buffer overflow In computer programming, this occurs when a software application somehow writes data beyond the allocated end of a buffer in memory. Buffer overflow is usually caused by software bugs and improper syntax and programming, thus opening or exposing the application to malicious code injections or other targeted attack commands.
bus A common shared channel among multiple computer devices.
bus LAN configuration A LAN network design that was developed to connect computers used for 10BASE-5 and 10BASE-2 computer networks. All computers and devices are connected along a common bus or single communication line so that transmissions by one device are received by all.
business case A document developed to establish the merits and desirability of a project. This is the information necessary to enable approval, authorization, and policy-making bodies to assess a project proposal and reach a reasoned decision, as well as justify the commitment of resources to a project.
Business Continuity Planning (BCP) A system or methodology used to create a plan on how an organization will resume its partially or completely interrupted critical functions within a predetermined time after the occurrence of a disaster or disruption. The goal is to keep critical functions operational.
Business Impact Analysis (BIA) A component of the business continuity plan. The BIA looks at all the components that an organization is reliant upon for continued functionality. Its goal is to distinguish which are the most crucial and require a greater allocation of funds in the wake of a disaster.
Business Process Reengineering (BPR) The activity by which an enterprise rethinks and reexamines its goals and how it achieves them, followed by a disciplined approach of business process redesign to achieve dramatic improvements in critical, contemporary measures of performance, such as cost, quality, service, and speed.
business risk The possibility or uncertainty of not meeting business goals or objectives.
Bypass Label Processing (BLP) Used to bypass security and access-control systems and allow the user to read a computer file.
C
Capability Maturity Model A structured model that was designed by Carnegie Melon’s Software Engineering Institute to improve and optimize the software development lifecycle.
Carrier Sense Multiple Access/Collision Avoidance (CSMA/CA) The access method used by local area networking technologies, such as the Ethernet.
Carrier Sense Multiple Access/Collision Detection (CSMA/CD) The access method used by local area networking technologies, such as Token Ring.
catastrophe A calamity or misfortune that causes the destruction of a facility and data.
Central Processing Unit (CPU) One of the central components of a system, the CPU carries out the vast majority of the calculations performed by a computer. It can be thought of as the “brain” of a computer. The CPU is like a manager or boss, telling what the other components of the system should be doing at a given moment.
certificate A digital certificate is a file that uniquely identifies its owner. A certificate contains owner identity information and its owner’s public key. Certificates are created by the certificate authority.
Certificate Authority (CA) Used in the PKI infrastructure to issue certificates and report status information and Certificate Revocation Lists.
Certificate Practice Statement (CPS) Provides a detailed explanation of how the certificate authority manages the certificates it issues and associated services such as key management. The CPS acts as a contact between the CA and users, describing the obligations and legal limitations, and setting the foundation for future audits.
Certificate Revocation List (CRL) The CRL is the certification authority’s listing of invalid certificates, such as compromised, revoked, or superceded certificates. CRL is used during the digital signature verification process to check the validity of the certificate from which the public verification key is extracted.
certification The technical review of the system or application.
Challenge Handshake Authentication Protocol (CHAP) A secure method for connecting to a system. CHAP functions as follows: 1) When the authentication request is made, the server sends a challenge message to the requestor. The requestor responds with a value obtained by using a one-way hash. 2) The server then checks the response by comparing the received hash to the one calculated locally by the server. 3) If the values match, authentication is acknowledged; otherwise, the connection is terminated.
Channel Service Unit/Digital Service Unit (CSU/DSU) A telecommunications device used to terminate telephone company equipment, such as a T1, and prepare data for router interface at the customer’s premises.
check digit An extra digit generated by some mathematical process that is placed after a string of numbers to ensure that they have been correctly input, or to validate numbers as a means of checking against errors in transcription.
cipher text Plain text or clear text is what you have before encryption; cipher text is the encrypted result that is scrambled into an unreadable form.
client/server Describes the relationship between two computer programs in which one program, the client, makes a service request from another program, the server, which fulfills the request. Clients rely on servers for resources, such as files, devices, and even processing power.
clipping level The point at which an alarm threshold or trigger occurs.
Closed-Circuit Television (CCTV) A system comprised of video transmitters that can feed one or more receivers the captured video. Mostly used in banks, casinos, shopping centers, airports, or anywhere that physical security can be enhanced by monitoring events. Placements in these facilities are typically at locations where people enter or leave the facility and where critical transactions occur.
closed system Typically used in context of availability of source code in that a system that is not “open” is considered a proprietary system. Open systems employ modular designs, are widely supported, and facilitate multivendor and multitechnology integration.
CNAMES CNAMES, or conical names, are used in DNS and are considered an alias or nickname.
coaxial cable A cable composed of an insulated central conducting wire wrapped in another cylindrical conductor (the shield). The whole thing is usually wrapped in another insulating layer and an outer protective layer. A coaxial cable has great capacity to carry vast quantities of information. It is typically used in high-speed data and CATV applications.
CobiT An acronym for Control Objectives for Information and Related Technology. CobiT is a framework that was designed by ISACA to aid in information security best practices.
cohesion The extent to which a system or subsystem performs a single function.
cold site A site that contains no computing-related equipment except for environmental support, such as air conditioners and power outlets, and a security system made ready for installing computer equipment.
collision When discussed in the realm of cryptography, describes when a hashing algorithm, such as MD5, creates the same value for two or more different files.
combination lock A lock that can be opened by turning dials in a predetermined sequence.
Committed Information Rate (CIR) Used when describing the data rate guaranteed by a Frame Relay data communications circuit.
Compact Disc (CD) A means of storing video, audio, and data on an optical disk. CDs were originally designed for digital audio music.
compensating control An internal control designed to reduce risk or weakness in an existing control.
compiler A computer program that translates a computer program written in one computer language (called the source language) into an equivalent program written in another computer language (called the object, output, or target language).
completely connected (mesh) configuration Type of network configuration designed so that all devices are connected to all others with many redundant interconnections between network devices.
completeness check A type of verification that no fields are missing in a form.
compliance testing A set of tests designed to obtain evidence on the effectiveness of the internal controls and their operation during the audit period.
comprehensive audit An in-depth audit of financial records that examines internal controls of departments and/or company functions.
Computer-Aided Software Engineering (CASE) The use of software tools to assist in the development and maintenance of software. Tools used in this way are known as CASE tools.
Computer Emergency Response Team (CERT) An organization developed to provide incident-response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve an organization’s ability to respond to computer and network security issues.
Concurrency Control In computer science—or, more specifically, in the field of databases—a method used to ensure that database transactions are executed in a safe manner (that is, without data loss). Concurrency control is especially applicable to database-management systems, which must ensure that transactions are executed safely and that they follow the ACID rules.
confidentiality Data or information that is not made available or disclosed to unauthorized persons.
confidentiality agreement An agreement that employees, contractors, or third-party users must read and sign before being granted access rights and privileges to the organization’s IT infrastructure and assets. These agreements typically specify that the parties cannot divulge confidential information they become aware of during the course of the engagement.
console log A report of computer system activity that details specific events and is recorded automatically.
contingency planning The process of how to prepare to deal with calamities and noncalamitous situations before they occur, thus minimizing effects.
continuity The state or quality of being continuous or unbroken, without interruption and with a succession of parts intimately united.
control risk The tendency of the internal control system to lose effectiveness over time and to expose or fail to prevent the exposure of the assets under control.
control unit The part of the central processing unit (CPU) that is responsible for the execution of software, allocation of internal memory, and transfer of operations between the arithmetic-logic, internal storage, and output sections of the computer.
Controlled Self-Assessment (CSA) A process that makes management and work teams directly responsible for the management and assessment of internal controls.
corporate governance The method by which a corporation is directed, administered, or controlled. It includes the laws and customs affecting that direction, as well as the goals for which it is governed. (How objectives of an organization are set, the means of attaining such objectives, how performance-monitoring guidelines are determined, and ways to emphasize the importance of using resources efficiently are significant issues within the makeup of such method.)
corrective controls Internal controls designed to resolve problems soon after they arise.
coupling The extent of the complexity of interconnections with other modules.
covert channel An unintended communication path that allows a process to transfer information in such a way that violates a system’s security policy.
cracker A term derived from “criminal hacker,” someone who acts in an illegal manner. This term was developed to distinguish malicious individuals from the classic definition of “hacker.”
criminal law Laws pertaining to crimes against the state or those considered detrimental to society. These violations of criminal statues are punishable by law and can include monitory penalties and jail time.
Critical Path Methodology (CPM) Determines what activities are critical and what the dependencies are among the various tasks.
criticality The quality, state, degree, or measurement of the highest importance.
cryptographic key A value that is used in the cryptographic process of encryption or decryption.
Customer Relationship Management (CRM) Entails all aspects of interaction that a company has with its customers. It includes methodologies, software, and usually Internet capabilities that help an organization manage customer relationships in an organized way.
D
data communications The transmission or sharing of data between computers via an electronic medium.
data custodian Role delegated by the data owner that has the responsibility of maintaining and protecting the organization’s data.
data dictionary A catalog of all data held in a database, or a list of items giving data names and structures.
Data Encryption Standard (DES) A symmetric encryption standard that is based on a 64-bit block. DES processes 64 bits of plain text at a time to output 64-bit blocks of cipher text. DES uses a 56-bit key and has four modes of operation. Because DES has been broken, 3DES is more commonly used. 3DES uses two or three keys and uses 48 rounds of transposition.
data leakage Any type of computer information loss. This can involve removal of information by CD, floppy, or USB thumb drive, or any other method that allows the removal or leakage of information by stealing computer reports, data, or tapes.
data owner Usually a member of senior management of an organization who is ultimately responsible for ensuring the protection and use of the organization’s data.
data security The science and study of methods of protecting data in computer and communications systems against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.
data structure A logical relationship among data elements that is designed to support specific data-manipulation functions.
database A collection of data that is organized and stored on a computer and can be searched and retrieved by a computer program.
Database Administrator (DBA) A person (or group of people) responsible for the maintenance activities of a database, including backup and recovery, performance, and design.
Database-Management System (DBMS) An integrated set of computer programs that provide the capabilities needed to establish, modify, make available, and maintain the integrity of a database.
deadman door Two sets of doors: It allows one person to enter the first door; then after it is closed, the second door is allowed to open. Deadman doors are used to control access. Also known as a mantrap.
decentralized computing The act of distributing computing activities and computer processing to different locations.
Decision Support System (DSS) A now-superseded term for a software application that analyzes business data and presents it so that users can make business decisions more easily.
decryption The process of converting encrypted content into its original form, often the process of converting cipher text to plain text. Decryption is the opposite of encryption.
defense-in-depth The process of multilayered security. The layers can be administrative, technical, or logical.
Demilitarized Zone (DMZ) The middle ground between a trusted internal network and an untrusted, external network. Services that internal and external users must use, such as HTTP, are typically placed there.
Denial of Service (DoS) Occurs when an attacker consumes the resources on your computer for things it was not intended to do, thus preventing normal access to network resources and applications for legitimate purposes.
destruction Destroying data or information so that it is deprived from the legitimate user.
detection risk The risk that audit procedures will lead to a conclusion that material error does not exist, when, in fact, such error does exist.
detective control Controls to identify and correct undesirable events that have occurred.
device lock Lock used to secure laptops and other devices from theft.
dial back Can be used for personal identification. A procedure established for positively identifying a terminal that is dialing into a computer system. It works by disconnecting the calling terminal and reestablishing the connection by the computer system dialing the telephone number of the calling terminal.
dictionary attack A type of cryptographic attack in which the attacker uses a word list or dictionary list to try to crack an encrypted password. A newer technique is to use a time memory tradeoff, such as in rainbow tables.
digital certificate Usually issued by trusted third parties and contains the name of a user or server, a digital signature, a public key, and other elements used in authentication and encryption. X.509 is the most common type.
digital signature An electronic signature that can authenticate the identity of the sender of a message. A digital signature is usually created by encrypting the user’s private key and is decrypted with the corresponding public key.
digital watermark A technique that adds hidden copyright information to a document, picture, or sound file.
Direct-Sequence Spread Spectrum (DSS) A technique used to scramble the signal of wireless devices.
disaster A natural or man-made event that includes fire, flood, storm, or equipment failure and that negatively affects an industry or facility.
disaster tolerance Refers to the amount of time that an organization can accept the unavailability of IT facilities and services.
discovery sampling A sampling plan for locating at least one deviation, provided that the deviation occurs in the population with a specified frequency.
Discretionary Access Control (DAC) An access policy that allows the resource owner to determine access.
diskless workstation A thin client that has no hard drive or local operating system. The system boots from a centralized server and stores files on a network file server.
Distributed Denial of Service (DDoS) Similar to DoS, except that the attack is launched from multiple and distributed agent IP devices. DDoS is harder to defend against because it originates from many different devices; thus, it is harder to identify the true attacker. This is also difficult because it is hard to distinguish legitimate traffic from malicious traffic.
Domain Name System (or service or server) (DNS) A hierarchy of Internet servers that translate alphanumeric domain names into IP addresses, and vice versa. Because domain names are alphanumeric, it is easier to remember these names than IP addresses.
downloading Transferring information from one computer to another computer and storing it there.
downtime report A record that tracks the amount of time that a computer or device is not operating because of a hardware or software failure.
dropper A program designed to drop a virus to the infected computer and then execute it on the user’s system.
due care The standard of conduct taken by a reasonable and prudent person. When you see the term due care, think of the first letter of each word and remember “do correct” because due care is about the actions that you take to reduce risk and keep it at that level.
due diligence The execution of due care over time. When you see the term due diligence, think of the first letter of each word and remember “do detect” because due diligence is about finding the threats an organization faces. This is accomplished by using standards, best practices, and checklists.
dumb terminal A computer workstation or terminal that consists of a keyboard and screen, but with no processor of its own. It sends and receives its data to and from a large central computer or server.
dumpster diving The practice of rummaging through the trash of a potential target or victim to gain useful information.
Dynamic Host Configuration Protocol (DHCP) The process of dynamically assigning an IP address to a host device.
E
eavesdropping The unauthorized capture and reading of network traffic.
echo request and echo reply The technical name for a ping. The first part of an ICMP ping message, officially a Type 8. The second part of an ICMP ping message, officially a Type 0.
edit controls Manual or automated process to check for and allow the correction of data errors before processing. Edit controls detect errors in the input portion of information.
editing To review for possible errors and make final changes, if necessary, to information in a database.
EGDAR database The Electronic Data Gathering, Analysis, and Retrieval System used by the Securities and Exchange Commission to store public company filings.
Electronic Code Book (ECB) A symmetric block cipher that is a form of DES. ECB is considered the weakest form of DES. When used, the same plain-text input will result in the same encrypted text output.
Electronic Data Interchange (EDI) The exchange of business information or transaction documents between computers of two organizations. This can be accomplished by direct computer-to-computer transfer of transaction information contained in standard business format without paper or human intervention.
Electronic Funds Transfer (EFI) The transfer of money or funds between accounts initiated through an electronic terminal, automated teller machine, computer, telephone, or magnetic tape rather than using conventional paper-based payment methods.
electronic serial number Used to identify a specific cell phone when turned on and requesting to join a cell network.
email bomb A hacker technique that floods the email account of the victim with useless emails.
email/interpersonal messaging Instant messages, usually text, sent from one person to another, or to a group of people, via computer.
embedded audit module An integral part of an application system that is designed to identify and report specific transactions or other information based on predetermined criteria. Identification of reportable items occurs as part of real-time processing. Reporting might be real-time online, or might use store-and-forward methods.
encapsulation (objects) As used by layered protocols, a technique that applies to a layer adding header information to the protocol data unit (PDU) from the layer above. Basically, this refers to the ability to cover and seal an object.
encryption The science of turning plain text into cipher text.
encryption key A sequence of characters used by an encryption algorithm to encrypt plain text into cipher text.
end-user computing The use or development of information systems by the principal users of the systems’ outputs or by their staffs.
End-User Licensing Agreement (EULA) The software license that software vendors create to protect and limit their liability, as well as hold the purchaser liable for illegal pirating of the software application. The EULA typically includes language that protects the software manufacturer from software bugs and flaws, and limits the liability of the vendor.
enterprise architecture A blueprint that defines the business structure and operation of the organization.
Enterprise Resource Planning (ERP) ERP systems are software systems used for operational planning and administration, and for optimizing internal business processes. The best-known supplier of these systems is SAP.
enterprise vulnerability management The overall responsibility and management of vulnerabilities within an organization and how that management of vulnerabilities will be achieved through the dissemination of duties throughout the IT organization.
Entity Relationship Diagram (ERD) Helps map the requirements and define the relationship between elements.
Equal Error Rate (EER) A comparison measurement for different biometric devices and technologies to measure their accuracy. The CER is the point at which FAR and FRR are equal, or cross over. The lower the CER, the more accurate the biometric system.
Ethernet A network protocol defining a specific implementation of the physical and data link layers in the OSI model (IEEE 802.3). Ethernet is a local area network that uses a bus topology and provides reliable high-speed communications (maximum of 100 million bps) in a limited geographic area (such as an office complex or university complex).
ethical hack A term used to describe a type of hack done to help a company or individual identify potential threats on the IT infrastructure or network. Ethical hackers must obey rules of engagement, do no harm, and stay within legal boundaries. Also referred to as penetration testing.
ethical hacker A security professional who legally attempts to break into a computer system or network to find its vulnerabilities.
evasion The act of performing activities to avoid detection.
evidence Gathered by an auditor during the course of an audit. The information gathered stands as proof that can support conclusions of an audit report.
exception report A report that uses data selection based on a very specific set of circumstances to identify process exceptions. Reports that identify items with negative on-hand quantities or locations with more than one item stored in them are examples of exception reports.
Exclusive-OR (XOR) Exclusive disjunction (usual symbol xor) is a logical operator that results in “true” if one, but not both, of the operands is “true.”
expert system An expert system is a class of computer programs developed by researchers in artificial intelligence during the 1970s and applied commercially throughout the 1980s. In essence, they are programs made up of a set of rules that analyze information (usually supplied by the user of the system) about a specific class of problems, as well as provide analysis of the problem(s), and, depending upon their design, a recommended course of user action to implement corrections.
exploit The actual tool or code one can use to take advantage of a system vulnerability.
exposure factor A value calculated by determining the percentage of loss to a specific asset due to a specific threat.
Extended Binary Coded Decimal Interchange Code (EBCDIC) An IBM-developed 8-bit binary code that can represent 256 characters. It allows control codes and graphics to be represented in a logical format. EBCDIC was created to represent data in particular types of data processing and communications terminal devices.
Extensible Authentication Protocol A method of authentication that can support multiple authentication methods, such as tokens, smart cards, certificates, and one-time passwords. Some common variants include LEAP and EAP-RADIUS.
Extensible Markup Language (XML) An emerging standard or system for defining, validating, or sharing document formats and data distributed on the Web. XML enables authors to create customized tags that can help them efficiently achieve their goals.
extranet A private network that uses Internet protocols and the public telecommunication system to securely share part of a business’s information or operations with suppliers, vendors, partners, customers, or other businesses. An extranet can be viewed as part of a company’s intranet that is extended to users outside the company. An extranet requires security and privacy.
F
fail safe In the logical sense, the process of discovering a system error, terminating the process, and preventing the system from being compromised.
False Acceptance Rate (FAR) Measurement that evaluates the likelihood that a biometric access-control system will wrongly accept an unauthorized user.
false authorization rate See false acceptance rate.
False Rejection Rate (FRR) Measurement that evaluates the likelihood that a biometric access-control system will reject a legitimate user.
feasibility study A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution for a user’s need.
fiber-optic cable A medium for transmission comprised of many glass fibers. Light-emitting diodes or lasers send light through the fiber to a detector that converts the light back to an electrical signal for interpretation. Advantages include huge bandwidth, immunity to electromagnetic interference, and the ability to traverse long distances with minimal signal degradation.
field In a database, the part of a record reserved for a particular type of data; for example, in a library catalog, author, title, ISBN, and subject headings would all be fields.
file Data stored as a named unit on a data storage medium. Examples include a program, a document, and a database.
File Allocation Table (FAT) A table or list maintained by an operating system to keep track of the status of various segments of disk space used for file storage.
file server A high-capacity disk storage device or a computer that each computer on a network can use or access and retrieve files that can be shared among attached computers. Such computer programs can be set up to accept (or not accept) different programs running on other computers, to access the files of that computer.
financial audit The examination of financial records and reports of a company to verify that the figures in the financial reports are relevant, accurate, and complete.
finger On some UNIX systems, finger identifies who is logged on and active, and sometimes to provide personal information about that individual.
firewall Security system in hardware or software form that manages and controls both network connectivity and network services. Firewalls act as chokepoints for traffic entering and leaving the network, and prevent unrestricted access. Firewalls can be stateful or stateless.
firmware A computer program or software stored permanently in PROM or ROM, or semipermanently in EPROM. Software is “burned in” on the memory device so that it is nonvolatile (will not be lost when power is shut off).
First In, First Out (FIFO) A method of data and information storage in which the data stored for the longest time is retrieved first.
flooding The process of overloading the network or target application with traffic so that no legitimate traffic or activity can occur.
Fourth-Generation Language (4GL) Programming languages that are easier to use than lower-level languages such as BASIC, Assembly, or FORTRAN. 4GL languages such as SQL and Python are also known as nonprocedural, natural, or very high-level languages.
Frame Relay A type of packet-switching technology that transmits data faster than the X.25 standard. Frame Relay does not perform error correction at each computer in the network. Instead, it simply discards any messages with errors. It is up to the application software at the source and destination to perform error correction and to control for loss of messages.
Frequency-Hopping Spread Spectrum (FHSS) One of the basic modulation techniques used in spread spectrum signal transmission. FHSS is another technique used to make wireless communication harder to intercept and more resistant to interference.
Function Point Analysis (FPA) An ISO-approved method as a standard to estimate the complexity of software.
G
gap analysis The analysis of the differences between two states, often to determine how to get from point A to point B, thus aiming to look for ways to bridge the gap.
gateway A device that allows for the translation and management of communication between networks that use different protocols or designs. Can also be deployed in a security context to control sensitive traffic.
Generalized Audit Software (GAS) A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files, selecting data, manipulating data, sorting data, summarizing data, performing calculations, selecting samples, and printing reports or letters in a format specified by the IS auditor. This technique includes software acquired or written for audit purposes and software embedded in production.
gentle scan A type of vulnerability scan that does not present a risk to the operating network infrastructure. Tools such as Nessus have the option of running a gentle scan or running a scan with dangerous plug-ins.
Geographical Information System (GIS) A computer system that combines database-management system functionality with information about location. In this way, it can capture, manage, integrate, manipulate, analyze, and display data that is spatially referenced to the earth’s surface.
gold standard Generally regarded as practices and procedures that are considered the very best.
governance The planning, influencing, and conducting of the policy and affairs of an organization (in our case, the organization refers to a project).
gray-box testing Testing that occurs with only partial knowledge of the network, or that is performed to see what internal users have access to. Testers might also have access to some code.
guidelines Much like standards, these are recommendations; they are not hard-and-fast rules.
H
hardware The physical equipment of a computer system, including the central processing unit, data-storage devices, terminals, and printers.
hardware keystroke logger A form of key logger that is a hardware device such as DIN5, PS2, or USB. When placed on the system, it is hard to detect without doing a physical inspection. It can be plugged into the keyboard connector or be built into the keyboard.
hash A mathematical algorithm used to ensure that a transmitted message has not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they are the same, there is a very high probability that the message was transmitted intact.
hashing algorithm Verifies the integrity of data and messages. A well-designed hashing algorithm examines every bit of the data while it is being condensed; even a slight change to the data results in a large change in the message hash. Hashing is considered a one-way process.
help desk A support system designed to assist end users with technical and functional questions and problems. Also serves as technical support for hardware and software. Help desks are staffed by people who can either solve the problem directly or forward the problem to someone else. Help-desk software provides the means to log problems and track them until solved. It also gives management information regarding support activities.
heuristic filter An IDS/IPS and antispam filter technology that uses criteria based on a centralized rule database.
heuristic scanning A form of virus scanning that looks at irregular activity by programs. For example, a heuristic scanner will flag a word-processing program that has attempted to format the hard drive, which is not normal activity.
hierarchical database Database that is organized in a tree structure, in which each record has one owner. Navigation to individual records takes place through predetermined access paths.
honey pot An Internet-attached server that acts as a decoy, luring in potential hackers to study their activities and monitor how they are able to break into a system. This can be deployed internally as well, to provide targets for attackers who get by perimeter defenses.
hot site A commercial disaster-recovery service that enables an organization to sustain its computing and network capabilities in the event of a massive equipment failure. A hot site provides the equipment and office facilities needed for the organization to continue its operations.
hub A device used for physical connectivity in networks. It provides connectivity, amplification, and signal regeneration.
Hypertext Markup Language (HTML) A coding technique used to create documents and web pages for the World Wide Web.
I
IANA A primary governing body for Internet networking. IANA oversees three key aspects of the Internet: top-level domains (TLDs), IP address allocation, and port number assignments. IANA is tasked with preserving the central coordinating functions of the Internet for the public.
identity theft An attack in which an individual’s personal, confidential, banking, or financial identity is stolen and compromised by another individual or individuals. Use of a social security number without the individual’s consent or permission could result in identity theft.
impact Best defined as an attempt to identify the extent of the consequences if a given event occurs.
impact assessment A study of the potential future effects of a development project on current projects and resources. The resulting document should list the pros and cons of pursuing a specific course of action.
independence The state or quality of being free from subjection or the influence, control, or guidance of individuals, things, or situations. Applied to auditors and examining officials and their respective organizations who must maintain neutrality and exercise objectivity so that opinions, judgments, conclusions, and recommendations on examined allegations are impartial and are viewed as impartial by disinterested third parties.
Indexed Sequential Access Method (ISAM) A combination or compromise between indexed blocks of data arranged sequentially within each block; used for storing data for fast retrieval.
Information-Processing Facility (IPF) The areas where information is processed, usually the computer room and support areas.
Information Technology Security Evaluation Criteria (ITSEC) A European standard that was developed in the 1980s to evaluate the confidentiality, integrity, and availability of an entire system.
infrastructure mode A form of wireless networking in which wireless stations communicate with each other by first going through an access point.
inherent risk The susceptibility of an audit area to error, which could be material, individual, or in combination with other errors, assuming that there are no related internal controls.
initial sequence number A number defined during a TCP startup session.
input controls Computer controls designed to provide reasonable assurance that transactions are properly authorized before processed by the computer; that transactions are accurately converted to machine-readable form and recorded in the computer; that data files and transactions are not lost, added, duplicated or improperly changed; and that incorrect transactions are rejected, corrected, and, if necessary, resubmitted on a timely basis.
insecure computing habits The bad habits that employees, contractors, and third-party users have accumulated over the years can be attributed to the organization’s lack of security-awareness training, lack of security controls, and lack of any security policies or acceptable use policies (AUPs).
Integrated Services Digital Network (ISDN) A system that provides simultaneous voice and high-speed data transmission through a single channel to the user’s premises. ISDN is an international standard for end-to-end digital transmission of voice, data, and signaling.
integrity One of the three items considered part of the security triad; the others are confidentiality and availability. It is used to verify the accuracy and completeness of an item and that it has not been tampered with.
Internet An interconnected system of networks that connects computers around the world via the TCP/IP protocol.
Internet Assigned Numbers Authority (IANA) An organization dedicated to preserving the central coordinating functions of the global Internet for the public good. Used by hackers and security specialists to track down domain owners and their contact details.
Internet Control Message Protocol (ICMP) Part of TCP/IP that supports diagnostics and error control. Ping is a type of ICMP message.
Internet Engineering Task Force (IETF) A large open, international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF is the protocol-engineering and development arm of the Internet.
Internet Packet spoofing (IP spoofing) A technique used to gain unauthorized access to computers or in denial of service attacks. Newer routers and firewall arrangements can offer protection against IP spoofing.
Internet Protocol (IP) One of the key protocols of TCP/IP. The IP protocol is found at Layer 3 (network layer) of the OSI model.
intrusion detection A key component of security that includes prevention, detection, and response. It is used to detect anomalies or known patterns of attack.
Intrusion-Detection System (IDS) A network-monitoring device typically installed at Internet ingress/egress points. An IDS inspects inbound and outbound network activity and identifies suspicious patterns that could indicate a network or system attack from someone attempting to break into or compromise a system.
IPsec Short for IP security. An IETF standard used to secure TCP/IP traffic by means of encapsulation. It can be implemented to provide integrity and confidentiality.
irregularities Intentional violations of established management policy, or deliberate misstatements, or omissions of information concerning the area under audit or the organization as a whole.
ISO 17799 A comprehensive security standard that is divided into 10 sections. It is considered a leading standard and a code of practice for information security management.
IT asset Information technology assets such as hardware, software, or data.
IT asset criticality The act of assigning a criticality factor or importance value (critical, major, or minor) to an IT asset.
IT asset valuation The act of assigning a monetary value to an IT asset.
IT infrastructure A general term used to encompass all information technology assets (hardware, software, data), components, systems, applications, and resources.
IT security architecture and framework A document that defines the policies, standards, procedures, and guidelines for information security.
J
JBOD Just a Bunch of Disks, a technique that is somewhat like RAID, in that two or more hard drives are combined into one storage array. However, JBOD offers none of the fault tolerance advantages of RAID.
K
key-exchange protocol A protocol used to exchange secret keys for the facilitation of encrypted communication. Diffie-Hellman is an example of a key-exchange protocol.
Kilo Lines Of Code (KLOC) A technique used to determine the cost of software development that is based solely on length of code.
L
Last In, First Out (LIFO) A data-processing method that applies to buffers. The last item in the buffer is the first to be removed.
latency The delay that it takes one packet to travel from one node to another.
librarian The individual in the corporation who is responsible for storing, safeguarding, and maintaining data, programs, and computer information.
limit check Test of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used, the test can be called a range check.
limitation of liability and remedies A legal term that limits the organization in the amount of financial liability and remedies it is legally responsible for.
Local Area Network (LAN) A group of wired or wireless computers and associated devices that share a common communications line and typically share the resources of a single processor or server within a small geographic area (for example, within an office building).
log In computing, the log is equivalent to the history log of ships. The log is an automatic system that records significant events. The files that contain these records are called log files. Generally, the log is a file; what is written on it is a record.
log on The process of identifying yourself to your computer or an online service; the initial identification procedure to gain access to a system as a legitimate user. The usual requirements are a valid username (or user ID) and password.
logic bomb One of the most dangerous types of malware, in that it waits for a predetermined event or an amount of time to execute its payload. Typically a disgruntled employee/insider attack.
M
MAC filtering A method of controlling access on a wired or wireless network by denying access to a device in which the MAC address does not match one on a preapproved list.
macro infector A type of computer virus that infects macro files. The “I love you” virus and Melissa virus are examples of macro viruses.
MAID Massive Array of Inactive Disks. A large array of hard drives that are kept inactive until needed.
man-in-the-middle attack A type of attack in which the attacker can read, insert, and change information that is being passed between two parties without either party knowing that the information has been compromised.
man-made threat Threat caused by humans, such as hacker attack, terrorism, or destruction of property.
Management Information System (MIS) An organized approach to gathering data from inside and outside the company, and processing it by computer to produce current, accurate, and informative reports for decision makers. It provides management with much-needed information on a regular basis.
Mandatory Access Control (MAC) A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (such as clearance) of subjects to access information of such sensitivity.
master boot record infector A virus that infects a master boot record.
materiality An expression of the relative significance or importance of a particular matter in the context of the organization as a whole.
MD5 A hashing algorithm that produces a 128-bit output.
Media Access Control (MAC) The hard-coded address of the physical-layer device that is attached to the network. All network interface controllers must have a hard-coded and unique MAC address. The MAC address is 48 bits long.
message switching A strategy that enables communication channels to be used simultaneously by more than one node. At each transfer point in the connection, incoming data is stored in its entirety and then forwarded to the next point. This process continues until the data reaches its destination.
methodology A set of documented procedures used for performing activities in a consistent, accountable, and repeatable manner.
middleware Software that “glues together” two or more types of software (for example, two applications, their operating systems, and the network on which everything works) by translating information between them and exchanging this information over a network without both interacting applications being aware of the middleware.
minimum acceptable level of risk The stake in the ground that an organization defines for the seven areas of information security responsibility. Depending on the goals and objectives for maintaining confidentiality, integrity, and availability of the IT infrastructure and its assets, the minimum level of acceptable risk dictates the amount of information security.
mobile site Portable data-processing facility transported by trailers to be quickly moved to a business location. Typically used by insurance companies and the military, these facilities provide a ready-conditioned information-processing facility that can contain servers, desktop computers, communications equipment, and even microwave and satellite data links.
modem A device used to connect a computer to an analog phone line. Modems use the process of modulation.
modulation Used by modems to convert a digital computer signal into an analog telecommunications signal.
Moore’s law The belief that processing power of computers will double about every 18 months.
multicast The process of sending a computer packet to a group of recipients.
multipartite virus A virus that attempts to attack both the boot sector and executable files.
N
NetBus A back-door Trojan along the lines of back orifice 2000 (BOK2) that gives an attacker total control of the victim’s computer.
Network Address Translation (NAT) A method of connecting multiple computers to the Internet using one IP address so that many private addresses are being converted to a single public address. Addressed in RFC 1918.
network administrator The individual responsible for the installation, management, and control of a network. When problems with the network arise, this is the person to call.
Network Operations Center (NOC) An organization’s help desk or interface to its end users, where questions, trouble calls, and trouble tickets are generated.
NIST 800-42 Document that provides guidance on network security testing. It deals mainly with techniques and tools used to secure systems connected to the Internet.
noise Any unwanted signal, such as static, that interferes with the clarity of data being transmitted, thus creating the possibility that the receiver will receive a misconstrued message.
nonattribution The act of not providing a reference to a source of information.
nonrepudiation A system or method put into place to ensure that an individual cannot deny his own actions and prevents the reply of network traffic.
normalization The process of reducing a complex data structure into its simplest, most stable structure. In general, the process entails removing redundant attributes, keys, and relationships from a conceptual data model.
NSA IAM The National Security Agency (NSA) Information Security Assessment Methodology (IAM), a systematic process used by government agencies and private organizations to assess security vulnerabilities.
nslookup A standard UNIX, Linux, and Windows tool for querying name servers.
null session A Windows feature through which anonymous logon users can list domain user names, account information, and enumerate share names.
O
objectivity An independent mental attitude that requires internal auditors to perform audits in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. The auditor’s objectivity depends on the organizational status of the internal audit function, whether the internal auditor has direct access and reports regularly to the board, the audit committee, and more. Therefore, objectivity requires that internal auditors not subordinate their judgment on audit matters to that of others.
off-site storage A storage facility that is not located at the organization’s primary facility. The idea behind off-site storage is to protect information and limit damage that might occur at the primary facility. Off-site storage facilities are used to store computer media, backup data, and files.
one-time pad An encryption mechanism that can be used only once and that is, theoretically, unbreakable. One-time pads function by combining plain text with a random pad that is the same length as the plain text.
Open Shortest Path First (OSPF) A routing protocol that determines the best path for routing IP traffic over a TCP/IP network. It uses less router-to router update traffic than the RIP protocol that it has been designed to replace.
open source Based on the GNU General Public License. Although several “flavors” of GPL exist, this generally works by means of software that is open source and is released under an open-source license or to the public domain. The source code can be seen and modified.
Operating System (OS) identification The practice of identifying the operating system of a networked device by using passive or active techniques.
operational control Day-to-day controls that are used for normal daily operation of the organization. Operational controls ensure that normal operational objectives are achieved.
outsourcing A contract arrangement between a third party and the organization for services such as web hosting, application development, or data processing.
P
packet A block of data sent over the network that transmits the identities of the sending and receiving stations, for error control. Also known as a packed data unit (PDU).
packet filter A form of stateless inspection performed by some firewalls and routers.
packet switching A data-transmission method that divides messages into standard-sized packets for greater efficiency of routing and transporting them through a network.
paper shredder A hardware device used for destroying paper and documents, to prevent dumpster diving. Many modern shredders support CD/DVD destruction as well.
paper test A type of disaster-recovery test that reviews the steps of the test without actually performing the steps. This type of disaster-recovery test is usually used to help team members review the proposed plan and become familiar with the test and its objectives.
parallel testing A mode of testing in which a stream of data is fed into two systems to allow processing by both so that the results can be compared.
parity check A type of error check of control by means of an added digit (a 0 or a 1). The digit is added to an individual data item to indicate whether the sum of that data item’s bit is odd or even. It can detect error when the parity bit disagrees with the sum of the other bits.
passive OS fingerprint A passive method of identifying the operating system (OS) of a targeted computer or device. No traffic or packets are injected into the network; attackers simply listen and analyze existing traffic.
Password Authentication Protocol (PAP) A form of authentication in which clear-text usernames and passwords are passed.
pattern matching A method of identifying malicious traffic that is used by IDS systems. Also called signature matching, it works by matching traffic against signatures stored in a database.
penetration test A method of evaluating the security of a network or computer system by simulating an attack by a malicious hacker. The goal is to accomplish this without doing harm and with the owner’s consent.
Personal Area Network (PAN) When discussing Bluetooth devices, refers to the connection that can be made between Bluetooth and the various devices. PANs are used for short-range communication.
Personal Digital Assistant (PDA) A handheld device that combines computing, telephone/fax, and networking features. A typical PDA can function as a cellular phone, fax sender, and personal organizer. Many PDAs incorporate handwriting and/or voice-recognition features. PDAs also are called palmtops, handheld computers, and pocket computers.
phishing The act of misleading or conning an individual into releasing and providing (personal and confidential) information to an attacker masquerading as a legitimate individual or business. Spear phishing occurs when attackers go after a particular business, type of person, clients, and so on.
phreaker Individual who hacks phone systems or phone-related equipment. Phreakers predate computer hackers.
piggybacking A method of gaining unauthorized access into a facility by following an authorized employee through a controlled access point or door. Piggybacking is also known as tailgating.
ping sweep The process of sending ping requests to a series of devices or to the entire range of networked devices, with the objective being to see what responds. Pings are often blocked by network devices or OS configuration tweaks.
Point-of-Sale (PoS) system Systems that enable the capture of data at the time and place of transaction. PoS terminals can include using optical scanners with bar codes or magnetic card readers with credit cards. PoS systems might be online to a central computer or might use standalone terminals or microcomputers that hold the transactions until the end of a specified period, when they are sent to the main computer for batch processing.
policy A high-level document that dictates management’s intentions regarding security.
polymorphic virus A virus that is capable of change and self-mutation.
POP Post Office Protocol, a commonly implemented method of delivering email from the mail server to the client machine. Other methods include IMAP and Microsoft Exchange.
port Defined by IANA and used by protocols and applications. Port numbers are divided into three ranges: well-known ports, registered ports, and dynamic and/or private ports. Well-known ports are ports 0–1023. Registered ports are ports 1024–49151. Dynamic and/or private ports are ports 49152–65535.
port knocking A defensive technique that requires users of a particular service to access a sequence of ports in a given order before the service will accept their connection. Some port knocking will not have the service listening until the proper sequence of knocks happens.
port redirection The process of redirecting one protocol from an existing port to another.
prepender A virus type that adds the virus code to the beginning of existing executables.
pretexting Collecting information about a person under false pretenses.
preventative controls Controls that reduce risk and are used to prevent undesirable events from occurring.
principle of deny all A process of securing logical or physical assets by first denying all access and then allowing access only on a case-by-case basis.
privacy impact analysis The process of reviewing the information held by the corporation and assessing the damage that would result if sensitive or personal information were lost, stolen, or divulged.
probability The likelihood of an event happening.
problem-escalation procedure The procedure that details the process of increasing the priority of a problem from junior to senior staff, and ultimately to higher levels of management if resolution is not achieved.
procedure A detailed, in-depth, step-by-step document that lays out exactly what is to be done and how it is to be accomplished.
Program Evaluation and Review Technique (PERT) A planning and control tool representing, in diagram form, the network of tasks required to complete a project, establishing sequential dependencies and relationships among the tasks.
promiscuous mode The act of changing the network adapter from its normal mode of examining traffic that matches only its address to examining all traffic. Promiscuous mode allows a network device to intercept and read all network packets that arrive at its interface in their entirety.
protocol A set of formalized rules that describe how data is transmitted over a network. Low-level protocols define the electrical and physical standard, while high-level protocols deal with formatting of data. TCP and IP are examples of high-level LAN protocols.
prototyping The process of quickly putting together a working model (a prototype) to test various aspects of the design, illustrate ideas or features, and gather early user feedback. Prototyping is often treated as an integral part of the development process, where it is believed to reduce project risk and cost.
public key encryption An encryption scheme that uses two keys. In an email transaction, the public key encrypts the data, and a corresponding private key decrypts the data. Because the private key is never transmitted or publicized, the encryption scheme is extremely secure. For digital signatures, the process is reversed; the sender uses the private key to create the digital signature, which anyone who has access to the corresponding public key can read.
Public Key Infrastructure (PKI) Infrastructure used to facilitate e-commerce and build trust. PKI consists of hardware, software, people, policies, and procedures; it is used to create, manage, store, distribute, and revoke public key certificates. PKI is based on public key cryptography.
Q
qualitative analysis A weighted factor or nonmonetary evaluation and analysis based on a weighting or criticality factor valuation as part of the evaluation or analysis.
qualitative assessment An analysis of risk that places the probability results into categories such as none, low, medium, and high.
qualitative risk assessment A scenario–based assessment in which one scenario is examined and assessed for each critical or major threat to an IT asset.
quantitative analysis A numerical evaluation and analysis based on monetary or dollar valuation as part of the evaluation or analysis.
quantitative risk assessment A methodical, step-by-step calculation of asset valuation, exposure to threats, and the financial impact or loss if the threat is realized.
queue Any group of items, such as computer jobs or messages, waiting for service.
R
Radio Frequency Identification (RFID) A set of components that include a reader and a small device referred to as a tag. The tag can be used to hold information for inventory, management, tracking, or other purposes. RFID provides a method to transmit and receive data over short range from one point to another.
RADIUS Remote Authentication Dial-In User Service. A client/server protocol and software that allows remote-access servers to communicate. Used in wireless systems such as 802.1x.
RAM resident infection A type of virus that spreads through RAM.
record A collection of data items or fields treated as one unit.
Recovery Point Objective (RPO) The point in time to which data must be restored to resume processing transactions. RPO is the basis on which a data-protection strategy is developed.
recovery testing Testing aimed at verifying the system’s capability to recover from varying degrees of failure.
Recovery Time Objective (RTO) During the execution of disaster recovery or business continuity plans, the time goal for the reestablishment and recovery of a business function or resource.
Redundant Array of Independent Disks (RAID) A type of fault tolerance and performance improvement for disk drives that use two or more drives in combination. Also known as Redundant Array of Inexpensive Disks.
Registration Authority (RA) Entity responsible for the identification and authentication of the PKI certificate. The RA is not responsible for signing or issuing certificates. The most common form of certificate is the X.509 standard.
regression testing Retesting of a previously tested program following modification to ensure that faults have not been introduced or uncovered as a result of the changes made.
Remote Procedure Call (RPC) A protocol that allows a computer program running on one host to cause code to be executed on another host without the programmer needing to explicitly code for this. When the code in question is written using object-oriented principles, RPC is sometimes referred to as remote invocation or remote method invocation.
repeater A network device used to regenerate or replicate a signal. Repeaters are used in transmission systems to regenerate analog or digital signals distorted by transmission loss.
repository A central place where data is stored and maintained. A repository can be a place where multiple databases or files are located for distribution over a network, or it can be a location that is directly accessible to the user without having to travel across a network.
Request For Proposal (RFP) A document that asks vendors to propose a hardware and system software that will meet the requirements of a new system.
required vacations A security control used to uncover misuse or illegal activity by requiring employees to use their vacation.
requirements definition An assessment of the needs that a system is to fulfill, including why the system is needed, what features will service or satisfy the need, and how the system is to be constructed.
resilience The capability of a system to maintain or regain normal function and development following a disturbance.
reverse engineering The process of taking a software program apart and analyzing its workings in detail, usually to construct a new device or program that does the same thing without actually copying anything from the original.
Rijndael A symmetric encryption algorithm chosen to be the Advanced Encryption Standard (AES).
ring topology A topology used by Token Ring and FDDI networks in which all devices are connected in a ring. Data packets in a ring topology are sent in a deterministic fashion from sender and receiver to the next device in the ring.
RIP Routing Information Protocol. A well-known distance-vector protocol that determines the best route by hop count. The original version, RIP 1, has security issues and as such was revised. RIP 2 has been revised but still has some security issues.
risk The exposure or potential for loss or damage to IT assets within that IT infrastructure.
risk acceptance An informed decision to suffer the consequences of likely events.
risk assessment A process for evaluating the exposure or potential loss or damage to the IT and data assets for an organization.
risk avoidance A decision to take action to avoid a risk.
risk management The overall responsibility and management of risk within an organization. Risk management is the responsibility and dissemination of roles, responsibilities, and accountabilities for risk in an organization.
risk transference Shifting the responsibility or burden to another party or individual.
rogue access point An 802.11 access point that might be added by an unapproved employee or by an attacker set up to divert legitimate users so that their traffic can be sniffed or manipulated.
role-based access control A type of discretionary access control in which users are placed into groups to facilitate management. Banks and casinos typically use this type of access control.
rotation of assignment A security mechanism that moves employees from one job to another so that one person does not stay in one position forever. This makes it harder for an employee to hide malicious activity.
rounding down A method of computer fraud that involves rounding down dollar amounts so that small amounts of money are stolen. As an example, the value $1,199.50 might be rounded down to $1,199.00.
router A device that determines the next network point to which a data packet should be forwarded en route toward its destination. The router is connected to at least two networks and determines which way to send each data packet based on its current understanding of the state of the networks it is connected to. Routers create or maintain a table of the available routes and use this information to determine the best route for a given data packet. Routing occurs at Layer 3 (network layer) of the OSI seven-layer model.
rule-based access control A type of mandatory access control that matches objects to subjects. It dynamically assigns roles to subjects based on their attributes and a set of rules defined by a security policy.
S
scope creep The uncontrolled change in the project’s scope. It causes the assessment to drift away from its original scope and results in budget and schedule overruns.
script kiddie The lowest form of cracker, a hanger-on in the technical sense, in that they look for easy targets or well-worn vulnerabilities.
Secure Sockets Layer (SSL) Developed by Netscape for transmitting private documents via the Internet. It works by using a private key to encrypt data that is transferred over the SSL connection. It is widely used and accepted by Netscape and Internet Explorer. Very similar to transport layer security (TLS).
security breach or security incident The result of an attacker exploiting a threat or vulnerability.
security bulletin A memorandum or message from a software vendor or manufacturer documenting a known security defect in the software or application itself. Security bulletins are typically accompanied with instructions for loading a software patch to mitigate the security defect or software vulnerability.
security by obscurity The controversial use of secrecy to ensure security—for example, changing the name of the administrator account.
security controls Policies, standards, procedures, and guideline definitions for various security control areas or topics.
security countermeasure A security hardware or software technology solution that is deployed to ensure the confidentiality, integrity, and availability of IT assets that need protection.
security defect A security defect is usually an unidentified and undocumented deficiency in a product or piece of software that ultimately results in a security vulnerability being identified.
Security Incident Response Team (SIRT) A team of professionals that usually encompasses human resources, legal, IT, and IT security representatives to appropriately respond to critical, major, and minor security breaches and security incidents that the organization encounters.
security kernel A combination of software, hardware, and firmware that makes up the trusted computer base (TCB). The TCB mediates all access, must be verifiable as correct, and is protected from modification.
security testing Techniques used to confirm the design and/or operational effectiveness of security controls implemented within a system. Examples include attack and penetration studies to determine whether adequate controls have been implemented to prevent breach-of-system controls and processes, and password strength testing by using tools such as “password crackers.”
security workflow definitions Given the defense-in-depth, layered approach to information security roles, tasks, responsibilities, and accountabilities, a security workflow definition is a flowchart that defines the communications, checks and balances, and domain of responsibility and accountability for the organization’s IT and IT security staff.
separation of duties Given the seven areas of information security responsibility, separation of duties defines the roles, tasks, responsibilities, and accountabilities for information security uniquely for the different duties of the IT staff and IT security staff.
Service Level Agreement (SLA) A contractual agreement between an organization and its service provider. SLAs define and protect the organization in regard to holding the service provider accountable for the requirements as defined in an SLA.
Service Set ID (SSID) A sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local area network and is used to differentiate networks.
session slicing Used to avoid an IDS by sending parts of the request in different packets.
SHA-1 A hashing algorithm that produces a 160-bit output.
sheepdip The process of scanning for viruses on a standalone computer.
shoulder surfing The act of looking over someone’s shoulder to steal a password.
signature scanning Used by IDS and virus scanning. One of the most basic ways of scanning for computer viruses. It works by comparing suspect files and programs to signatures of known viruses stored in a database.
Simple Mail Transfer Protocol (SMTP) The standard protocol used for Internet mail.
Simple Network Management Protocol (SNMP) An application-layer protocol that facilitates the exchange of management information between network devices. SNMP offers cryptographic support in SNMPv3, but not in SNMPv1 or SNMPv2. Uses well-known community strings of public and private.
Single Loss Expectancy (SLE) A dollar-value figure that represents an organization’s loss from a single loss or the loss of this particular IT asset.
site survey The process of determining the optimum placement of wireless access points. The objective of the site survey is to create an accurate wireless system design/layout and budgetary quote.
smurf attack A DDoS attack in which an attacker transmits large amounts of ICMP echo request (ping) packets to a targeted IP destination device using the targeted destination’s IP source address. This is called spoofing the IP source address. IP routers and other IP devices that respond to broadcasts respond to the targeted IP device with ICMP echo replies, thus multiplying the amount of bogus traffic.
sniffer A hardware or software device that can be used for legitimate analysis or to intercept and decode network traffic.
social engineering The practice of tricking employees into revealing sensitive data about their computer system or infrastructure. This type of attack targets people and is the art of human manipulation. Even when systems are physically well protected, social-engineering attacks are possible.
software bug or software flaw An error in software coding, implementation, or its design that can result in software vulnerability.
software vulnerability standard A standard that accompanies an organization’s vulnerability assessment and management policy. This standard typically defines the organization’s vulnerability window definition and how the organization is to provide software vulnerability management and software patch management throughout the enterprise.
source code A nonexecutable program written in a high-level language. A compiler or assembler must translate the source code into an object code (machine language) that the computer can understand.
source document The forms used to record data that has been captured. A source document can be a piece of paper, a turnaround document, or an image displayed for online data input.
Source Lines Of Code (SLOC) A software metric used to measure the amount of code in a software program. SLOC is typically used to estimate the amount of effort that will be required to develop a program, as well as to estimate productivity or effort after the software is produced.
spam The use of any electronic communication’s medium to send unsolicited messages in bulk. Spamming is a major irritation of the Internet era.
spoofing The act of masking one’s identity and pretending to be someone else or another device. Common spoofing methods include ARP, DNS, and IP. IS also implemented by email in what is described as phishing schemes. Caller ID can also be spoofed.
spyware Any software application that covertly gathers information about a user’s Internet usage and activity, and then exploits this information by sending adware and pop-up ads similar in nature to the user’s Internet usage history.
stateful inspection An advanced firewall architecture that works at the network layer and can keep track of packet activity. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and confirms that they are valid. For example, it verifies that the DNS reply just received is actually in response to a DNS request.
statistical sampling The selection of sample units from a population, and the measurement and/or recording of information on these units, to obtain estimates of population characteristics.
steganography A cryptographic method of hiding the existence of a message. A commonly used form places information in pictures.
Storage Area Network (SAN) A high-speed subnetwork that interconnects different data-storage devices with associated data servers for a large network. SANs support disk mirroring, backup and restore, archival and retrieval of archived data, data migration from one storage device to another, and the sharing of data among different servers in a network.
stream cipher Encrypts data typically 1 byte at a time.
Structured Query Language (SQL) The standardized relational database language for querying, manipulating, and updating information in a relational database.
substantive testing Tests of detailed activities and transactions, or analytical review tests, designed to obtain audit evidence on the completeness, accuracy, or existence of those activities or transactions during the audit period.
Supply Chain Management (SCM) Intercompany planning control and monitoring of central functions such as procurement, production, and sales to increase their efficiency.
switch Operating at Layer 2 of the OSI model, a switch is a network device that links several separate LANs and provides packet filtering among them. A LAN switch is a device with multiple ports, each of which can support an entire Ethernet or Token Ring LAN.
symmetric algorithm Both parties use the same cryptographic key.
symmetric encryption An encryption standard that requires all parties to have a copy of a shared key. A single key is used for both encryption and decryption.
SYN flood attack A DDoS attack in which the attacker sends a succession of SYN packets with a spoof address to a targeted destination IP device, but does not send the last ACK packet to acknowledge and confirm receipt. This leaves half-open connections between the client and the server until all resources are absorbed, rendering the server or targeted IP destination device unavailable because of resource allocation to this attack.
synchronize sequence number Initially passed to the other party at the start of the three-step startup. It is used to track the movement of data between parties. Every byte of data sent over a TCP connection has a sequence number.
synchronous transmission A method of communication in which data is sent in blocks, without the need for start and stop bits between each byte. Synchronization is achieved by sending a clock signal along with the data and by sending special bit patterns to denote the start of each block.
system software The software that controls the operations of a computer system. It is a group of programs instead of one program. The operating system controls the hardware in the computer and peripherals, manages memory and files and multitasking functions, and is the interface between application programs and the computer. Utility programs perform tasks such as format, check disk, and defragment disks.
system testing Bringing together all the programs that a system comprises, for testing purposes. Programs are typically integrated in a top-down, incremental fashion.
Systems Criticality Matrix (SCM) Similar to the OICM, the SCM defines the organization’s critical systems. This allows the organization to identify and focus its security mechanisms on the systems that are most critical to the organization’s mission.
System Development Lifecycle (SDLC) A method for developing information systems. It has five main stages: analysis, design, development, implementation, and evaluation. Each stage has several components; for example, the development stage includes programming (coding, including internal documentation, debugging, testing, and documenting) and acquiring equipment (selection, acquisition [purchase or lease], and testing).
T
TACACS A TCP-based access-control protocol that provides authentication, authorization, and accountability.
TCB Trusted computer base, all the protection mechanisms within a computer system. This includes hardware, firmware, and software that are responsible for enforcing a security policy.
TCP handshake A three-step process computers go through when negotiating a connection with one another. The process is a target of attackers and others with malicious intent.
telecommunications Systems that transport information over a distance, sending and receiving audio, video, and data signals through electronic means.
test data Data that is run through a computer program to test the software. Test data can be used to test compliance with controls in the software.
threat Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to any IT asset or data asset.
throughput The amount of data transferred from one place to another or processed in a specified amount of time. Data-transfer rates for disk drives and networks are measured in terms of throughput. Typically, throughputs are measured in kilobits per second, megabits per second, and gigabits per second.
Time to Live (TTL) A counter within an IP packet that specifies the maximum number of hops that a packet can traverse. When a TTL is decremented to zero, a packet expires.
traceroute A way of tracing hops or computers between the source and the target computer you are trying to reach. Gives the path the packets are taking.
Transient Electromagnetic Pulse Emanation Standard (TEMPEST) A method of shielding equipment to prevent the capability of capturing and using stray electronic signals and reconstructing them into useful intelligence.
Transmission Control Protocol (TCP) One of the main protocols of IP. TCP is used for reliability and guaranteed delivery of data.
Transmission Control Protocol/Internet Protocol (TCP/IP) A collection of protocols used to provide the basis for Internet and World Wide Web services.
trap-door function A one-way mathematical function based on discrete logarithms or the factoring of large prime numbers that describes how asymmetric algorithms function.
Trojan A program that is a malicious piece of software. Typically, the user is tricked by some means into running the Trojan; otherwise, the malicious program would have never been accessed had the end user known about its true purpose.
Trusted Computer System Evaluation Criteria (TCSEC) U.S. Department of Defense (DOD) Trusted Computer System Evaluation Criteria, also called the Orange Book. TCSEC is a system designed to evaluate standalone systems that places systems into one of four levels, A, B, C, or D. Each level has subcategories. Its basis of measurement is confidentiality.
tumbling The process of rolling through various electronic serial numbers on a cell phone to attempt to find a valid set to use.
tunneling A technology that enables one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft’s PPTP technology enables organizations to use the Internet to transmit data across a VPN. It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet. Tunneling is also called encapsulation. Can also be used covertly, such as with STUNNEL and other programs.
turnstile A one-way gate or access-control mechanism that is used to limit traffic and control the flow of people.
U
Uninterruptible Power Supply (UPS) A device designed to provide a backup power supply during a power failure. Basically, a UPS is a battery backup system with an ultra-fast sensing device.
unit testing In computer programming, a method of testing the correctness of a particular module of source code.
Universal Serial Bus (USB) A specification standard for connecting peripherals to a computer. It can connect up to 127 devices to a computer and transfers data at a slower rate, a maximum of 12Mbps.
URL Uniform resource locator, the global address on the Internet and World Wide Web by which domain names are used to resolve IP addresses.
User Datagram Protocol (UDP) A connectionless protocol that provides very few error-recovery services, but offers a quick and direct way to send and receive datagrams.
utility programs A standard set of routines that assist in the operation of a computer system by performing some frequently required process, such as copying, sorting, or merging.
V
vandalism The willful destruction of property.
verification The process of confirming that data is correct and accurate before it is processed or entered.
Videocipher II Satellite Encryption System Encryption mechanism used to encrypt satellite video transmissions
Virtual Private Network (VPN) A private network that uses a public network to connect remote sites and users.
virus A computer program with the capability to generate copies of itself and, thereby, spread. Viruses usually require the interaction of an individual and can have rather benign results, such as flashing a message to the screen, or rather malicious results that destroy data, systems, integrity, or availability.
virus hoax A chain letter designed to trick you into forwarding to many other people, warning of a virus that does not exist. The Good Times virus is an example.
voice mail A service that works like an answering machine and allows callers to leave a message. This message can be reviewed, copied, stored, annotated, and forwarded to one or many people.
voice over IP (VolP) The capability to convert voice or fax calls into data packets for transmission over the Internet or other IP-based networks.
vulnerability The absence or weakness of a safeguard in an asset.
vulnerability assessment A methodical evaluation of an organization’s IT weaknesses of infrastructure components and assets, and how those weaknesses can be mitigated through proper security controls and recommendations to remediate exposure to risks, threats, and vulnerabilities.
vulnerability management The overall responsibility and management of vulnerabilities within an organization, and how that management of vulnerabilities will be achieved through dissemination of duties throughout the IT organization.
W
war chalking The act of marking on the wall or sidewalk near a building to indicate that it has wireless access.
war dialing The process of using a software program to automatically call thousands of telephone numbers to look for anyone who has a modem attached.
war driving The process of driving around a neighborhood or area to identify wireless access points.
warm site An alternative computer facility that is partially configured and can be made ready in a few days.
white-box testing A security assessment or penetration test in which all aspects of the network are known. It can also be an assessment of a device or program while knowing the code, and so on.
WHOIS An Internet utility that returns registration information about the domain name and IP address.
Wide Area Network (WAN) Network that spans the distance between buildings, cities, and even countries. WANs are LANs connected using wide area network services from telecommunications carriers; they typically use technologies such as standard phone lines—called plain old telephone service (POTS) or public switched telephone network (PSTN)—Integrated Services Digital Network (ISDN), Frame Relay, Asynchronous Transfer Mode (ATM), or other high-speed services.
Wi-Fi Protected Access (WPA) A security standard for wireless networks, designed to be more secure than WEP. Developed from the draft 802.11i standard. Replaced by WPA2.
Wired Equivalent Privacy (WEP) Based on the RC4 encryption scheme. It was designed to provide the same level of security as that of a wired LAN. Because of 40-bit encryption and problems with the initialization vector, it was found to be insecure.
Work Breakdown Structure (WBS) Process oriented; shows what activities need to be completed in a hierarchical manner.
worm A self-replicating sometimes polymorphic program that spreads by inserting copies of itself into other executable codes, programs, or documents. Worms typically flood a network with traffic and result in a denial of service.
wrapper A type of program such as Whack-a-mole, that is used to bind a Trojan program to a legitimate program. The objective is to trick the user into running the wrapped program and installing the Trojan.
written authorization One of the most important parts of the ethical hack. IT gives you permission to perform the tests that the client has agreed to.
Z
zone transfer The mechanism DNS servers use to update each other by transferring resource records. This should be a controlled process between DNS servers, but hackers will attempt to perform a zone transfer to steal the organization’s DNS information. This can be used to map the network devices.