Glossary

3DES (Triple DES):
An enhancement to the original DES algorithm that uses multiple keys to encrypt plaintext. Officially known as the Triple Data Encryption Algorithm (TDEA or Triple DEA). See also Data Encryption Standard (DES).
AAA:
Shorthand for authentication, authorization, and accountability controls.
abstraction:
A process that involves viewing an application from its highest-level functions, which makes lower-level functions abstract.
acceptance testing:
The human verification of proper functionality of a software program or system.
access control:
The capability to permit or deny the use of an object (a passive entity, such as a system or file) by a subject (an active entity, such as a person or process).
access control list (ACL):
Lists the specific rights and permissions assigned to a subject for a given object.
Access Matrix Model:
Provides object access rights (read/write/execute or R/W/X) to subjects in a DAC system. An access matrix consists of ACLs and capability lists. See also access control list (ACL) and discretionary access control (DAC).
accountability:
The capability of a system to associate users and processes with their actions.
accreditation:
An official, written approval for the operation of a specific system in a specific environment, as documented in a certification report.
acquisition:
(1) The process of purchasing another organization. (2) The process of purchasing information systems hardware or software.
active-active:
A clustered configuration in which all of the nodes in a system or network are load balanced, synchronized, and active. If one node fails, the other node(s) continue providing services seamlessly.
active-passive:
A clustered configuration in which only one node in a system or network is active. If the primary node fails, a passive node becomes active and continues providing services, usually after a short delay.
ActiveX:
A software framework created by Microsoft that adapts its earlier COM and OLE technologies for content downloaded from a network, such as the Internet. See also Component Object Model (COM) and Object Linking and Embedding (OLE).
Address Resolution Protocol (ARP):
The network protocol used to query and discover the MAC address of a device on a LAN.
address space:
A range of discrete addresses allocated to a network host, device, disk sector, or memory cell.
administrative controls:
The policies and procedures that an organization implements as part of its overall information security strategy.
administrative laws:
Legal requirements passed by government institutions that define standards of performance and conduct for major industries (such as banking, energy, and healthcare), organizations, and officials.
Advanced Encryption Standard (AES):
A block cipher based on the Rijndael cipher, which replaced DES. See also Data Encryption Standard (DES).
adware:
Software that’s commonly installed with a freeware or shareware program. It provides a source of revenue for the software developer and runs only when you’re using the associated program or until you purchase the program (in the case of shareware). See also malware.
agent:
A software component that performs a particular service.
aggregation:
(1) A database security issue that describes the act of obtaining information classified at a high sensitivity level by combining other items of low-sensitivity information. (2) The unintended accumulation of access privileges by persons who transfer from role to role in an organization over time.
Agile:
A software development methodology known for its iterative approach to the development of a system.
Agile Maturity Model (AMM):
A framework for measuring the maturity of agile software development processes and practices. See also Agile.
Annualized Loss Expectancy (ALE):
A standard, quantifiable measure of the impact that a realized threat will have on an organization’s assets. ALE is determined by the formula Single Loss Expectancy (SLE) × Annualized Rate of Occurrence (ARO) = ALE. See also Single Loss Expectancy (SLE) and Annualized Rate of Occurrence (ARO).
Annualized Rate of Occurrence (ARO):
The estimated annual frequency of occurrence for a specific threat or event.
antivirus software:
Software that’s designed to detect and prevent computer viruses and other malware from entering and harming a system.
applet:
A component in a distributed environment (various components are located on separate systems) that’s downloaded into and executed by another program, such as a web browser.
application firewall:
A firewall that inspects OSI Layer 7 content in order to block malicious content from reaching or leaving an application server. See also web application firewall (WAF).
Application Layer (OSI model):
Layer 7 of the OSI model. See also Open Systems Interconnection (OSI) model.
Application Layer (TCP/IP model):
Layer 4 of the TCP/IP model. See also TCP/IP model.
application penetration test:
A penetration test of a software application. See also penetration test.
application scan:
An automated test used to identify weaknesses in a software application.
application software:
Computer software that a person uses to accomplish a specific task.
application-level firewall:
See application firewall.
application programming interface (API):
A specification for input data and output data for a system.
application whitelisting:
A mechanism used to control which applications are permitted to execute on a system. See also whitelisting.
archive:
In a public key infrastructure (PKI), an archive is responsible for long-term storage of archived information from the CA. See also Certification Authority (CA) and public key infrastructure (PKI).
artificial intelligence (AI):
The ability of a computer to interact with and learn from its environment, and automatically perform actions without being explicitly programmed.
asset:
A resource, process, product, system, or program that has some value to an organization and must therefore be protected. Assets can be hard goods, such as computers and equipment, but can also be information, programs, and intellectual property.
asset inventory:
The process of tracking assets in an organization.
asset valuation:
The process of assigning a financial or relative value to an organization’s information assets.
asymmetric key system (or asymmetric algorithm; public key):
A cryptographic system that uses two separate keys — one key to encrypt information and a different key to decrypt information. These key pairs are known as public and private keys.
Asynchronous Transfer Mode (ATM):
A very high-speed, low-latency, packet-switched communications protocol.
attribute-based access control (ABAC):
An access control model where a subject is granted access to an object based on subject attributes, object attributes, and environmental considerations.
audit:
The independent verification of any activity or process.
audit trail:
The auxiliary records that document transactions and other events.
augmented reality (AR):
Technology that produces a composite view by superimposing high-resolution (even 3D) images on a real-world view.
authenticated scan:
A vulnerability scan that attempts to log in to a device, system, or application during its search for exploitable vulnerabilities.
authentication:
The process of verifying a subject’s claimed identity in an access control system.
Authentication Header (AH):
In IPsec, a protocol that provides integrity, authentication, and non-repudiation. See also Internet Protocol Security (IPsec).
authorization (or establishment):
The process of defining and granting the rights and permissions granted to a subject (what you can do).
automatic controls:
Controls that are not performed manually.
availability:
The process of ensuring that systems and data are accessible to authorized users when they need it.
backdoor:
Malware that enables an individual to bypass normal authentication to gain access to a compromised system. See also malware.
background check:
The process of verifying a person’s professional, financial, and legal history, usually in connection with employment.
baseline:
A process that identifies a consistent basis for an organization’s security architecture, taking into account system-specific parameters, such as different operating systems.
Bell-LaPadula model:
A formal confidentiality model that defines two basic properties: the simple security property (ss property) and star property (* property). See also simple security property (ss property) and star property (* property).
best evidence:
Original, unaltered evidence, which is preferred by the court over secondary evidence. See also best evidence rule and evidence.
best evidence rule:
Defined in the Federal Rules of Evidence; states that “to prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is (ordinarily) required.” See also evidence.
Biba model:
A formal integrity model that defines two basic properties: the simple integrity property and star integrity property (*-integrity property). See also simple integrity property and star integrity property (*-integrity property).
biometrics:
Any of various means used, as part of an authentication mechanism, to verify the identity of a person. Types of biometrics used include fingerprints, palm prints, signatures, retinal scans, voice scans, and keystroke patterns.
birthday attack:
A type of attack that attempts to exploit the probability of two messages using the same hash function and producing the same message digest. See also hash function.
black-box testing:
A security test wherein the tester has no prior knowledge of the system being tested.
blacklisting:
A mechanism that explicitly blocks access based on the presence of an item in a list. See also whitelisting.
blackout:
Total loss of electric power.
block cipher:
An encryption algorithm that divides plaintext into fixed-size blocks of characters or bits, and then uses the same key on each fixed-size block to produce corresponding ciphertext.
Bluetooth:
A wireless technology standard for data exchange over short distances between fixed and mobile devices.
bollard:
A post used to divert traffic from a building, area, or road.
bootkit:
A kernel-mode malware variant of a rootkit, commonly used to attack computers that are protected by full-disk encryption. See also malware and rootkit.
bot:
A target computer that is infected by malware and is part of a botnet. See also botnet and malware.
botnet:
A broad network of malware-infected bots working together and controlled by an attacker through command-and-control (C2) servers. See also bot and malware.
breach:
An action resulting in unauthorized disclosure of confidential information or damage to a system.
bridge:
A network device that forwards packets to other networks.
bring your own device (BYOD):
A mobile device policy that permits employees to use their personal mobile devices in the workplace for work-related and personal business.
broadcast:
A type of network protocol whereby packets are sent from a source to every node on a network.
brownout:
Prolonged drop in voltage from an electric power source, such as a public utility.
brute-force attack:
A type of attack in which the attacker attempts every possible combination of letters, numbers, and characters to crack a password, passphrase, or PIN.
buffer (or stack) overflow attack:
A type of attack in which the attacker enters an out-of-range parameter or intentionally exceeds the buffer capacity of a system or application to effect a Denial of Service (DoS) or exploit a vulnerability.
Building Security In Maturity Model (BSIMM):
A maturity model for benchmarking software development processes.
bus (computer architecture):
The logical interconnection between basic components in a computer system, including Central Processing Unit (CPU), memory, and peripherals.
bus (network topology):
A network topology in which all devices are connected to a single cable.
business impact analysis (BIA):
A risk analysis that, as part of a Business Continuity Plan, describes the impact to business operations that the loss of various IT systems would impose.
caller ID:
The protocol used to transmit the calling party’s telephone number to the called party’s telephone equipment during the establishment of a telephone call.
caller ID spoofing:
The use of a device or service to alter the caller ID of an outgoing call, used by callers to impersonate others for the purpose of perpetrating fraud. See also caller ID.
Capability Maturity Model Integration (CMMI):
A maturity model for software development and other IT practices, including information security.
central processing unit (CPU):
The electronic circuitry that performs a computer’s arithmetic, logic, and computing functions.
certification:
A formal methodology that uses established evaluation criteria to conduct comprehensive testing and documentation of information system security safeguards, both technical and nontechnical, in a given environment.
Certificate Authority (CA):
In a PKI, the CA issues certificates, maintains and publishes status information and Certificate Revocation Lists (CRLs), and maintains archives. See also public key infrastructure (PKI).
chain of custody (or chain of evidence):
Provides accountability and protection for evidence throughout that evidence’s entire lifecycle.
Challenge-Handshake Authentication Protocol (CHAP):
A remote access control protocol that uses a three-way handshake to authenticate both a peer and a server. See also three-way handshake.
change management:
The formal business process that ensures all changes made to a system are properly requested, reviewed, approved, tested, and implemented.
choose your own device (CYOD):
A mobile device policy that permits employees to select their preferred mobile device from a list of devices that have been approved by the organization.
chosen plaintext attack:
An attack technique in which the cryptanalyst selects the plaintext to be encrypted and then analyzes the resulting ciphertext.
C-I-A:
Confidentiality, integrity, and availability.
cipher:
A cryptographic transformation.
Cipher Block Chaining (CBC):
One of four operating modes for DES. Operates on 64-bit blocks of plaintext to produce 64-bit blocks of ciphertext. Each block is XORed with the ciphertext of the preceding block, creating a dependency (or chain), thereby producing a more random ciphertext result. CBC is the most common mode of DES operation. See also Cipher Feedback (CFB), Data Encryption Standard (DES), Electronic Code Book (ECB), Exclusive Or (XOR), and Output Feedback (OFB).
Cipher Feedback (CFB):
One of four operating modes for DES. CFB is a stream cipher most often used to encrypt individual characters. In this mode, previously generated ciphertext is used as feedback for key generation in the next keystream, and the resulting ciphertext is chained together. See also Cipher Block Chaining (CBC), Data Encryption Standard (DES), Electronic Code Book (ECB), and Output Feedback (OFB).
ciphertext:
A plaintext message that has been transformed (encrypted) into a scrambled message that’s unintelligible.
circuit-switched network:
Any of several telecommunications network designs that provide a dedicated physical circuit path between endpoints.
circumstantial evidence:
Relevant facts that can’t be directly or conclusively connected to other events, but about which a reasonable inference can be made. See also evidence.
civil (or tort) law:
Legal codes that address wrongful acts committed against an individual or business, either willfully or negligently, resulting in damage, loss, injury, or death. Unlike criminal law, U.S. civil law cases are determined based on a preponderance of evidence, and punishments are limited to fines.
Clark-Wilson model:
A formal integrity model that addresses all three goals of integrity (preventing unauthorized users from making any changes, preventing authorized users from making unauthorized changes, and maintaining internal and external consistency) and identifies special requirements for inputting data.
classification:
The process of assigning to a document a security label that defines how the document should be handled.
closed system:
A system that uses proprietary hardware and/or software that may not be compatible with other systems or components. See also open system.
cloud:
Internet-based network, computing, and application infrastructure available on demand.
cloud access security broker (CASB):
Systems used to enforce policy regarding the use of cloud-based resources.
cluster:
A system or network configuration containing multiple redundant nodes for resiliency. See also active-active and active passive.
clustering (or key clustering):
When identical ciphertext messages are generated from a plaintext message by using the same encryption algorithm but different encryption keys.
coaxial cable:
A network medium consisting of a single, solid wire core that is surrounded by an insulation layer and a metal foil wrap.
collision domain:
A portion of a network that would receive broadcast packets sent from one of its nodes.
common vulnerability scoring system (CVSS):
An industry-standard method for determining the severity of a vulnerability identified by a vulnerability scan, penetration test, or other means.
container:
A lightweight, standalone, executable package of a piece of software that includes everything it needs to run.
containerization:
A virtualization technology in which multiple, isolated application instances (called containers) can exist in a single operating system instance.
COBIT:
Formerly Control Objective for Information and Related Technologies. An IT controls and process framework developed by ISACA (formerly Information Systems Audit and Control Association).
code of ethics:
A formal statement that defines ethical behavior in a given organization or profession.
code review:
The examination of source code in order to identify defects.
cold site:
An alternative computer facility that has electricity and HVAC, but no computer equipment located onsite. See also hot site, HVAC, and warm site.
Common Criteria:
An international effort to standardize and improve existing European and North American information systems security evaluation criteria.
common law:
A legal system, originating in medieval England, based on custom and judicial precedent.
community cloud:
As defined by NIST, a cloud infrastructure “provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns”. See also cloud.
compensating controls:
Controls that are implemented as an alternative to other preventive, detective, corrective, deterrent, or recovery controls.
compensatory damages:
Actual damages to the victim including attorney/legal fees, lost profits, investigative costs, and so on.
Complex-Instruction-Set-Computing (CISC):
A microprocessor instruction set architecture in which each instruction can execute several low-level operations. See also Reduced-Instruction-Set-Computing (RISC).
compliance:
Conformance to rules including laws, regulations, standards, and legal agreements.
Component Object Model (COM):
A platform-independent, distributed, object-oriented system for creating binary software components that can interact. COM is the foundation technology for Microsoft OLE and ActiveX. See also Object Linking and Embedding and ActiveX.
Computer Incident Response Team (CIRT) or Computer Emergency Response Team (CERT):
A team that comprises individuals who are properly trained in incident response and investigation.
concealment cipher:
A technique of hiding a message in plain sight. The key is knowing where the message lies.
concentrator:
See hub.
conclusive evidence:
Incontrovertible and irrefutable … you know, the smoking gun. See also evidence.
confidentiality:
The concept of limiting access to information to subjects (users and machines) that require it.
confidentiality agreement:
See non-disclosure agreement (NDA).
configuration management:
The process of recording all changes to information systems.
content-distribution network (CDN):
A system of distributed servers that delivers cached web pages and other static content to a user from the nearest geographic location to the user. Also known as a content delivery network.
continuing professional education (CPE):
Training classes and other activities that further a person’s skills and knowledge in a profession.
Continuity of Operations Planning (COOP):
A blending of Disaster Recovery Planning (DRP) and Business Continuity Planning (BCP) into a single coordinated activity.
continual improvement:
Practices that result in the gradual improvement of people, processes, and technology.
continuous monitoring:
Real-time or near real-time examination of a process or system. See also monitoring.
control:
A safeguard or countermeasure that helps avoid or mitigate a security risk.
control assessment:
An examination of a control to determine its effectiveness.
control framework:
An organized collection of controls.
copyright:
A form of legal protection granted to the author(s) of “original works of authorship,” both published and unpublished.
corrective controls:
Controls that remedy violations and incidents or improve existing preventive and detective controls.
corroborative evidence:
Evidence that supports or substantiates other evidence presented in a legal case. See also evidence.
countermeasure:
A device, control, or action required to reduce the impact or probability of a security incident.
covert channel:
An unintended communications path; it may be a covert storage channel or a covert timing channel.
criminal law:
Defines those crimes committed against society, even when the actual victim is a business or individual(s). Criminal laws are enacted to protect the general public. Unlike civil law, U.S. criminal cases are decided when a party is guilty beyond a reasonable doubt and punishments may include fines, incarceration, and even execution.
criticality assessment:
The part of a BIA that ranks the criticality of business processes and IT systems. See also Business Impact Analysis (BIA).
cross-frame scripting (XFS):
See frame injection.
Crossover Error Rate (CER):
In biometric access control systems, the point at which the FRR equals the FAR, stated as a percentage. See also False Accept Rate (FAR; or Type II Error) and False Reject Rate (FRR; or Type I Error).
cross-site request forgery (CSRF):
An attack where an attacker is attempting to trick a victim into clicking a link that will perform an action the victim would not otherwise approve.
cross-site scripting (XSS):
An attack where an attacker is attempting to inject client-side script into web pages viewed by other intended victims.
cryptanalysis:
The science of deciphering ciphertext without using the cryptographic key.
cryptocurrency:
A form of digital currency, such as Bitcoin, that uses encryption to control the creation of currency and verify the transfer of funds independent of a central bank or authority.
cryptography:
The science of encrypting and decrypting information, such as a private message, to protect its confidentiality, integrity, and/or authenticity.
cryptology:
The science that encompasses both cryptography and cryptanalysis.
cryptosystem:
The hardware or software implementation that transforms plaintext into ciphertext (encrypts) and back into plaintext (decrypts).
cryptovariable (or key):
A secret value applied to a cryptographic algorithm. The strength and effectiveness of the cryptosystem is largely dependent on the secrecy and strength of the cryptovariable.
culpable negligence:
A legal term that may describe an organization’s failure to follow a standard of due care in the protection of its assets and thereby expose the organization to a legal claim. See also due care.
custodian:
An individual who has day-to-day responsibility for protecting information assets.
data classification:
Policy that defines sensitivity levels and proper handling procedures for data at each level and in various handling scenarios.
data controller:
An organization that directs the storage and processing of information, as defined by the European General Data Privacy Directive (GDPR) and other privacy laws.
data destruction:
Any means used to remove data from a storage medium.
data dictionary:
A centralized repository of information about data such as meaning, relationships to other data, origin, usage, and format.
data encapsulation:
In networking, the wrapping of protocol information from the OSI layer immediately above in the data section of the layer immediately below. See also Open Systems Interconnection (OSI) model.
data encryption key (DEK):
An encryption key used to encrypt and decrypt data. See also key encryption key (KEK).
Data Encryption Standard (DES):
A commonly used symmetric key algorithm that uses a 56-bit key and operates on 64-bit blocks. See also Advanced Encryption Standard (AES).
Data Link Layer:
Layer 2 of the OSI network model. See also Open Systems Interconnection (OSI) model.
data loss prevention (DLP):
An application or device used to detect the unauthorized storage or transmission of sensitive data.
Data Over Cable Service Interface Specification (DOCSIS):
A communications protocol for transmitting high-speed data over an existing TV cable system.
data remanence:
Residual data that remains on storage media or in memory after the data has been deleted.
data retention:
The activities supporting an organization’s effort to retain data for minimum and/or maximum periods of time.
data warehouse:
A special-purpose database used for decision support or research purposes.
database management system (DBMS):
Restricts access by different subjects to various objects in a database.
data carrier equipment (DCE):
A device used to establish, maintain, and terminate communications between a data source and its destination in a network. See also data terminal equipment (DTE).
data processor:
An organization that processes information on behalf of a data controller, as defined by the European General Data Privacy Regulation (GDPR) and other privacy laws. See also General Data Protection Regulation (GDPR).
data protection officer (DPO):
An individual responsible for the development and management of a data privacy program, as directed by the European General Data Privacy Regulation (GDPR) and other privacy laws. See also General Data Protection Regulation (GDPR).
data terminal equipment (DTE):
A device that communicates with a DCE in a network. See also data carrier equipment (DCE).
decryption:
The process of transforming ciphertext into plaintext.
deep packet inspection (DPI):
An advanced method of examining and managing network traffic.
defense in depth:
The principle of protecting assets by using layers of dissimilar mechanisms.
Defense Information Technology Security Certification and Accreditation Process (DITSCAP):
A program that formalizes the certification and accreditation process for U.S. Department of Defense information systems.
demonstrative evidence:
Evidence that is used to aid the court’s understanding of a legal case. See also evidence.
denial of service (DoS):
An attack on a system or network with the intention of making the system or network unavailable for use.
destructware:
Malware that functions similar to ransomware, except that the attacker has no intention of extracting a ransom payment and, therefore, no decryption key is available to recover the encrypted data.
detective controls:
Controls that identify violations and incidents.
deterrent controls:
Controls that discourage violations.
DevOps:
The culture and practice of improved collaboration between software developers and IT operations.
DevSecOps:
The integration of security practices within DevOps. See also DevOps.
Diameter:
The next-generation RADIUS protocol. See also Remote Authentication Dial-In User Service (RADIUS).
dictionary attack:
A focused type of brute-force attack in which a predefined word list is used. See also brute-force attack.
Diffie-Hellman:
A key-agreement algorithm based on discrete logarithms.
digital certificate:
A certificate that binds an identity with a public encryption key.
Digital Signature Standard (DSS):
Published by NIST in Federal Information Processing Standard (FIPS) 186-1, DSS specifies two acceptable algorithms in its standard: The RSA Digital Signature Algorithm and the Digital Signature Algorithm (DSA). See also NIST and Rivest, Shamir, Adleman (RSA).
digital subscriber line (xDSL):
A high-bandwidth communications protocol delivered over analog telecommunications voice lines.
direct evidence:
Oral testimony or a written statement based on information gathered through the witness’s five senses that proves or disproves a specific fact or issue. See also evidence.
directory harvest attack (DHA):
A brute-force technique used by spammers in an attempt to find valid email addresses in a domain.
discretionary access control (DAC):
An access policy determined by the owner of a file or other resource. See also mandatory access control (MAC) system.
disk mirroring (RAID Level 1):
When a duplicate copy of all data is written to another disk or set of disks.
disk striping (RAID Level 0):
When data is written across multiple disks but doesn’t provide redundancy or fault tolerance.
disk striping with parity (RAID Level 5):
When data is written across multiple disks, along with parity data that provides fault tolerance if one disk fails.
distributed application:
A software application whose components reside in several systems or locations.
distributed denial of service (DDoS):
An attack where the attacker initiates simultaneous denial of service attacks from many systems.
Distributed Network Protocol (DNP3):
A set of communications protocols used between components in process automation systems (for example public utilities).
DNS cache poisoning:
A type of attack, also known as DNS spoofing that exploits vulnerabilities in DNS to divert Internet traffic away from legitimate destination servers to fake servers. See also domain name system (DNS).
DNS hijacking:
An attack technique used to redirect DNS queries away from legitimate DNS servers. See also domain name system (DNS).
documentary evidence:
Evidence that is used in legal proceedings, including originals and copies of business records, computer-generated and computer-stored records, manuals, policies, standards, procedures, and log files. See also evidence.
domain:
A collection of users, computers, and resources that have a common security policy and single administration.
domain homograph attack:
A type of spoofing attack in which the attacker uses similar looking keyboard characters to deceive computer users about the actual remote system they are communicating with, for example, by replacing a Latin O with a Cyrillic O in a website address.
domain name system (DNS):
A hierarchical, decentralized directory service database that converts domain names to IP addresses for computers, services, and other computing resources connected to a network or the Internet.
domain name system security extensions (DNSSEC):
Specifications for securing certain kinds of information provided by DNS as used on IP networks.
drive-by-download:
Software, often malware, downloaded onto a computer from the Internet without the user’s knowledge or permission. See also malware.
drug screen:
A test for the presence of drugs and controlled substances, usually as a part of pre-employment screening. See also background check.
due care:
The steps that an organization takes to implement security best practices.
due diligence:
The prudent management and execution of due care.
dumpster diving:
The process of examining garbage with the intention of finding valuable goods or information.
dwell time:
The elapsed time between the onset of a security incident and the organization’s realization that an incident has occurred (or is occurring).
dynamic application scanning tool (DAST):
A tool used to identify vulnerabilities in a software application that works by executing the application and attempts various means to compromise the application.
dynamic link library (DLL):
A type of file used in Microsoft operating systems that enables multiple programs to simultaneously share programming instructions contained in a single file to perform specific functions.
dynamic password:
A password that changes at some regular interval or event.
eavesdropping:
Listening to network traffic to obtain content or learn more about communications.
ECMAScript:
A trademarked scripting-language specification standardized by Ecma International in ECMA-262 and ISO/IEC 16262.
edge computing:
A method used to optimize cloud computing by processing data at the edge of the network, near the source of the data.
eDiscovery:
See electronic discovery.
electromagnetic interference (EMI):
Electrical noise generated by the different charges between the three electrical wires (hot, neutral, and ground) and can be common-mode noise (caused by hot and ground) or traverse-mode noise (caused by hot and neutral).
Electronic Code Book (ECB):
One of four operating modes for DES. ECB operates on 64-bit blocks of plaintext independently and produces 64-bit blocks of ciphertext, and it’s the native mode for DES operation. See also Cipher Block Chaining (CBC), Cipher Feedback (CFB), Data Encryption Standard (DES), and Output Feedback (OFB).
electronic discovery:
A legal or investigative process in which a party produces relevant electronic data that is stored on its systems.
electronic protected healthcare information (ePHI):
Any patient related health information as defined by HIPAA. See also Health Insurance Portability and Accountability Act (HIPAA).
electrostatic discharge (ESD):
A sudden flow of electricity between two objects.
employment agreement:
A legal agreement between an employer and employee that stipulates the terms and conditions of employment.
employment candidate screening:
See background check.
employment termination:
The cessation of employment for one or more employees in an organization.
encapsulation:
The process of layering protocol information at different levels of a protocol stack.
Encapsulating Security Payload (ESP):
In IPsec, a protocol that provides confidentiality (encryption) and limited authentication. See also Internet Protocol Security (IPsec).
encryption:
The process of transforming plaintext into ciphertext.
end-to-end encryption:
A process by which packets are encrypted once at the original encryption source and then decrypted only at the final decryption destination.
endpoint:
A general term referring to a desktop computer, laptop or notebook computer, or mobile device.
enticement:
Luring someone toward certain evidence after that individual has already committed a crime.
entitlement:
Access rights assigned to employees based on job title, department, or other established criteria.
entrapment:
Encouraging someone to commit a crime that the individual may have had no intention of committing.
escalation of privilege:
An attack technique where the attacker uses some means to bypass security controls in order to attain a higher privilege level on the target system.
Escrowed Encryption Standard (EES):
Divides a secret key into two parts, and places those two parts into escrow with two separate, trusted organizations. Published by NIST in FIPS PUB 185 (1994). See also NIST.
espionage:
The practice of spying or using spies to obtain proprietary or confidential information.
Ethernet:
A common bus-topology network transport protocol.
ethics:
Professional principles and duties that guide decisions and behavior. See also code of ethics.
European Information Technology Security Evaluation Criteria (ITSEC):
Formal evaluation criteria that address confidentiality, integrity, and availability for an entire system.
evidence:
Information obtained in support of an investigation or incident.
evidence lifecycle:
The various phases of evidence, from its initial discovery to its final disposition. The evidence lifecycle has the following five stages: collection and identification; analysis; storage, preservation, and transportation; presentation in court; and return to victim (owner).
Exclusive Or (XOR):
A binary operation applied to two input bits. If the two bits are equal, the result is zero. If the two bits are not equal, the result is one.
exigent circumstances:
If probable cause exists and the destruction of evidence is imminent, property or people may be searched and/or evidence may be seized by law enforcement personnel without a search warrant.
expert system:
A type of artificial intelligence system based on an inference engine (a program that attempts to derive answers) and knowledge base.
exploit:
(1) Software or code that takes advantage of a vulnerability in an operating system (OS) or application and causes unintended behavior in the OS or application, such as privilege escalation, remote control, or a denial-of-service; (2) Action taken by a subject, system, or program that uses a vulnerability to gain illicit access to an object.
Exposure Factor (EF):
A measure, expressed as a percentage, of the negative effect or impact that a realized threat or event would have on a specific asset.
Extensible Authentication Protocol (EAP):
A remote access control protocol that implements various authentication mechanisms, including MD5, S/Key, generic token cards, and digital certificates. Often used in wireless networks.
extranet:
An intranet that has been extended to include external parties, such as customers, partners, and suppliers. See also intranet.
Fagan inspection:
A structured process that is used to find defects in design documents, specifications, and source code.
fail closed:
A control failure that results in all accesses being blocked.
fail open:
A control failure that results in all accesses being permitted.
failover:
A failure mode in which the system automatically transfers processing to a hot backup component, such as a clustered server, if a hardware or software failure is detected.
fail-safe:
A failure mode in which program execution is terminated, and the system is protected from compromise, if a hardware or software failure is detected.
fail-soft (or resilient):
A failure mode in which certain, noncritical processing is terminated, and the computer or network continues to function in a degraded mode, if a hardware or software failure is detected.
False Accept Rate (FAR; or Type II Error):
In biometric access control systems, the percentage of unauthorized users who are incorrectly granted access. See also Crossover Error Rate (CER) and False Reject Rate (FRR; or Type I Error).
False Reject Rate (FRR; or Type I Error):
In biometric access control systems, the percentage of authorized users who are incorrectly denied access. See also Crossover Error Rate (CER) and False Accept Rate (FAR; or Type II Error).
fault:
Momentary loss of electric power.
fault-tolerant:
A system that continues to operate after the failure of a computer or network component.
Federal Information Processing Standard (FIPS):
Standards and guidelines published by the U.S. National Institute of Standards and Technology (NIST) for federal computer systems. See also NIST.
federated identity management:
A system whereby multiple organizations share a common identity management system.
FedRAMP:
The required process for U.S. federal government agencies when procuring cloud-based services.
Fiber Distributed Data Interface (FDDI):
A star topology, token-passing, network transport protocol.
fiber optic cable:
A network medium consisting of glass or plastic strands that carry light signals.
Fibre Channel over Ethernet (FCoE):
A communications protocol that encapsulates Fibre Channel frames over 10 Gigabit Ethernet (or faster) networks.
firewall:
A device or program that controls traffic flow between networks.
firmware:
A program or code that’s stored in ROM memory.
first aid:
Techniques used to treat injuries to personnel prior to receiving medical care.
forensics (or computer forensics):
The science of conducting a computer crime investigation in order to determine what’s happened and who’s responsible for what’s happened. One major component of computer forensics involves collecting legally admissible evidence for use in a computer crime case.
frame injection:
An attack where the attacker is attempting to load arbitrary code into a browser in order to steal data from other frames in the browser session.
frame relay (FR):
A packet-switched network protocol used to transport WAN communications.
fraud:
Any deceptive or misrepresented activity that results in illicit personal gain.
fuzzing:
A software testing technique in which many different combinations of input strings are fed to a program in an attempt to elicit unexpected behavior.
fuzzy logic:
An artificial intelligence method that’s used to address uncertain situations to determine whether a given condition is true or false.
gateway:
A system, connected to a network, which performs any real-time translation or interface function; for example, a system that converts Exchange email to Lotus Notes email.
General Data Protection Regulation (GDPR):
Strengthens data protection for European Union (EU) citizens and addresses the export of personal data outside the EU.
global positioning system (GPS):
A U.S. government-owned global system of satellites that provide geolocation and time information to GPS receivers anywhere on or near Earth where there is an unobstructed line of sight to four or more GPS satellites.
goals:
Specific milestones that an organization hopes to accomplish.
governance:
Policies and processes that ensure that executive management is fully informed and in control of some aspect of an organization.
gray-box testing:
A security test wherein the tester has some prior knowledge of the system being tested.
guest:
(1) An instantiation of an operating system within a virtual environment. See also virtualization; (2) A visitor in a commercial work facility.
guidelines:
Similar to standards, but considered recommendations, rather than compulsory requirements.
hacktivist:
An individual who attacks organizations’ systems based on ideological motivations.
hardening standard:
A written document describing security configuration settings for applicable systems.
hardware:
The physical components in a computer system.
hardware segmentation:
The practice of isolating functions by placing them on separate hardware platforms.
hash function:
A mathematical function that creates a unique representation of a larger set of data (such as a digest). Hash functions are often used in cryptographic algorithms and to produce checksums and message digests. See also message digest.
Health Insurance Portability and Accountability Act (HIPAA):
A federal act that addresses security and privacy requirements for medical systems and information.
hearsay evidence:
Evidence that isn’t based on the witness’s personal, first-hand knowledge, but was instead obtained through other sources.
hearsay rule:
Under the Federal Rules of Evidence, hearsay evidence is normally not admissible in court. Computer evidence is an exception to the hearsay rule.
heterogeneous environment:
A systems environment that consists of a variety of types of systems. See also homogeneous environment.
hidden code:
An attack in which secret (and usually malicious) computer code is embedded within another program.
High-Speed Serial Interface (HSSI):
A point-to-point WAN connection protocol.
homogeneous environment:
A systems environment that consists largely of one type of system. See also heterogeneous environment.
honeynet:
A large deployment of honeypots. Also referred to as a honeyfarm. See also honeypot.
honeypot:
A decoy system deployed by a security administrator to discover the attack methods of potential hackers.
host-based intrusion detection system (HIDS):
An intrusion detection system designed to detect intrusions through examination of activities on a host system. See also intrusion detection system.
hot site:
A fully configured alternative computer facility that has electrical power, HVAC, and functioning file/print servers and workstations. See also cold site, HVAC, and warm site.
hub:
A network device used to connect several LAN devices together. Also known as a concentrator.
hybrid cloud:
As defined by NIST, a cloud infrastructure composed of “two or more distinct cloud infrastructures (private, community, or public)”.
hypertext transfer protocol (HTTP):
An application protocol used to transfer data between web servers and web browsers.
hypertext transfer protocol secure (HTTPS):
The HTTP protocol encrypted with SSL or TLS. See also hypertext transfer protocol.
hypervisor:
In a virtualized environment, the supervisory program that controls allocation of resources and access to communications and peripheral devices. See also virtualization.
Infrastructure-as-a-Service (IaaS):
As defined by NIST, “the capability provided to the consumer to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications.”
identification:
The means by which a user claims a specific, unproven identity to a system. See also authentication.
identity and access management (IAM):
The processes and procedures that support the lifecycle of people’s identities and access privileges in an organization.
identity as a service:
A centralized, usually external, service provider that provides tools for user identification.
identity management:
The processes and procedures that support the lifecycle of people’s identities in an organization.
inactivity timeout:
A mechanism that locks, suspends, or logs off a user after a pre-determined period of inactivity.
indicators of compromise (IOCs):
An artifact observed on a network or in an operating system that is likely to be associated with a breach attempt.
industrial control system (ICS):
Systems and devices used to monitor and/or control industrial machinery.
inference:
The ability of users to figure out information about data at a sensitivity level for which they’re not authorized.
inference channel:
A link that allows inference to occur.
inference engine:
An artificial intelligence system that derives answers from a knowledge base.
information custodian (or custodian):
The individual who has the day-to-day responsibility of protecting information assets.
information flow model:
A lattice-based model in which each object is assigned a security class and value, and their direction of flow is controlled by a security policy.
information owner (or owner):
The individual who decides who’s allowed access to a file and what privileges are granted.
information security management system (ISMS):
A set of processes and activities used to manage an information security program in an organization. ISMS is defined in ISO/IEC 27001.
injection attack:
An attack against a system involving the use of malicious input.
inrush:
Initial electric power surge experienced when electrical equipment is turned on.
Institute of Electrical and Electronics Engineers (IEEE):
A technical professional organization that promotes the advancement of technology.
Integrated Services Digital Network (ISDN):
A low-bandwidth communications protocol that operates over analog telecommunications voice lines.
integrity:
Safeguards the accuracy and completeness of information and processing methods, and ensures that
  • Modifications to data aren’t made by unauthorized users or processes.
  • Unauthorized modifications to data aren’t made by authorized users or processes.
  • Data is internally and externally consistent, meaning a given input produces an expected output.
intellectual property:
Includes patents, trademarks, copyrights, and trade secrets.
International Electrotechnical Commission (IEC):
A standards organization that defines and publishes international standards for electrical, electronic, and related technologies.
International Organization for Standardization (ISO):
An international body for creating standards. ISO is derived from the Greek word isos, meaning “equal.”
International Telecommunications Union (ITU):
A United Nations agency responsible for coordinating worldwide telecommunications operations and services.
Internet:
The worldwide, publicly accessible network that connects the networks of organizations.
Internet Control Message Protocol (ICMP):
An Internet Protocol used to transmit diagnostic messages.
Internet Engineering Task Force (IETF):
An international, membership-based, nonprofit organization that develops and promotes voluntary Internet standards.
Internet Layer:
Layer 2 of the TCP/IP model. See also TCP/IP model.
Internet of Things (IoT):
The network of physical smart, connected objects that are embedded with electronics, software, sensors, and network connectivity.
Internet Protocol (IP):
The Open Systems Interconnection (OSI) Layer 3 protocol that’s the basis of the modern Internet.
Internet Protocol Security (IPsec):
An IETF open-standard Virtual Private Network (VPN) protocol for secure communications over local area networks (LANs), wide area networks (WANs), and public IP-based networks.
Internet Relay Chat (IRC):
An application layer protocol that facilitates communication in text form using a client-server network.
Internet Small Computer Systems Interface (iSCSI):
A communications protocol that enables SCSI commands to be sent over LANs, WANs, or the Internet.
Internetwork Packet Exchange (IPX):
A network packet-oriented protocol that’s the basis for Novell Netware networks. IPX is analogous to IP.
intranet:
An organization’s private network that’s used to securely share information among the organization’s employees.
intrusion detection system (IDS):
A hardware or software application that detects and reports on suspected network or host intrusions.
intrusion prevention system (IPS):
A hardware or software application that both detects and blocks suspected network or host intrusions.
IT Infrastructure Library (ITIL):
An industry standard of IT service management processes.
JavaScript:
A high-level, dynamic, lightweight interpreted programming language used to make web pages interactive and provide online programs.
JScript:
Microsoft’s dialect of the ECMAScript standard that is used in Microsoft’s Internet Explorer. See also ECMAScript.
job description:
A formal description of a position’s roles and responsibilities.
job rotation:
The practice of moving employees from one position to another, for cross-training and security reasons.
Kerberos:
A ticket-based authentication protocol, in which “tickets” are used to identify users, developed at the Massachusetts Institute of Technology (MIT).
key encryption key (KEK):
An encryption key used to encrypt and decrypt a data encryption key (DEK). See also data encryption key (DEK).
key logging:
The practice of recording keystrokes, usually for illicit purposes, such as acquiring user IDs, passwords, and other confidential information.
key performance indicator (KPI):
A measurable value that evaluates how successful an organization is in achieving a specific objective or activity.
key risk indicator (KRI):
A metric used to indicate the level of risk associated with a particular activity or course of action.
known-plaintext attack:
An attack technique in which the cryptanalyst has a given plaintext message and the resulting ciphertext.
KryptoKnight:
A ticket-based single sign-on (SSO) authentication system, in which “tickets” are used to identify users, developed by IBM.
lattice-based access controls:
A method for implementing mandatory access controls in which a mathematical structure defines greatest lower-bound and least upper-bound values for a pair of elements: for example, subject and object.
Layer 2 Forwarding Protocol (L2F):
A Virtual Private Network (VPN) protocol similar to Point-to-Point Tunneling Protocol (PPTP).
Layer 2 Tunneling Protocol (L2TP):
A Virtual Private Network (VPN) protocol similar to Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Forwarding Protocol (L2F).
least privilege:
A principle requiring that a subject is granted only the minimum privileges necessary to perform an assigned task.
Lightweight Directory Access Protocol (LDAP):
An Internet Protocol (IP) and data storage model that supports authentication and directory functions.
link encryption:
Packet encryption and decryption at every node along the network path; requires each node to have separate key pairs for its upstream and downstream neighbors.
Link Layer:
Layer 1 of the TCP/IP model. See also TCP/IP model.
live forensics:
Techniques used to gather forensic information from a running system.
log review:
The examination of a system or event log.
logic bomb:
A program, or portion thereof, designed to perform some malicious function when a predetermined circumstance occurs. See also malware.
machine learning (ML):
A method of data analysis that enables computers to analyze a data set and automatically perform actions based on the results without being explicitly programmed.
maintenance hook:
A backdoor that allows a software developer or vendor to bypass access control mechanisms in order to perform maintenance. These backdoors are often well known and pose a significant security threat if not properly secured.
malware:
Malicious software that typically damages, takes control of, or collects information from a computer. This classification of software broadly includes viruses, worms, ransomware Trojan horses, logic bombs, spyware, and (to a lesser extent) adware.
managed security service (MSS):
Security-related services provided by a service provider, typically involving monitoring or management of information systems.
management review:
Activities whereby management reviews a program or process.
mandatory access control (MAC) system:
A type of access control system in which the access policy is determined by the system, rather than by the owner. See also discretionary access control (DAC).
man-in-the-browser attack:
A type of attack in which an attacker tricks a user into installing a browser helper object that acts as a proxy to eavesdrop on traffic or alter it.
man-in-the-middle attack:
A type of attack in which an attacker intercepts messages between two parties and forwards a modified version of the original message.
mantrap:
A physical access control method consisting of a double set of locked doors or turnstiles, to prevent tailgating. See also bollard and sally port.
manual controls:
Controls that are not performed automatically and, therefore, require human action.
maturity model:
A technique used to assess the maturity of an organization and the capability of its processes.
maximum tolerable downtime (MTD):
An extension of a Criticality Assessment that specifies the maximum period of time that a given business process can be inoperative before experiencing unacceptable consequences. See also criticality assessment.
maximum tolerable outage (MTO):
The maximum period of time that a given business process can be operating in emergency or alternate processing mode.
maximum tolerable period of disruption (MTPD):
See maximum tolerable downtime (MTD).
media controls:
Controls that are used to manage information classification and physical media.
meet-in-the-middle attack:
A type of attack in which an attacker encrypts known plaintext with each possible key on one end, decrypts the corresponding ciphertext with each possible key, and then compares the results in the middle.
memory addressing:
The method used by the Central Processing Unit (CPU) to access the contents of memory.
memory leak:
A software defect that results in a program continuing to allocate memory.
memory space:
The amount of memory available in a computer system.
message digest:
A condensed representation of a message that is produced by using a one-way hash function. See also hash function.
metadata:
“Data about data” that may present a security risk by revealing private information about a document or its history.
metamorphism:
A technique used in a virus to change its appearance in host programs without necessarily depending on encryption. The difference in appearance comes from changes made by the virus to its own body. See also polymorphism.
metropolitan area network (MAN):
A network that extends across a large area, such as a city.
MIME Object Security Services (MOSS):
Provides confidentiality, integrity, identification and authentication, and non-repudiation by using MD2 or MD5, RSA asymmetric keys, and DES. See also Data Encryption Standard (DES), Multipurpose Internet Mail Extensions (MIME), and Rivest, Shamir, Adleman (RSA).
mission statement:
A statement that defines an organization’s (or organizational unit’s) reason for existence.
mobile app:
An application that runs on a mobile device and has the capability to interact with the user, communicate over the Internet, and store data locally.
mobile device:
A general term encompassing all smaller devices such as smartphones, phablets, and tablet computers, which run operating systems such as iOS, Android, and Windows 10.
mobile device management (MDM):
Software used to manage the administration of mobile devices such as smartphones, phablets, and tablets.
monitoring:
Activities that verify processes, procedures, and systems.
monoalphabetic substitution:
A cryptographic system that uses a single alphabet to encrypt and decrypt an entire message.
multicast:
A type of network protocol whereby packets are sent from a source to multiple destinations.
multi-factor authentication:
Any authentication mechanism that requires two or more of the following factors: something you know, something you have, something you are.
multi-level system:
A single computer system that handles multiple classification levels between subjects and objects.
multiprocessing:
A system that executes multiple programs on multiple processors simultaneously.
multiprogramming:
A system that alternates execution of multiple programs on a single processor.
multi-protocol label switching (MPLS):
An extremely fast method of forwarding packets through a network by using labels inserted between Layer 2 and Layer 3 headers in the packet.
Multipurpose Internet Mail Extensions (MIME):
An IETF standard that defines the format for messages that are exchanged between email systems over the Internet. See also IETF.
multitasking:
A system that alternates execution of multiple subprograms or tasks on a single processor.
National Computer Security Center (NCSC):
A U.S. government organization, within the National Security Agency (NSA), that is responsible for evaluating computing equipment and applications that are used to process classified data.
National Information Assurance Certification and Accreditation Process (NIACAP):
Formalizes the certification and accreditation process for U.S. government national security information systems.
National Institute of Standards and Technology (NIST):
A federal agency, within the U.S. Department of Commerce, that is responsible for promoting innovation and competitiveness through standards, measurement science, and technology.
near-field communications (NFC):
A wireless communications protocol that operates over distances of up to 10 centimeters.
need-to-know:
A status, granted to an individual, that defines the essential information needed to perform his or her assigned job function.
Network Access Layer:
Layer 1 of the TCP/IP model. See also TCP/IP model.
network address translation (NAT):
The process of converting internal, privately used addresses in a network to external, public addresses.
network-based intrusion detection system (NIDS):
An intrusion detection system designed to detect intrusions through examination of network traffic. See also intrusion detection system.
network interface card (NIC):
An adapter that permits a computer or other system to be connected to a network.
Network Layer:
Layer 3 of the OSI model. See also Open Systems Interconnection (OSI) model.
network penetration test:
A penetration test that targets systems and network devices on a network. See also penetration test.
network sprawl:
A phenomenon where virtual network elements are created, generally without approval or with limited planning and control, in an environment such as the cloud.
neural network:
A type of artificial intelligence system that approximates the function of the human nervous system.
next-generation firewall (NGFW):
A network security platform that fully integrates traditional firewall and network intrusion prevention capabilities with other advanced security functions that provide deep packet inspection (DPI) for complete visibility, accurate application, content, and user identification, and granular policy-based control. See also deep packet inspection (DPI) and intrusion prevention system (IPS).
non-compete agreement:
A legal agreement in which an employee agrees not to accept employment in a competing organization.
non-disclosure agreement (NDA):
A legal agreement in which one or more parties agrees to refrain from disseminating confidential information related to other parties.
non-interference model:
Ensures that the actions of different objects and subjects aren’t seen by, and don’t interfere with, other objects and subjects on the same system.
non-repudiation:
The inability for a user to deny an action; his or her identity is positively associated with that action.
object:
A passive entity, such as a system or file.
Object Linking and Embedding (OLE):
A proprietary Microsoft technology that allows embedding and linking to documents and other objects.
object reuse:
The process of protecting the confidentiality of objects that are reassigned after initial use. See also Trusted Computer System Evaluation Criteria (TCSEC).
objectives:
Specific milestones that an organization wants to perform in order to meet its goals. See also goals.
on-premises:
Information systems, applications and data that is physically located in an organization’s own information processing center.
one-time pad:
A cryptographic keystream that can be used only once.
one-time password:
A password that’s valid for only one log-on session.
one-way function:
A problem that’s easy to compute in one direction but not in the reverse direction.
open message format:
A message encrypted in an asymmetric key system by using the sender’s private key. The sender’s public key, which is available to anyone, is used to decrypt the message. This format guarantees the message’s authenticity. See also secure and signed message format and secure message format.
open relay:
A misconfigured Internet email server that permits cybercriminals to use it for relaying spam and phishing email.
open source:
A software licensing methodology wherein source code is freely available.
open system:
A vendor-independent system that complies with an accepted standard, which promotes interoperability between systems and components made by different vendors. See also closed system.
Open Systems Interconnection (OSI) model:
The seven-layer reference model for networks. The layers are Physical, Data Link, Network, Transport, Session, Presentation, and Application.
operating system (OS):
Software that controls computer hardware and resources and facilitates the operation of application software. See also application software.
Orange Book:
See Trusted Computer System Evaluation Criteria (TCSEC).
Output Feedback (OFB):
One of four operating modes for DES. OFB is a stream cipher often used to encrypt satellite communications. In this mode, previous plaintext is used as feedback for key generation in the next keystream; however, the resulting ciphertext isn’t chained together (unlike with CFB). See also Cipher Block Chaining (CBC), Cipher Feedback (CFB), and Data Encryption Standard (DES).
outsourcing:
The use of an external organization (third party) to perform some aspect of business operations.
Open Web Application Security Project (OWASP):
An online community dedicated to web application security.
owner:
An individual in an organization who’s responsible for management of an asset, including classification, handling, and access policy.
Platform-as-a-Service (PaaS):
As defined by NIST, “the capability provided to the consumer to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.”
packet sniffing:
A type of attack in which an attacker uses a sniffer to capture network packets and analyze their contents.
packet-filtering firewall:
A type of firewall that examines the source and destination addresses of an incoming packet, and then either permits or denies the packet based on an ACL. See also access control list (ACL).
packet-switched network:
Any of several telecommunications network technologies where packets transport data between sender and receiver.
passphrase:
A string of characters consisting of multiple words, that a subject provides to an authentication mechanism in order to authenticate to a system. See also password.
password:
A string of characters (a word or phrase) that a subject provides to an authentication mechanism in order to authenticate to a system.
Password Authentication Protocol (PAP):
A remote access control protocol that uses a two-way handshake to authenticate a peer to a server when a link is initially established.
patch:
A corrective fix for a program or system to correct a defect.
patch management:
The use of procedures and tools to apply patches to target systems.
patent:
As defined by the U.S. Patent and Trademark Office (PTO), a patent is “the grant of a property right to the inventor.”
Payment Card Industry Data Security Standard (PCI DSS):
Protects personal data related to credit, debit, and cash card transactions.
penetration test:
A test involving automated and manual techniques that is used to identify potential software vulnerabilities. Also known as pen testing.
personal identification number (PIN):
A numeric-only passcode, usually used when only a numeric keypad (versus an alphanumeric keyboard) is available. See also password.
Personal Information Protection and Electronic Documents Act (PIPEDA):
Applicable to organizations that do business with Canadian citizens. Protects the privacy of personal information for Canadian citizens.
personally identifiable information (PII):
Information (such as name, address, Social Security number, birthdate, place of employment, and so on) that can be used on its own or with other information to identify, contact, or locate a person.
pharming:
A phishing attack that’s targeted towards a specific organization. See also phishing.
phishing:
A social-engineering cyber-attack technique widely used in identity-theft crimes. An email, purportedly from a known legitimate business (typically financial institutions, online auctions, retail stores, and so on), requests the recipient to verify personal information online at a forged or hijacked website. See also pharming and spear phishing.
physical controls:
Controls that ensure the safety and security of the physical environment.
physical evidence:
See real evidence.
Physical Layer:
Layer 1 of the OSI model. See also Open Systems Interconnection (OSI) model.
plaintext:
A message in its original readable format or a ciphertext message that’s been properly decrypted (unscrambled) to produce the original readable plaintext message.
Point-to-Point Protocol (PPP):
A protocol used in remote access service (RAS) servers to encapsulate Internet Protocol (IP) packets and establish dial-in connections over serial and Integrated Services Digital Network (ISDN) links.
Point-to-Point Tunneling Protocol (PPTP):
A virtual private network (VPN) protocol designed for individual client-server connections.
policy:
A formal high-level statement of an organization’s objectives, responsibilities, ethics and beliefs, and general requirements and controls.
polyinstantiation:
Allows different versions of the same data to exist at different sensitivity levels.
polymorphism:
A technique used in a virus to change its appearance in host programs. For instance, it encrypts its body with a different key each time and prepends a decryption routine to itself. The decryption routine (known as the decryptor) is mutated randomly across virus instances, so as to be not easily recognizable. See also metamorphism.
port hopping:
A technique used by applications to improve accessibility, but also used in cyberattacks to dynamically switch TCP ports to evade detection. See also Transmission Control Protocol (TCP).
port scan:
A test used to determine which Transmission Control Protocol/Internet Protocol (TCP/IP) and User Datagram Protocol (UDP) service ports on a system are active. See also Transmission Control Protocol (TCP), Internet Protocol (IP), and User Datagram Protocol (UDP.
PowerShell:
A task-based command-line shell and scripting language built on the Microsoft .NET framework.
prepared statement:
A canned database command that can be called by an application.
Presentation Layer:
Layer 6 of the OSI model. See also Open Systems Interconnection (OSI) model.
Pretty Good Privacy (PGP):
A freely available, open-source email application that provides confidentiality and authentication by using the International Data Encryption Algorithm (IDEA) cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution. See also Rivest, Shamir, Adleman (RSA).
preventive controls:
Controls that prevent unwanted events.
privacy:
In information security, the protection and proper handling of personal information.
Privacy Enhanced Mail (PEM):
A protocol that provides confidentiality and authentication by using 3DES for encryption, MD2 or MD5 message digests, X.509 digital certificates, and the RSA asymmetric system for digital signatures and secure key distribution. See also 3DES (Triple DES) and Rivest, Shamir, Adleman (RSA).
private cloud:
As defined by NIST, a cloud infrastructure “provisioned for exclusive use by a single organization comprising multiple consumers”. See also cloud.
private network address:
Addresses on TCP/IP networks that are not routable on the Internet and are used for private, internal networks.
privilege creep:
See aggregation (2).
privilege escalation:
See escalation of privilege.
procedures:
Detailed instructions about how to implement specific policies and meet the criteria defined in standards.
process isolation:
An operating system feature whereby different user processes are unable to view or modify information related to other processes.
process table:
The collection of processes that are active in an operating system.
promiscuous mode:
A setting on a network adapter that passes all network traffic to the associated device for processing, not just traffic that is specifically addressed to that device. See also sniffing.
Protected Extensible Authentication Protocol (PEAP):
An open standard used to transmit authentication information in a protected manner.
protected health information (PHI):
Any information about a health status, provisioning of healthcare, or payment for healthcare collected by a covered entity (such as a healthcare provider or insurance company) that can be linked to a specific individual.
protection domain:
Prevents other programs or processes from accessing and modifying the contents of an address space that has already been assigned to an active program or process.
protection rings:
A security architecture concept that implements multiple domains that have increasing levels of trust near the center.
protocol data unit (PDU):
The unit of data used at a particular layer of a communications protocol.
proximate causation:
An action taken or not taken as part of a sequence of events that result in negative consequences.
proxy server:
A system that transfers data packets from one network to another.
prudent man rule:
Under the Federal Sentencing Guidelines, senior corporate officers are required to perform their duties in good faith, in the best interests of the enterprise, and with the care and diligence that ordinary, prudent people in a similar position would exercise in similar circumstances.
pseudo flaw:
A form of social engineering in which the attacker attempts to trick people into performing certain actions to remedy a supposed security situation.
public cloud:
As defined by NIST, a cloud infrastructure “provisioned for open use by the general public.” See also cloud.
public key cryptography:
A cryptographic method that permits parties to communicate with each other without exchanging a secret key in advance.
public key infrastructure (PKI):
A system that enables secure e-commerce through the integration of digital signatures, digital certificates, processes, procedures, and other services necessary to ensure confidentiality, integrity, authentication, non-repudiation, and access control.
punitive damages:
Determined by a jury and intended to punish the offender.
qualitative risk analysis:
A risk analysis that expresses risks and costs in qualitative terms versus quantitative terms (such as high, medium, and low). See also risk analysis.
Quality of Service (QoS):
The ability to prioritize various types of voice and data traffic based on operational needs such as response time, packet loss and jitter.
quantitative risk analysis:
A risk analysis that includes estimated costs. See also risk analysis.
quarantine:
A general term referring to the process of isolating a resource for security reasons.
race condition:
A situation where two programs, processes, or threads are accessing or manipulating a resource as though they are doing so exclusively, thereby leading to an unexpected outcome.
radio frequency interference (RFI):
Electrical noise caused by electrical components, such as fluorescent lighting and electric cables.
rainbow table:
A database of hashes and their corresponding passwords.
ransomware:
Malware that encrypts files on an infected server or endpoint and demands a ransom payment, usually cryptocurrency, to retrieve the key to decrypt the files. See also malware and cryptocurrency.
real (or physical) evidence:
Tangible objects from the actual crime, such as the tools or weapons used and any stolen or damaged property. See also evidence.
recovery controls:
Controls that restore systems and information.
recovery point objective (RPO):
The maximum period of time in which data may be lost if a disaster occurs.
recovery time objective (RTO):
The period of time in which a business process must be recovered (during a disaster) in order to ensure the survival of the organization.
Reduced-Instruction-Set-Computing (RISC):
A microprocessor instruction set architecture that utilizes a smaller and simpler instruction set than CISC, which makes RISC more efficient than CISC. See also Complex-Instruction-Set-Computing (CISC).
reduction analysis:
A step in threat modeling designed to reduce duplication of effort.
redundancy:
Multiple systems, nodes, or network paths that provide the same functionality for resiliency and availability in the event of failure.
redundant array of independent disks (RAID):
A collection of one or more hard drives in a system for purposes of improved performance or reliability.
reference monitor:
An abstract machine (a theoretical model for a computer system or software program) that mediates all access to an object by a subject.
referential integrity:
A property of a database management system in which all data relationships such as indexes, primary keys, and foreign keys are sound.
Registration Authority (RA):
In a PKI, the RA is responsible for verifying certificate contents for the CA. See also Certification Authority (CA) and public key infrastructure (PKI).
remote access service (RAS):
A remote access protocol typically used over dial-up facilities.
remote access trojan (RAT):
A type of malware that controls a system via a remote network connection for criminal, malicious, or unauthorized purposes. See also malware.
Remote Authentication Dial-In User Service (RADIUS):
An open-source, User Datagram Protocol (UDP)–based client-server protocol used to authenticate remote users.
remote backup:
A backup operation where the target backup media is located in a remote location.
remote desktop protocol (RDP):
A proprietary Microsoft protocol used to connect to another computer over a network connection.
repeater:
A device that boosts or re-transmits a signal, in order to physically extend the range of a wired or wireless network.
replication:
The process of copying data transactions from one system to another.
repository:
In a PKI infrastructure, a repository is a system that accepts certificates and Certificate Revocation Lists (CRLs) from a CA and distributes them to authorized parties. See also Certification Authority (CA) and public key infrastructure (PKI).
Reverse Address Resolution Protocol (RARP):
A protocol used by diskless workstations to query and discover their own IP addresses using machine addresses (known as a media access control, or MAC, address).
Rijndael:
The encryption algorithm used by the AES. See also Advanced Encryption Standard (AES).
ring:
A network topology in which all devices are connected to a closed loop.
risk acceptance:
Accepting a risk or residual risk as-is, without mitigating or transferring it.
risk analysis:
A method used to identify and assess threats and vulnerabilities in a business, process, system, or activity as part of a risk assessment. See also risk assessment.
risk assessment:
A study of risks associated with a business process, information system, work facility, or other object of study.
risk assignment (or transference):
Transferring the potential loss associated with a risk to a third party, such as an insurance company.
risk avoidance:
Eliminating risk through discontinuation of the activity related to the risk.
risk-based authentication:
A process where an information system presents authentication challenges that are commensurate with the user’s security profile (for example, geo-location, device type, and so on).
risk management:
The process lifecycle that includes risk assessment and risk treatment.
risk mitigation:
Reducing risk to a level that’s acceptable to an organization.
risk reduction:
Mitigating risk by implementing the necessary security controls, policies, and procedures to protect an asset.
risk tolerance:
The explicit or implicit level of risk that an organization is willing to accept.
risk transfer:
See risk assignment.
risk treatment:
The formal decision-making process for the management of identified risks.:
Rivest, Shamir, Adleman (RSA):
A key transport algorithm based on the difficulty of factoring a number that’s the product of two large prime numbers.
role-based access control (RBAC):
A method for implementing discretionary access controls in which access decisions are based on group membership, according to organizational or functional roles.
rootkit:
Malware that provides privileged (root-level) access to a computer. See also malware.
rotation of duties (or job rotation):
Regularly transferring key personnel into different positions or departments within an organization.
router:
A network device that forwards packets between separate networks.
routing protocol:
A network protocol used by routers to communicate information about internetwork connections.
RSA:
See Rivest, Shamir, Adleman
rule-based access control:
A method for applying mandatory access control by matching an object’s sensitivity label and a subject’s sensitivity label to determine whether access should be granted or denied.
safeguard:
A control or countermeasure implemented to reduce the risk or damage associated with a specific threat.
sag:
A short drop in voltage.
sally port:
A secure, controlled entrance to a facility.
sandbox:
A mechanism for isolating a program or system.
Sarbanes-Oxley (SOX):
Attempts to prevent fraudulent accounting practices and errors in U.S. public corporations and mandates data retention requirements.
scan:
A technique used to identify vulnerabilities in a system or network, usually by transmitting data to it and observing its response.
scareware:
A type of social engineering attack wherein a Trojan horse program or a browser popup is intended to trick the user into thinking that there is a security problem in their computer. The intended victim is asked or tricked to click a button or link to fix a security problem; in reality the consenting user is enabling malware to run on the computer.
screen saver:
An image or pattern that appears on a display, usually as part of an inactivity timeout. See also inactivity timeout.
screening router:
A firewall architecture that consists of a router that controls packet flow through the use of ACLs. See also access control list (ACL) and firewall.
script injection:
An attack in which the attacker injects script code, in hopes that the code will be executed on a target system.
script kiddie:
An individual that does not have any programming or hacking skills, but instead uses scripts, malware, exploits, and other hacking tools developed by others to attack an endpoint or network.
Scrum:
A common implementation of the Agile systems development methodology.
secondary evidence:
A duplicate or copy of evidence, such as a tape backup, screen capture, or photograph. See also evidence.
secure and signed message format:
A message encrypted in an asymmetric key system by using the recipient’s public key and the sender’s private key. This encryption method protects the message’s confidentiality and guarantees the message’s authenticity. See also open message format and secure message format.
Secure Electronic Transaction (SET):
A now obsolete protocol, developed by MasterCard and Visa to provide secure e-commerce transactions by implementing authentication mechanisms while protecting the confidentiality and integrity of cardholder data.
Secure European System and Applications in a Multivendor Environment (SESAME):
A ticket-based authentication protocol similar to Kerberos, with additional security enhancements. See also Kerberos.
Secure HyperText Transfer Protocol (S-HTTP):
An Internet protocol that provides a method for secure communications with a webserver. S-HTTP is now considered obsolete. See also hypertext transfer protocol (HTTP) and hypertext transfer protocol secure (HTTPS).
secure message format:
A message encrypted in an asymmetric key system by using the recipient’s public key. Only the recipient’s private key can decrypt the message. This encryption method protects the message’s confidentiality. See also open message format and secure and signed message format.
Secure Multipurpose Internet Mail Extensions (S/MIME):
Provides confidentiality and authentication for email by using the RSA asymmetric key system, digital signatures, and X.509 digital certificates. See also Rivest, Shamir, Adleman (RSA).
secure shell (SSH):
A secure character-oriented protocol that’s a secure alternative to telnet and rsh. See also telnet.
Secure Sockets Layer (SSL):
A deprecated transport layer protocol that provided session-based encryption and authentication for secure communication between clients and servers on the Internet. See also Transport Layer Security (TLS).
Security Assertion Markup Language (SAML):
An XML-based, open-standard data format for exchanging authentication and authorization credentials between organizations.
security awareness:
The process of providing basic security information to users in an organization to help them make prudent decisions regarding the protection of the organization’s assets.
security control assessment (SCA):
An examination of one or more security controls in an organization.
security engineering:
A sub-specialty of engineering that focuses on security design and operations.
security information and event management (SIEM):
A system that provides real-time collection, analysis, correlation, and presentation of security logs and alerts.
security kernel:
The combination of hardware, firmware, and software elements in a TCB that implements the reference monitor concept. See also Trusted Computing Base (TCB).
security modes of operation:
Designations for U.S. military and government computer systems based on the need to protect secrets stored within them. The modes are Dedicated, System High, Multi-Level, and Limited Access.
security operation center (SOC):
A facility that provides information security monitoring, assessment, defense, and remediation for enterprise compute and network resources, including on-premises and cloud environments.
security perimeter:
The boundary that separates the TCB from the rest of the system. See also Trusted Computing Base (TCB).
security posture:
The level of risk in an organization based on its security practices.
segregation of duties:
See separation of duties and responsibilities.
Sensitive but Unclassified (SBU):
A U.S. government data classification level for information that’s not classified but requires protection, such as private or personal information.
sensitivity label:
In a MAC-based system, a subject’s sensitivity label specifies that subject’s level of trust, whereas an object’s sensitivity label specifies the level of trust required for access to that object. See also mandatory access control (MAC) system.
separation of duties and responsibilities:
A concept that ensures no single individual has complete authority and control of a critical system or process.
Serial Line Internet Protocol (SLIP):
An early Point-to-Point Protocol (PPP) used to transport Internet Protocol (IP) over dial-up modems. PPP is more commonly used for this purpose.
service level agreement (SLA):
Formal minimum performance standards for systems, applications, networks, or services.
service set identifier (SSID):
The name used to uniquely identify a WiFi network.
session hijacking:
Similar to a man-in-the-middle attack, except that the attacker impersonates the intended recipient instead of modifying messages in transit. See also man-in-the-middle attack.
Session Layer:
Layer 5 of the OSI model. See also Open Systems Interconnection (OSI) model.
shoulder surfing:
A social engineering technique that involves looking over someone’s shoulder to obtain information such as passwords or account numbers.
simple integrity property:
A subject can’t read information from an object that has a lower integrity level than the subject (no read down, or NRD). See also Biba model.
Simple Key Management for Internet Protocols (SKIP):
A protocol used to share encryption keys.
Simple Mail Transport Protocol (SMTP):
A protocol used to transport email messages between email servers.
Simple Mail Transport Protocol over TLS:
A protocol used to transport email messages between email servers with encryption. See also Secure Sockets Layer/Transport Layer Security (SSL/TLS).
simple security property (ss property):
A subject can’t read information from an object that has a higher sensitivity label than the subject (no read up, or NRU). See also Bell-LaPadula model.
single factor authentication:
Authentication using only one of the following factors to gain access to a system: what you know, what you have, or what you are.
Single Loss Expectancy (SLE):
Asset Value × Exposure Factor (EF). A measure of the loss incurred from a single realized threat or event, expressed in dollars. See also Exposure Factor (EF).
single sign-on (SSO):
A system that allows a user to present a single set of log-on credentials, typically to an authentication server, which then transparently logs the user on to all other enterprise systems and applications for which that user is authorized.
SKIP:
See Simple Key Management for Internet Protocols (SKIP).
smartphone:
See mobile device.
smurf:
A denial of service attack in which the attacker sends forged Internet Control Message Protocol (ICMP) echo request packets into a network with the intention of having large numbers of nodes on the network sending ICMP echo replies to the target system. See also denial of service (DoS).
sniffing:
The practice of intercepting communications for usually covert purposes.
social engineering:
A low-tech attack method that employs techniques such as dumpster diving and shoulder surfing.
socket:
A logical endpoint on a system or device used to communicate over a network to another system or device (or even on the same device).
software:
Computer instructions that enable the computer to accomplish tasks. See also application software and operating system (OS).
Software-as-a-Service (SaaS):
As defined by NIST, “the capability provided to the consumer to use the provider’s applications running on a cloud infrastructure.”
Software Assurance Maturity Model (SAMM):
A maturity model for software development.
software-defined networking (SDN):
A computer networking approach that abstracts higher-level network functionality from the underlying physical infrastructure.
software development lifecycle (SDLC):
The business-level process used to develop and maintain software. See also systems development lifecycle (SDLC).
software escrow agreement:
A legal agreement between a software manufacturer and its customer(s) wherein the software manufacturer will maintain a copy of its original software source code with a third-party software escrow company. In the event the software manufacturer ceases to operate as a going concern (or other events defined in the software escrow agreement), the software escrow company will release the original source code to the customers that are a party to the software escrow agreement.
source code:
Human-readable machine instructions that are the basis of system and application software.
source code repository:
A system used to store, manage, and protect application or system software source code.
source code review:
See code review.
spam (or Unsolicited Commercial Email [UCE]):
Junk email, which currently constitutes about 85 percent of all worldwide email.
spear phishing:
A phishing attack that’s highly targeted; for example, at a particular organization or part of an organization. See also phishing.
spike:
A momentary rush of electric power.
SPIM:
Spam that is delivered via instant messaging.
SPIT:
Spam that is delivered via Internet telephony.
spoofing:
A technique used to forge TCP/IP packet information or email header information. In network attacks, IP spoofing is used to gain access to systems by impersonating the IP address of a trusted host. In email spoofing, the sender address is forged to trick an email user into opening or responding to an email (which usually contains a virus or spam).
sprint:
A short interval, usually two weeks, during which a development team develops features during a systems development project.
spyware:
A form of malware that’s installed on a user’s computer, usually without his or her knowledge, often for the purpose of collecting information about a user’s Internet usage or for taking control of his or her computer. Spyware increasingly includes keystroke loggers and Trojan horses. See also malware.
SQL injection:
A type of attack where the attacker injects SQL commands into a computer input field, in hopes that the SQL command will be passed to the database management system.
SSL hiding:
A technique that uses SSL encryption to hide the contents of network traffic, for example, to evade detection by network defenses while stealing sensitive data (known as data exfiltration). See also Secure Sockets Layer/Transport Layer Security (SSL/TLS)
standalone power system (SPS):
An off-the-grid electricity system for generation, storage, and regulation, which is used in facilities that are not equipped with an electricity distribution system.
standards:
Specific, mandatory requirements that further define and support high-level policies.
star:
A network topology in which all devices are directly connected to a central hub or concentrator.
star integrity property (*-integrity property):
A subject can’t write information to an object that has a higher integrity level than the subject (no write up, or NWU). See also Biba model.
star property (* property):
A subject can’t write information to an object that has a lower sensitivity label than the subject (no write down, or NWD). See also Bell-LaPadula model.
state attack:
An attack where the attacker is attempting to steal other users’ session identifiers, in order to access a system using the stolen session identifier.
state machine model:
An abstract model in which a secure state is defined and maintained during transitions between secure states.
stateful inspection firewall:
A type of firewall that captures and analyzes data packets at all levels of the Open Systems Interconnection (OSI) model to determine the state and context of the data packet and whether it’s to be permitted access to the network.
static application scanning tool (SAST):
A tool used to identify vulnerabilities in a software application that works by examining the application’s source code in search for exploitable vulnerabilities.
static password:
A password that’s the same for each log-on.
statutory damages:
Mandatory damages determined by law and assessed for violating the law.
steganography:
The art of hiding the very existence of a message; for example, in a picture.
stored procedure:
A subroutine that is accessible by software programs, and which is stored in a relational database management system.
stream cipher:
An encryption algorithm that operates on a continuous stream of data, typically bit-by-bit.
strong authentication:
A means of authentication that requires two or more independent means of identification. See also two-factor authentication.
Structured Query Language (SQL):
A computer language used to manipulate data in a database management system.
subject:
An active entity, such as an individual or a process.
substitution cipher:
Ciphers that replace bits, characters, or character blocks in plaintext with alternate bits, characters, or character blocks to produce ciphertext.
supervisor mode:
A level of elevated privilege, usually intended for only system administration use. See also User mode.
Supervisory Control and Data Acquisition (SCADA):
An industrial automation system that operates with coded signals over communication channels to provide remote control of equipment. See also industrial control system (ICS).
surge:
A prolonged rush of electric power.
switch:
An intelligent hub that transmits data to only individual devices on a network, rather than all devices (in the way that hubs do). See also hub.
Switched Multimegabit Data Service (SMDS):
A high-speed, packet-switched, connectionless-oriented, datagram-based technology available over public switched networks.
symmetric key system (or symmetric algorithm, secret key, single key, private key):
A cryptographic system that uses a single key to both encrypt and decrypt information.
SYN flood:
An attack in which the attacker sends large volumes of Transmission Control Protocol (TCP) SYN (synchronize) packets to a target system. A SYN flood is a type of Denial of Service attack. See also Denial of Service (DoS).
Synchronous Optical Networking (SONET):
A telecommunications carrier-class protocol used to communicate digital information over optical fiber.
synthetic transaction:
A mechanized transaction executed on a system or application to determine its ability to perform transactions properly.
system access control:
A control that prevents a subject from accessing a system unless the subject can present valid credentials.
system high mode:
A state in which a system operates at the highest level of information classification.
system test (software development):
A test of all of the modules of an application or program. See also unit test.
systems development lifecycle (SDLC):
The business-level process used to develop and maintain information systems. See also software development lifecycle (SDLC).
tactics, techniques, and procedures (TTPs):
An approach to cyber threat intelligence that analyzes the patterns and methods of a threat actor or group of threat actors to develop more effective security responses.
Take-Grant model:
A security model that specifies the rights that a subject can transfer to or from another subject or object.
TCP/IP model:
A four-layer networking model, originally developed by the U.S. Department of Defense.
teardrop attack:
A type of stack overflow attack that exploits vulnerabilities in the Internet Protocol (IP).
technical (or logical) controls:
Hardware and software technology used to implement access control.
telnet:
A network protocol used to establish a command line interface on another system over a network. See also Secure Shell (SSH).
Terminal Access Controller Access Control System (TACACS):
A User Datagram Protocol (UDP)–based access control protocol that provides authentication, authorization, and accounting.
termination:
See employment termination.
third-party:
An organization to which some portion of business operations are outsourced. See also outsourcing.
threat:
Any natural or man-made circumstance or event that can have an adverse or undesirable impact, whether minor or major, on an organizational asset.
threat modeling:
A systematic process used to identify likely threats, vulnerabilities, and countermeasures for a specific application and its potential abuses during the design phase of the application (or software) development lifecycle.
three-way handshake:
The method used to establish and tear down network connections in the Transmission Control Protocol (TCP).
token:
A hardware device used in two-factor authentication.
token ring:
A star-topology network transport protocol.
trade secret:
Proprietary or business-related information that a company or individual uses and has exclusive rights to.
trademark:
As defined by the U.S. Patent and Trademark Office (PTO), a trademark is “any word, name, symbol, or device, or any combination, used, or intended to be used, in commerce to identify and distinguish the goods of one manufacturer or seller from goods manufactured or sold by others.”
traffic analysis:
A method of attack in which an attacker observes network traffic patterns in order to make deductions about network utilization, architecture, behavior, or other discernible characteristics.
trans-border data flow:
The transfer of electronic data across national borders.
transient:
A momentary electrical line noise disturbance.
transitive trust:
The phenomenon where a user inherits access privileges established in a domain environment.
Transmission Control Protocol (TCP):
A connection-oriented network protocol that provides reliable delivery of packets over a network.
Transport Layer (OSI model):
Layer 4 of the OSI model. See also Open Systems Interconnection (OSI) model.
Transport Layer (TCP/IP model):
Layer 3 of the TCP/IP model. See also TCP/IP model.
Transport Layer Security (TLS):
An OSI Layer 4 (Transport) protocol that provides session-based encryption and authentication for secure communication between clients and servers on the Internet.
transposition cipher:
Ciphers that rearrange bits, characters, or character blocks in plaintext to produce ciphertext.
trap door:
A feature within a program that performs an undocumented function (usually a security bypass, such as an elevation of privilege).
Trojan horse:
A program that purports to perform a given function, but which actually performs some other (usually malicious) function. See also malware.
trusted computer system:
A system that employs all necessary hardware and software assurance measures and meets the specified requirements for reliability and security.
Trusted Computer System Evaluation Criteria (TCSEC):
Commonly known as the Orange Book. Formal systems evaluation criteria developed for the U.S. Department of Defense by the National Computer Security Center (NCSC) as part of the Rainbow Series.
Trusted Computing Base (TCB):
The total combination of protection mechanisms within a computer system — including hardware, firmware, and software — that are responsible for enforcing a security policy.
Trusted Network Interpretation (TNI):
Commonly known as the Red Book (of the Rainbow Series). Addresses confidentiality and integrity in trusted computer/communications network systems. See also Trusted Computer System Evaluation Criteria (TCSEC).
trusted path:
A direct communications path between the user and the Trusted Computing Base (TCB) that doesn’t require interaction with untrusted applications or operating system layers.
Trusted Platform Module (TPM):
A hardware module in a computer that performs cryptographic functions.
trusted recovery:
Safeguards to prevent the disclosure of information during the recovery of a system after a failure.
twinaxial cable:
A network medium consisting of two solid wire cores that are surrounded by an insulation layer and a metal foil wrap.
twisted pair cable:
A network medium consisting of four to eight twisted pairs of insulated conductors.
two-factor authentication:
An authentication method that requires two ways of establishing identity.
unauthenticated scan:
A vulnerability scan that does not log in to a device, system, or application during its search for exploitable vulnerabilities.
unicast:
A type of network protocol whereby packets are sent from a source to a single destination node.
unified threat management (UTM):
A security appliance that integrates various security features such as firewall, anti-malware, and intrusion prevention capabilities into a single platform.
uninterruptible power supply (UPS):
A device that provides continuous electrical power, usually by storing excess capacity in one or more batteries.
unit test:
A test performed on an individual source code module.
USA PATRIOT Act (Uniting [and] Strengthening America [by] Providing Appropriate Tools Required [to] Intercept [and] Obstruct Terrorism Act of 2001):
A U.S. law that expands the authority of law enforcement agencies for the purpose of combating terrorism.
user:
A person who has access to information and/or information systems.
user acceptance testing (UAT):
Testing of systems and applications by end users so that they can verify correct functionality. Also, the environments where such testing takes place.
user and entity behavior analytics (UEBA):
A process used to detect malicious activity and potential breaches or intrusions by creating a baseline of normal user and entity activity and analyzing anomalies.
User Datagram Protocol (UDP):
A network protocol that doesn’t guarantee packet delivery or the order of packet delivery over a network.
user entitlement:
The data access privileges that are granted to an individual user.
user mode:
A level of privilege, usually intended for ordinary users. See also Supervisor mode.
Vernam cipher:
See one-time pad.
view:
A logical operation that can be used to restrict access to specific information in a database, hide attributes, and restrict queries available to a user. Views are a type of constrained user interface that restricts access to specific functions by not allowing a user to request it.
violation analysis:
The process of examining audit logs and other sources in order to discover inappropriate activities.
virtual desktop infrastructure (VDI):
A desktop operating system running within a virtual machine (VM) on a physical host server.
virtual local area network (VLAN):
A logical network that resides within a physical network.
virtual machine:
An instantiation of an operating system running within a hypervisor.
virtual memory:
A type of secondary memory addressing that uses both installed physical memory and available hard drive space to present a larger apparent memory space than actually exists to the central processing unit (CPU).
virtual private network (VPN):
A private network used to communicate privately over public networks. VPNs typically utilize encryption and encapsulation to protect and simplify connectivity.
virtual reality (VR):
A computer-generated three-dimensional (3D) image representation of an object or objects, which a user can interact with in a similar manner as real-world objects.
virtual tape library (VTL):
A disk-based storage system that is used like magnetic tape storage for use in backup operations.
virtualization:
The practice of running one or more separate, isolated operating system “guests” within a computer system.
virtualization (or VM) sprawl:
The rapid creation of virtual machines without proper security and operations controls.
virus:
A set of computer instructions whose purpose is to embed itself within another computer program in order to replicate itself. See also malware.
Visual Basic Script (VBScript):
An Active Scripting language developed by Microsoft and modeled on Visual Basic.
Voice over Internet Protocol (VoIP):
Telephony protocols that are designed to transport voice communications over TCP/IP networks.
VOMIT:
Voice over Misconfigured Internet Telephone.
vulnerability:
The absence or weakness of a safeguard in an asset, which makes a threat potentially more harmful or costly, more likely to occur, or likely to occur more frequently.
vulnerability assessment:
The use of tools and techniques to identify vulnerabilities in an application, information system, facility, business process, or other object of study.
vulnerability management:
The lifecycle process used to identify and remediate vulnerabilities in information systems.
vulnerability scan:
The use of an automated tool or technique to identify vulnerabilities in a target system or network.
vulnerability scanning tool:
A software program designed to scan a device, system, or application to identify exploitable vulnerabilities.
war dialing:
A brute-force attack that uses a program to automatically dial a large block of phone numbers (such as an area code), searching for vulnerable modems or fax machines.
war driving:
A brute-force attack that involves driving around, looking for vulnerable wireless networks.
warm site:
An alternative computer facility that’s readily available and equipped with electrical power, HVAC, and computers, but not fully configured. See also cold site, hot site, and HVAC.
waterfall:
The software development process in which each phase is performed independently and in sequence.
watering hole attack:
An attack on end-user browsers where malware is installed on a web server and downloaded to users’ browsers.
web application firewall (WAF):
A device used to protect a web server from web application attacks such as script injection and buffer overflow.
web content filter:
A system or application that permits and blocks Internet access to websites based on a defined policy.
white-box testing:
A security test in which the tester has complete knowledge of the system being tested.
whitelisting:
A mechanism that explicitly permits access based on the presence of an item in a list.
Wi-Fi:
A technology used for wireless local area networking with devices based on the IEEE 802.11 standards. See also Institute of Electrical and Electronics Engineers (IEEE).
WiFi Protected Access (WPA):
A means of encrypting communications over 802.11 networks.
Wired Equivalent Privacy (WEP):
A means of encrypting communications; specifically, 802.11/WiFi networks. WEP is obsolete.
Wireless Transport Layer Security (WTLS):
A protocol that provides security services for the Wireless Application Protocol (WAP) commonly used for Internet connectivity by mobile devices.
work factor:
The difficulty (in terms of time, effort, and resources) of breaking a cryptosystem.
worm:
Malware that usually has the capability to replicate itself from computer to computer without the need for human intervention. See also malware.
X.25:
The first wide-area, packet-switching network.
XML (Extensible Markup Language):
A human- and machine-readable markup language.
Zigbee:
A collection of high-level communication protocols for use in small, low-power personal area networks and smart home automation.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.199.181