The process of providing and denying access to objects.

An individual entry in a DACL.

The list of access permissions for an object.

A shared database of domain users, groups, computers, resources, and other information, along with network functionality to centralize and standardize network management and interoperation.

A management action, written policy, procedure, guideline, regulation, law, or rule of any kind.

An encryption algorithm adopted by the U.S. government in 2002 as the standard for encryption operations.

A method of developing software that is based on small project iterations, or sprints, instead of long project schedules.

An acronym for Accounts, Global groups, Universal groups, domain Local groups, and permissions. AGULP is an access control approach that systematically nests individual user accounts in groups that make securing objects more general.

See C-I-A triad.

Software that intercepts all incoming (and optionally outgoing) information, scanning each message or file for malware content.

Software designed to detect and mitigate spyware.

Software designed to detect and mitigate some types of malware, including mainly viruses, worms, and Trojan horses.

A computer that runs application programs on behalf of remote users.

Computer software designed to allow users to perform specific tasks.

A cryptographic algorithm that uses two related keys—one key to encrypt data and another key to decrypt data.

The collection of all possible vulnerabilities that could provide unauthorized access to computer resources; all of the software a computer runs that is vulnerable to attack.

Any person or program that attempts to interact with a computer information system in an unauthorized manner.

The process of collecting performance information on what actions were taken and storing that information for later analysis.

The process of proving that provided identity credentials are valid and correct.

The process of granting and/or denying access to resources based on the authenticated user.

Any user (person or program) that possesses permission to access a resource.

The assurance that requested information is available to authorized users upon request.

A defined collection of copies of files created in case the primary copies of the files are damaged or destroyed.

A restore that includes the operating system and all configuration settings.

A collection of configuration settings often collected and saved for the purposes of comparing to other similar collections of configuration settings; a structured collection, or collection of specific item versions.

A Windows feature that encrypts entire volumes and normally uses a computer’s Trusted Platform Module (TPM) hardware to store encryption keys.

A Windows feature that encrypts removable media devices.

Any device, typically a CD, DVD, or USB key, from which a computer will boot and load an operating system.

A condition in which a running program stores data that is larger than the memory location set aside for the data. The extra data spills over into adjacent memory, causing other data and possibly instructions to be overwritten. An attacker can place specific data in the overflowed buffer to change the instructions a program executes.

A newly published framework for software development that is the result of a study of large organizations that develop software with a specific focus on security.

A plan that ensures an organization can survive any disruption and continue operating.

Any one of the components, including people, information, and conditions, that support business objectives.

A California state law, passed in 2018, that protects consumer privacy by requiring any organization that collects or uses private data to adhere to controls restricting private data collection, storage, and use.

A computer that stores digital certificates and issues them to authenticated subjects.

Documentation that provides details of every move and access of evidence.

Confidentiality, integrity, and availability, which are the goals of information security.

An algorithm for performing encryption and decryption.

GUIDs used in the Windows Registry to identify objects and record many of their attributes.

A level of sensitivity assigned to an object by its owner. An example object could be assigned as top secret, secret, confidential, restricted, or unclassified.

A security level assigned to subjects, authorizing them to access objects with an equal or lower classification. Clearance levels include top secret, secret, and confidential.

The practice of renting computer resources from a provider instead of owning the resources.

Network cabling that consists of a single copper conductor surrounded with a plastic sheath, then a braided copper shield, and then the external insulation.

An international set of standards for functionality and assurance of computer security. The Common Criteria superseded the Orange Book as well as other standards.

An alternate security control that fulfills an original goal without implementing the primary control.

The process of ensuring that the items in each domain of the IT infrastructure meet or exceed security goals.

A collection of computer and network devices connected to one or more networks, generally for the purpose of fulfilling business functions. Also called IT Infrastructure.

A team of representatives from IT, management, legal, and public relations that is organized to respond to incidents.

The assurance that information can be accessed and viewed only by authorized users.

A person or group of people responsible for making decisions about changes to the system definition during the course of the development life cycle.

A site, a domain, or an organizational unit in Active Directory.

Any mechanism or action that prevents, detects, or addresses an attack.

A control that repairs the effects of damage from an attack. Corrective controls include virus removal procedures, firewall table updates, and user authorization database updates.

A malware attack in which the malware uses the victim’s computer or device to mine cryptocurrency for the attacker.

Data that is stored on a persistent storage device, such as a disk drive.

Data that is currently being transported from one location to another, as in a transfer across a network connection.

The process of breaking down a software development project into distinct phases.

A piece of information that an algorithm needs as input to decrypt or “unlock” a document to make it readable.

A security strategy that relies on multiple layers of security that require attackers to defeat multiple controls to access any protected resource.

Any object created as a result of project activities.

A space created by using one or more firewalls to separate an untrusted network from a trusted network.

See Plan, Do, Check, Act.

An attack that sends a large volume of network messages that end up flooding the network and making it unusable for legitimate traffic.

A control that detects when an action has occurred. Detective controls include smoke detectors, log monitors, and system audits.

Another term for security certificate.

A special mode that allows administrators to create an offline copy of Active Directory (AD).

A plan that ensures the infrastructure is operational and ready to support primary business functions.

An access control method based on an object’s owner and permissions granted by the owner.

The list of access permissions for an object, based on access granted by the object’s owner.

A DoS attack in which the controller instructs one or more compromised computers to flood a network with packets.

Any written evidence, such as printed reports or data in log files.

A server computer designated to handle Active Directory requests.

The ongoing attention and care an organization places on security and compliance.

A collection of features that describe user and data attributes; these attributes help Windows protect files using policies that provide more control over who can access data.

The page within the Advanced Security Settings dialog box of Windows that displays calculated permissions for any user or group.

A public key cryptographic algorithm based on the structure of elliptic curves.

A rule that handles addressing and encryption issues.

A Windows feature that provides transparent file and folder encryption. Encryption keys in EFS are based on a user’s password.

The process of transforming readable information into unreadable information in such a way that anyone with a proper key can reverse the process, making the information readable again.

An agreement between the software producer and the end user. The EULA addresses issues regarding approved use and liability. Also called a Software License Agreement.

An integrated collection of software programs that are used to manage many aspects of a business, including financials, human resources, assets, and business processes.

Any observable occurrence within a computer or network.

To take advantage of a specific vulnerability.

Network cabling that consists of a glass core surrounded by several layers of protective materials.

A feature of Windows that provides the ability to define classification properties for files.

A primary feature of Microsoft Windows that maintains multiple versions of files for the purpose of restoring files to any previous state on demand.

A computer or hardware device that has one or more connected hard disk drives, a network interface, and software to provide network access to files and folders on the attached disks.

A popular protocol used to transfer files from one computer to another.

A device or software program to filter data passing through the device or program, limiting network traffic to authorized traffic only.

A form of encryption in which the disk controller encrypts each block. FDE is faster than FVE, since it occurs at a lower level than the operating system.

A method for encrypting a single partition, either physical or virtual, on a hard drive.

A network device that connects two or more separate networks that use different protocols.

A comprehensive regulation in European Union law that protects the privacy all EU individuals, requiring all global organizations that handle personal data of any EU citizen to comply.

An identification value that is unique across all environments to keep track of an object across many computers.

A set of named entities that define a group of users for the purpose of defining permissions that apply to multiple users.

A centralized set of rules that govern the way Windows operates.

A utility used to collect deployed GPO and computer information that is used to verify Group Policy implementations.

A utility used to create, edit, and manage AD GPOs.

A named object that contains a collection of Group Policy settings.

A utility to immediately deploy and apply GPOs.

A hacker who is, or claims to be, motivated by political or social justice concerns and uses hacking skills to reinforce his or her chosen position.

The process of making configuration changes and deploying controls to reduce the attack surface.

Software layer in the operating system kernel that provides the actual access to physical hardware.

The practice of identifying malware based on previous experience.

A network device with several connectors, or ports, that allows multiple network cables to attach to it.

A product that supports creating and running virtual machines in Windows Server 2008.

An application layer protocol used to transfer content between web browsers and web servers.

A secure application layer protocol used to transfer encrypted content between web browsers and web servers. HTTPS encrypts traffic by sending HTTP messages over SLS/TLS.

Providing credentials that claim a specific identity, such as a user name.

A set of standards for wireless local area network (WLAN) communication protocols.

An event that results in violating your security policy, or poses an imminent threat to your security policy.

An organization that defines standards for many aspects of computing and communications.

The assurance that information can be modified only by authorized users.

An agency that defines standards for coordinating global communications.

A gateway that connects a LAN to the Internet.

A framework of open standards for protecting communications over Internet Protocol (IP) networks.

A network device or software that can analyze traffic and detect a potential intrusion based on traffic patterns.

A network device or software that can analyze traffic and detect a potential intrusion based on traffic patterns and can also change firewall rules in real time to prevent further damage from an attack.

A computer network authentication protocol which allows computers to communicate in a secure manner across an insecure network, and the default authentication protocol for Windows.

The core part of an operating system that provides the essential services of the operating system.

The highest privilege at which programs can run, allowing access to the physical hardware and kernel resources. Also called supervisor mode.

A computer designated to authenticate users and, upon authentication, issue Kerberos keys that will allow subjects to access objects.

A tunneling protocol used to support VPNs.

User accounts that are defined using the principle of least privilege.

A network that covers a small physical area, such as an office or building.

Editor for local Group Policy settings.

Any resource attached to a local computer—the same computer to which the user has logged on.

An alternate term for technical control.

Software that is designed to infiltrate a target computer and make it do something the attacker has instructed it to do.

A common term used to describe malicious software, including viruses, worms, and Trojan horses, especially in combinations.

Accounts that administrators can create as managed domain accounts to provide automatic password management.

An access control method based on the subject’s clearance and the object’s classification. MAC implementations often also require demonstration of a subject’s “need to know” to receive access.

An attack in which the attacker is located between a client and a server and intercepts traffic flowing back and forth between the two computers. The attacker can view or modify data that is transmitted in the clear.

A shortened unique string of digits that represents a file or message.

A network that connects two or more LANs but does not span an area larger than a city or town.

The portion of an operating system’s kernel that resides exclusively in memory.

An easy-to-use tool that evaluates the current security state of computers in accordance with Microsoft security recommendations.

A graphical user interface framework that provides a centralized method to manage software components on Windows computers.

An authentication process that requires multiple types of authentication credentials.

A security scanner from Shavlik that scans and analyzes the patch status of products MBSA does not support. Shavlik also produces the scaled-down version of its scanner called NetChk Protect Limited.

A collection of computers and devices connected by some connection media.

A solution that defines and implements a policy that describes the requirements to access your network.

A technique used in many firewalls that translates internal IP addresses into an external IP address. This feature hides the true IP address of internal computers from outside nodes.

A standalone network device with internal storage that is connected to a LAN and accessible to other LAN nodes as a mapped folder or drive.

An authentication protocol used in legacy Windows systems to support secure communications across an insecure network.

An open source utility used to scan one or more computers or network devices for open ports and other information.

Any computer or device connected to a network.

This allows a sender to verify the source of a message.

A resource to which access is controlled.

A consumer-based vulnerability scanner from Secunia that searches for vulnerable or out-of-date programs and plug-ins. OSI runs in a web browser and does not need to be installed on the computer it is scanning.

A generic description for how computers use multiple layers of protocol rules to communicate across a network. The OSI Reference Model defines seven different layers of communication.

United States Department of Defense Trusted Computer System Evaluation Criteria, (DOD-5200.28-STD), it was one of the early formal standards for computer security.

AD containers that group computers either logically or functionally.

This defines what a user can do to a specific object, such as read or delete the object.

A consumer-based vulnerability scanner from Secunia that searches for vulnerable or out-of-date programs and plug-ins. PSI must be installed on the computer before you can use it to scan for vulnerabilities.

A device that limits access or otherwise protects a resource, such as a fence, door, lock, or fire extinguisher.

Unencrypted data, also known as cleartext.

A quality method indicating a continuous process consisting of four repeating steps: Plan, Do, Check, Act. PDCA is also known as a Deming cycle.

A tunneling protocol used to support VPNs.

In the context of network protocols, a numeric identifier that programs use to classify network messages.

A shared secret used by cryptographic algorithms to perform symmetric encryption and decryption.

A control that stops an action before it occurs. Preventive controls include locked doors, firewall rules, and user passwords.

The copy of any piece of information that you use most frequently.

The practice of providing a user or process with only the necessary access required to carry out a task.

A computer or network device that provides the interface between the network and one or more printers.

The process of adding more authority to the current session than the process should possess.

The process of comparing real computer configurations with known baselines for the purpose of documenting the pertinent differences with secure settings and similarities to insecure settings.

A set of rules that govern communication.

An encryption key that can be shared and does not need to be kept private.

A cryptographic algorithm that uses two related keys—one key to encrypt data and another key to decrypt data.

A general approach to handling encryption keys using trusted entities and digital certificates; the hardware, software, policies, and procedures to manage all aspects of digital certificates.

A statement that accesses data in a database.

A type of malware that attempts to generate funds directly from a computer user by attacking the computer’s files and limiting the user’s ability to access data until some money is paid.

Any physical object that you can bring into court that you can touch, hold, and directly observe.

A key that can be used to decrypt BitLocker-protected data if the primary key is lost or damaged.

The amount of time it should take to recover a resource and bring it back to normal operation.

A collection of disks organized in a way that protects data by duplicating it or writing extra information to reconstruct any damaged data.

A computer that authenticates subjects and directs the CA to issue digital certificates to authenticated subjects.

A database for Windows configuration settings.

An editor for Windows Registry contents.

Any resource attached to another computer on a network that is different from the computer to which the user is logged on.

The process of copying secondary copies of files back to their primary locations.

A utility that shows the settings that result from existing or planned GPOs for a specific computer and user.

User rights define tasks that a user is permitted to carry out, such as take ownership of objects or shut down the computer.

A security feature of Windows, which can encrypt files that contain tagged sensitive data without requiring user interaction.

Any exposure to a threat.

A predefined set of services, programs, and configuration settings that enable a computer to fulfill a specific set of requirements.

An access control method based on permissions defined by a role, (e.g., manager, authorized user, or guest), as opposed to an individual user, e.g., Michael Solomon.

Software that modifies or replaces one or more existing programs, often part of the operating system, to hide the fact a computer has been compromised.

A network device that examines the destination address and then forwards the packet to the correct outbound port.

A description of components stored in a database.

A copy of information created to assist in the recovery of the information in the event the primary copy is damaged or destroyed.

A set of hash functions adopted by the National Security Agency as a U.S. government information processing standard.

VPN protocol that creates an encrypted tunnel over SSL/TLS.

The predecessor to TLS, SSL is a cryptographic protocol that operates at the transport network layer and provides security for communications across the Internet.

A document used by Windows to store all SIDs associated with a process.

The process of implementing the security controls within the IT infrastructure.

A document that contains identity information and a public key, along with other descriptive information. Also called a digital certificate.

A tool that helps administrators to analyze a computer and compare its configuration settings against a baseline.

A Microsoft utility that provides guidance to administrators and creates policies based on the least privilege principle for the server roles you have selected either during installation or afterward using the Server Manager Utility.

A mechanism used to protect information and related assets.

A security assurance process that is focused on software development.

A GPO filter that limits a GPO’s scope to specific computers or users.

A unique identifier for each user and group in a Windows environment.

Software tools that help CSIRT teams coordinate information from multiple sources, automate initial IR tasks, and organize the steps to effectively respond to incidents.

A text file that contains a list of configuration settings.

A Windows Server 2008 R2 installation option that provides a minimal environment that includes only programs necessary for the roles you select.

A contract between an organization or individual and a cloud service provider that details the services provided, along with response time guarantees and associated costs.

A unique identifier for a wireless network.

Network cabling that generally consists of two or four pairs of wires with a foil shielding around each pair to reduce external electrical and radio interference. Pairs of wires are twisted around each other to reduce interference with other pairs.

The unique set of instructions that make up an instance of malware and distinguish it from other malware.

An organized collection of malware signatures used by antivirus or anti-spyware (or other anti-malware) software to identify malware.

A card or device that stores information used for authentication or encryption.

An administrative program designed to run in the MMC.

The process of an attacker tricking or convincing an authorized user to carry out an action or provide valuable information for which the attacker is unauthorized.

A collection of best practices for handling changes in software projects.

A component of the BSIMM that organizes the 109 BSIMM activities into a framework consisting of 12 practices in four domains.

The act of masquerading as another identity.

One of the small project iterations used in the “agile” method of developing software, in contrast with the usual long project schedules of other ways of developing software.

Software that covertly monitors and records pieces of information, such as web surfing activities and all data processed by the browser.

An attack that adds SQL statements to input data for the purpose of sending commands to a database management system.

A collection of one or more standalone network devices with internal storage, often connected to computers via fiber channel, used to provide remote storage. SAN devices appear to computers to be local storage devices, but are actually network devices.

A computer language for accessing data in a database.

An entity requesting access to an object.

The highest privilege at which programs can run, allowing access to the physical hardware and kernel resources. Also called kernel mode.

A network hardware device that forwards input it receives only to the appropriate output port.

An encryption algorithm that uses a single key for both encryption and decryption.

A formal model for the process of creating and modifying software.

A generic description for how computers use multiple layers of protocol rules to communicate across a network. The TCP/IP Reference Model defines four different layers of communication rules.

A device or process that limits access to a resource. Examples include user authentication, antivirus software, and firewalls.

Any action that could lead to damage or loss.

A combination of two separate protocols commonly used in Internet network communication.

An option in several database management systems that encrypts all data in the database without any user or application action required.

A cryptographic protocol that operates at the transport network layer and provides security for communications across the Internet.

Software that masquerades as an apparently harmless program or data file but contains malware instructions.

A microchip designed to securely store cryptographic keys.

A computer from which digital certificates are accepted.

A technique that creates a virtual encrypted connection and allows applications to use any protocol to communicate with servers and services without having to worry about addressing or privacy concerns.

Authentication process that requires two separate types of authentication credentials.

Authentication based on information only a valid user knows, such as a password or PIN.

Authentication based on a physical object that contains identity information, such as a token, card, or other device.

Authentication based on a physical characteristic (biometric), such as a fingerprint, hand print, or retina characteristic.

Any user (person or program) that does not possess permission to access a resource.

A character string used to identify the location and name of a resource on the Internet.

An identification value that is unique across all environments to keep track of an object across many computers.

Network cabling that generally consists of two or four pairs of wires. Pairs of wires are twisted around each other to reduce interference with other pairs.

A Windows feature that prompts users for a confirmation before escalating to administrator privileges.

Limited privilege for running programs that does not allow direct access to the computer’s physical hardware or certain kernel resources.

A software implementation of a physical computer.

A computer network that is implemented over an existing network, often to provide an encrypted tunnel to exchange data securely.

The ability to run two or more virtual machines simultaneously on a single physical computer.

A software program that attaches itself to, or copies itself into, another program for the purpose of causing the computer to follow instructions that were not intended by the original program developer.

A Windows service that assists utilities and applications in creating snapshots of a running Windows system.

Any weakness that could allow a threat to be realized.

A server that receives a web request, processes the request based on defined filters, and acts on the request based on defined rules. Rules can include actions such as forward, drop, deny, and translate.

A network that connects multiple LANs and WANs and spans very large areas, including multiple country coverage.

An algorithm designed to replace WEP by providing secure wireless communications.

The infrastructure Windows uses to maintain and exchange management and operations data.

A long-running program that performs a specific set of functions, such as a firewall, database server, or a web server.

A legacy algorithm designed to secure wireless communications.

A LAN in which computers and devices communicate using radio frequency transmissions.

A GPO filter that limits a GPO’s scope based on a WMI query’s result.

A subset of SQL used to query Windows machines for management and operations data.

A standalone malicious software program that actively transmits itself, generally over networks, to infect other computers.

An ITU-T standard that defines the format of public key (digital) certificates.

Active malware that either exploits an unknown vulnerability or one for which no fix has yet been released.

A computer that follows the instructions sent from another computer.