Professional Documents
Culture Documents
CISSP Practice - Vallabhaneni S Rao
CISSP Practice - Vallabhaneni S Rao
of Contents
Cover
Domain 5: Cryptography
Traditional Questions, Answers, and Explanations
Scenario-Based Questions, Answers, and
Explanations
Sources and References
Copyright
Preface
How to Study for the CISSP Exam
Description of the CISSP Examination
Domain 1
Access Control
Cryptography
Security Operations
Calculations for System 1 are shown below and calculations for other
systems follow the System 1 calculations.
Availability for System 1 =
[Uptime/(Uptime + Downtime)] × 100 = [(8,560/8,760)] × 100 =
97.7%
Reliability for System 1 =
[1 − (Downtime/Downtime + Uptime)] × 100 = [1 − (200/8,760)] ×
100 = 97.7%
Check: Reliability for System 1 =
100 − (100 − Availability percent) = 100 − (100 − 97.7) = 97.7%
This goes to say that the availability and reliability goals are intrinsically
related to each other, where the former is a component of the latter.
8. Regarding BCP and DRP, redundant array of independent disk
(RAID) does not do which of the following?
a. Provide disk redundancy
b. Provide power redundancy
c. Decrease mean-time-between-failures
d. Provide fault tolerance for data storage
8. b. Redundant array of independent disk (RAID) does not provide
power redundancy and should be acquired through an uninterruptible
power supply system. However, RAID provides the other three choices.
9. Redundant array of independent disk (RAID) technology does not
use which of the following?
a. Electronic vaulting
b. Mirroring
c. Parity
d. Striping
9. a. Redundant array of independent disk (RAID) technology uses three
data redundancy techniques such as mirroring, parity, and striping, not
electronic vaulting. Electronic vaulting is located offsite, whereas RAID
is placed at local servers where the former may use the latter.
10. Regarding BCP and DRP, the board of directors of an
organization is not required to follow which of the following?
a. Duty of due care
b. Duty of absolute care
c. Duty of loyalty
d. Duty of obedience
10. b. Duty of absolute care is not needed because reasonable and normal
care is expected of the board of directors because no one can anticipate
or protect from all disasters. However, the directors need to follow the
other three duties of due care, loyalty, and obedience.
11. Which of the following tasks is not a part of business continuity
plan (BCP)?
a. Project scoping
b. Impact assessment
c. Disaster recovery procedures
d. Disaster recovery strategies
11. c. Tasks are different between a business continuity plan (BCP) and
disaster recovery planning (DRP) because of timing of those tasks. For
example, disaster recovery procedures come into play only during
disaster, which is a part of DRP.
12. Which of the following tasks is not a part of disaster recovery
planning (DRP)?
a. Restoration procedures
b. Procuring the needed equipment
c. Relocating to a primary processing site
d. Selecting an alternate processing site
12. d. Tasks are different between business continuity plan (BCP) and
disaster recovery planning (DRP) because of timing of those tasks. For
example, selecting an alternative processing site should be planned out
prior to a disaster, which is a part of a BCP. The other three choices are a
part of DRP. Note that DRP is associated with data processing and BCP
refers to actions that keep the business running in the event of a
disruption, even if it is with pencil and paper.
13. Regarding BCP and DRP, critical measurements in business impact
analysis (BIA) include which of the following?
a. General support system objectives
b. Major application system objectives
c. Recovery time objectives and recovery point objectives
d. Uninterruptible power supply system objectives
13. c. Two critical measurements in business impact analysis (BIA)
include recovery time objectives (RTOs) and recovery point objectives
(RPOs). Usually, systems are classified as general support systems (for
example, networks, servers, computers, gateways, and programs) and
major application systems (for example, billing, payroll, inventory, and
personnel system). Uninterruptible power supply (UPS) system is an
auxiliary system supporting general systems and application systems.
Regardless of the nature and type of a system, they all need to fulfill the
RTOs and RPOs to determine their impact on business operations.
14. Regarding BCP and DRP, which of the following establishes an
information system’s recovery time objective (RTO)?
a. Cost of system inoperability and the cost of resources
b. Maximum allowable outage time and the cost to recover
c. Cost of disruption and the cost to recover
d. Cost of impact and the cost of resources
14. b. The balancing point between the maximum allowable outage
(MAO) and the cost to recover establishes an information system’s
recovery time objective (RTO). Recovery strategies must be created to
meet the RTO. The maximum allowable outage is also called maximum
tolerable downtime (MTD). The other three choices are incorrect because
they do not deal with time and cost dimensions together.
15. Regarding BCP and DRP, which of the following determines the
recovery cost balancing?
a. Cost of system inoperability and the cost of resources to recover
b. Maximum allowable outage and the cost to recover
c. Cost of disruption and the cost to recover
d. Cost of impact and the cost of resources
15. a. It is important to determine the optimum point to recover an IT
system by balancing the cost of system inoperability against the cost of
resources required for restoring the system. This is called recovery cost
balancing, which indicates how long an organization can afford to allow
the system to be disrupted or unavailable. The other three choices are
incorrect because they do not deal with the recovery cost balancing
principle.
16. Regarding contingency planning, which of the following actions
are performed when malicious attacks compromise the confidentiality
or integrity of an information system?
1. Graceful degradation
2. System shutdown
3. Fallback to manual mode
4. Alternate information flows
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
16. d. The actions to perform during malicious attacks compromise the
confidentiality or integrity of the information system include graceful
degradation, information system shutdown, fallback to a manual mode,
alternative information flows, or operating in a mode that is reserved
solely for when the system is under attack.
17. In transaction-based systems, which of the following are
mechanisms supporting transaction recovery?
1. Transaction rollback
2. Transaction journaling
3. Router tables
4. Compilers
a. 1 only
b. 1 and 2
c. 3 and 4
d. 1, 2, 3, and 4
17. b. Transaction rollback and transaction journaling are examples of
mechanisms supporting transaction recovery. Routers use router tables
for routing messages and packets. A compiler is software used to
translate a computer program written in a high-level programming
language (source code) into a machine language for execution. Both
router tables and compilers do not support transaction recovery.
18. Regarding contingency planning, which of the following is
susceptible to potential accessibility problems in the event of an area-
wide disaster?
1. Alternative storage site
2. Alternative processing site
3. Alternative telecommunications services
4. Remote redundant secondary systems
a. 1 and 2
b. 2 and 3
c. 3 only
d. 1 and 4
18. a. Both alternative storage site and alternative processing site are
susceptible to potential accessibility problems in the event of an area-
wide disruption or disaster. Explicit mitigation actions are needed to
handle this problem. Telecommunication services (ISPs and network
service providers) and remote redundant secondary systems are located
far away from the local area, hence not susceptible to potential
accessibility problems.
19. Which of the following ensures the successful completion of tasks
in the development of business continuity and disaster recovery
plans?
a. Defining individual roles
b. Defining operational activities
c. Assigning individual responsibility
d. Exacting individual accountability
19. d. It is important to ensure that individuals responsible for the various
business continuity and contingency planning activities are held
accountable for the successful completion of individual tasks and that the
core business process owners are responsible and accountable for
meeting the milestones for the development and testing of contingency
plans for their core business processes.
20. Regarding contingency planning, strategic reasons for separating
the alternative storage site from the primary storage site include
ensuring:
1. Both sites are not susceptible to the same hazards.
2. Both sites are not colocated in the same area.
3. Both sites do not have the same recovery time objectives.
4. Both sites do not have the same recovery point objectives.
a. 1 and 2
b. 1, 2, and 3
c. 1, 2, and 4
d. 1, 2, 3, and 4
20. a. It is important to ensure that both sites (i.e., alternative storage site
and primary storage site) are not susceptible to the same hazards, are not
colocated in the same area, have the same recovery time objectives
(RTOs), and have the same recovery point objectives (RPOs).
21. Regarding BCP and DRP, if MAO is maximum allowable outage,
BIA is business impact analysis, RTO is recovery time objective,
MTBF is mean-time-between-failures, RPO is recovery point
objective, MTTR is mean-time-to-repair, and UPS is uninterruptible
power supply, which one of the following is related to and compatible
with each other within the same choice?
a. MAO, BIA, RTO, and MTBF
b. BIA, RTO, RPO, and MAO
c. MAO, MTTR, RPO, and UPS
d. MAO, MTBF, MTTR, and UPS
21. b. A business impact analysis (BIA) is conducted by identifying a
system’s critical resources. Two critical resource measures in BIA
include recovery time objective (RTO) and recovery point objective
(RPO). The impact in BIA is expressed in terms of maximum allowable
outage (MAO). Hence, BIA, RTO, RPO, and MAO are related to and
compatible with each other. MTBF is mean-time-between-failures, MTTR
is mean-time-to-repair, and UPS is uninterruptible power supply, and they
have no relation to BIA, RTO, RPO, and MAO because MAO deals with
maximum time, whereas MTTF and MTTR deals with mean time (i.e.,
average time).
22. Regarding contingency planning, system-level information
backups do not require which of the following to protect their
integrity while in storage?
a. Passwords
b. Digital signatures
c. Encryption
d. Cryptographic hashes
22. a. Backups are performed at the user-level and system-level where the
latter contains an operating system, application software, and software
licenses. Only user-level information backups require passwords.
System-level information backups require controls such as digital
signatures, encryption, and cryptographic hashes to protect their
integrity.
23. Which of the following is an operational control and is a
prerequisite to developing a disaster recovery plan?
a. System backups
b. Business impact analysis
c. Cost-benefit analysis
d. Risk analysis
23. a. System backups provide the necessary data files and programs to
recover from a disaster and to reconstruct a database from the point of
failure. System backups are operational controls, whereas the items
mentioned in the other choices come under management controls and
analytical in nature.
24. Which of the following is a critical benefit of implementing an
electronic vaulting program?
a. It supports unattended computer center operations or automation.
b. During a crisis situation, an electronic vault can make the
difference between an organization’s survival and failure.
c. It reduces required backup storage space.
d. It provides faster storage data retrieval.
24. b. For some organizations, time becomes money. Increased system
reliability improves the likelihood that all the information required is
available at the electronic vault. If data can be retrieved immediately from
the off-site storage, less is required in the computer center. It reduces
retrieval time from hours to minutes. Because electronic vaulting
eliminates tapes, which are a hindrance to automated operations,
electronic vaulting supports automation.
25. Regarding contingency planning, information system backups
require which of the following?
1. Both the primary storage site and alternative storage site do not need
to be susceptible to the same hazards.
2. Both operational system and redundant secondary system do not need
to be colocated in the same area.
3. Both primary storage site and alternative storage site do not need to
have the same recovery time objectives.
4. Both operational system and redundant secondary system do not need
to have the same recovery point objectives.
a. 1 and 2
b. 1, 2, and 3
c. 1, 2, and 4
d. 1, 2, 3, and 4
25. a. System backup information can be transferred to the alternative
storage site, and the same backup can be maintained at a redundant
secondary system, not colocated with the operational system. Both sites
and both systems must have the same recovery time objectives (RTOs)
and same recovery point objectives (RPOs). This arrangement can be
activated without loss of information or disruption to the operation.
26. Disaster recovery strategies must consider or address which of the
following?
1. Recovery time objective
2. Disruption impacts
3. Allowable outage times
4. Interdependent systems
a. I only
b. 1 and 2
c. 1, 2, and 3
d. 1, 2, 3, and 4
26. d. A disaster recovery strategy must be in place to recover and restore
data and system operations within the recovery time objective (RTO)
period. The strategies should address disruption impacts and allowable
outage times identified in the business impact analysis (BIA). The chosen
strategy must also be coordinated with the IT contingency plans of
interdependent systems. Several alternatives should be considered when
developing the strategy, including cost, allowable outage times, security,
and integration into organization-level contingency plans.
27. The final consideration in the disaster recovery strategy must be
which of the following?
a. Criticality of data and systems
b. Availability of data and systems
c. Final costs and benefits
d. Recovery time objective requirements
27. c. The final consideration in the disaster recovery strategy must be
final costs and benefits; although, cost and benefit data is considered
initially. No prudent manager or executive would want to spend ten
dollars to obtain a one dollar benefit. When costs exceed benefits, some
managers accept the risk and some do not. Note that it is a human
tendency to understate costs and overstate benefits. Some examples of
costs include loss of income from loss of sales, cost of not meeting legal
and regulatory requirements, cost of not meeting contractual and
financial obligations, and cost of loss of reputation. Some examples of
benefits include assurance of continuity of business operations, ability to
make sales and profits, providing gainful employment, and satisfying
internal and external customers and other stakeholders.
The recovery strategy must meet criticality and availability of data and
systems and recovery time objective (RTO) requirements while
remaining within the cost and benefit guidelines.
28. Regarding BCP and DRP, which of the following does not prevent
potential data loss?
a. Disk mirroring
b. Offsite storage of backup media
c. Redundant array of independent disk
d. Load balancing
28. b. Although offsite storage of backup media enables a computer
system to be recovered, data added to or modified on the server since the
previous backup could be lost during a disruption or disaster. To avoid
this potential data loss, a backup strategy may need to be complemented
by redundancy solutions, such as disk mirroring, redundant array of
independent disk (RAID), and load balancing.
29. Which of the following is an example of a recovery time objective
(RTO) for a payroll system identified in a business impact analysis
(BIA) document?
a. Time and attendance reporting may require the use of a LAN
server and other resources.
b. LAN disruption for 8 hours may create a delay in time sheet
processing.
c. The LAN server must be recovered within 8 hours to avoid a delay
in time sheet processing.
d. The LAN server must be recovered fully to distribute payroll
checks on Friday to all employees.
29. c. “The LAN server must be recovered within 8 hours to avoid a
delay in time sheet processing” is an example of BIA’s recovery time
objective (RTO). “Time and attendance reporting may require the use of
a LAN server and other resources” is an example of BIA’s critical
resource. “LAN disruption for 8 hours may create a delay in time sheet
processing” is an example of BIA’s resource impact. “The LAN server
must be recovered fully to distribute payroll checks on Friday to all
employees” is an example of BIA’s recovery point objective (RPO).
30. Which of the following are closely connected to each other when
conducting business impact analysis (BIA) as a part of the IT
contingency planning process?
1. System’s components
2. System’s interdependencies
3. System’s critical resources
4. System’s downtime impacts
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
30. c. A business impact analysis (BIA) is a critical step to understanding
the information system components, interdependencies, and potential
downtime impact. Contingency plan strategy and procedures should be
designed in consideration of the results of the BIA. A BIA is conducted by
identifying the system’s critical resources. Each critical resource is then
further examined to determine how long functionality of the resource
could be withheld from the information system before an unacceptable
impact is experienced. Therefore, system’s critical resources and
system’s downtime impacts are closely related to each other than the
other items.
31. Business continuity plans (BCP) need periodic audits to ensure the
accuracy, currency, completeness, applicability, and usefulness of such
plans in order to properly run business operations. Which one of the
following items is a prerequisite to the other three items?
a. Internal audits
b. Self-assessments
c. External audits
d. Third-party audits
31. b. Self-assessments are proactive exercises and are a prerequisite to
other types of audits. Self-assessments are in the form of questionnaires
and usually a company’s employees (for example, supervisors or
mangers) conduct these self-assessments to collect answers from
functional management and IT management on various business
operations. If these self-assessments are conducted with honesty and
integrity, they can be eye-opening exercises because their results may not
be the same as expected by the company management. The purpose of
self-assessments is to identify strengths and weaknesses so weaknesses
can be corrected and strengths can be improved.
In addition, self-assessments make an organization ready and prepared
for the other audits such as internal audits by corporate internal auditors,
external audits by public accounting firms, and third-party audits by
regulatory compliance auditors, insurance industry auditors, and others.
In fact, overall audit costs can be reduced if these auditors can rely on the
results of self-assessments, and it can happen only when these
assessments are done in an objective and unbiased manner. This is
because auditors do not need to repeat these assessments with functional
and IT management, thus saving their audit time, resulting in reduction in
audit costs. However, auditors will conduct their own independent tests to
validate the answers given in the assessments. The audit process validates
compliance with disaster recovery standards, reviews recovery problems
and solutions, verifies the appropriateness of recovery test exercises, and
reviews the criteria for updating and maintaining a BCP.
Here, the major point is that self-assessments should be performed in an
independent and objective manner without the company management’s
undue influence on the results. Another proactive thinking is sharing
these self-assessments with auditors earlier to get their approval prior to
actually using them in the company to ensure that right questions are
asked and right areas are addressed.
32. A company’s vital records program must meet which of the
following?
1. Legal, audit, and regulatory requirements
2. Accounting requirements
3. Marketing requirements
4. Human resources requirements
a. 1 only
b. 1 and 2
c. 1, 3, and 4
d. 1, 2, 3, and 4
32. d. Vital records support the continuity of business operations and
present the necessary legal evidence in a court of law. Vital records
should be retained to meet the requirements of functional departments of
a company (for example, accounting, marketing, production, and human
resources) to run day-to-day business operations (current and future). In
addition, companies that are heavily regulated (for example, banking and
insurance) require certain vital records to be retained for a specified
amount of time. Also, internal auditors, external auditors, and third-party
auditors (for example, regulatory auditors and banking/insurance
industry auditors) require certain vital records to be retained to support
their audit work. Periodically, these auditors review compliance with the
record retention requirements either as a separate audit or as a part of
their scheduled audit. Moreover, vital records are needed during
recovery from a disaster. In other words, vital records are so vital for the
long-run success of a company.
First, a company management with the coordination of corporate legal
counsel must take an inventory of all records used in a company, classify
what records are vital, and identify what vital records support the
continuity of business operations, legal evidence, disaster recovery work,
and audit work; knowing that not all records and documents that a
company handles everyday are vital records.
Some records are on paper media while other records are on electronic
media. An outcome of inventorying and classifying records is
developing a list of “record retention” showing each document with its
retention requirements in terms of years. Then, a systematic method is
needed to preserve and store these vital records onsite and offsite with
rotation procedures between the onsite and offsite locations.
Corporate legal counsel plays an important role in defining retention
requirements for both business (common) records and legal records. IT
management plays a similar role in backing up, archiving, and restoring
the electronic records for future retrieval and use. The goal is to ensure
that the current version of the vital records is available and that outdated
backup copies are deleted or destroyed in a timely manner.
Examples of vital records follow:
Legal records: General contracts; executive employment
contracts; bank loan documents; business agreements with third
parties, partners, and joint ventures; and regulatory compliance
forms and reports.
Accounting/finance records: Payroll, accounts payable, and
accounts receivable records; customer invoices; tax records; and
yearly financial statements.
Marketing records: Marketing plans; sales contracts with
customers and distributors; customer sales orders; and product
shipment documents.
Human resources records: Employment application and test
scores, and employee performance appraisal forms.
33. IT resource criticality for recovery and restoration is determined
through which of the following ways?
1. Standard operating procedures
2. Events and incidents
3. Business continuity planning
4. Service-level agreements
a. 1 and 2
b. 2 and 3
c. 3 and 4
d. 1, 2, 3, and 4
33. c. Organizations determine IT resource criticality (for example,
firewalls and Web servers) through their business continuity planning
efforts or their service-level agreements (SLAs), which document actions
and maximum response times and state the maximum time for restoring
each key resource. Standard operating procedures (SOPs) are a
delineation of the specific processes, techniques, checklists, and forms
used by employees to do their work. An event is any observable
occurrence in a system or network. An incident can be thought of as a
violation or imminent threat of violation of computer security policies,
acceptable use policies, or standard security practices.
34. An information system’s recovery time objective (RTO) considers
which of the following?
1. Memorandum of agreement
2. Maximum allowable outage
3. Service-level agreement
4. Cost to recover
a. 1 and 3
b. 2 and 4
c. 3 and 4
d. 1, 2, 3, and 4
34. b. The balancing point between the maximum allowable outage
(MAO) for a resource and the cost to recover that resource establishes
the information system’s recovery time objective (RTO). Memorandum
of agreement is another name for developing a service-level agreement
(SLA).
35. Contingency planning integrates the results of which of the
following?
a. Business continuity plan
b. Business impact analysis
c. Core business processes
d. Infrastructural services
35. b. Contingency planning integrates and acts on the results of the
business impact analysis. The output of this process is a business
continuity plan consisting of a set of contingency plans—with a single
plan for each core business process and infrastructure component. Each
contingency plan should provide a description of the resources, staff
roles, procedures, and timetables needed for its implementation.
36. Which of the following must be defined to implement each
contingency plan?
a. Triggers
b. Risks
c. Costs
d. Benefits
36. a. It is important to document triggers for activating contingency
plans. The information needed to define the implementation triggers for
contingency plans is the deployment schedule for each contingency plan
and the implementation schedule for the replaced mission-critical
systems. Triggers are more important than risks, costs, and benefits
because the former drives the latter.
37. The least costly test approach for contingency plans is which of
the following?
a. Full-scale testing
b. Pilot testing
c. Parallel testing
d. End-to-end testing
37. d. The purpose of end-to-end testing is to verify that a defined set of
interrelated systems, which collectively support an organizational core
business area or function, interoperate as intended in an operational
environment. Generally, end-to-end testing is conducted when one major
system in the end-to-end chain is modified or replaced, and attention is
rightfully focused on the changed or new system. The boundaries on end-
to-end tests are not fixed or predetermined but rather vary depending on
a given business area’s system dependencies (internal and external) and
the criticality to the mission of the organization.
Full-scale testing is costly and disruptive, whereas end-to-end testing is
least costly. Pilot testing is testing one system or one department before
testing other systems or departments. Parallel testing is testing two
systems or two departments at the same time.
38. Organizations practice contingency plans because it makes good
business sense. Which of the following is the correct sequence of steps
involved in the contingency planning process?
1. Anticipating potential disasters
2. Identifying the critical functions
3. Selecting contingency plan strategies
4. Identifying the resources that support the critical functions
a. 1, 2, 3, and 4
b. 1, 3, 2, and 4
c. 2, 1, 4, and 3
d. 2, 4, 1, and 3
38. d. Contingency planning involves more than planning for a move
offsite after a disaster destroys a data center. It also addresses how to
keep an organization’s critical functions operating in the event of
disruptions, both large and small. This broader perspective on
contingency planning is based on the distribution of computer support
throughout an organization. The correct sequence of steps is as follows:
Identify the mission or business or critical functions.
Identify the resources that support the critical functions.
Anticipate potential contingencies or disasters.
Select contingency planning strategies.
39. A contingency planning strategy consists of the following four
parts. Which of the following parts are closely related to each other?
a. Emergency response and recovery
b. Recovery and resumption
c. Resumption and implementation
d. Recovery and implementation
39. b. The selection of a contingency planning strategy should be based
on practical considerations, including feasibility and cost. Risk
assessment can be used to help estimate the cost of options to decide an
optimal strategy. Whether the strategy is onsite or offsite, a contingency
planning strategy normally consists of emergency response, recovery,
resumption, and implementation.
In emergency response, it is important to document the initial actions
taken to protect lives and limit damage. In recovery, the steps that will be
taken to continue support for critical functions should be planned. In
resumption, what is required to return to normal operations should be
determined. The relationship between recovery and resumption is
important. The longer it takes to resume normal operations, the longer
the organization will have to operate in the recovery mode. In
implementation, it is necessary to make appropriate preparations,
document the procedures, and train employees. Emergency response and
implementation do not have the same relationship as recovery and
resumption does.
40. Contingency planning for local-area networks should consider all
the following except:
a. Incident response
b. Remote computing
c. Backup operations
d. Recovery plans
40. b. Remote computing is not applicable to a local-area network (LAN)
because the scope of a LAN is limited to local area only such as a
building or group of buildings. Wide-area networks or metropolitan-area
networks are good for remote computing. A contingency plan should
consider three things: incident response, backup operations, and
recovery.
The purpose of incident response is to mitigate the potentially serious
effects of a severe LAN security-related problem. It requires not only the
capability to react to incidents but also the resources to alert and inform
the users if necessary.
Backup operation plans are prepared to ensure that essential tasks can be
completed subsequent to disruption of the LAN environment and can
continue until the LAN is sufficiently restored. Recovery plans are made
to permit smooth, rapid restoration of the LAN environment following
interruption of LAN usage. Supporting documents should be developed
and maintained that minimize the time required for recovery. Priority
should be given to those applications and services that are deemed
critical to the functioning of the organization. Backup operation
procedures should ensure that these critical services and applications are
available to users.
41. Rank the following objectives of a disaster recovery plan (DRP)
from most to least important:
1. Minimize the disaster ’s financial impact on the organization.
2. Reduce physical damage to the organization’s property, equipment,
and data.
3. Limit the extent of the damage and thus prevent the escalation of the
disaster.
4. Protect the organization’s employees and the general public.
a. 1, 2, 3, and 4
b. 3, 2, 1, and 4
c. 4, 1, 3, and 2
d. 4, 2, 1, and 3
41. c. The health and safety of employees and general public should be
the first concern during a disaster situation. The second concern should
be to minimize the disaster ’s economic impact on the organization in
terms of revenues and sales. The third concern should be to limit or
contain the disaster. The fourth concern should be to reduce physical
damage to property, equipment, and data.
42. Rank the following benefits to be realized from a comprehensive
disaster recovery plan (DRP) from most to least important:
1. Reduce insurance costs.
2. Enhance physical and data security.
3. Provide continuity of organization’s operations.
4. Improve protection of the organization’s assets.
a. 1, 2, 3, and 4
b. 3, 2, 1, and 4
c. 3, 4, 2, and 1
d. 4, 2, 3, and 1
42. c. The most important benefit of a comprehensive disaster recovery
plan is to provide continuity of operations followed by protection of
assets, increased security, and reduced insurance costs. Assets can be
acquired if the business is operating and profitable. There is no such
thing as 100 percent security. A company can assume self-insurance.
43. What is the inherent limitation of a disaster recovery planning
exercise?
a. Inability to include all possible types of disasters
b. Assembling disaster management and recovery teams
c. Developing early warning monitors that trigger alerts and
responses
d. Conducting periodic drills
43. a. Because there are many types of disasters that can occur, it is not
practical to consider all such disasters. Doing so is cost-prohibitive.
Hence, disaster recovery planning exercises should focus on major types
of disasters that occur frequently. One approach is to perform risk
analysis to determine the annual loss expectancy (ALE), which is
calculated from the frequency of occurrence of a possible loss multiplied
by the expected dollar loss per occurrence.
44. Which of the following items is usually not considered when a new
application system is brought into the production environment?
a. Assigning a contingency processing priority code
b. Training computer operators
c. Developing computer operations documentation
d. Training functional users
44. a. An application system priority analysis should be performed to
determine the business criticality for each computer application. A
priority code or time sensitivity code should be assigned to each
production application system that is critical to the survival of the
organization. The priority code tells people how soon the application
should be processed when the backup computer facility is ready. This can
help in restoring the computer system following a disaster and facilitate
in developing a recovery schedule.
45. Which of the following disaster scenarios is commonly not
considered during the development of disaster recovery and
contingency planning?
a. Network failure
b. Hardware failure
c. Software failure
d. Failure of the local telephone company
45. d. Usually, telephone service is taken for granted by the recovery
team members that could negatively affect Voice over Internet Protocol
(VoIP) services. Consequently, it is not addressed in the planning stage.
However, alternative phone services should be explored. The other three
choices are usually considered due to familiarity and vendor presence.
46. Which of the following phases in the contingency planning and
emergency program is most difficult to sell to an organization’s
management?
a. Mitigation
b. Preparedness
c. Response
d. Recovery
46. a. Mitigation is a long-term activity aimed at eliminating or reducing
the probability of an emergency or a disaster occurring. It requires “up-
front” money and commitment from management. Preparedness is
incorrect because it is a readiness to respond to undesirable events. It
ensures effective response and minimizes damage. Response is incorrect
because it is the first phase after the onset of an emergency. It enhances
recovery operations. Recovery is incorrect because it involves both
short- and long-term restoration of vital systems to normal operations.
47. Which of the following is the best form of a covered loss insurance
policy?
a. A basic policy
b. A broad policy
c. A special all-risk policy
d. A policy commensurate with risks
47. d. Because insurance reduces or eliminates risk, the best insurance is
the one commensurate with the most common types of risks to which a
company is exposed.
The other three choices are incorrect. A basic policy covers specific
named perils including fire, lightning, and windstorm. A broad policy
covers additional perils such as roof collapse and volcanic action. A
special all-risk policy covers everything except specific exclusions
named in the policy.
48. Which of the following IT contingency solutions increases a
server’s performance and availability?
a. Electronic vaulting
b. Remote journaling
c. Load balancing
d. Disk replication
48. c. Load balancing systems monitor each server to determine the best
path to route traffic to increase performance and availability so that one
server is not overwhelmed with traffic. Electronic vaulting and remote
journaling are similar technologies that provide additional data backup
capabilities, with backups made to remote tape or disk drives over
communication links. Disk replication can be implemented locally or
between different locations.
49. Which of the following can be called the disaster recovery plan of
last resort?
a. Contract with a recovery center
b. Demonstration of the recovery center ’s capabilities
c. Tour of the recovery center
d. Insurance policy
49. d. According to insurance industry estimates, every dollar of insured
loss is accompanied by three dollars of uninsured economic loss. This
suggests that companies are insured only for one-third of the potential
consequences of a disaster and that insurance truly is a disaster recovery
plan of last resort.
50. What should be the last step in a risk assessment process
performed as a part of business continuity plan?
a. Consider possible threats.
b. Establish recovery priorities.
c. Assess potential impacts.
d. Evaluate critical needs.
50. b. The last step is establishing priorities for recovery based on
critical needs. The following describes the sequence of steps in a risk
assessment process:
1. Possible threats include natural (for example, fires, floods, and
earthquakes), technical (for example, hardware/software failure, power
disruption, and communications interference), and human (for example,
riots, strikes, disgruntled employees, and sabotage).
2. Assess impacts from loss of information and services from both
internal and external sources. This includes financial condition,
competitive position, customer confidence, legal/regulatory
requirements, and cost analysis to minimize exposure.
3. Evaluate critical needs. This evaluation also should consider
timeframes in which a specific function becomes critical. This includes
functional operations, key personnel, information, processing systems,
documentation, vital records, and policies and procedures.
4. Establish priorities for recovery based on critical needs.
51. For business continuity planning/disaster recovery planning
(BCP/DRP), business impact analysis (BIA) primarily identifies which
of the following?
a. Threats and risks
b. Costs and impacts
c. Exposures and functions
d. Events and operations
51. a. Business impact analysis (BIA) is the process of identifying an
organization’s exposure to the sudden loss of selected business functions
and/or the supporting resources (threats) and analyzing the potential
disruptive impact of those exposures (risks) on key business functions
and critical business operations. Threats and risks are primary and costs
and impacts are secondary, where the latter is derived from the former.
The BIA usually establishes a cost (impact) associated with the disruption
lasting varying lengths of time, which is secondary.
52. Which of the following is the best course of action to take for
retrieving the electronic records stored at an offsite location?
a. Installing physical security controls offsite
a. Installing environmental security controls offsite
c. Ensuring that software version stored offsite matches with the vital
records version
d. Rotating vital records between onsite and offsite
52. c. The IT management must ensure that electronic records are
retrievable in the future, requiring the correct version of software that
created the original records is tested and stored offsite, and that the
current software version is matched with the current version of vital
records.
The other three choices are incorrect because, although they are
important in their own way, they do not directly address the retrieval of
electronic records. Examples of physical security controls include keys
and locks, sensors, alarms, sprinklers, and surveillance cameras.
Examples of environmental controls include humidity, air conditioning,
and heat levels. Rotating vital records between onsite and offsite is
needed to purge the obsolete records and keep the current records only.
53. What is the purpose of a business continuity plan (BCP)?
a. To sustain business operations
b. To recover from a disaster
c. To test the business continuity plan
d. To develop the business continuity plan
53. a. Continuity planning involves more than planning for a move
offsite after a disaster destroys a data center. It also addresses how to
keep an organization’s critical functions operating in the event of
disruptions, both large and small. This broader perspective on continuity
planning is based on the distribution of computer use and support
throughout an organization. The goal is to sustain business operations.
54. The main body of a contingency or disaster recovery plan
document should not address which of the following?
a. What?
b. When?
c. How?
d. Who?
54. c. The plan document contains only the why, what, when, where, and
who, not how. The how deals with detailed procedures and information
required to carry out the actions identified and assigned to a specific
recovery team. This information should not be in the formal plan because
it is too detailed and should be included in the detail reference materials
as an appendix to the plan. The why describes the need for recovery, the
what describes the critical processes and resource requirements, the when
deals with critical time frames, the where describes recovery strategy, and
the who indicates the recovery team members and support organizations.
Keeping the how information in the plan document confuses people,
making it hard to understand and creating a maintenance nightmare.
55. Which of the following contingency plan test results is most
meaningful?
a. Tests met all planned objectives in restoring all database files.
b. Tests met all planned objectives in using the latest version of the
operating systems software.
c. Tests met all planned objectives using files recovered from
backups.
d. Tests met all planned objectives using the correct version of access
control systems software.
55. c. The purpose of frequent disaster recovery tests is to ensure
recoverability. Review of test results should show that the tests conducted
met all planned objectives using files recovered from the backup copies
only. This is because of the no backup, no recovery principle. Recovery
from backup also shows that the backup schedule has been followed
regularly. Storing files at a secondary location (offsite) is preferable to
the primary location (onsite) because it ensures continuity of business
operations if the primary location is destroyed or inaccessible.
56. If the disaster recovery plan is being tested for the first time,
which of the following testing options can be combined?
a. Checklist testing and simulation testing
b. Simulation testing and full-interruption testing
c. Checklist testing and structured walk-through testing
d. Checklist testing and full-interruption testing
56. c. The checklist testing can ensure that all the items on the checklists
have been reviewed and considered. During structured walk-through
testing, the team members meet and walk through the specific steps of
each component of the disaster recovery process and find gaps and
overlaps.
Simulation testing simulates a disaster during nonbusiness hours, so
normal operations will not be interrupted. Full-interruption testing is not
recommended because it activates the total disaster recovery plan. This
test is costly and disruptive to normal operations and requires senior
management’s special approval.
57. Which of the following should be consistent with the frequency of
information system backups and the transfer rate of backup
information to alternative storage sites?
1. Recovery time objective
2. Mean-time-to-failure
3. Recovery point objective
4. Mean-time-between-outages
a. 1 and 2
b. 1 and 3
c. 2 and 3
d. 2 and 4
57. b. The frequency of information system backups and the transfer rate
of backup information to alternative storage sites should be consistent
with the organization’s recovery time objective (RTO) and recovery
point objective (RPO). Recovery strategies must be created to meet the
RTO and RPO. Mean-time-to-failure (MTTF) is most often used with
safety-critical systems such as airline traffic control systems (radar
control services) to measure time between failures. Mean-time-between-
outages (MTBO) is the mean time between equipment failures that result
in loss of system continuity or unacceptable degradation. MTTF deals
with software issues, whereas MTBO measures hardware problems.
58. All the following are misconceptions about a disaster recovery
plan except:
a. It is an organization’s assurance to survive.
b. It is a key insurance policy.
c. It manages the impact of LAN failures.
d. It manages the impact of natural disasters.
58. a. A well-documented, well-rehearsed, well-coordinated disaster
recovery plan allows businesses to focus on surprises and survival. In
today’s environment, a local-area network (LAN) failure can be as
catastrophic as a natural disaster, such as a tornado. Insurance does not
cover every loss.
The other three choices are misconceptions. What is important is to focus
on the major unexpected events and implement modifications to the plan
so that it is necessary to reclaim control over the business. The key is to
ensure survival in the long run.
59. Which of the following disaster recovery plan test results would
be most useful to management?
a. Elapsed time to perform various activities
b. Amount of work completed
c. List of successful and unsuccessful activities
d. Description of each activity
59. c. Management is interested to find out what worked (successful) and
what did not (unsuccessful) after a recovery from a disaster. The idea is
to learn from experience.
60. Which of the following is not an example of procedure-oriented
disaster prevention activity?
a. Backing up current data and program files
b. Performing preventive maintenance on computer equipment
c. Testing the disaster recovery plan
d. Housing computers in a fire-resistant area
60. d. Housing computers in a fire-resistant area is an example of a
physically oriented disaster prevention category, whereas the other three
choices are examples of procedure-oriented activities. Procedure-
oriented actions relate to tasks performed on a day-to-day, month-to-
month, or annual basis or otherwise performed regularly. Housing
computers in a fire-resistant area with a noncombustible or charged
sprinkler area is not regular work. It is part of a major computer-center
building construction plan.
61. Which of the following is the most important outcome from
contingency planning tests?
a. The results of a test should be viewed as either pass or fail.
b. The results of a test should be viewed as practice for a real
emergency.
c. The results of a test should be used to assess whether the plan
worked or did not work.
d. The results of a test should be used to improve the plan.
61. d. In the case of contingency planning, a test should be used to
improve the plan. If organizations do not use this approach, flaws in the
plan may remain hidden or uncorrected. Although the other three choices
are important in their own way, the most important outcome is to learn
from the test results in order to improve the plan next time, which is the
real benefit.
62. A major risk in the use of cellular radio and telephone networks
during a disaster include:
a. Security and switching office issues
b. Security and redundancy
c. Redundancy and backup power systems
d. Backup power systems and switching office
62. a. The airwaves are not secure and a mobile telephone switching
office can be lost during a disaster. The cellular company may need to
divert a route from the cell site to another mobile switching office. User
organizations can take care of the other three choices because they are
mostly applicable to them, and not to the telephone company.
63. Regarding BCP and DRP, which of the following is not an element
of risk?
a. Threats
b. Assets
c. Costs
d. Mitigating factors
63. c. Whether it is BCP/DRP or not, the three elements of risk include
threats, assets, and mitigating factors.
Risks result from events and their surroundings with or without prior
warnings, and include facilities risk, physical and logical security risk,
reputation risk, network risk, supply-chain risk, compliance risk, and
technology risk.
Threat sources include natural (for example, fires and floods), man-made
attacks (for example, social engineering), technology-based attacks (DoS
and DDoS), and intentional attacks (for example, sabotage).
Assets include people, facilities, equipment (hardware), software, and
technologies.
Controls in the form of physical protection, logical protection, and asset
protection are needed to avoid or mitigate the effects of risks. Some
examples of preventive controls include passwords, smoke detectors, and
firewalls and some examples of reactive/recovery controls include hot
sites and cold sites.
Costs are the outcomes or byproducts of and derived from threats, assets,
and mitigating factors, which should be analyzed and justified along with
benefits prior to the investment in controls.
64. Physical disaster prevention and preparedness begins when a:
a. Data center site is constructed
b. New equipment is added
c. New operating system is installed
d. New room is added to existing computer center facilities
64. a. The data center should be constructed in such a way as to minimize
exposure to fire, water damage, heat, or smoke from adjoining areas.
Other considerations include raised floors, sprinklers, or fire detection
and extinguishing systems and furniture made of noncombustible
materials. All these considerations should be taken into account in a cost-
effective manner at the time the data (computer) center is originally built.
Add-ons will not only be disruptive but also costly.
65. Disaster notification fees are part of which of the following cost
categories associated with alternative computer processing support?
a. Initial costs
b. Recurring operating costs
c. Activation costs
d. Development costs
65. c. There are three basic cost elements associated with alternate
processing-support: initial costs, recurring operating costs, and
activation costs. The first two components are incurred whether the
backup facility is put into operation; the last cost component is incurred
only when the facility is activated.
The initial costs include the cost of initial setup, including membership,
construction or other fees. Recurring operating costs include costs for
maintaining and operating the facility, including rent, utilities, repair, and
ongoing backup operations. Activation costs include costs involved in the
actual use of the backup capability. This includes disaster notification
fees, facility usage charges, overtime, transportation, and other costs.
66. When comparing alternative computer processing facilities, the
major objective is to select the alternative with the:
a. Largest annualized profit
b. Largest annualized revenues
c. Largest incremental expenses
d. Smallest annualized cost
66. d. The major objective is to select the best alternative facility that
meets the organization’s recovery needs. An annualized cost is obtained
by multiplying the annual frequency with the expected dollar amount of
cost. The product should be a small figure.
67. Which of the following statements is not true about contracts and
agreements associated with computer backup facilities?
a. Small vendors do not need contracts due to their size.
b. Governmental organizations are not exempted from contract
requirements.
c. Nothing should be taken for granted during contract negotiations.
d. All agreements should be in writing.
67. a. All vendors, regardless of their size, need written contracts for all
customers, whether commercial or governmental. Nothing should be
taken for granted, and all agreements should be in writing to avoid
misunderstandings and performance problems.
68. All of the following are key stakeholders in the disaster recovery
process except:
a. Employees
b. Customers
c. Suppliers
d. Public relations officers
68. d. A public relations (PR) officer is a company’s spokesperson and
uses the media as a vehicle to consistently communicate and report to the
public, including all stakeholders, during pre-crisis, interim, and post-
crisis periods. Hence, the PR officer is a reporter, not a stakeholder.
Examples of various media used for crisis notification include print,
radio, television, telephone (voice mail and text messages), post office
(regular mail), the Internet (for example, electronic mail and blogs), and
press releases or conferences.
The other stakeholders (for example, employees, customers, suppliers,
vendors, labor unions, investors, creditors, and regulators) have a vested
interest in the positive and negative effects and outcomes, and are
affected by a crisis situation, resulting from the disaster recovery
process.
69. Which of the following is the most important consideration in
locating an alternative computing facility during the development of a
disaster recovery plan?
a. Close enough to become operational quickly
b. Unlikely to be affected by the same contingency issues as the
primary facility
c. Close enough to serve its users
d. Convenient to airports and hotels
69. b. There are several considerations that should be reflected in the
backup site location. The optimum facility location is (i) close enough to
allow the backup function to become operational quickly, (ii) unlikely to
be affected by the same contingency, (iii) close enough to serve its users,
and (iv) convenient to airports, major highways, or train stations when
located out of town.
70. Which of the following alternative computing backup facilities is
intended to serve an organization that has sustained total
destruction from a disaster?
a. Service bureaus
b. Hot sites
c. Cold sites
d. Reciprocal agreements
70. b. Hot sites are fully equipped computer centers. Some have fire
protection and warning devices, telecommunications lines, intrusion
detection systems, and physical security. These centers are equipped with
computer hardware that is compatible with that of a large number of
subscribing organizations. This type of facility is intended to serve an
organization that has sustained total destruction and cannot defer
computer services. The other three choices do not have this kind of
support.
71. A full-scale testing of application systems cannot be accomplished
in which of the following alternative computing backup facilities?
a. Shared contingency centers and hot sites
b. Dedicated contingency centers and cold sites
c. Hot sites and reciprocal agreements
d. Cold sites and reciprocal agreements
71. d. The question is asking about the two alternative computing
facilities that can perform full-scale testing. Cold sites do not have
equipment, so full-scale testing cannot be done until the equipment is
installed. Adequate time may not be allowed in reciprocal agreements due
to time pressures and scheduling conflicts between the two parties.
Full-scale testing is possible with shared contingency centers and hot
sites because they have the needed equipment to conduct tests. Shared
contingency centers are essentially the same as dedicated contingency
centers. The difference lies in the fact that membership is formed by a
group of similar organizations which use, or could use, identical
hardware.
72. Which of the following computing backup facilities has a cost
advantage?
a. Shared contingency centers
b. Hot sites
c. Cold sites
d. Reciprocal agreements
72. d. Reciprocal agreements do not require nearly as much advanced
funding as do commercial facilities. They are inexpensive compared to
other three choices where the latter are commercial facilities. However,
cost alone should not be the overriding factor when making backup
facility decisions.
73. Which of the following organization’s functions are often ignored
in planning for recovery from a disaster?
a. Computer operations
b. Safety
c. Human resources
d. Accounting
73. c. Human resource policies and procedures impact employees
involved in the response to a disaster. Specifically, it includes extended
work hours, overtime pay, compensatory time, living costs, employee
evacuation, medical treatment, notifying families of injured or missing
employees, emergency food, and cash during recovery. The scope covers
the pre-disaster plan, emergency response during recovery, and post-
recovery issues. The major reason for ignoring the human resource
issues is that they encompass many items requiring extensive planning
and coordination, which take a significant amount of time and effort.
74. Which of the following is the best organizational structure and
management style during a disaster?
a. People-oriented
b. Production-oriented
c. Democratic-oriented
d. Participative-oriented
74. b. During the creation of a disaster recovery and restoration plan, the
management styles indicated in the other three choices are acceptable due
to the involvement and input required of all people affected by a disaster.
However, the situation during a disaster is entirely different requiring
execution, not planning. The command-and-control structure, which is a
production-oriented management style, is the best approach to
orchestrate the recovery, unify all resources, and provide solid direction
with a single voice to recover from the disaster. This is not the time to
plan and discuss various approaches and their merits. The other three
choices are not suitable during a disaster.
75. The primary objective of emergency planning is to:
a. Minimize loss of assets.
b. Ensure human security and safety.
c. Minimize business interruption.
d. Provide backup facilities and services.
75. b. Emergency planning provides the policies and procedures to cope
with disasters and to ensure the continuity of vital data center services.
The primary objective of emergency planning is personnel safety,
security, and welfare; secondary objectives include (i) minimizing loss of
assets, (ii) minimizing business interruption, (iii) providing backup
facilities and services, and (iv) providing trained personnel to conduct
emergency and recovery operations.
76. Which of the following is most important in developing
contingency plans for information systems and their facilities?
a. Criteria for content
b. Criteria for format
c. Criteria for usefulness
d. Criteria for procedures
76. c. The only reason for creating a contingency plan is to provide a
document and procedure that will be useful in time of emergency. If the
plan is not designed to be useful, it is not satisfactory. Suggestions for the
plan content and format can be described, but no two contingency plans
will or should be the same.
77. All the following are objectives of emergency response procedures
except:
a. Protect life
b. Control losses
c. Protect property
d. Maximize profits
77. d. Emergency response procedures are those procedures initiated
immediately after an emergency occurs to protect life, protect property,
and minimize the impact of the emergency (loss control). Maximizing
profits can be practiced during nonemergency times but not during an
emergency.
78. The post-incident review report after a disaster should not focus
on:
a. What happened?
b. What should have happened?
c. What should happen next?
d. Who caused it?
78. d. The post-incident review after a disaster has occurred should focus
on what happened, what should have happened, and what should happen
next, but not on who caused it. Blaming people will not solve the
problem.
79. An effective element of damage control after a disaster occurs is
to:
a. Maintain silence.
b. Hold press conferences.
c. Consult lawyers.
d. Maintain secrecy.
79. b. Silence is guilt, especially during a disaster. How a company
appears to respond to a disaster can be as important as the response itself.
If the response is kept in secrecy, the press will assume there is some
reason for secrecy. The company should take time to explain to the press
what happened and what the response is. A corporate communications
professional should be consulted instead of a lawyer due to the
specialized knowledge of the former. A spokesperson should be selected
to contact media, issue an initial statement, provide background
information, and describe action plans, which are essential to minimize
the damage. The company lawyers may add restrictions to ensure that
everything is done accordingly, which may not work well in an
emergency.
80. Which of the following statements is not true? Having a disaster
recovery plan and testing it regularly:
a. Reduces risks
b. Affects the availability of insurance
c. Lowers insurance rates
d. Affects the total cost of insurance
80. c. Both underwriters and management are concerned about risk
reduction, availability of specific insurance coverage, and its total cost. A
good disaster recovery plan addresses these concerns. However, a good
plan is not a guarantee for lower insurance rates in all circumstances.
Insurance rates are determined based on averages obtained from loss
experience, geography, management judgment, the health of the
economy, and a host of other factors. Total cost of insurance depends on
the specific type of coverage obtained. It could be difficult or expensive
to obtain insurance in the absence of a disaster recovery plan. Insurance
provides a certain level of comfort in reducing risks but it does not
provide the means to ensure continuity of business operations.
81. When an organization is interrupted by a catastrophe, which of
the following cost categories requires management’s greatest
attention?
a. Direct costs
b. Opportunity costs
c. Hidden costs
d. Variable costs
81. c. Hidden costs are not insurable expenses and include (i)
unemployment compensation premiums resulting from layoffs in the
work force, (ii) increases in advertising expenditures necessary to
rebuild the volume of business, (iii) cost of training new and old
employees, and (iv) increased cost of production due to decline in
overall operational efficiency. Generally, traditional accounting systems
are not set up to accumulate and report the hidden costs. Opportunity
costs are not insurable expenses. They are costs of foregone choices, and
accounting systems do not capture these types of costs. Both direct and
variable costs are insurable expenses and are captured by accounting
systems.
82. Which of the following disaster-recovery alternative facilities
eliminates the possibility of competition for time and space with other
businesses?
a. Hot sites
b. Cold sites
c. Mirrored sites
d. Warm sites
82. c. A dedicated second site eliminates the threat of competition for
time and space with other businesses. These benefits coupled with the
ever-growing demands of today’s data and telecommunications networks
have paved the way for a new breed of mirrored sites (intelligent sites)
that can serve as both primary and contingency site locations. These
mirrored sites employ triple disaster avoidance systems covering power,
telecommunications, life support (water and sanitation), and 24-hour
security systems. Mirrored sites are fully redundant facilities with
automated real-time information mirroring. A mirrored site (redundant
site) is equipped and configured exactly like the primary site in all
technical respects. Some organizations plan on having partial redundancy
for a disaster recovery purpose and partial processing for normal
operations. The stocking of spare personal computers and their parts or
LAN servers also provide some redundancy. Hot, cold, and warm sites
are operated and managed by commercial organizations, whereas the
mirrored site is operated by the user organization.
83. The greatest cost in data management comes from which of the
following?
a. Backing up files
b. Restoring files
c. Archiving files
d. Journaling files
83. b. Manual tape processing has the tendency to cause problems at
restore time. Multiple copies of files exist on different tapes. Finding the
right tape to restore can become a nightmare, unless the software product
has automated indexing and labeling features. Restoring files is costly
due to the considerable human intervention required, causing delays.
Until the software is available to automate the file restoration process,
costs continue to be higher than the other choices. Backing up refers to a
duplicate copy of a data set that is held in storage in case the original data
are lost or damaged. Archiving refers to the process of moving
infrequently accessed data to less accessible and lower cost storage
media. Journaling applications post a copy of each transaction to both the
local and remote storage sites when applicable.
84. All the following need to be established prior to a crisis situation
except:
a. Public relationships
b. Credibility
c. Reputation
d. Goodwill
84. a. The other three choices (i.e., credibility, reputation, and goodwill)
need to exist in advance of a crisis situation. These qualities cannot be
generated quickly during a crisis. They take a long time to develop and
maintain, way before a disaster occurs. On the other hand, public (media)
relationships require a proactive approach during a disaster. This
includes distributing an information kit to the media at a moment’s
notice. The background information about the company in the kit must be
regularly reviewed and updated. When disaster strikes, it is important to
get the company information out early. By presenting relevant
information to the media, more time is available to manage the actual
day-to-day aspects of crisis communications during the disaster.
85. Which of the following disaster recovery plan testing options
should not be scheduled at critical points in the normal processing
cycle?
a. Checklist testing
b. Parallel testing
c. Full-interruption testing
d. Structured walk-through testing
85. c. Full-interruption testing, as the name implies, disrupts normal
operations and should be approached with caution.
86. The first step in successfully protecting and backing up
information in distributed computing environments is to determine
data:
a. Availability requirements
b. Accessibility requirements
c. Inventory requirements
d. Retention requirements
86. c. The first step toward protecting data is a comprehensive inventory
of all servers, workstations, applications, and user data throughout the
organization. When a comprehensive study of this type is completed,
various backup, access, storage, availability, and retention strategies can
be evaluated to determine which strategy best fits the needs of an
organization.
87. Which of the following natural disasters come with an advanced
warning sign?
a. Earthquakes and tornadoes
b. Tornadoes and hurricanes
c. Hurricanes and floods
d. Floods only
87. c. The main hazards caused by hurricanes most often involve the loss
of power, flooding, and the inability to access facilities. Businesses may
also be impacted by structural damage as well. Hurricanes are the only
events that give advanced warnings before the disaster strikes. Excessive
rains lead to floods. Earthquakes do not give advanced warnings.
Tornado warnings exist but provide little advance warning, and they are
often inaccurate.
88. The most effective action to be taken when a hurricane advance
warning is provided is to:
a. Declare the disaster early.
b. Install an uninterruptible power supply system.
c. Provide a backup water source.
d. Acquire gasoline-powered pumps.
88. a. The first thing is to declare the disaster as soon as the warning sign
is known. Protecting the business site is instrumental in continuing or
restoring operations in the event of a hurricane. Ways to do this include
an uninterruptible power supply (batteries and generators), a backup
water source, and a supply of gasoline-powered pumps to keep the lower
levels of the facility clear of floodwaters. Boarding up windows and
doors is good to protect buildings from high-speed flying debris and to
prevent looting.
89. Which of the following requires advance planning to handle a real
flood-driven disaster?
a. Call tree list, power requirements, and air-conditioning
requirements
b. Power requirements and air-conditioning requirements
c. Air-conditioning requirements and media communications
d. Call tree list and media communications
89. b. Power and air-conditioning requirements need to be determined in
advance to reduce the installation time frames. This includes diesel power
generators, fuel, and other associated equipment. Media communications
include keeping in touch with radio, television, and newspaper firms. The
call tree list should be kept current all the time so that the employee and
vendor-notification process can begin as soon as the disaster strikes. This
list includes primary and secondary employee names and phone numbers
as well as escalation levels.
90. Which of the following is of least concern in a local-area network
contingency plan?
a. Application systems are scheduled for recovery based on their
priorities.
b. Application systems are scheduled for recovery based on the
urgency of the information.
c. Application systems are scheduled for recovery based on a period
of downtime acceptable to the application users.
d. Application systems are scheduled for recovery based on a period
of downtime tolerable to the application programmers.
90. d. An alternative location is needed to ensure that critical applications
can continue to be processed when the local-area network (LAN) is
unavailable for an extended period of time. Application systems should
be scheduled for recovery and operation at the alternative site, based on
their priority, the urgency of the information, and the period of downtime
considered acceptable by the application users. It does not matter what the
application programmers consider acceptable because they are not the
direct users of the system.
91. After a disaster, at what stage should application systems be
recovered?
a. To the last online transaction completed
b. To the last batch processing prior to interruption
c. To the actual point of interruption
d. To the last master file update prior to interruption
91. c. The goal is to capture all data points necessary to restart a system
without loss of any data in the work-in-progress status. The recovery
team should recover all application systems to the actual point of the
interruption. The other three choices are incorrect because there could be
a delay in processing or posting data into master files or databases
depending on their schedules.
92. Which of the following may not reduce the recovery time after a
disaster strikes?
a. Writing recovery scripts
b. Performing rigorous testing
c. Refining the recovery plans
d. Documenting the recovery plans
92. d. Documenting the recovery plan should be done first and be
available to use during a recovery as a guidance. The amount of time and
effort in developing the plan has no bearing on the real recovery from a
disaster. On the other hand, the amount of time and effort spent on the
other three choices and the degree of perfection attained in those three
choices will definitely help in reducing the recovery time after a disaster
strikes. The more time spent on these three choices, the better the quality
of the plan. The key point is that documenting the recovery plan alone is
not enough because it is a paper exercise, showing guidance. The real
benefit comes from careful implementation of that plan in actions.
93. An organization’s effective presentation of disaster scenarios
should be based on which of the following?
a. Severity and timing levels
b. Risk and impact levels
c. Cost and timing levels
d. Event and incident levels
93. a. The disaster scenarios, describing the types of incidents that an
organization is likely to experience, should be based on events or
situations that are severe in magnitude (high in damages and longer in
outages), occurring at the worst possible time (i.e., worst-case scenario
with pessimistic time), resulting in severe impairment to the
organization’s ability to conduct and/or continue its business operations.
The planning horizon for these scenarios include short-term (i.e., less
than one month outage) and long-term (i.e., more than three month
outage), the severity magnitude levels include low, moderate, and high;
and the timing levels include worst possible time, most likely time, and
least likely time. The combination of high severity level and the worst
possible time is an example of high-risk scenario. The other three
choices are incorrect because they are not relevant directly to the disaster
scenarios in terms of severity and timing levels except that they support
the severity and timing levels indirectly.
94. The focus of disaster recovery planning should be on:
a. Protecting the organization against the consequences of a disaster
b. Probability that a disaster may or may not happen
c. Balancing the cost of recovery planning against the probability that
a disaster might actually happen
d. Selecting the best alternative backup processing facilities
94. a. The focus of disaster recovery planning should be on protecting
the organization against the consequences of a disaster, not on the
probability that it may or may not happen.
95. Which of the following statements is not true about the critical
application categories established for disaster recovery planning
purposes?
a. Predefined categories need not be followed during a disaster
because time is short.
b. Each category has a defined time frame to recover.
c. Each category has a priority level assigned to it.
d. The highest level category is the last one to recover.
95. a. It is important to define applications into certain categories to
establish processing priority. For example, the time for recovery of
applications in category I could be less than 8 hours after disaster
declaration (high priority). The time frame for recovery of category IV
applications could be less than 12 hours after disaster declaration (low
priority).
96. The decision to fully activate a disaster recovery plan is made
immediately:
a. After notifying the disaster
b. Before damage control
c. After damage assessment and evaluation
d. Before activating emergency systems
96. c. The decision to activate a disaster recovery plan is made after
damage assessment and evaluation is completed. This is because the real
damage from a disaster could be minor or major where the latter
involves full activation only after damage assessment and evaluation.
Minor damages may not require full activation as do the major ones. The
decision to activate should be based on cost-benefit analysis.
A list of equipment, software, forms, and supplies needed to operate
contingency category I (high priority) applications should be available to
use as a damage assessment checklist.
97. Which of the following IT contingency solutions requires a higher
bandwidth to operate?
a. Remote journaling
b. Electronic vaulting
c. Synchronous mirroring
d. Asynchronous mirroring
97. c. Depending on the volume and frequency of the data transmission,
remote journaling or electronic vaulting could be conducted over a
connection with limited or low bandwidth. However, synchronous
mirroring requires higher bandwidth for data transfers between servers.
Asynchronous mirroring requires smaller bandwidth connection.
98. The business continuity planning (BCP) process should focus on
providing which of the following?
a. Financially acceptable level of outputs and services
b. Technically acceptable level of outputs and services
c. Minimum acceptable level of outputs and services
d. Maximum acceptable level of outputs and services
98. c. The business continuity planning (BCP) process should safeguard
an organization’s capability to provide a minimum acceptable level of
outputs and services in the event of failures of internal and external
mission-critical information systems and services. The planning process
should link risk management and risk mitigation efforts to operate the
organization’s core business processes within the constraints such as a
disaster time.
99. Which of the following IT contingency solutions is useful over
larger bandwidth connections and shorter physical distances?
a. Synchronous mirroring
b. Asynchronous shadowing
c. Single location disk replication
d. Multiple location disk replication
99. a. The synchronous mirroring mode can degrade performance on the
protected server and should be implemented only over shorter physical
distances where bandwidth is larger that will not restrict data transfers
between servers. The asynchronous shadowing mode is useful over
smaller bandwidth connections and longer physical distances where
network latency could occur. Consequently, shadowing helps to preserve
the protected server ’s performance. Both synchronous and asynchronous
are techniques and variations of disk replication (i.e., single and multiple
location disk replication).
100. Regarding contingency planning, an organization obtains which
of the following to reduce the likelihood of a single point of failure?
a. Alternative storage site
b. Alternative processing site
c. Alternative telecommunications services
d. Redundant secondary system
100. c. An organization obtains alternative telecommunications services
to reduce the likelihood of encountering a single point of failure with
primary telecommunications services because of its high risk. The other
choices are not high-risk situations.
101. Which of the following is a prerequisite to developing a disaster
recovery plan?
a. Business impact analysis
b. Cost-benefit analysis
c. Risk analysis
d. Management commitment
101. d. Management commitment and involvement are always needed for
any major programs, and developing a disaster recovery plan is no
exception. Better commitment leads to greater funding and support. The
other three choices come after management commitment.
102. With respect to business continuity planning/disaster recovery
planning (BCP/DRP), risk analysis is part of which of the following?
a. Cost-benefit analysis
b. Business impact analysis
c. Backup analysis
d. Recovery analysis
102. b. The risk analysis is usually part of the business impact analysis. It
estimates both the functional and financial impact of a risk occurrence to
the organization and identifies the costs to reduce the risks to an
acceptable level through the establishment of effective controls. The
other three choices are part of the correct choice.
103. Which of the following disaster recovery plan testing approaches
is not recommended?
a. Desk-checking
b. Simulations
c. End-to-end testing
d. Full-interruption testing
103. d. Management will not allow stopping of normal production
operations for testing a disaster recovery plan. Some businesses operate
on a 24x7 schedule and losing several hours of production time is
tantamount to another disaster, financially or otherwise.
104. The business impact analysis (BIA) should critically examine the
business processes and which of the following?
a. Composition
b. Priorities
c. Dependencies
d. Service levels
104. c. The business impact analysis (BIA) examines business processes
composition and priorities, business or operating cycles, service levels,
and, most important, the business process dependency on mission-critical
information systems.
105. The major threats that a disaster recovery contingency plan
should address include:
a. Physical threats, software threats, and environmental threats
b. Physical threats and environmental threats
c. Software threats and environmental threats
d. Hardware threats and logical threats
105. c. Physical and environmental controls help prevent contingencies.
Although many of the other controls, such as logical access controls,
also prevent contingencies, the major threats that a contingency plan
addresses are physical and environmental threats, such as fires, loss of
power, plumbing breaks, or natural disasters. Logical access controls can
address both the software and hardware threats.
106. Which of the following is often a missing link in developing a
local-area network methodology for contingency planning?
a. Deciding which applications can be handled manually
b. Deciding which users must secure and back up their own-data
c. Deciding which applications are to be supported offsite
d. Deciding which applications can be handled as standalone personal
computer tasks
106. b. It is true that during a disaster, not all application systems have to
be supported while the local-area network (LAN) is out of service. Some
LAN applications may be handled manually, some as standalone PC tasks,
whereas others need to be supported offsite. Although these duties are
clearly defined, it is not so clear which users must secure and back up
their own data. It is important to communicate to users that they must
secure and back up their own data until normal LAN operations are
resumed. This is often a missing link in developing a LAN methodology
for contingency planning.
107. Which of the following uses both qualitative and quantitative
tools?
a. Anecdotal analysis
b. Business impact analysis
c. Descriptive analysis
d. Narrative analysis
107. b. The purpose of business impact analysis (BIA) is to identify
critical functions, resources, and vital records necessary for an
organization to continue its critical functions. In this process, the BIA
uses both quantitative and qualitative tools. The other three choices are
examples that use qualitative tools. Anecdotal records constitute a
description or narrative of a specific situation or condition.
108. With respect to BCP/DRP, single point of failure means which of
the following?
a. No production exists
b. No vendor exists
c. No redundancy exists
d. No maintenance exists
108. c. A single point of failure occurs when there is no redundancy in
data, equipment, facilities, systems, and programs. A failure of a
component or element may disable the entire system. Use of redundant
array of independent disks (RAID) technology provides greater data
reliability through redundancy because the data can be stored on multiple
hard drives across an array, thus eliminating single points of failure and
decreasing the risk of data loss significantly.
109. What is an alternative processing site that is equipped with
telecommunications but not computers?
a. Cold site
b. Hot site
c. Warm site
d. Redundant site
109. c. A warm site has telecommunications ready to be utilized but does
not have computers. A cold site is an empty building for housing
computer processors later but equipped with environmental controls (for
example, heat and air conditioning) in place. A hot site is a fully equipped
building ready to operate quickly. A redundant site is configured exactly
like the primary site.
110. Which of the following computer backup alternative sites is the
least expensive method and the most difficult to test?
a. Nonmobile hot site
b. Mobile hot site
c. Warm site
d. Cold site
110. d. A cold site is an environmentally protected computer room
equipped with air conditioning, wiring, and humidity control for
continued processing when the equipment is shipped to the location. The
cold site is the least expensive method of a backup site, but the most
difficult and expensive to test.
111. Which of the following is the correct sequence of events when
surviving a disaster?
a. Respond, recover, plan, continue, and test
b. Plan, respond, recover, test, and continue
c. Respond, plan, test, recover, and continue
d. Plan, test, respond, recover, and continue
111. d. The correct sequence of events to take place when surviving a
disaster is plan, test, respond, recover, and continue.
112. Which of the following tools provide information for reaching
people during a disaster?
a. Decision tree diagram
b. Call tree diagram
c. Event tree diagram
d. Parse tree diagram
112. b. A call tree diagram shows who to contact when a required person
is not available or not responding. The call tree shows the successive
levels of people to contact if no response is received from the lower
level of the tree. It shows the backup people when the primary person is
not available. A decision tree diagram shows all the choices available
with their outcomes to make a decision. An event tree diagram can be
used in project management, and a parse tree diagram can be used in
estimating probabilities and the nature of states in software engineering.
Scenario-Based Questions, Answers, and
Explanations
Use the following information to answer questions 1 through 7.
The GKM Company has just completed the business impact analysis
(BIA) for its data processing facilities. The continuity planning team found
in the risk analysis that there is a single point of failure in that backup tapes
from offsite locations are controlled by an individual who works for the
vendor. The contract for the vendor does not expire for 3 years.
1. Which of the following uses both qualitative and quantitative
tools?
a. Anecdotal analysis
b. Business impact analysis
c. Descriptive analysis
d. Narrative analysis
1. b. The purpose of BIA is to identify critical functions, resources, and
vital records necessary for an organization to continue its critical
functions. In this process, the BIA uses both quantitative and qualitative
tools. The other three choices are incorrect because they are examples
that use qualitative tools. Anecdotal records constitute a description or
narrative of a specific situation or condition.
2. With respect to business continuity planning/disaster recovery
planning (BCP/DRP), risk analysis is part of which of the following?
a. Cost-benefit analysis
b. Business impact analysis
c. Backup analysis
d. Recovery analysis
2. b. The risk analysis is usually part of the business impact analysis
(BIA). It estimates both the functional and financial impact of a risk
occurrence to the organization and identifies the costs to reduce the risks
to an acceptable level through the establishment of effective controls.
Cost-benefit analysis, backup analysis, and recovery analysis are part of
the BIA.
3. With respect to BCP/DRP, the BIA identifies which of the
following?
a. Threats and risks
b. Costs and impacts
c. Exposures and functions
d. Events and operations
3. a. BIA is the process of identifying an organization’s exposure to the
sudden loss of selected business functions and/or the supporting
resources (threats) and analyzing the potential disruptive impact of those
exposures (risks) on key business functions and critical business
operations. The BIA usually establishes a cost (impact) associated with
the disruption lasting varying lengths of time.
4. The business impact analysis (BIA) should critically examine the
business processes and which of the following?
a. Composition
b. Priorities
c. Dependencies
d. Service levels
4. c. The business impact analysis (BIA) examines business processes
composition and priorities, business or operating cycles, service levels,
and, most important, the business process dependency on mission-critical
information systems.
5. The major threats that a disaster recovery and contingency plan
should address include which of the following?
a. Physical threats, software threats, and environmental threats
b. Physical threats and environmental threats
c. Software threats and environmental threats
d. Hardware threats and logical threats
5. b. Physical and environmental controls help prevent contingencies.
Although many of the other controls, such as logical access controls,
also prevent contingencies, the major threats that a contingency plan
addresses are physical and environmental threats, such as fires, loss of
power, plumbing breaks, or natural disasters. Logical access controls can
address both the software and hardware threats.
6. Risks in the use of cellular radio and telephone networks during a
disaster include which of the following?
a. Security and switching office
b. Security and redundancy
c. Redundancy and backup power systems
d. Backup power systems and switching office
6. a. The airwaves are not secure, and a mobile telephone switching
office can be lost during a disaster. The cellular company may need a
diverse route from the cell site to another mobile switching office.
7. Contingency planning integrates the results of which of the
following?
a. Business continuity plan
b. Business impact analysis
c. Core business processes
d. Infrastructural services
7. b. Contingency planning integrates and acts on the results of the
business impact analysis. The output of this process is a business
continuity plan consisting of a set of contingency plans—with a single
plan for each core business process and infrastructure component. Each
contingency plan should provide a description of the resources, staff
roles, procedures, and timetables needed for its implementation.
A
Abstraction
(1) It is related to stepwise refinement and modularity of computer
programs. (2) It is presented in levels such as high-level dealing with
system/program requirements and low-level dealing with programming
issues.
Access
(1) The ability to make use of any information system (IS) or information
technology (IT) resources. (2) The ability to do something with
information in a computer. (3) Access refers to the technical ability to do
something (e.g., read, create, modify, or delete a file or execute a
program).
Acceptable level of risk
A judicious and carefully considered assessment that an IT activity or
network meets the minimum requirements of applicable security
directives. The assessment should take into account the value of IT assets,
threats and vulnerabilities, countermeasures and their efficacy in
compensating for vulnerabilities, and operational requirements.
Acceptable risk
A concern that is acceptable to responsible management, due to the cost
and magnitude of implementing controls.
Access aggregation
Combines access permissions either in one system or multiple systems for
system user or end-user convenience and efficiency and to eliminate
duplicate and unnecessary work. Access aggregation can be achieved
through single-sign on system (SSO), reduced sign-on system (RSO), or
other methods. Note that access aggregation must be compatible with a
user ’s authorized access rights, privileges, and permissions and cannot
exceed them because of an “authorization creep” problem, which is a
major risk. Access aggregation process must meet the following
requirements:
Support for the separation of duty concept to avoid conflict of
interest situations (administrative)
Support for the principles of least privilege and elimination of
authorization creep through reauthorization
Support for the controlled inheritance of access privileges
Support for safety through access constraint models such as static
and dynamic separation of duties (technical)
Support for safety so that no access permissions can be leaked to
unauthorized individuals, which can be implemented through
access control configurations and models
Support for proper mapping of subject, operation, object, and
attributes
Support for preventing or resolving access control policy
conflicts resulting in deadlock situation due to cyclic referencing
Support for a horizontal scope of access controls (across
platforms, applications, and enterprises)
Support for a vertical scope of access controls (between
operating systems, database management systems, networks, and
applications)
Access authority
An entity responsible for monitoring and granting access privileges for
other authorized entities.
Access category
One of the classes to which a user, a program, or a process may be
assigned on the basis of the resources or groups of resources that each
user, program, or process is authorized to use.
Access control
(1) What permits or restricts access to applications at a granular level,
such as per-user, per-group, and per-resources. (2) The process of
granting or denying specific requests for obtaining and using information
and related information processing services and to enter specific physical
facilities (e.g., buildings). (3) Procedures and controls that limit or detect
access to critical information resources. This can be accomplished through
software, biometrics devices, or physical access to a controlled space. (4)
Enables authorized use of a computer resource while preventing
unauthorized use or use in an unauthorized manner. (5) Access controls
determine what the users can do in a computer system. (6) Access controls
are designed to protect computer resources from unauthorized
modification, loss, or disclosure. (7) Access controls include both physical
access controls, which limit access to facilities and associated hardware,
and logical access controls, which prevent or detect unauthorized access to
sensitive data and programs stored or transmitted electronically.
Access control list (ACL)
A register of (1) users (including groups, machines, programs, and
processes) who have been given permission to use a particular system
resource and (2) the types of access they have been permitted. This is a
preventive and technical control.
Access control matrix
A table in which each row represents a subject, each column represents an
object, and each entry is the set of access rights for that subject to that
object.
Access control measures and mechanisms
Hardware and software features (technical controls), physical controls,
operational controls, management controls, and various combinations of
these designed to detect or prevent unauthorized access to an IT system and
to enforce access control. This is a preventive, detective, and technical
control.
Access control policy
The set of rules that define the conditions under which an access may take
place.
Access control software
(1) Vendor supplied system software, external to the operating system,
used to specify who has access to a system, who has access to specific
resources, and what capabilities are granted to authorized users. (2) Access
control software can generally be implemented in different modes that
provide varying degrees of protection, such as (i) denying access for
which the user is not expressly authorized, (ii) allowing access which is
not expressly authorized but providing a warning, or (iii) allowing access
to all resources without warning regardless of authority.
Access control triple
A type of access control specification in which a user, program, and data
items (a triple) are listed for each allowed operation.
Access deterrence
A design principle for security mechanisms based on a user ’s fear of
detection of violations of security policies rather than absolute prevention
of violations.
Access level
The hierarchical portion of the security level used to identify data
sensitivity and user clearance or authorization. Note: The access level and
the non-hierarchical categories form the sensitivity label of an object.
Access list
Synonymous with access control list (ACL).
Access logs
Access logs will capture records of computer events about an operating
system, an application system, or user activities. Access logs feed into
audit trails.
Access matrix
A two-dimensional array consisting of objects and subjects, where the
intersections represent permitted access types.
Access method
The technique used for selecting records in a file for processing, retrieval,
or storage
Access mode
A distinct operation recognized by protection mechanisms as possible
operations on an object. Read, write, and append are possible modes of
access to a file, while whereas “execute” is an additional mode of access to
a program.
Access password
A password used to authorize access to data and distributed to all those
who are authorized similar access to those data. This is a preventive and
technical control.
Access path
The sequence of hardware and software components significant to access
control. Any component capable of enforcing access restrictions, or any
component that could be used to bypass an access restriction should be
considered part of the access path. The access path can also be defined as
the path through which user requests travel, including the
telecommunications software, transaction processing software, and
applications software.
Access period
A segment of time, generally expressed on a daily or weekly basis, during
which access rights prevail.
Access port
A logical or physical identifier that a computer uses to distinguish
different terminal input/output data streams.
Access priorities
Deciding who gets what priority in accessing a system. Access priorities
are based on employee job functions and levels rather than data ownership.
Access privileges
Precise statements defining the extent to which an individual can access
computer systems and use or modify programs and data on the system.
Statements also define under what circumstances this access is allowed.
Access profiles
There are at least two types of access profiles: user profile and standard
profile. (1) A user profile is a set of rules describing the nature and extent
of access to each resource that is available to each user. (2) A standard
profile is a set of rules describing the nature and extent of access to each
resource that is available to a group of users with similar job duties, such
as accounts payable clerks.
Access rules
Clear action statements describing expected user behavior in a computer
system. Access rules reflect security policies and practices, business rules,
information ethics, system functions and features, and individual roles and
responsibilities, which collectively form access restrictions. Access rules
are often described as user security profiles (access profiles). Access
control software implements access rules.
Access time minimization
A risk reducing principle that attempts to avoid prolonging access time to
specific data or to the system beyond what is needed to carry out requisite
functionality.
Access type
The nature of an access right to a particular device, program, or file (e.g.,
read, write, execute, append, modify, delete, or create).
Accessibility
The ability to obtain the use of a computer system or a resource or the
ability and means necessary to store data, retrieve data, or communicate
with a system.
Account management, user
Involves (1) the process of requesting, establishing, issuing, and closing
user accounts, (2) tracking users and their respective access authorizations,
and (3) managing these functions.
Accountability
(1) The security goal that generates the requirement for actions of an entity
to be traced uniquely to that entity. This supports non-repudiation,
deterrence, fault isolation, intrusion detection and prevention, and after-
action recovery and legal action. (2) The property that enables system
activities to be traced to individuals who may then be held responsible for
their actions. This is a management and preventive control.
Accountability principle
A principle that calls for holding individuals responsible for their actions.
In computer systems, this is enabled through identification and
authentication, the specifications of authorized actions, and the auditing of
the user ’s activity.
Accreditation
The official management decision given by a senior officer to authorize
operation of an information system and to explicitly accept the risk to
organizations (including mission, functions, image, or reputation),
organization assets, or individuals, based on the implementation of an
agreed-upon set of security controls.
Accreditation authority
Official with the authority to formally assume responsibility for operating
an information system at an acceptable level of risk to organization
operations, assets, or individuals. Synonymous with authorizing official or
accrediting authority.
Accreditation boundary
All components of an information system to be accredited by an
authorizing official and excludes separately accredited systems, to which
the information system is connected.
Accreditation package
The evidence provided to the authorizing official to be used in the security
accreditation decision process. Evidence includes, but is not limited to (1)
the system security plan, (2) the assessment results from the security
certification, and (3) the plan of actions and milestones.
Accuracy
A qualitative assessment of correctness or freedom from error.
Acoustic cryptanalysis attack
An exploitation of sound produced during a computation. It is a general
class of a side channel attack (Wikipedia).
Activation data
Private data, other than keys, that is required to access cryptographic
modules.
Active attack
An attack on the authentication protocol where the attacker transmits data
to the claimant or verifier. Examples of active attacks include a man-in-the-
middle (MitM), impersonation, and session hijacking. Active attacks can
result in the disclosure or dissemination of data files, denial-of-service, or
modification of data.
Active content
Electronic documents that can carry out or trigger actions automatically
on a computer platform without the intervention of a user. Active content
technologies allow enable mobile code associated with a document to
execute as the document is rendered.
Active security testing
(1) Hands-on security testing of systems and networks to identity their
security vulnerabilities. (2) Security testing that involves direct interaction
with a target, such as sending packets to a target.
Active state
The cryptographic key lifecycle state in which a cryptographic key is
available for use for a set of applications, algorithms, and security entities.
Active wiretapping
The attaching of an unauthorized device, such as a computer terminal, to a
communications circuit for the purpose of obtaining access to data
through the generation of false messages or control signals or by altering
the communications of legitimate users.
Active-X
Software components downloaded automatically with a Web page and
executed by a Web browser. A loosely defined set of technologies
developed by Microsoft, Active-X is an outgrowth of two other Microsoft
technologies called OLE (Object Linking and Embedding) and COM
(Component Object Model). As a monitor, Active-X can be very confusing
because it applies to a whole set of COM-based technologies. Most people,
however, think only of Active-X controls, which represent a specific way
of implementing Active-X technologies.
Adaptive maintenance
Any effort initiated as a result of environmental changes (e.g. laws and
regulations) in which software must operate.
Address-based authentication
Access control is based on the IP address and/or hostname of the host
requesting information. It is easy to implement for small groups of users,
not practical for large groups of users. It is susceptible to attacks such as IP
spoofing and DNS poisoning.
Address resolution protocol (ARP)
A protocol used to obtain a node’s physical address. A client station
broadcasts an ARP request onto the network with the Internet Protocol (IP)
address of the target node with which it wants to communicate, and with
that address the node responds by sending back its physical address so that
packets can be transmitted to it.
Add-on security
(1) A retrofitting of protection mechanisms implemented by hardware or
software after the computer system becomes operational. (2) An
incorporation of new hardware, software, or firmware safeguards in an
operational information system.
Adequate security
This proposes that security should commensurate with the risk and the
magnitude of harm resulting from the loss, misuse, or unauthorized access
to or modification of information. This includes assuring that systems and
applications used operate effectively and provide appropriate
confidentiality, integrity, and availability services through the use of cost-
effective controls (i.e., management, operational, and technical controls).
Adj-routing information base (RIB)-in
Routes learned from inbound update messages from Border Gateway
Protocol (BGP) peers.
Adj-routing information base (RIB)-out
Routes that the Border Gateway Protocol (BGP) router will advertise,
based on its local policy, to its peers.
Administrative account
A user account with full privileges intended to be used only when
performing personal computer (PC) management tasks, such as installing
updates and application software, managing user accounts, and modifying
operating system (OS) and application settings.
Administrative law
Law dealing with legal principles that apply to government agencies.
Administrative safeguards
Administrative actions, policies, and procedures to manage the selection,
development, implementation, and maintenance of security measures to
protect electronic health information (e.g., HIPAA) and to manage the
conduct of the covered entity’s workforce in relation to protecting that
information.
Administrative security
The management constraints, operational procedures, accountability
procedures, and supplemental controls established to provide an acceptable
level of protection for sensitive data, programs, equipment, and physical
facilities. Synonymous with procedural security.
Admissible evidence
Evidence allowed in a court to be considered by the Trier of fact (such as,
jury and/or judge) in making a legal opinion, decision, or conclusion.
Admissible evidence must be relevant, competent, and material.
“Sufficient” is not part of the concept of admissibility of evidence because
it merely supports a legal finding.
Best evidence is admissible because it is the primary evidence (such as,
written instruments, such as contracts or deeds). Business records are also
admissible when they are properly authenticated as to their contents (that
is, notarized or stamped with official seal).
For example, (1) business records, such as sales orders and purchase
orders, usually come under hearsay evidence and were not admissible
before. They are admissible only when a witness testifies the identity and
accuracy of the record and describes its mode of preparation. Today, all
business records made during the ordinary course of business are
admissible if the business is a legitimate entity. (2) Photographs are
hearsay evidence, but they will be considered admissible if properly
authenticated by a qualified person who is familiar with the subject
portrayed and who can testify that the photograph is a good representation
of the subject, place, object, or condition.
Advanced data communications control procedure (ADCCP)
Advanced data communications control procedure (ADCCP) is an example
of sliding window protocol. ADCCP is a modified Synchronous Data Link
Control (SDLC), which became high-level data link control (HDLC), and
later became link access procedure B (LAPB) to make it more compatible
with HDLC (Tanenbaum).
Advanced encryption standard (AES)
The AES specifies a cryptographic algorithm that can be used to protect
electronic data. The AES algorithm is a symmetric block cipher that can
encrypt (encipher) and decrypt (decipher) information. Encryption
converts data to an unintelligible form called cipher text; decrypting the
cipher text converts the data back into its original form, called plaintext.
The AES algorithm is capable of using cryptographic keys of 128, 192,
and 256 bits to encrypt and decrypt data in blocks of 128 bits. AES is an
encryption algorithm for securing sensitive but unclassified material. The
combination of XEX tweakable block cipher with cipher text stealing
(XTS) and AES is called XTS-AES. The XTS-AES algorithm is designed
for the cryptographic protection of data on storage devices that use fixed
length data units. It is not designed for encryption of data in transit as it is
designed to provide confidentiality for the protected data. The XTS-AES
does not provide authentication or access control services.
Advanced persistent threat
An adversary with sophisticated levels of expertise and significant
resources use multiple different attacks vectors repeatedly (e.g., cyber,
physical, and deception) to generate attack opportunities to achieve its
objective.
Agent
(1) A program used in distributed denial denial-of-service (DDoS) attacks
that send malicious traffic to hosts based on the instructions of a handler,
also known as a bot. (2) A host-based intrusion detection and prevention
program that monitors and analyzes activity and may also perform
prevention actions.
Aggregation
The result of assembling or combining distinct units of data when handling
sensitive information. Aggregation of data at lower sensitivity level may
result in the total data being designated at a higher sensitivity level.
Aggressive mode
Mode used in Internet Protocol security (IPsec) phase 1 to negotiate the
establishment of the Internet key exchange security association (IKESA).
Agile defense
Agile defense can handle serious cyber attacks and supply chain attacks as
it employs the concept of information system resilience. Information
system resilience is the ability of systems to operate while under attack,
even in a degraded or debilitated state, and to rapidly recover operational
capabilities for essential functions after a successful attack.
Alarm reporting
An open system interconnection (OSI) term that refers to the
communication of information about a possible detected fault. This
information generally includes the identification of the network device or
network resource in which the fault was detected, the type of the fault, its
severity, and its probable cause.
Alarm surveillance
The set of functions that enable (1) the monitoring of the communications
network to detect faults and fault-related events or conditions, (2) the
logging of this information for future use in fault detection and other
network management activities, and (3) the analysis and control of alarms,
notifications, and other information about faults to ensure that resources of
network management are directed toward faults affecting the operation of
the communications network. Analysis of alarms consists of alarm
filtering, alarm correlation, and fault prediction. This is a management and
detective control.
Alert
(1) A notice of specific attack directed at an organization’s IT resources.
(2) A notification of an important observed event.
Amplifier attack
Like a reflector attack, an amplifier attack involves sending requests with a
spoofed source address to an intermediate host. However, an amplifier
attack does not use a single intermediate host; instead, its goal is to use a
whole network of intermediate hosts. It attempts to accomplish this action
by sending an ICMP or UDP request to an expected broadcast address,
hoping that many hosts will receive the broadcast and respond to it.
Because the attacker ’s request uses a spoofed source address, the responses
are all sent to the spoofed address, which may cause a DoS for that host or
the host’s network. Network administrators block amplifier attacks by
configuring border routers to not forward directed-broadcasts, but some
still permit them, which is a countermeasure.
Analog signal
A continuous electrical signal whose amplitude varies in direct correlation
with the original input.
Anomaly
Any condition that departs from the expected. This expectation can come
from documentation (e.g., requirements specifications, design documents,
and user documents) or from perceptions or experiences. An anomaly is
not necessarily a problem in the software but a deviation from the expected
so that errors, defects, faults, and failures are considered anomalies.
Anomaly-based detection
The process of comparing definitions of what activity is considered
normal against observed events to identify significant deviations.
Anti-jam
Countermeasures ensuring that transmitted information can be received
despite deliberate jamming attempts.
Anti-spoof
Countermeasures taken to prevent the unauthorized use of legitimate
identification & authentication (I&A) data, however it was obtained, to
mimic a subject different from the attacker.
Anti-virus software
A program that monitors a computer or network to identify all major types
of malware and prevent or contain malware incidents.
Applets
Small applications written in various programming languages
automatically downloaded and executed by applet-enabled World Wide
Web (WWW) browsers. Examples include Active-X and Java applets, both
of which have security concerns.
Applicant
A party undergoing the processes of registration and identity proofing.
Application
The use of information resources (information and information
technology) to satisfy a specific set of user requirements.
Application-based intrusion detection and prevention system
A host-based intrusion detection and prevention system (IDPS) that
performs monitoring for a specific application service only, such as a Web
server program or a database server program.
Application content filtering
It is performed by a software proxy agent to remove or quarantine viruses
that may be contained in e-mail attachments, to block specific multipurpose
Internet mail extension (MIME) types, or to filter other active content, such
as Java, JavaScript, and Active-X® Controls.
Application controls
Preventive, detective, and corrective controls designed to ensure the
completeness and accuracy of transaction processing, authorization, and
data validity.
Application firewall
(1) A firewall that uses stateful protocol analysis to analyze network traffic
for one or more applications. (2) A firewall system in which service is
provided by processes that maintain complete Transmission Control
Protocol (TCP) connection-state and sequencing. It often re-addresses
traffic so that outgoing traffic appears to have originated from the
firewall, rather than the internal host. In contrast to packet filtering
firewalls, this firewall must have knowledge of the application data
transfer protocol and often has rules about what may be transmitted.
Application layer
(1) That portion of an open system interconnection (OSI) system
ultimately responsible for managing communication between application
processes. (2) Provides security at the layer responsible for data that is sent
and received for particular applications such as DNS, HTTP, and SMTP.
Application programming interface (API)
An interface between an application and software service module or
operating system component. It is defined as a subroutine library.
Application-proxy gateway
(1) A firewall capability that combines lower-layer access control with
upper- layer functionality, and includes a proxy agent that acts as an
intermediary between two hosts that wish to communicate with each other.
(2) An application system that forwards application traffic through a
firewall. It is also called proxy server. Proxies tend to be specific to the
protocol they are designed to forward and may provide increased access
control or audit.
Application service provider (ASP)
An external organization provides online business application systems to
customers for a fee to ensure continuity of business. ASP operates with a
B2B e-commerce model.
Application software
Programs that perform specific tasks, such as word processing, database
management, or payroll. Software that interacts directly with some non-
software system (e.g., human or robot). A program or system intended to
serve a business or non-business function, which has a specific input,
processing, and output activities (e.g., accounts receivable and general
ledger systems).
Application system partitioning
The information system should separate user functionality, including user
interface services, from information system management functionality,
including databases, network components, workstations, or servers. This
separation is achieved through physical or logical methods using different
computers, different CPUs, different instances of the operating system,
different network addresses, or combination of these methods.
Application translation
A function that converts information from one protocol to another.
Architecture
A description of all functional activities performed to achieve the desired
mission, the system elements needed to perform the functions, and the
designation of performance levels of those system elements. Architecture
also includes information on the technologies, interfaces, and location of
functions and is considered an evolving description of an approach to
achieving a desired mission.
Archiving
Moving electronic files no longer being used to less accessible and usually
less expensive storage media for safekeeping. The practice of moving
seldom used data or programs from the active database to secondary
storage media such as magnetic tape or cartridge.
Assertion
A statement from a verifier to a relying party that contains identity
information about a subscriber. Assertions may also contain verified
attributes. Assertions may be digitally signed objects or they may be
obtained from a trusted source by a secure protocol.
Assessment method
One of three types of actions (i.e., examine, interview, and test) taken by
assessors in obtaining evidence during an assessment.
Assessment procedure
(1) A set of assessment objectives and an associated set of assessment
methods and assessment objects. (2) A set of activities or actions employed
by an assessor to determine the extent to which a security control is
implemented correctly, operating as intended, and producing the desired
outcome with respect to meeting the security requirements for the system.
Asset
A major application, general support system, high impact program,
physical plant, mission critical system or a logically related group of
systems. Any software, data, hardware, administrative, physical,
communications, or personnel resource within an IT system or activity.
Asset Valuation
IT assets include computers, business-oriented applications, system-
oriented applications, security-oriented applications, operating systems,
database systems, telecommunications systems, data center facilities,
hardware, computer networks, and data and information residing in these
assets. Assets can also be classified as tangible (physical such as
equipment) and intangible (non-physical, such as copyrights and patents).
Each type of asset has its own valuation methods.
The value of data and information can be measured by using two methods:
book value and current value. A relevant question to ask is what is the
worth of particular data to an insider (such as an owner, sponsor,
management employee, or non-management employee) and an outsider
(such as a customer, supplier, intruder, or competitor)? This means, the
value of information is measured by its value to others.
Sensitive criteria for computer systems are defined in terms of the value of
having, or the cost of not having, an application system or needed
information. The concept of information economics (that is, cost and
benefit) should be used here. Organizations should modernize inefficient
business processes to maximize the value and minimize the risk of IT
investments. The value of IT assets is determined by their replacement
cost, recovery cost, and penalty cost.
Information and data are collected and analyzed using several methods for
determining their value. Examples of data collection techniques include
checklists, questionnaires, interviews, and meetings. Examples of data
analysis techniques include both quantitative methods (objective methods
using net present value and internal rate of return calculations) and
qualitative methods (subjective methods using Delphi techniques and focus
groups).
Assurance
(1) The grounds for confidence that the set of intended security controls in
an information system are effective in their application. (2) It is one of the
five security goals. (3) It involves support for our confidence that the other
four security goals (integrity, availability, confidentiality, and
accountability) have been adequately met by a specific implementation.
“Adequately met” includes (i) functionality that performs correctly, (ii)
sufficient protection against unintentional errors (by users or software),
and (iii) sufficient resistance to intentional penetration or bypass. (4) It is
the grounds for confidence that an entity meets its security objectives.
Assurance testing
A process used to determine that the system’s security features are
implemented as designed and that they are adequate for the proposed
environment. This process may include hands-on functional testing,
penetration testing, and/or verification.
Asymmetric key algorithm
An encryption algorithm that requires two different keys for encryption
and decryption. These keys are commonly referred to as the public and
private keys. Asymmetric algorithms are slower than symmetric
algorithms. Furthermore, speed of encryption may be different from the
speed of decryption. Generally, asymmetric algorithms are either used to
exchange symmetric session keys or to digitally sign a message (e.g.,
RSA). Cryptography that uses separate keys for encryption and decryption;
also known as public-key cryptography.
Asymmetric key cryptography
Two related keys, a public key and a private key that are used to perform
complementary operations, such as encryption and decryption or signature
generation and signature verification.
Asynchronous attack
(1) An attempt to exploit the interval between a defensive act and the attack
in order to render inoperative the effect of the defensive act. For instance,
an operating task may be interrupted at once following the checking of a
stored parameter. The user regains control and malevolently changes the
parameter; the operating system regains control and continues processing
using the maliciously altered parameter. (2) It is an indirect attack on the
program by altering legitimate data or codes at a time when the program is
idle, then causing the changes to be added to the target program at later
execution.
Asynchronous transfer mode (ATM) network
Asynchronous transfer mode (ATM) network is a fast packet switching
network, which is the foundation for the broadband integrated services
digital network (B-ISDN). ATM uses cell technology to transfer data at
high speeds using packets of fixed size. The ATM network is a non-IP
wide-area network (WAN) because the Internet Protocol (IP) does not fit
well with the connection-oriented ATM network. IP is a connectionless
protocol.
Attack
(1) The realization of some specific threat that impacts the confidentiality,
integrity, accountability, or availability of a computational resource. (2)
The act of trying to bypass security controls on a system or a method of
breaking the integrity of a cipher. (3) An attempt to obtain a subscriber ’s
token or to fool a verifier into believing that an unauthorized individual
possesses a claimant’s token. (4) An attack may be active, resulting in the
alteration of data, or passive, resulting in the release of data. Note: The fact
that an attack is made does not necessarily mean it will succeed. The
degree of success depends on system vulnerability or activity and the
effectiveness of existing countermeasures.
Attack-in-depth strategy
Malicious code attackers use an attack-in-depth strategy in order to carry
out their goal. Single-point solutions cannot stop all of their attacks.
Defense-in-depth strategy can stop these attacks.
Attack signature
A specific sequence of events indicative of an unauthorized access attempt.
Attacker
(1) A party who is not the claimant or verifier but wishes wants to
successfully execute the authentication protocol as a claimant. (2) A party
who acts with malicious intent to assault an information system.
Attacker’s work factor
The amount of work necessary for an attacker to break the system or
network should exceed the value that the attacker would gain from a
successful compromise.
Attribute
A distinct characteristic of real-world objects often specified in terms of
their physical traits, such as size, shape, weight, and color. Objects in
cyber-world might have attributes describing things such as size, type of
encoding, and network address. Attributes are properties of an entity. An
entity is described by its attributes. In a database, the attributes of an entity
have their analogues in the fields of a record. In an object database,
instance variables may be considered attributes of the object.
Attribute-based access control (ABAC)
(1) Access control based on attributes associated with and about subjects,
objects, targets, initiators, resources, or the environment. It is an access
control ruleset that defines the combination of attributes under which an
access may take place. (2) An access control approach in which access is
mediated based on attributes associated with subjects (requesters) and the
objects to be accessed. Each object and subject has a set of associated
attributes, such as location, time of creation, and access rights. Access to
an object is authorized or denied depending upon whether the required
(e.g., policy-defined) correlation can be made between the attributes of that
object and of the requesting subject.
Attribute-based authorization
A structured process that determines when a user is authorized to access
information, systems, or services based on attributes of the user and of the
information, system, or service.
Attribute certificate
A live scan of a person’s biometric measure is translated into a biometric
template, which is then placed in an attribute certificate.
Audit
The independent examination of records and activities to assess the
adequacy of system controls, to ensure compliance with established
controls, policies, and operational procedures, and to recommend
necessary changes in controls, policies, or procedures.
Audit reduction tools
Preprocessors designed to reduce the volume of audit records to facilitate
manual review. Before a security review, these tools can remove many
audit records known to have little security significance. These tools
generally remove records generated by specified classes of events, such as
records generated by nightly backups.
Audit trail
(1) A chronological record of system activities that is sufficient to enable
the reconstruction and examination of the sequence of events and activities
surrounding or leading to an operation, procedure, or event in a security-
relevant transaction from inception to results. (2) A record showing who
has accessed an IT system and what operations the user has performed
during a given period. (3) An automated or manual set of records
providing documentary evidence of user transactions. (4) It is used to aid
in tracing system activities. This is a technical and detective control.
Auditability
Features and characteristics that allow verification of the adequacy of
procedures and controls and of the accuracy of processing transactions
and results in either a manual or automated system.
Authenticate
To confirm the identity of an entity when that identity is presented.
Authentication
(1) Verifying the identity of a user, process, or device, often as a
prerequisite to allowing access to resources in an information system. (2)
A process that establishes the origin of information or determines an
entity’s identity. (3) The process of establishing confidence of authenticity
and, therefore, the integrity of data. (4) The process of establishing
confidence in the identity of users or information system. (5) It is designed
to protect against fraudulent activity, authentication verifies the user ’s
identity and eligibility to access computerized information. It is proving
that users are who they claim to be and is normally paired with the term
identification. Typically, identification is performed by entering a name or
a user ID, and authentication is performed by entering a password,
although many organizations are moving to stronger authentication
methods such as smart cards and biometrics. Although the ability to sign
onto a computer system (enter a correct user ID and password) is often
called “accessing the system,” this is actually the identification and
authentication function. After a user has entered a system, access controls
determine which data the user can read or modify and what programs the
user can execute. In other words, identification and authentication come
first, followed by access control. Continuous authentication is most
effective. When two types of identification are used to authenticate a user, it
is called a two-factor authentication process.
Authentication code
A cryptographic checksum based on an approved security function (also
known as a message authentication code, MAC).
Authentication, electronic
The process of establishing confidence in user identities electronically
presented to an information system.
Authentication header (AH)
An Internet Protocol (IP) device used to provide connectionless integrity
and data origin authentication for IP datagrams.
Authentication-header (AH) protocol
IPsec security protocol that can provide integrity protection for packet
headers and data through authentication.
Authentication key (WMAN/WiMAX)
An authentication key (AK) is a key exchanged between the BS and SS/MS
to authenticate one another prior to the traffic encryption key (TEK)
exchange.
Authentication mechanism
A hardware- or software-based mechanism that forces users to prove their
identity before accessing data on a device.
Authentication mode
A block cipher mode of operation that can provide assurance of the
authenticity and, therefore, the integrity of data.
Authentication period
The maximum acceptable period between any initial authentication process
and subsequent re-authentication process during a single terminal session
or during the period data are accessed.
Authentication process
The actions involving (1) obtaining an identifier and a personal password
from a system user; (2) comparing the entered password with the stored,
valid password that is issued to, or selected by, the person associated with
that identifier; and (3) authenticating the identity if the entered password
and the stored password are the same. Note: If the enciphered password is
stored, the entered password must be enciphered and compared with the
stored ciphertext, or the ciphertext must be deciphered and compared with
the entered password. This is a technical and preventive control.
Authentication protocol
(1) A defined sequence of messages between a claimant and a verifier that
demonstrates that the claimant has control of a valid token to establish his
identity, and optionally, demonstrates to the claimant that he is
communicating with the intended verifier. (2) A well-specified message
exchange process that verifies possession of a token to remotely
authenticate a claimant. (3) Some authentication protocols also generate
cryptographic keys that are used to protect an entire session so that the data
transferred in the session is cryptographically protected.
Authentication tag
A pair of bit strings associated to data to provide assurance of its
authenticity.
Authentication token
Authentication information conveyed during an authentication exchange.
Authenticator
The means used to confirm the identity of a user, processor, or device
(e.g., user password or token).
Authenticity
(1) The property that data originated from its purported source. (2) The
property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message
originator. See authentication.
Authorization
(1) The privilege granted to an individual by management to access
information based upon the individual’s clearance and need-to-know
principle. (2) It determines whether a subject is trusted to act for a given
purpose (e.g., allowed to read a particular file). (3) The granting or
denying of access rights to a user, program, or process. (4) The official
management decision to authorize operation of an information system and
to explicitly accept the risk to organization operations, assets, or
individuals, based on the implementation of an agreed-upon set of security
controls. (5) Authorization is the permission to do something with
information in a computer, such as read a file. Authorization comes after
authentication. This is a management and preventive control.
Authorization boundary
All components of an information system to be authorized for operation.
This excludes separately authorized systems, to which the information
system is connected. It is same as information system boundary.
Authorization key pairs
Authorization key pairs are used to provide privileges to an entity. The
private key is used to establish the “right” to the privilege; the public key is
used to determine that the entity actually has the right to the privilege.
Authorization principle
The principle whereby allowable actions are distinguished from those that
are not.
Authorization process
The actions involving (1) obtaining an access password from a computer
system user (whose identity has already been authenticated, perhaps using a
personal password), (2) comparing the access password with the password
associated with protected data, and (3) authorizing access to data if the
entered password and stored password are the same.
Authorized
A system entity or actor that has been granted the right, permission, or
capability to access a system resource.
Automated key transport
The transport of cryptographic keys, usually in encrypted form, using
electronic means such as a computer network (e.g., key
transport/agreement protocols).
Automated password generator
An algorithm that creates random passwords that have no association with
a particular user.
Automated security monitoring
The use of automated procedures to ensure that security controls are not
circumvented. This is a technical and detective control.
Availability
(1) Ensuring timely and reliable access to and use of information by
authorized entities. (2) The ability for authorized entities to access systems
as needed.
Avoidance control
The separation of assets from threats or threats from assets so that risk is
minimized. Also, resource allocations are separated from resource
management.
Awareness (information security)
Activities which seek to focus an individual’s attention on an information
security issue or set of issues.
B
B2B
Business-to-business (B2B) is an electronic commerce model involving
sales of products and services among businesses (e.g., HP to Costco, EDI,
ASP, and exchanges and auctions). Both B2B and B2C e-commerce
transactions can take place using m-commerce technology. Reverse
auction is practiced in B2B or G2B e-commerce.
B2C
Business-to-consumer (B2C) is an electronic commerce model involving
sales of products and services to individual shoppers (e.g., Amazon.com,
Barnesandnoble.com, stock trading, and computer software/hardware
sales). Both B2B and B2C e-commerce transactions can take place using
m-commerce technology.
Backbone
A central network to which other networks connect. It handles network
traffic and provides a primary path to or from other networks.
Backdoor
A malicious program that listens for commands on a certain transmission
control protocol (TCP) or user datagram protocol (UDP) port.
Synonymous with trapdoor.
Backup
A copy of files and programs made to facilitate recovery if necessary. This
is an operational and preventive control and ensures the availability goal.
Backup computer facilities
A computer (data) center having hardware and software compatible with
the primary computer facility. The backup computer is used only in the
case of a major interruption or disaster at the primary computer facility. It
provides the ability for continued computer operations, when needed, and
should be established by a formal agreement. A duplicate of a hardware
system, of software, of data, or of documents intended as replacements in
the event of malfunction or disaster.
Backup operations
Methods for accomplishing essential business tasks subsequent to
disruption of a computer facility and for continuing operations until the
facility is sufficiently restored.
Backup plan
Synonymous with contingency plan.
Backup procedures
The provisions made for the recovery of data files and program libraries,
and for restart or replacement of computer equipment after the occurrence
of a system failure or of a disaster. Examples include normal (full) backup,
incremental backup, differential backup, image backup, file-by-file
backup, copy backup, daily backup, record-level backup, and zero-day
backup.
Bandwidth
Measures the data transfer capacity or speed of transmission in bits per
second. Bandwidth is the difference between the highest frequencies and
the lowest frequencies measured in a range of Hertz (that is, cycles per
second). Bandwidth compression can reduce the time needed to transmit a
given amount of data in a given bandwidth without reducing the
information content of the signal being transmitted. Bandwidth can
negatively affect the performance of networks and devices, if it is
inadequate.
Banner grabbing
The process of capturing banner information, such as application type and
version, that is transmitted by a remote port when a connection is initiated.
Base station (WMAN/WiMAX)
A base station (BS) is the node that logically connects fixed and mobile
subscriber stations (SSs) to operator networks. A BS consists of the
infrastructure elements necessary to enable wireless communications (i.e.,
antennas, transceivers, and other equipment).
Baseline (configuration management)
A baseline indicates a cut-off point in the design and development of a
configuration item beyond which configuration does not evolve without
undergoing strict configuration control policies and procedures. Note that
baselining is first and versioning is next.
Baseline (software)
(1) A set of critical observations or data used for comparison or control.
(2) A version of software used as a starting point for later versions.
Baseline architecture
The initial architecture that is or can be used as a starting point for
subsequent architectures or to measure progress.
Baseline controls
The minimum-security controls required for safeguarding an IT system
based on its identified needs for confidentiality, integrity, and/or
availability protection objectives. Three sets of baseline controls (i.e., low-
impact, moderate-impact, and high-impact) provide a minimum security
control assurance.
Baselining
Monitoring resources to determine typical utilization patterns so that
significant deviations can be detected.
Basic authentication
A technology that uses the Web server content’s directory structure.
Typically, all files in the same directory are configured with the same
access privileges using passwords, thus not secure. The problem is that all
password information is transferred in an encoded, rather than an
encrypted, form. These problems can be overcome using basic
authentication in conjunction with SSL/TLS.
Basis path testing
It is a white-box testing technique to measure the logical complexity of a
procedural design. The goal is to execute every computer program
statement at least once during testing realizing that many programs paths
could exist.
Basic testing
A test methodology that assumes no knowledge of the internal structure
and implementation details of the assessment object. Basic testing is also
known as black box testing.
Bastion host
A host system that is a “strong point” in the network’s security perimeter.
Bastion hosts should be configured to be particularly resistant to attack. In
a host-based firewall, the bastion host is the platform on which the firewall
software is run. Bastion hosts are also referred to as “gateway hosts.” A
bastion host is typically a firewall implemented on top of an operating
system that has been specially configured and hardened to be resistant to
attack.
Bearer assertion
An assertion that does not provide a mechanism for the subscriber to
prove that he is the rightful owner of the assertion. The relying party has to
assume that the assertion was issued to the subscriber who presents the
assertion or the corresponding assertion reference to the relying party.
Behavioral outcome
What an individual who has completed the specific training module is
expected to be able to accomplish in terms of IT security-related job
performance.
Benchmark testing
Uses a small set of data or transactions to check software performance
against predetermined parameters to ensure that it meets requirements.
Benchmarking
It is the comparison of core process performance with other components
of an internal organization or with leading external organizations.
Best practices
Business practices that have been shown to improve an organization’s IT
function as well as other business functions.
Beta testing
Use of a product by selected users before formal release.
Between-the-lines entry
(1) Access, obtained through the use of active wiretapping by an
unauthorized user, to a momentarily inactive terminal of a legitimate user
assigned to a communications channel. (2) Unauthorized access obtained
by tapping the temporarily inactive terminal of a legitimate use.
Binding
(1) Process of associating two related elements of information. (2) An
acknowledgment by a trusted third party that associates an entity’s identity
with its public key. This may take place through (i) certification authority’s
generation of a public key certificate, (ii) a security officer ’s verification
of an entity’s credentials and placement of the entity’s public key and
identifier in a secure database, or (iii) an analogous method.
Biometric access controls
Biometrics-based access controls are implemented using physical and
logical controls. They are most expensive and most secure compared to
other types of access control mechanisms.
Biometric information
The stored electronic information pertaining to a biometric. This
information can be in terms of raw or compressed pixels or in terms of
some characteristic (e.g., patterns).
Biometric system
An automated system capable of the following: (1) capturing a biometric
sample from an end user, (21) extracting biometric data from that sample,
(3) comparing the extracted biometric data with data contained in one or
more references, (4) deciding how well they match, and (5) indicating
whether or not an identification or verification of identity has been
achieved.
Biometric template
A characteristic of biometric information (e.g., minutiae or patterns).
Biometrics
(1) Automated recognition of individuals based on their behavioral and
biological characteristics. (2) A physical or behavioral characteristic of a
human being. (3) A measurable, physical characteristic or personal
behavioral trait used to recognize the identity, or verify the claimed
identity, of an applicant. Facial patterns, fingerprints, eye retinas and irises,
voice patterns, and hand measurements are all examples of biometrics. (4)
Biometrics may be used to unlock authentication tokens and prevent
repudiation of registration.
Birthday attack
An attack against message digest 5 (MD5), a hash function. The attack is
based on probabilities of two messages that hash to the same value
(collision) and then exploit it to attack. The attacker is looking for
“birthday” pairs—that is, two messages with the same hash values. This
attack is not feasible given today’s computer technology.
Bit error ratio
It is the number of erroneous bits divided by the total number of bits
transmitted, received, or processed over some stipulated period in a
telecommunications system.
Bit string
An ordered sequence of 0’s and 1’s. The leftmost bit is the most significant
bit of the string. The rightmost bit is the least significant bit of the string.
Black bag cryptanalysis
A euphemism for the acquisition of cryptographic secrets via burglary, or
the covert installation of keystroke logging or Trojan horse software on
target computers or ancillary devices. Surveillance technicians can install
bug concealed equipment to monitor the electromagnetic emissions of
computer displays or keyboards from a distance of 20 or more meters and
thereby decode what has been typed. It is not a mathematical or technical
cryptanalytic attack, and the law enforcement authorities can use a sneak-
and-peek search warrant on a keystroke logger (Wikipedia).
Black box testing
A test methodology that assumes no knowledge of the internal structure
and implementation detail of the assessment object. It examines the
software from the user ’s viewpoint and determines if the data are
processed according to the specifications, and it does not consider
implementation details. It verifies that software functions are performed
correctly. It focuses on the external behavior of a system and uses the
system’s functional specifications to generate test cases. It ensures that the
system does what it is supposed to do and does not do what it is not
supposed to do. It is also known as generalized testing or functional
testing, and should be combined with white box testing for maximum
benefit because neither one by itself does a thorough testing job. Black box
testing is functional analysis of a system. Basic testing is also known as
black box testing.
BLACK concept (encryption)
It is a designation applied to encrypted data/information and the
information systems, the associated areas, circuits, components, and
equipment processing of that data and information. It is a separation of
electrical and electronic circuits, components, equipment, and systems that
handle unencrypted information (RED) in electrical form from those that
handle encrypted information (BLACK) in the same form.
Black core
A communications network architecture in which user data traversing a
core Internet Protocol (IP) network is end-to-end encrypted at the IP layer.
Blackholing
Blackholing occurs when traffic is sent to routers that drop some or all of
the packets. Synonymous with blackhole.
Blacklisting
It is the process of the system invalidating a user ID based on the user ’s
inappropriate actions. A blacklisted user ID cannot be used to log on to the
system, even with the correct authenticator. Blacklisting also applies to (1)
blocks placed against IP addresses to prevent inappropriate or
unauthorized use of Internet resources, (2) blocks placed on domain names
known to attempt brute force attacks, (3) a list of e-mail senders who have
previously sent spam to a user, and (4) a list of discrete entities, such as
hosts or applications, that have been previously determined to be
associated with malicious activity. Placing blacklisting and lifting
blacklisting are both security-relevant events. Web content filtering
software uses blacklisting to prevent access to undesirable websites.
Synonymous with blacklists.
Blended attack
(1) An instance of malware that uses multiple infection or transmission
methods. (2) Malicious code that uses multiple methods to spread.
Blinding
Generating network traffic that is likely to trigger many alerts in a short
period of time, to conceal alerts triggered by a “real” attack performed
simultaneously.
Block
Sequence of binary bits that comprise the input, output, state, and round
key. The length of a sequence is the number of bits it contains. Blocks are
also interpreted as arrays of bytes. A block size is the number of bits in an
input (or output) block of the block cipher.
Block cipher algorithm
(1) A symmetric key cryptographic algorithm that transforms a block of
information at a time using a cryptographic key. (2) A family of functions
and their inverse functions that is parameterized by a cryptographic key;
the functions map bit strings of a fixed length to bit strings of the same
length. The length of the input block is the same as the length of the output
block. A bit string is an ordered sequence of 0’s and 1’s and a bit is a
binary digit of 0 or 1.
Block mirroring
A method to provide backup, redundancy, and failover processes to ensure
high-availability systems. Block mirroring is performed on an alternative
site preferably separate from the primary site. Whenever a write is made to
a block on a primary storage device at the primary site, the same write is
made to an alternative storage device at the alternative site, either within
the same storage system, or between separate storage systems, at different
locations.
Blue team
A group of people responsible for defending an enterprise’s use of
information systems by maintaining its security posture against a group of
mock attackers (i.e., the red team). The blue team must defend against real
or simulated attacks.
Bluetooth
A wireless protocol developed as a cable replacement to allow two
equipped devices to communicate with each other (e.g., a fax machine to a
mobile telephone) within a short distance such as 30 feet. The Bluetooth
system connects desktop computers to peripherals (e.g., printers and fax
machines) without wires.
Body of evidence
The set of data that documents the information system's adherence to the
security controls applied. When needed, this may be used in a court of law
as external evidence.
Bogon addresses
Bogon (bogus) addresses refer to an IP address that is reserved but not yet
allocated by the Internet registry. Attackers use these addresses to attack so
bogon address filters must be updated constantly.
Boot-sector virus
A virus that plants itself in a system’s boot sector and infects the master
boot record (MBR) of a hard drive or the boot sector of a removable
media. This boot sector is read as part of the system startup, and thus they
are loaded into memory when the computer first boots up. When in
memory, a boot-sector virus can infect any hard disk or floppy accessed
by the user. With the advent of more modern operating systems and a great
reduction in users sharing floppies, there has been a major reduction in
this type of virus. These viruses are now relatively uncommon.
Border Gateway Protocol (BGP)
An Internet routing protocol used to pass routing information between
different administrative domains.
Border Gateway Protocol (BGP) flapping
A situation in which BGP sessions are repeatedly dropped and restarted,
normally as a result of line or router problems.
Border Gateway Protocol (BGP) peer
A router running the BGP protocol that has an established BGP session
active.
Border Gateway Protocol (BGP) session
A Transmission Control Protocol (TCP) session in which both ends are
operating BGP and have successfully processed an OPEN message from
the other end.
Border Gateway Protocol (BGP) speaker
Any router running the BGP protocol.
Border router
Border router is placed at the network perimeter. It can act as a basic
firewall.
Botnet
Botnet is a jargon term for a collection of software robots, or bots, which
run autonomously. A botnet’s originator can control the group remotely,
usually through a means such as Internet relay chat (IRC), and usually for
nefarious purposes. A botnet can comprise a collection of cracked
machines running programs (usually referred to as worms, Trojan horses,
or backdoors) under a common command and control infrastructure.
Botnets are often used to send spam e-mails, launch DoS attacks, phishing
attacks, and viruses.
Bound metadata
Metadata associated with a cryptographic key and protected by the
cryptographic key management system against unauthorized modification
and disclosure. It uses a binding operation that links two or more data
elements such that the data elements cannot be modified or replaced
without being detected.
Boundary
A physical or logical perimeter of a system.
Boundary protection
Monitoring and control of communications (1) at the external boundary
between information systems completely under the management and
control of the organization and information systems not completely under
the management and control of the organization, and (2) at key internal
boundaries between information systems completely under the
management and control of the organization.
Boundary protection employs managed interfaces and boundary protection
devices.
Boundary protection device
A device with appropriate mechanisms that (1) facilitates the adjudication
of different interconnected system security policies (e.g., controlling the
flow of information into or out of an interconnected system); and/or (2)
monitors and controls communications at the external boundary of an
information system to prevent and detect malicious and other unauthorized
communications. Boundary protection devices include such components as
proxies, gateways, routers, firewalls, hardware/software guards, and
encrypted tunnels.
Boundary router
A boundary router is located at the organization’s boundary to an external
network. A boundary router is configured to be a packet filter firewall.
Boundary value analysis
The purpose of boundary value analysis is to detect and remove errors
occurring at parameter limits or boundaries. Tests for an application
program should cover the boundaries and extremes of the input classes.
Breach
The successful and repeatable defeat (circumvention) of security controls
with or without detection or an arrest, which if carried to completion,
could result in a penetration of the system. Examples of breaches are (1)
operation of user code in master mode, (2) unauthorized acquisition of
identification password or file access passwords, (3) accessing a file
without using prescribed operating system mechanisms, and (4)
unauthorized access to data/program library. Attack + Breach =
Penetration.
Bridge
A device used to link two or more homogeneous local-area networks
(LANs). A bridge does not change the contents of the frame being
transmitted but acts as a relay. It is a device that connects similar LANs
together to form an extended LAN. It is protocol-dependent. Bridges and
switches are used to interconnect different LANs. A bridge operates in the
data link layer of the ISO/OSI reference model.
Brokered trust
Describes the case where two entities do not have direct business
agreements with each other, but do have agreements with one or more
intermediaries so as to enable a business trust path to be constructed
between the entities. The intermediary brokers operate as active entities,
and are invoked dynamically via protocol facilities when new paths are to
be established.
Brooke’s law
States that adding more people to a late project makes the project even
more delayed.
Brouters
Routers that can also bridge, route one or more protocols, and bridge all
other network traffic. Brouters = Routers + Bridges.
Browser
A client program used to interact on the World Wide Web (WWW).
Browser-based threats
Examples include (1) masquerading attacks resulting from untrusted code
that was accepted and executed code that was developed elsewhere, (2)
gaining unauthorized access to computational resources residing at the
browser (e.g., security options) or its underlying platform (e.g., system
registry), and (3) using authorized access based on the user ’s identity in an
unexpected and disruptive fashion (e.g., to invade privacy or deny service).
Browsing
The act of searching through storage to locate or acquire information
without necessarily knowing the existence or the format of the information
being sought.
Brute force attack
A form of guessing attack in which the attacker uses all possible
combinations of characters from a given character set and for passwords
up to a given length. A form of brute force attack is username harvesting,
where applications differentiate between an invalid password and an
invalid username, which allows attackers to construct a list of valid user
accounts. Countermeasures against brute force attacks include strong
authentication with SSL/TLS, timeouts with delays, lockouts of user
accounts, password policy with certain length and mix of characters,
blacklists of IP addresses and domain names, and logging of invalid
password attempts.
Bucket brigade attack
A type of attack that takes advantage of the store-and-forward mechanism
used by insecure networks such as the Internet. It is similar to the man-in-
the middle attack.
Buffer
An area of random access memory or CPU used to temporarily store data
from a disk, communication port, program, or peripheral device.
Buffer overflow attack
(1) A method of overloading a predefined amount of space in a buffer,
which can potentially overwrite and corrupt data in memory. (2) It is a
condition at an interface under which more input can be placed into a
buffer or data holding area than the capacity allocated, overwriting other
information. Attackers exploit such a condition to crash a system or to
insert specially crafted code that allows them to gain control of the system.
Bus topology
A bus topology is a network topology in which all nodes (i.e., stations) are
connected to a central cable (called the bus or backbone) and all stations
are attached to a shared transmission medium. Note that linear bus
topology is a variation of bus topology.
Business continuity plan (BCP)
The documentation of a predetermined set of instructions or procedures
that describe how an organization’s business functions will be sustained
during and after a significant disruption.
Business impact analysis (BIA)
An analysis of an IT system’s requirements, processes, and
interdependencies used to characterize system contingency requirements
and priorities in the event of a significant disruption.
Business process improvement (BPI)
It focuses on how to improve an existing process or service. BPI is also
called continuous process improvement.
Business process reengineering (BPR)
It focuses on improving efficiency, reducing costs, reducing risks, and
improving service to internal and external customers. Radical change is an
integral part of BPR.
Business recovery/resumption plan (BRP)
The documentation of a predetermined set of instructions or procedures
that describe how business processes will be restored after a significant
disruption has occurred.
Business rules processor
The sub-component of a service-oriented architecture (SOA) that manages
and executes the set of complex business rules that represent the core
business activity supported by the component.
Bypass capability
The ability of a service to partially or wholly circumvent encryption or
cryptographic authentication.
C
C2C
Consumer-to-consumer (C2C) is an electronic commerce model involving
consumers selling directly to consumers (e.g., eBay).
Cache attack
Computer processors are equipped with a cache memory, which decreases
the memory access latency. First, the processor looks for the data in cache
and then in the memory. When the data is not where the processor is
expecting, a cache-miss occurs. The cache-miss attacks enable an
unprivileged process to attack other processes running in parallel on the
same processor, despite partitioning methods used (for example, memory
protection, sandboxing, and virtualization techniques). Attackers use the
cache-miss situation to attack weak symmetric encryption algorithms (for
example, DES). AES is stronger than DES, and the former should be used
during the execution of a processor on a known plaintext.
Callback
Procedure for identifying and authenticating a remote information system
terminal, whereby the host system disconnects the terminal and
reestablishes the contact.
Campus-area network (CAN)
An interconnected set of local-area networks (LANs) in a limited
geographical area such as a college campus or a corporate campus.
Capability list
A list attached to a subject ID specifying what accesses are allowed to the
subject.
Capability maturity model (CMM)
CMM is a five-stage model of how software organizations improve, over
time, in their ability to develop software. Knowledge of the CMM provides
a basis for assessment, comparison, and process improvement. The
Carnegie Mellon Software Engineering Institute (SEI) has developed the
CMM.
Capture
The method of taking a biometric sample from an end user.
Capturing (password)
The act of an attacker acquiring a password from storage, transmission, or
user knowledge and behavior.
Cardholder
An individual possessing an issued personal identity verification (PIV)
card.
Carrier sense multiple access (CSMA) protocols
Carrier sense multiple access (CSMA) protocols listen to the channel for a
transmitting carrier and act accordingly. If the channel is busy, the station
waits until it becomes idle. When the station detects an idle channel, it
transmits a frame. If collision occurs, the station waits a random amount of
time and starts all over again. The goal is to avoid a collision or detect a
collision (CSMA/CA and CSMA/CD). The CSMA/CD is used on LANs in
the MAC sublayer, and it is the basis of Ethernet.
CERT/CC
See computer emergency response team coordination center (CERT/CC)
Certificate
(1) A set of data that uniquely identifies a key pair and an owner that is
authorized to use the key pair. The certificate contains the owner ’s public
key and possibly other information, and is digitally signed by a
Certification Authority (i.e., a trusted party), thereby binding the public key
to the owner. Additional information in the certificate could specify how
the key is used and its crypto-period. (2) A digital representation of
information which at least (i) identifies the certification authority issuing
it, (ii) names or identifies its subscriber, (iii) contains the subscriber ’s
public key, (iv) identifies its operational period, and (v) is digitally signed
by the certification authority issuing it.
Certificate management protocol (CMP)
Both certification authority (CA) and registration authority (RA) software
supports the use of certificate management protocol (CMP).
Certificate policy (CP)
A certificate policy is a specialized form of administrative policy tuned to
electronic transactions performed during certificate management. A CP
addresses all aspects associated with the generation, production,
distribution, accounting, compromise recovery, and administration of
digital certificates. Indirectly, a CP can also govern the transactions
conducted using a communications system protected by a certificate-based
security system. By controlling critical certificate extensions, such policies
and associated enforcement technology can support provision of the
security services required by particular applications.
Certificate-related information
Information such as a subscriber ’s postal address that is not included in a
certificate. May be used by a certification authority (CA) managing
certificates.
Certificate revocation list (CRL)
A list of revoked but unexpired public key certificates created and digitally
signed or issued by a certification authority (CA).
Certificate status authority
A trusted entity that provides online verification to a relying party of a
subject certificate’s trustworthiness, and may also provide additional
attribute information for the subject certificate.
Certification
Certification is a comprehensive assessment of the management,
operational, and technical security controls in an information system,
made in support of security accreditation, to determine the extent to which
the controls are implemented correctly, operating as intended, and
producing the desired outcome with respect to meeting the security
requirements for the system.
Certification and accreditation (C&A)
Certification is a comprehensive assessment of the management,
operational, and technical security controls in an information system,
made in support of security accreditation, to determine the extent to which
the controls are implemented correctly, operating as intended, and
producing the desired outcome with respect to meeting the security
requirements for the system.
Accreditation is the official management decision given by a senior officer
to authorize operation of an information system and to explicitly accept the
risk to organization operations (including mission, functions, image, or
reputation), organization assets, or individuals, based on the
implementation of an agreed-upon set of security controls. It is the
administrative act of approving a computer system for use in a particular
application. It is a statement that specifies the extent to which the security
measures meet specifications. It does not imply a guarantee that the
described system is impenetrable. It is an input to the security approval
process. This is a management and preventive control.
Certification agent
The individual group or organization responsible for conducting a
security certification.
Certification authority (CA)
(1) The entity in a public key infrastructure (PKI) that is responsible for
issuing certificates and exacting compliance with a PKI policy. (2) A
trusted entity that issues and revokes public key certificates to end entities
and other CAs. CAs issue certificate revocation lists (CRLs) periodically,
and post certificates and CRLs to a repository.
Certification authority facility
The collection of equipment, personnel, procedures, and buildings
(offices) that are used by a CA to perform certificate issuance and
revocation.
Certification practice statement (CPS)
A formal statement of the practices that certification authority (CA)
employs in issuing, suspending, revoking, and renewing certificates and
providing access to them, in accordance with specific requirements (i.e.,
requirements specified in the certificate policy, or requirements specified
in a contract for services).
Chain-in-depth
The market analysis in the supply chain strategy to identify alternative
integrators/suppliers (level 1), the suppliers of the integrators/suppliers
(level 2), or the suppliers of the suppliers of the integrators/suppliers
(level 3), and other deep levels, thus providing a supply chain-in-depth
analysis.
Chain of custody
A process that tracks the movement of evidence through its collection,
safeguarding, and analysis life cycle by documenting each person who
handled the evidence, the date/time it was collected or transferred, and the
purpose for the transfer.
Chain of evidence
A process of recording that shows who obtained the evidence, where and
when the evidence was obtained, who secured the evidence, where it was
stored, and who had control or possession of the evidence. The chain of
evidence ties to the rules of evidence and the chain of custody.
Chain of trust
A chain of trust requires that the organization establish and retain a level of
confidence that each participating external service provider in the
potentially complex consumer-provider relationship provides adequate
protection for the services rendered to the organization.
Chained checksum
A checksum technique in which the hashing function is a function of data
content and previous checksum values.
Challenge handshake authentication protocol (CHAP)
An authentication mechanism for point-to-point protocol (PPP)
connections that encrypt the user ’s password. It uses a three-way handshake
between the client and the server.
Challenge-response
An authentication procedure that requires calculating a correct response to
an unpredictable challenge.
Challenge-response protocol
An authentication protocol where the verifier sends the claimant a
challenge (usually a random value or a nonce) that the claimant combines
with a shared secret (often by hashing the challenge and secret together) to
generate a response that is sent to the verifier. The verifier knows the
shared secret and can independently compute the response and compare it
with the response generated by the claimant. If the two are the same, the
claimant is considered to have successfully authenticated himself. When
the shared secret is a cryptographic key, such protocols are generally
secure against eavesdroppers. When the shared secret is a password, an
eavesdropper does not directly intercept the password itself, but the
eavesdropper may be able to find the password with an offline password
guessing attack.
Channel scanning
Changing the channel being monitored by a wireless intrusion detection
and prevention system.
Chatterbots
Bots that can talk (chat) using animation characters.
Check-digit
A check-digit calculation helps ensure that the primary key or data is
entered correctly. This is a technical and detective control.
Check-point
Restore procedures are needed before, during, or after completion of
certain transactions or events to ensure acceptable fault-recovery.
Checksum
A value automatically computed on data to detect error or manipulation
during transmission. It is an error-checking technique to ensure the
accuracy of data transmission. The number of bits in a data unit is summed
and transmitted along with the data. The receiving computer then checks
the sum and compares. Digits or bits are summed according to arbitrary
rules and used to verify the integrity of data (that is, changes to data). This
is a technical and detective control.
Chief information officer (CIO)
A senior official responsible for (1) providing advice and other assistance
to the head of the organization and other senior management personnel of
the organization to ensure that information technology is acquired and
information resources are managed in a manner that is consistent with
laws, executive orders, directives, policies, regulations, and priorities
established by the head of the organization; (2) developing, maintaining,
and facilitating the implementation of a sound and integrated information
technology architecture for the organization; and (3) promoting the
effective and efficient design and operation of all major information
resources management processes for the organization, including
improvements to work processes of the organization.
Chokepoint
A chokepoint creates a bottleneck in a system, whether the system is a
social, natural, civil, military, or computer system. For example, the
installation of a firewall in a computer system between a local network and
the Internet creates a chokepoint and makes it difficult for an attacker to
come through that network channel. In graph theory and network analysis,
a chokepoint is any node in a network with a high centrality (Wikipedia).
Cipher
(1) A series of transformations that converts plaintext to ciphertext using
the cipher key. (2) A cipher block chaining-message authentication code
(CBC-MAC) algorithm. (3) A secret-key block-cipher algorithm used to
encrypt data and to generate a MAC to provide assurance that the payload
and the associated data are authentic.
Cipher key
Secret, cryptographic key that is used by the Key Expansion Routine to
generate a set of Round Keys; can be pictured as a rectangular array of
bytes, having four rows and NK columns.
Cipher suite
Negotiated algorithm identifiers, which are understandable in human
readable form using a pneumonic code.
Ciphertext
(1) Data output from the cipher or input to the inverse cipher. (2) The
result of transforming plaintext with an encryption algorithm. (3) It is the
encrypted form of a plaintext message of data. Also known as crypto-text
or enciphered information.
Circuit-level gateway firewall
A type of firewall that can be used either as a stand-alone or specialized
function performed by an application-level gateway. It does not permit an
end-to-end Transmission Control Protocol (TCP) connection. This
firewall can be configured to support application-level service on inbound
connections and circuit-level functions for outbound connections. It incurs
overhead when examining the incoming application data for forbidden
functions but does not incur that overhead on outgoing data.
Civil law
Law that deals with suits for breach of contract or tort cases, such as suits
for personal injuries.
Claimant
(1) A party whose identity is to be verified using an authentication
protocol. (2) An entity which is or which represents a principal for the
purposes of authentication, together with the functions involved in an
authentication exchange on behalf of that entity. (3) A claimant acting on
behalf of a principal must include the functions necessary for engaging in
an authentication exchange (e.g., a smart card (claimant) can act on behalf
of a human user (principal)).
Claimed signatory
From the verifier ’s perspective, the claimed signatory is the entity that
purportedly generated a digital signature.
Class
(1) A set of objects that share a common structure and a common behavior.
(2) A generic description of an object type consisting of instance variables
and method definitions. Class definitions are templates from which
individual objects can be created.
Class hierarchy
Classes can naturally be organized into structures (tree or network) called
class hierarchies. In a hierarchy, a class may have zero or more
superclasses above it in the hierarchy. A class may have zero or more
classes below, referred to as its subclasses.
Class object
A class definition. Class definitions are objects that are instances of a
generic class, or metaclass.
Classification
A determination that information requires a specific degree of protection
against unauthorized disclosure together with a designation signifying that
such a determination has been made.
Classification level
It is the security level of an object.
Classified information
Information that has been determined to require protection against
unauthorized disclosure and is marked to indicate its classified status when
in documentary form.
CleanRoom development approach
A radical departure from the traditional waterfall software development
approach. The entire team of designers, programmers, testers,
documenters, and customers is involved throughout the system
development lifecycle. The project team reviews the programming code as
it develops it, and the code is certified incrementally. There is no need for
unit testing due to code certification, but the system testing and integration
testing are still needed.
Clearance level
It is the security level of a subject.
Clearing
The overwriting of classified information on magnetic media such that the
media may be reused. This does not lower the classification level of the
media. Note: Volatile memory can be cleared by removing power to the
unit for a minimum of 1 minute.
Click fraud
Deceptions and scams that inflate advertising bills with improper charge
per click in an online advertisement on the Web.
Client (application)
A system entity, usually a computer process acting on behalf of a human
user that makes use of a service provided by a server.
Client/server architecture
An architecture consisting of server programs that await and fulfill
requests from client programs on the same or another computer.
Client/server authentication
The secure sockets layer (SSL) and transport layer security (TLS) provide
client and server authentication and encryption of Web communications.
Client/server model
The client-server model states that a client (user), whether a person or a
computer program, may access authorized services from a server (host)
connected anywhere on the distributed computer system. The services
provided include database access, data transport, data processing, printing,
graphics, electronic mail, word processing, or any other service available
on the system. These services may be provided by a remote mainframe
using long-haul communications or within the user ’s workstation in real-
time or delayed (batch) transaction mode. Such an open access model is
required to permit true horizontal and vertical integration.
Client-side scripts
The client-side scripts such as JavaScript, JavaApplets, and Active-X
controls are used to generate dynamic Web pages.
Cloning
The practice of re-programming a phone with a mobile identification
number and an electronic serial number pair from another phone.
Close-in attacks
They consist of a regular type of individual attaining close physical
proximity to networks, systems, or facilities for the purpose of modifying,
gathering, or denying access to information. Close physical proximity is
achieved through surreptitious entry, open access, or both.
Closed-circuit television
Closed-circuit television (CCTV) can be used to record the movement of
people in and out of the data center or other sensitive work areas. The film
taken by the CCTV can be used as evidence in legal investigations.
Closed security environment
Refers to an environment providing sufficient assurance that applications
and equipment are protected against the introduction of malicious logic
during an information system life cycle. Closed security is based upon a
system’s developers, operators, and maintenance personnel having
sufficient clearances, authorization, and configuration control.
Cloud computing
It is a model for enabling ubiquitous, convenient, on-demand network
access to a shared pool of configurable computing resources (e.g.,
networks, servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or service
provider interaction. This cloud model promotes availability and is
composed of five essential characteristics (i.e., on-demand self-service,
broad network access, resource pooling, rapid elasticity, and measured
service), three service models (i.e., cloud software as a service, cloud
platform as a service, and cloud infrastructure as a service), and four
deployment models (i.e., private cloud, community cloud, public cloud,
and hybrid cloud).
Cluster computing
The use of failover clusters to provide high availability of computing
services. Failover means the system detects hardware/software faults and
immediately restarts the application on another system without requiring
human intervention. It uses redundant computers or nodes and configures
the nodes before starting the application on it. A minimum of two nodes is
required to provide redundancy but in reality it uses more than two nodes.
Variations in node configurations include active/active (good for software
configuration), active/passive (good for hardware configuration), N+1
(good for software configuration), N+M (where M is more than one
standby servers), and N-to-N (where clusters redistribute the services from
the failed node to the active node, thus eliminating the need for a standby
node). Cluster computing is often used for critical databases, file sharing
on a network, high-performance systems, and electronic commerce
websites. An advantage of cluster computing is that it uses a heartbeat
private network connection to monitor the health and status of each node in
the cluster. Disadvantages include (1) split-brain situation where all the
private links can go down simultaneously, but the cluster nodes are still
working, and (2) data corruption on the shared storage due to duplicate
services (Wikipedia).
Coaxial cable
It is a thin cable similar to the one used in cable television connection. A
coaxial cable has a solid copper wire, an inner insulation covering this
core, a braided metallic ground shield, and an outer insulation.
Code division multiple access (CDMA)
A spread spectrum technology for cellular networks based on the Interim
Standard-95 (IS-95) from the Telecommunications Industry Association
(TIA).
Codebook attack
A type of attack where the intruder attempts to create a codebook of all
possible transformations between plaintext and ciphertext under a single
key.
Coder decoder (CODEC)
Coverts analog voice into digital data and back again. It may also
compress and decompress the data for more efficient transmission. It is
used in plain old telephone service (POTS).
Cohesion
A measure of the strength of association of the elements within a program
module; the modularity is greater for higher strength modules. The best
level of cohesion is functional (high-strength) and the worst level of
cohesion is coincidental (low-strength). In functional cohesion, all
components contribute to the one single function of a module. In
coincidental cohesion, components are grouped by accident, not by plan. A
higher (strong) cohesion value is better. Interfaces exhibiting strong
cohesion and weak coupling are less error prone. If various modules
exhibit strong internal cohesion, the inter-module coupling tends to be
minimal, and vice versa.
Cold-site
A backup facility that has the necessary electrical and physical components
of a computer facility, but does not have the computer equipment in place.
The site is ready to receive the necessary replacement computer equipment
in the event that the user has to move from their main computing location
to an alternate site.
Collision
A condition in which two data packets are transmitted over a medium at the
same time from two or more stations. Two or more distinct inputs produce
the same output.
Collision detection
When a collision is detected, the message is retransmitted after a random
interval.
Commercial software
Software available through lease or purchase in the commercial market
from an organization representing itself to have ownership of marketing
rights in the software.
Common criteria (CC)
The Common Criteria represents the outcome of a series of efforts to
develop criteria for evaluation of IT security that is broadly useful within
the international community. It is a catalog of security functionality and
assurance requirements.
Common data security architecture (CDSA)
It is a set of layered security services that address communications and data
security problems in the emerging Internet and Intranet application space.
CDSA focuses on security in peer-to-peer (P2P) distributed systems with
homogeneous and heterogeneous platform environments, and applies to
the components of a client/server application. CDSA supports existing,
secure protocols, such as SSL, S/MIME, and SET.
Common gateway interface (CGI) scripts
These are insecure programs that allow the Web server to execute an
external program when particular URLs are accessed.
Common law (case law)
Law based on preceding cases.
Common security control
A security control that is inherited by one or more organization’s
information systems and has the following properties (1) the development,
implementation, and assessment of the control can be assigned to a
responsible official or organizational element (other than the information
system owner); and (2) the results from the assessment of the control can
be used to support the security certification and accreditation processes of
an organization‘s information system where that control has been applied.
Common vulnerabilities and exposures (CVE)
A dictionary of common names for publicly known IT system
vulnerabilities.
Communications protocol
A set of rules or standards designed to enable computers to connect with
one another and to exchange information with as little error as possible.
Communications security
It defines measures that are taken to deny unauthorized persons
information derived from telecommunications facilities.
Comparison
The process of comparing a biometric with a previously stored reference
template or templates.
Compartmentalization
The isolation of the operating system, user programs, and data files from
one another in main storage in order to provide protection against
unauthorized or concurrent access by other users or programs. This term
also refers to the division of sensitive data into small, isolated blocks for
the purpose of reducing risk to the data.
Compensating control (general)
A concept that states that the total environment should be considered when
determining whether a specific policy, procedure, or control is violated or
a specific risk is present. If controls in one area are weak, they should be
compensated or mitigated for in another area. Some examples of
compensating controls are: strict personnel hiring procedures, bonding
employees, information system risk insurance, increased supervision,
rotation of duties, review of computer logs, user sign-off procedures,
mandatory vacations, batch controls, user review of input and output,
system activity reconciliations, and system access security controls.
Compensating security controls
The management, operational, and technical controls (i.e., safeguards or
countermeasures) employed by an organization in lieu of the
recommended controls in the low, moderate, or high security baseline
controls that provide equivalent or comparable protection for an
information system. In other words, compensating controls are applied
when baseline controls are not available, applicable, or cost-effective.
Compiled virus
A virus that has had its source code converted by a compiler program into
a format that can be directly executed by an operating system.
Compiler
Software used to translate a program written in a high-level programming
language (source code) into a machine language for execution and outputs
into a complete binary object code. The availability of diagnostic aids,
compatibility with the operating system, and the difficulty of
implementation are the most important factors to consider when selecting
a compiler.
Complementary control
A complementary control can enhance the effectiveness of two or more
controls when applied to a function, program, or operation. Here, two
controls working together can strengthen the overall control environment.
Complete mediation
The principle of complete mediation stresses that every access request to
every object must be checked for authority. This requirement forces a
global perspective for access control, during all functional phases (e.g.,
normal operation and maintenance). Also stressed are reliable
identification access request sources and reliable maintenance of changes
in authority.
Completeness
The degree to which all of the software’s required functions and design
constraints are present and fully developed in the software requirements,
software design, and code.
Compliance
An activity of verifying that both manual and computer processing of
transactions or events are in accordance with the organization’s policies
and procedures, generally accepted security principles, governmental
laws, and regulatory agency rules and requirements.
Compliance review
A review and examination of records, procedures, and review activities at
a site in order to assess the unclassified computer security posture and to
ensure compliance with established, explicit criteria.
Comprehensive testing
A test methodology that assumes explicit and substantial knowledge of the
internal structure and implementation detail of the assessment object.
Comprehensive testing is also known as white box testing.
Compression
The process of reducing the number of bits required to represent some
information, usually to reduce the time or cost of storing or transmitting it.
Compromise
The unauthorized disclosure, modification, substitution, or use of sensitive
data (including keys, key metadata, and other security-related information)
and loss of, or unauthorized intrusion into, an entity containing sensitive
data and the conversion of a trusted entity to an adversary.
Compromise recording
Records and logs should be maintained so that if a compromise does
occur, evidence of the attack is available to the organization in identifying
and prosecuting attackers.
Compromised state
A cryptographic key life cycle state in which a key is designated as
compromised and not used to apply cryptographic protection to data.
Under certain circumstances, the key may be used to process already
protected data.
Computer crime
Fraud, embezzlement, unauthorized access, and other “white collar”
crimes committed with the aid of or directly involving a computer system
and/or network.
Computer emergency response team coordination center (CERT/CC)
CERT/CC focuses on Internet security vulnerabilities, provides incident
response services to websites that have been the victims of attack, publish
security alerts, research security and survivability in wide-area-networked
computing environments, and develops website security information. It
issues security advisories, helps start incident response teams for user
organizations, coordinates the efforts of teams when responding to large-
scale incidents, provides training to incident handling staff, and researches
the causes of security vulnerabilities.
Computer facility
Physical resources that include structures or parts of structures to house
and support capabilities. For small computers, stand-alone systems, and
word processing equipment, it is the physical area where the computer is
used.
Computer forensic process life cycle
A computer forensic process life cycle consisting of four basic phases:
collection, examination, analysis, and reporting.
Computer forensics
The practice of gathering, retaining, and analyzing computer-related data
for investigative purposes in a manner that maintains the integrity of the
data.
Computer fraud
Computer-related crimes involving deliberate misrepresentation,
alteration, or disclosure of data in order to obtain something of value
(usually for monetary gain). A computer system must have been involved
in the perpetration or cover-up of the act or series of acts. A computer
system might have been involved through improper manipulation of input
data; output or results; applications programs; data files; computer
operations; communications; or computer hardware, systems software, or
firmware.
Computer network
A complex consisting of two or more interconnected computers.
Computer security
Measures and controls that ensure confidentiality, integrity, and availability
of IT assets, including hardware, software, firmware, and information
being processed, stored, and communicated.
Computer security incident
A violation or imminent threat of violation of computer security policies,
acceptable use policies, or standard computer security practices.
Computer security incident response team (CSIRT)
A capability set up for the purpose of assisting in responding to computer
security-related incidents; also called a computer incident response team
(CIRT), a computer incident response center (CIRC), or a computer
incident response capability (CIRC).
Computer virus
A computer virus is similar to a Trojan horse because it is a program that
contains hidden code, which usually performs some unwanted function as
a side effect. The main difference between a virus and a Trojan horse is
that the hidden code in a computer virus can only replicate by attaching a
copy of itself to other programs and may also include an additional
“payload” that triggers when specific conditions are met.
Concentrators
Concentrators gather together several lines in one central location, and are
the foundation of a FDDI network and are attached directly to the FDDI
dual ring.
Concept of operations
It is a computer operations plan consisting of only one document, where it
will describes the scope of entire operational activities.
Confidentiality
(1) Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and
proprietary information. (2) It is the property that sensitive information is
not disclosed to unauthorized individuals, entities, devices, or processes.
(3) The secrecy of data that is transmitted in the clear. (4) Confidentiality
covers data in storage, during processing, and in transit.
Confidentiality mode
A mode that is used to encipher plaintext and decipher ciphertext. The
confidentiality modes include electronic codebook (ECB), cipher block
chaining (CBC), cipher feedback (CFB), output feedback (OFB), and
counter (CTR) modes.
Configuration
The relative or functional arrangement of components in a system.
Configuration accounting
The recording and reporting of configuration item descriptions and all
departures from the baseline during design and production.
Configuration auditing
An independent review of computer software for the purpose of assessing
compliance with established requirements, standards, and baseline.
Configuration control
The process for controlling modifications to hardware, firmware,
software, and documentation to ensure that an information system is
protected against improper modifications before, during, and after system
implementation.
Configuration control board
An established committee that is the final authority on all proposed
changes to the computer system.
Configuration identification
The identifying of the system configuration throughout the design,
development, test, and production tasks.
Configuration item
(1) The smallest component of hardware, software, firmware,
documentation, or any of its discrete portions, which is tracked by the
configuration management system. (2) A collection of hardware or
computer programs or any of its discrete portions that satisfies an end-
user function.
Configuration management
(1) The management of security features and assurances through control
of changes made to a system’s hardware, software, firmware,
documentation, test cases, test fixtures, and test documentation throughout
the development and operational life of the system. (2) The process of
controlling the software and documentation so they remain consistent as
they are developed or changed. (3) A procedure for applying technical and
administrative direction and surveillance to (i) identify and document the
functional and physical characteristics of an item or system, (ii) control
any changes to such characteristics, and (iii) record and report the change,
process, and implementation status. The configuration management
process must be carefully tailored to the capacity, size, scope, phase of the
life cycle, maturity, and complexity of the system involved. Compare with
configuration control.
Conformance testing
Conformance testing is a testing to determine if a product satisfies the
criteria specified in a controlling standard document (e.g., RFC and ISO).
Congestion
Occurs when an additional demand for service occurs in a network switch
and when more subscribers attempt simultaneously to access the switch
more than the switch can handle. Two types of congestion can take place:
(1) network congestion, which is an undesirable overload condition caused
by traffic in excess of its capacity to handle, and (2) reception congestion,
which occurs at a data switching exchange place.
Connectionless mode
A service that has a single phase involving control mechanisms, such as
addressing in addition to data transfer.
Connection-oriented mode
A service that has three distinct phases: establishment, in which two or
more users are bound to a connection; data transfer, in which data are
exchanged between the users; and release, in which binding is terminated.
Connectivity tree
Routers use the connectivity tree to track Internet group management
protocol (IGMP) status and activity.
Connectors
A connector is an electro-mechanical device on the ends of cables that
permit them to be connected with, and disconnected from, other cables.
Console
(1) A program that provides user and administrator interfaces to an
intrusion detection and prevention system. (2) A terminal used by system
and network administrators to issue system commands and to watch the
operating system activities.
Consumer device
A small, usually mobile computer that does not run a standard PC-OS.
Examples of consumer devices are networking-capable personal digital
assistants (PDAs), cell phones, and video game systems.
Contamination
The intermixing of data at different sensitivity and need-to-know levels.
The lower level data are said to be contaminated by the higher level data;
thus, the contaminating (higher level) data may not receive the required
level of protection.
Content delivery networks (CDNs)
Content delivery networks (CDNs) are used to deliver the contents of
music, movies, games, and news providers from their websites to end
users quickly with the use of tools and techniques such as caching,
replication, redirection, and a proxy content server to enhance the Web
performance in terms of optimizing the disk size and preload time.
Content filtering
The process of monitoring communications such as e-mail and Web
pages, analyzing them for suspicious content, and preventing the delivery
of suspicious content to users.
Contingency plan
Management policy and procedures designed to maintain or restore
business operations, including computer operations, possibly at an
alternate location, in the event of emergencies, system failures, or disaster.
Also called disaster recovery plan, business resumption plan, or business
continuity plan. This is a management and recovery control and ensures
the availability goal.
Continuity of operations plan
A predetermined set of instructions or procedures that describe how an
organization’s essential functions will be sustained for up to 30 days as a
result of a disaster event before returning to normal operations.
Continuity of support plan
The documentation of a predetermined set of instructions or procedures
that describe how to sustain major applications and general support
systems in the event of a significant disruption.
Contradictory controls
Two or more controls are in conflict with each other. Installation of one
control does not fit well with the other controls due to incompatibility.
This means that implementation of one control can affect other, related
controls negatively. Examples include (1) installation of a new software
patch that can undo or break another related, existing software patch either
in the same system or other related systems. This incompatibility can be
due to errors in the current patch or previous patch or that the new patches
and the previous patches were not fully tested either by the software vendor
or by the user organization and (2) telecommuting work and
organization’s software piracy policies could be in conflict with each other
if noncompliant telecommuters implement such policies improperly and in
an unauthorized manner when they purchase and load unauthorized
software on the home/work PC.
Control
Any protective action, device, procedure, technique, or other measure that
reduces exposure. Controls can prevent, detect, or correct errors, and can
minimize harm or loss. It is any action taken by management to enhance
the likelihood that established objectives and goals will be achieved.
Control frameworks
These provide overall guidance to user organizations as a frame of
reference for security governance and for implementation of security-
related controls. Several organizations within the U.S. and outside the U.S.
provide such guidance.
Developed and promoted by the IT Governance Institute (ITGI), Control
Objectives for Information and related Technology (COBIT) starts from
the premise that IT must deliver the information that the enterprise needs to
achieve its objectives. In addition to promoting process focus and process
ownership, COBIT looks at the fiduciary, quality, and security needs of
enterprises and provides seven information criteria that can be used to
generally define what the business requires from IT: effectiveness,
efficiency, availability, integrity, confidentiality, reliability, and
compliance.
The Information Security Forum’s (ISF’s) Standard of Good Practice for
Information Security is based on research and the practical experience of
its members. The standard divides security into five component areas:
security management, critical business applications, computer
installations, networks, and system development.
Other U.S. organizations promoting information security governance
include National Institute of Standards and Technology (NIST) and the
Committee of Sponsoring Organizations (COSO) of the Treadway
Commission.
Organizations outside the U.S. that are promoting information security
governance include Organization for Economic Co-Operation and
Development (OECD), European Union (EU), and International
Organization for Standardization (ISO).
Control information
Information that is entered into a cryptographic module for the purposes
of directing the operation of the module.
Control zone
Three-dimensional space (expressed in feet of radius) surrounding
equipment that processes classified and/or sensitive information within
which TEMPEST exploitation is considered not practical. It also means
legal authorities can identify and remove a potential TEMPEST
exploitation. Control zone deals with physical security over sensitive
equipment containing sensitive information. It is synonymous with zone of
control.
Controlled access protection
Consists of a minimum set of security functions that enforces access
control on individual users and makes them accountable for their actions
through login procedures, auditing of security-relevant events, and
resource isolation.
Controlled interface
A boundary with a set of mechanisms that enforces the security policies
and controls the flow of information between interconnected information
systems. It also controls the flow of information into or out of an
interconnected system. Controlled interfaces, along with managed
interfaces, use boundary protection devices, such as proxies, gateways,
routers, firewalls, hardware/software guards, and encrypted tunnels (e.g.,
routers protecting firewalls and application gateways residing on a
protected demilitarized zone). These devices prevent and detect malicious
and other unauthorized communications.
Controllers (hardware)
A controller is a hardware device that coordinates and manages the
operation of one or more input/output devices, such as computer
terminals, workstations, disks, and printers.
Controlled access area
Part or all of an environment where all types and aspects of an access are
checked and controlled.
Cookies (website)
(1) A small file that stores information for a website on a user ’s computer.
(2) A piece of state information supplied by a Web server to a browser, in a
response for a requested resource, for the browser to store temporarily
and return to the server on any subsequent visits or requests. Cookies have
two mandatory parameters such as name and value, and have four optional
parameters such as expiration date, path, domain, and secure. Four types of
cookies exist: persistent, session, tracking, and encrypted.
Corrective controls
Actions taken to correct undesirable events and incidents that have
occurred. Corrective controls are procedures to react to security incidents
and to take remedial actions on a timely basis. Corrective controls require
proper planning and preparation as they rely more on human judgment.
Corrective maintenance
Changes to software necessitated by actual errors in a system.
Correctness
The degree to which software or its components are free from faults
and/or meet specified requirements and/or user needs. Correctness is not
an absolute property of a system; rather it implies the mutual consistency
of a specification and its implementation. The property of being consistent
with a correctness criterion, such as a program being correct with respect
to its system specification or a specification being consistent with its
requirements.
Correctness proof
A mathematical proof of consistency between a specification and its
implementation. It may apply at the security model-to-formal specification
level, at the formal specification-to-higher order language code level, at
the compiler level, or at the hardware level. For example, if a system has a
verified design and implementation, then its overall correctness rests with
the correctness of the compiler and hardware. When a system is proved
correct, it can be expected to perform as specified but not necessarily as
anticipated if the specifications are incomplete or inappropriate. It is also
known as proof of correctness.
Cost-benefit
A criterion for comparing programs and alternatives when benefits can be
valued in dollars. Also referred to as benefit/cost ratio, which is a function
of equivalent benefits and equivalent costs.
Cost-risk analysis
The assessment of the costs of potential risk of loss or compromise
without data protection versus the cost of providing data protection.
Countermeasures
Actions, devices, procedures, techniques, or other measures that reduce the
vulnerability of an information system. Synonymous with security controls
and safeguards.
Coupling
Coupling is the manner and degree of interdependence between software
modules. It is a measure of the degree to which modules share data. A high
degree of coupling indicates a strong dependence among modules, which
is not wanted. Data coupling is the best type of coupling, and content
coupling is the worst. Data coupling is the sharing of data via parameter
lists. With data coupling, only simple data is passed between modules.
Similar to data cohesion, components cover an abstract data type. With
content coupling, one module directly affects the working of another
module as it occurs when a module changes another module’s data or
when control is passed from one module to the middle of another module.
A lower (weak) coupling value is better. Interfaces exhibiting strong
cohesion and weak coupling are less error prone. If various modules
exhibit strong internal cohesion, the intermodule coupling tends to be
minimal, and vice versa.
Coverage attribute
An attribute associated with an assessment method that addresses the scope
or breadth of the assessment objects included in the assessment (for
example, types of objects to be assessed and the number of objects to be
assessed by type). The values for the coverage attribute, hierarchically
from less coverage to more coverage, are basic, focused, and
comprehensive.
Covert channel
A communications channel that allows two cooperating processes to
transfer information in a manner that violates a security policy but without
violating the access control.
Covert storage channel
A covert channel that involves the direct or indirect writing of a storage
location by one process and the direct or indirect reading of the storage
location by another process. Covert storage channels typically involve a
finite resource shared by two subjects at different security levels.
Covert timing channel
A covert channel in which one process signals information to another by
modulating its own use of system resources (e.g., CPU time) in such a way
that this manipulation affects the real response time observed by the second
process.
Cracking (password)
The process of an attacker recovering cryptographic password hashes and
using various analytical methods to attempt to identify a character string
that will produce one of those hashes.
Credential
An object that authoritatively binds an identity to a token possessed and
controlled by a person. It is evidence attesting to one’s right to credit or
authority.
Credentials service provider (CSP)
A trusted entity that issues or registers subscriber tokens and issues
electronic credentials to subscribers. The CSP may encompass
Registration Authorities (RA) and Verifiers that it operates. A CSP may be
an independent third party or may issue credentials for its own use.
Criminal law
Law covering all legal aspects of crime.
Criteria
Definitions of properties and constraints to be met by system functionality
and assurance.
Critical security parameter
Security-related information (e.g., secret and private cryptographic keys,
and authentication data such as passwords and PINs) whose disclosure or
modification can compromise the security of a cryptographic module or
the security of the information protected by the module.
Criticality
A measure of how important the correct and uninterrupted functioning of
the system is to the mission of a user organization. The degree to which
the system performs critical processing. A system is critical if any of its
requirements are critical.
Criticality level
Refers to the (consequences of) incorrect behavior of a system. The more
serious the expected direct and indirect effects of incorrect behavior, the
higher the criticality level.
Cross-certificate
A certificate used to establish a trust relationship between two Certification
Authorities (CAs). In most cases, a relying party will want to process user
certificates that were signed by issuers other than a CA in its trust list. To
support this goal, CAs issue cross-certificates that bind another issuer ’s
name to that issuer ’s public key. Cross-certificates are an assertion that a
public key may be used to verify signatures on other certificates.
Cross-domain solution
A form of controlled interface that provides the ability to manually and/or
automatically access and/or transfer information between different
security domains.
Cross-site request forgery (CSRF)
An attack in which a subscriber who is currently authenticated to a relying
party and connected through a secure session, browsers to an attacker ’s
website which causes the subscriber to unknowingly invoke unwanted
actions at the relying party.
Cross-site scripting (XSS)
An attacker may use XML injection to perform the equivalent of a XSS, in
which requesters of a valid Web service have their requests transparently
rerouted to an attacker-controlled Web service that performs malicious
operations.
Cryptanalysis
The operations performed in defeating cryptographic protection without
an initial knowledge of the key employed in providing the protection.
Cryptanalytic attacks
Several attacks such as COA, KPA, CTA, CPA, ACPA, CCA, and ACCA are
possible as follows.
Ciphertext only attack (COA): An attacker has some ciphertext
and he does not know the plaintext or the key. His goal is to find
the corresponding plaintext. This is the most common attack and
the easiest to defend because the attacker has the least amount of
information (i.e., ciphertext only) to work with.
Known plaintext attack (KPA): An attacker is able to match the
ciphertext with the known plaintext and the encryption algorithm
but does not know the key to decode the ciphertext. This attack is
harder, but still common because the attacker tries to deduce the
key based on the known plaintext. This attack is similar to brute
force attack. The KPA works against data encryption standard
(DES) in any of its four operating modes (i.e., ECB, CBC, CFB,
and OFB) with the same complexity. DES with any number of
rounds fewer than 16 could be broken with a known-plaintext
attack more efficiently than by brute force attack.
Chosen text attack (CTA): Less common in occurrence and
includes four types of attacks such as CPA, ACPA, CCA, and
ACCA.
Chosen plaintext attack (CPA): The attacker knows the
plaintext and the corresponding ciphertext and algorithm, but
does not know the key. He has selected the plaintext together
with its corresponding encrypted ciphertext generated with
the secret key. This type of attack is harder but still possible.
The CPA attack occurs when a private key is used to decrypt
a message. The key is deduced to decrypt any new messages
encrypted with the same key. A countermeasure is to use a
one-way hash function. The CPA attack against DES occurs
when bit-wise complement keys are used to encrypt the
complement of the plaintext block into the complement of
the ciphertext block. A solution is to not use the complement
keys.
Adaptive CPA attack (ACPA): A variation of the CPA
attack where the selection of the plaintext is changed based
on the previous attack results.
Chosen ciphertext attack (CCA): The attacker selected the
ciphertext together with its corresponding decrypted
plaintext generated with the secret key.
Adaptive CCA attack (ACCA): A variation of the CCA
attack where the selection of the ciphertext is changed based
on the previous attack results.
Cryptographic algorithm
A well-defined computational procedure that takes variable inputs,
including a cryptographic key, and produces an output. The cryptographic
algorithms can be implemented in either hardware for speed or software
for flexibility.
Cryptographic boundary
An explicitly defined continuous perimeter that establishes the physical
bounds of a cryptographic module and contains all the hardware, software,
and/or firmware components of a cryptographic module.
Cryptographic authentication
The use of encryption-related techniques to provide authentication.
Cryptographic checksum
A checksum computed by an algorithm that provides a unique value for
each possible data value of the object.
Cryptographic function
A set of mathematical procedures that provide various algorithms for key
generation, random number generation, encryption, decryption, and
message digesting.
Cryptographic hash function
A mathematical function that maps a bit string of arbitrary length to a fixed
length bit string. The function satisfies the following properties: (1) it is
computationally infeasible to find any input which maps to any pre-
specified output (one-way) and (2) it is computationally infeasible to find
any two distinct inputs that map to the same output (collision collision-
resistant).
Cryptographic key
(1) A value used to control cryptographic operations, such as decryption,
encryption, signature generation, or signature verification. (2) A
parameter used in connection with a cryptographic algorithm that
determines its operation in such a way that an entity with knowledge of the
key can reproduce or reverse the operation, while an entity without
knowledge of the key cannot. Seven examples include (i) the
transformation of plaintext data into ciphertext data, (ii) the transformation
of ciphertext data into plaintext data, (iii) the computation of a digital
signature from data, (iv) the verification of a digital signature, (v) the
computation of an authentication code from data, (vi) the verification of an
authentication code from data and a received authentication code, and (vii)
the computation of a shared secret that is used to derive keying material.
Cryptographic key management system (CKMS)
A set of components that is designed to protect, manage, and distribute
cryptographic keys and bound metadata.
Cryptographic module
The set of hardware, software, firmware, or some combination thereof that
implements approved security functions such as cryptographic logic or
processes (including cryptographic algorithms and key generation) and is
contained within the cryptographic boundary of the module.
Cryptographic strength
A measure of the expected number of operations required to defeat a
cryptographic mechanism. This term is defined to mean that breaking or
reversing an operation is at least as difficult computationally as finding the
key of an 80-bit block cipher by key exhaustion that is it requires at least
on the order of 279 operations.
Cryptographic token
A token where the secret is a cryptographic key.
Cryptography
(1) The discipline that embodies the principles, means, and methods for the
transformation of data in order to hide their semantic content, prevent their
unauthorized use, or prevent their undetected modification. (2) The
discipline that embodies principles, means, and methods for providing
information security, including confidentiality, data integrity, non-
repudiation, and authenticity. (3) It creates a high degree of trust in the
electronic world.
Cryptology
The field that encompasses both cryptography and cryptanalysis. The
science that deals with hidden, disguised, or encrypted communications. It
includes communications security and communications intelligence.
Crypto-operation
The functional application of cryptographic methods. (1) Off-line
encryption or decryption performed as a self-contained operation distinct
from the transmission of the encrypted text, as by hand or by machines not
electrically connected to a signal line. (2) Online the use of crypto-
equipment that is directly connected to a signal line, making continuous
processes of encryption and transmission or reception and decryption.
Crypto-period
The time span during which a specific key is authorized for use or in
which the keys for a given system may remain in effect.
Cryptophthora
It is a degradation of secret key material resulting from the side channel
leakage where an attacker breaks down the operation of a cryptosystem to
reveal the contents of a cryptographic key.
Crypto-security
The security or protection resulting from the proper use of technically
sound crypto-systems.
Cyber attack
An attack, via cyberspace, targeting an organization’s use of cyberspace
for the purpose of disrupting, disabling, destroying, or maliciously
controlling a computing infrastructure. This also includes destroying the
integrity of the data or stealing controlled information.
Cyber infrastructure
The scope includes computer systems, control systems, networks (e.g., the
Internet), and cyber services (e.g., managed security services).
Cyber security
The ability to protect or defend the use of cyberspace from cyber attacks.
Cyberspace
A global domain within the information environment consisting of the
interdependent network of information systems infrastructures including
the Internet, telecommunications network, computer systems, and
embedded processors and controllers.
Cyclic redundancy check (CRC)
(1) A method to ensure data has not been altered after being sent through a
communication channel. It uses an algorithm for generating error
detection bits in a data link protocol. The receiving station performs the
same calculation as done by the transmitting station. If the results differ,
then one or more bits are in error. (2) Error checking mechanism that
verifies data integrity by computing a polynomial algorithm based
checksum. This is a technical and detective control.
Cyclomatic complexity metrics
A program module’s cohesion can be measured indirectly through
McCabe’s and Halstead’s cyclomatic complexity metrics and Henri and
Kafura’s information flow complexity metrics.
D
Daemon
A program associated with UNIX systems that perform a housekeeping or
maintenance utility function without being called by the user. A daemon sits
in the background and is activated only when needed.
Dashboards
Dashboards are one type of management metrics in which they consolidate
and communicate information relevant to the organizational security status
in near-real time to security management stakeholders. These dashboards
present information in a meaningful and easily understandable format to
management. Some applications of dashboards include implementation of
separation of duties, security authorizations, continuous system
monitoring, security performance measures, risk management, and risk
assessment.
Data
Programs, files, or other information stored in, or processed by a
computer system.
Data administrator (DA)
A person responsible for the planning, acquisition, and maintenance of
database management software, including the design, validation, and
security of database files. The DA is fully responsible for the data model
and the data dictionary software.
Data architecture
Data compilation, including who creates and uses it and how. It presents a
stable basis for the processes and information used by the organization to
accomplish its mission.
Data at rest
Data at rest (data on the hard drive) address the confidentiality and
integrity of data in nonmobile devices and covers user information and
system information. File encryption or whole (full) disk encryption
protects data in storage (data at rest).
Data authentication code
The code is a mathematical function of both the data and a cryptographic
key. Applying the Data Authentication Algorithm (DAA) to data generates
a data authentication code. When data integrity is to be verified, the code is
generated on the current data and compared with the previously generated
code. If the two values are equal, data integrity (i.e., authenticity) is
verified. The data authentication code is also known as a message
authentication code (MAC).
Data block
A sequence of bits whose length is the block size of the block cipher.
Data classification
From data security standpoint, all data records and files should be labeled
as critical, noncritical, classified, sensitive, secret, top-secret, or identified
through some other means so that protective measures are taken according
to the criticality of data.
Data cleansing
Includes activities for detecting and correcting data in a database or
traditional file that are incorrect, incomplete, improperly formatted, or
redundant. Also known as data scrubbing.
Data communications
Information exchanged between end-systems in machine-readable form.
Data confidentiality
The state that exists when data is held in confidence and is protected from
unauthorized disclosure.
Data contamination
A deliberate or accidental process or act that results in a change in the
integrity of the original data.
Data custodian
The individual or group that has been entrusted with the possession of, and
responsibility for, the security of specified data. Compare with data owner.
Data declassification
Data and storage media declassification is an administrative procedure and
decision to remove the security classification of the subject media. It
includes actual purging of the media and removal of any labels denoting
classification, possibly replacing them with labels denoting that the storage
media is unclassified. The purging procedures should include the make,
model number, and serial number of the degausser used and the date of the
last degausser test if degaussing is done; or the accreditation statement of
the software if overwriting is done. The reason for the data downgrade,
declassification, regrade, or release should be given along with the current
media’s classification and requested reclassification of the same media.
Data dictionary
A central repository of an organization’s data elements and its
relationships.
Data diddling
The entering of false data into a computer system.
Data downgrade
The change of a classification label to a lower level without changing the
contents of the data. Downgrading occurs only if the content of a file meets
the requirements of the sensitivity level of the network for which the data
is being delivered.
Data element
A basic unit of information that has a unique meaning and sub-categories
(data items) of distinct value. Examples of data elements include gender,
race, and geographic location.
Data encrypting key
A cryptographic key used for encrypting and decrypting data.
Data encryption algorithm (DEA)
The symmetric encryption algorithm that serves as the cryptographic
engine for the triple data encryption algorithm (TDEA).
Data encryption standard (DES)
A U.S. Government-approved, symmetric cipher, encryption algorithm
used by business and civilian government agencies that serve as the
cryptographic engine for the triple data encryption algorithm (TDEA). The
advanced encryption standard (AES) is designed to replace DES. The
original “single” DES algorithm is no longer secure because it is now
possible to try every possible key with special purpose equipment or a
high performance cluster. Triple DES, however, is still considered to be
secure.
Data file organization
Deals with the way data records are accessed and retrieved from computer
files. When designing a file, security factors, access methods, and storage
media costs should be considered. Record keys, pointers, or indexes are
needed to read and write data to or from a file. Record key is part of a
logical record used for identification and reference. A primary key is the
main code used to store and locate records within a file. Records can be
sorted and temporary files created using codes other than their primary
keys. Secondary keys are used for alternative purposes including inverted
files. A given data record may have more than one secondary key. Pointers
show the physical location of records in a data file. Addresses are
generated using indexing, base registers, segment registers, and other
ways.
Data flow diagram (DFD)
A graphic model of the logical relationships within a computer-based
application system. DFD is an input to the structure chart.
Data hiding
Data/information hiding is closely tied to modularity, abstractions, and
maintainability. Data hiding means data and procedures in a module are
hidden from other parts of the software. Errors from one module are not
passed to other modules; instead they are contained in one module.
Abstraction helps to define the procedures, while data hiding defines
access restrictions to procedures and local data structures. The concept of
data hiding is useful during program testing and software maintenance.
Note that layering, abstraction, and data hiding are protection mechanisms
in security design architecture.
Data in transit
Data in transit (data on the wire) deals with protecting the integrity and
confidentiality of transmitted information across internal and external
networks. Line encryption protects the data in transit and line encryption
protects data in transfer.
Data integrity
A property whereby data has not been altered in an unauthorized manner
since it was created, transmitted, or stored. Data integrity covers data in
storage, during data processing, and while in transit.
Data key
A cryptographic key used to cryptographically process data (e.g., encrypt,
decrypt, and authenticate).
Data latency
A measure of the currency of security-related data or information. Data
latency refers to the time between when information is collected and when
it is used. It allows an organization to respond to “where the threat or
vulnerability is and where it is headed,” instead of “where it was.” When
responding to threats and/or vulnerabilities, this is an important data point
that shortens a risk decision cycle.
Data level
Three levels of data are possible: Level 1 is classified data. Level 2 is
unclassified data requiring special protection, for example, Privacy Act,
for Official Use Only, Technical Documents Restricted to Limited
Distribution. Level 3 is all other unclassified data.
Data link layer
Provides security for the layer that handles communications on the
physical network components of the ISO/OSI reference model.
Data link layer protocols
Data link layer protocols provide (1) error control to retransmit damaged
or lost frames and (2) flow control to prevent a fast sender from
overpowering a slow receiver. The sliding window mechanism is used to
integrate error control and flow control. In data link layer, various
framing methods are used including character count, byte stuffing, and bit
stuffing. Examples of data link layer protocols and sliding window
protocols include bit-oriented protocols such as SDLC, HDLC, ADCCP, or
LAPB (Tanenbaum).
Data management
Providing or controlling access to data stored in a computer and the use of
input/output devices.
Data mart
A data mart is a subset of a data warehouse with its goal to make the data
available to more decision makers.
Data minimization
A generalization of the principle of variable minimization, in which the
standardized parts of a message or data are replaced by a much shorter
code, thereby reducing the risk of erroneous actions or improper use.
Data mining
Data mining is the process of posing a series of queries to extract
information from a database, or data warehouse.
Data origin authentication
The corroboration that the source of data received is as claimed.
Data owner
The authority, individual, or organization who has original responsibility
for the data by management directive or other. Compare with data
custodian.
Data path
The physical or logical route over which data passes. Note that a physical
data path may be shared by multiple logical data paths.
Data privacy
It refers to restrictions to prevent unauthorized people having access to
sensitive data and information stored on paper or magnetic media and to
prevent interception of data.
Data/record retention
Retention periods for all data records, paper, and electronic files should be
defined to facilitate routine backup, periodic purging (deletion), and
archiving of records. This practice will protects the organization from
failure to comply with external requirements and management guidelines
and help it maximize the use of storage space and magnetic media (e.g.,
tapes, disks, cassettes, and cartridges).
Data reengineering
(1) A system-level process that purifies data definitions and values. This
process establishes a meaningful and nonredundant data definitions and
valid and consistent data values. (2) It is used to improve the quality of data
within a computer system. It examines and alters the data definitions,
values, and the use of data. Data definitions and flows are tracked through
the system. This process reveals hidden data models. Data names and
definitions are examined and made consistent. Hard-coded parameters that
are subject to change may be removed. This process is important because
data problems are often deeply rooted within computer systems.
Data regrade
Data is regraded when information is transferred from high to low
network data and users. Automated techniques such as processing,
filtering, and blocking are used during data regrading.
Data release
It is the process of returning all unused disk space to the system when a
data set is closed at the end of processing.
Data remanence
The residual data that may be left over on a storage medium after it has
been erased.
Data sanitization
Process to remove information from media such that information
recovery is not possible. It includes removing all labels, markings, and
activity logs. It is the changing of content information in order to meet the
requirements of the sensitivity level of the network to which the
information is being sent. It uses automatic techniques such as processing,
filtering, and blocking during data sanitization.
Data security
The protection of data from unauthorized (accidental or intentional)
modification, destruction, or disclosure.
Data storage methods
(1) Primary storage is the main general-purpose storage region directly
accessed by the microprocessor. This storage is called random access
memory (RAM), which is a semiconductor-based memory that can be read
by and written to by the CPU or other hardware devices. The storage
locations can be accessed in any random order. The term RAM generally
indicates volatile memory that can be written to as well as read. It loses its
contents when the power is turned off. (2) Secondary storage is the amount
of space available on disks and tapes, sometimes called backup storage. (3)
Real storage is the amount of RAM memory in a system, as distinguished
from virtual memory. Real storage is also called physical memory or
physical storage. (4) An application program sees virtual memory to be
larger and more uniform than it is. Virtual memory may be partially
simulated by secondary storage such as a hard disk. Application programs
access memory through virtual addresses, which are translated by special
hardware and software into physical addresses. Virtual memory is also
called disk memory.
Data warehouse
A data warehouse facilitates information retrieval and data analysis as it
stores pre-computed, historical, descriptive, and numerical data.
Database administrator (DBA)
A person responsible for the day-to-day control and monitoring of the
databases, including data warehouse and data mining activities. The DBA
deals with the physical design of the database while the data administrator
deals with the logical design.
Database server
A repository for event information recorded by sensors, agents, or
management servers.
Deactivated state
The cryptographic key life cycle state in which a key is not to be used to
apply cryptographic protection to data. Under certain circumstances, the
key may be used to process already protected data.
Decision tables
Tabular representation of the conditions, actions, and rules in making a
decision. Decision tables provide a clear and coherent analysis of complex
logical combinations and relationships, and detect logic errors. Used in
decision-intensive and computational application systems.
Decision trees
Graphic representation of the conditions, actions, and rule of decision
making. Used in application systems to develop plans in order to reduce
risks and exposures. They use probabilities for calculating outcomes.
Decrypt
To convert, by use of the appropriate key, encrypted (encoded or
enciphered) text into its equivalent plaintext through the use of a
cryptographic algorithm. The term “decrypt” covers the meanings of
decipher and decode.
Decryption
(1) The process of changing ciphertext into plaintext using a cryptographic
algorithm and key. (2) The process of a confidentiality mode that
transforms encrypted data into the original usable data.
Dedicated proxy server
A form of proxy server that has much more limited firewalling
capabilities than an application-proxy gateway.
Defense-in-breadth
A planned, systematic set of multidisciplinary activities that seek to
identify, manage, and reduce risk of exploitable vulnerabilities at every
stage of the system, network, or sub-component life cycle (system,
network, or product design and development; manufacturing; packaging;
assembly; system integration; distribution; operations; maintenance; and
retirement). It is a strategy dealing with scope of protection coverage of a
system. It is also called supply chain protection control. It supports agile
defense strategy.
Defense-in-density
A strategy requiring stronger security controls for high risk and complex
systems and vice versa.
Defense-in-depth
(1) Information security strategy integrating people, technology, and
operations capabilities to establish variable barriers across multiple layers
and dimensions of information systems. (2) An approach for establishing
an adequate information assurance (IA) posture whereby (i) IA solutions
integrate people, technology, and operations, (ii) IA solutions are layered
within and among IT assets, and (iii) IA solutions are selected based on
their relative level of robustness. Implementation of this approach
recognizes that the highly interactive nature of information systems and
enclaves creates a shared risk environment; therefore, the adequate
assurance of any single asset is dependent upon the adequate assurance of
all interconnecting assets. (3) A strategy dealing with controls placed at
multiple levels and at multiple places in a given system. It supports agile
defense strategy and is the same as security-in-depth.
Defense-in-intensity
A strategy dealing with a range of controls and protection mechanisms
designed into a system.
Defense-in-technology
A strategy dealing with diversity of information technologies used in the
implementation of a system. Complex technologies create complex
security problems.
Defense-in-time
A strategy dealing with applying controls at the right time and at the right
geographic location. It considers global systems operating at different
time zones.
Defensive programming
Defensive programming, also called robust programming, makes a system
more reliable with various programming techniques.
Degauss
(1) To apply a variable, alternating current (AC) field for the purpose of
demagnetizing magnetic recording media, usually tapes and cartridges.
The process involves increasing the AC field gradually from zero to some
maximum value and back to zero, which leaves a very low residue of
magnetic induction on the media. (2) To demagnetize, thereby removing
magnetic memory. (3) To erase the contents of media. (4) To reduce the
magnetic flux to virtual zero by applying a reverse magnetizing field. Also
called demagnetizing.
Deleted file
A file that has been logically, but not necessarily physically, erased from
the operating system, perhaps to eliminate potentially incriminating
evidence. Deleting files does not always necessarily eliminate the
possibility of recovering all or part of the original data.
Demilitarized zone (DMZ)
(1) An interface on a routing firewall that is similar to the interfaces found
on the firewall’s protected side. Traffic moving between the DMZ and
other interfaces on the protected side of the firewall still goes through the
firewall and can have firewall protection policies applied. (2) A host or
network segment inserted as a “neutral zone” between an organization’s
private network and the Internet. (3) A network created by connecting to
firewalls. Systems that are externally accessible but need some protections
are usually located on DMZ networks.
Denial-of-quality (DoQ)
Denial-of-quality (DoQ) results from lack of quality assurance (QA)
methods and quality control (QC) techniques used in delivering messages,
packets, and services. DoQ affects QoS and QoP, and could result in DoS.
Denial of service (DoS)
(1) Preventing or limiting the normal use or management of networks or
network devices. (2) The prevention of authorized access to resources or
the delaying of time-critical operations. Time-critical may be milliseconds
or it may be hours, depending upon the service provided. Synonymous
with interdiction.
Denial-of-service (DoS) attack
(1) An attack that prevents or impairs the authorized use of networks,
operating systems, or application systems by exhausting resources. (2) A
type of computer attack that denies service to users by either clogging the
system with a deluge of irrelevant messages or sending disruptive
commands to the system. (3) A direct attack on availability, it prevents a
financial system service provider from receiving or responding to
messages from a requester (customer). DoS attacks on the financial system
service provider would not be detected by a firewall or an intrusion
detection system because these countermeasures are based on either entry-
point or per-host specific, but not based on a per-transaction or operation
basis. In these situations, two standards (WS-Reliability and WS-
ReliableMessaging) are available to guarantee that messages are sent and
received in a service-oriented architecture (SOA). XML-gateways can be
used to augment the widely accepted techniques because they are capable
of preventing and detecting XML-based DoS. Note that DoS is related to
QoS and QoP and is resulting from denial-of-quality (DoQ).
Deny-by-default
To block all inbound and outbound traffic that has not been expressly
permitted by firewall policy (i.e., unnecessary services that could be used
to spread malware).
Depth attribute
An attribute associated with an assessment method that addresses the rigor
and level of detail associated with the application of the method. The
values for the depth attribute, hierarchically from less depth to more depth,
are basic, focused, and comprehensive.
Design verification
The use of verification techniques, usually computer-assisted, to
demonstrate a mathematical correspondence between an abstract (security)
model and a formal system specification.
Designated approving/accrediting authority
The individual selected by an authorizing official to act on their behalf in
coordinating and carrying out the necessary activities required during the
security certification and accreditation of an information system.
Desk check reviews
A review of programs by the program author to control and detect
program logic errors and misinterpretation of program requirements.
Desktop administrators
These identify changes in login scripts along with Windows Registry or
file scans, and implement changes in login scripts.
Destroyed compromised state
The cryptographic key life cycle state that zeroizes a key so that it cannot
be recovered and it cannot be used and marks it as compromised, or that
marks a destroyed key as compromised. For record purposes, the
identifier and other selected metadata of a key may be retained.
Destroyed state
The cryptographic key life cycle state that zeroizes a key so that it cannot
be recovered and it cannot be used. For record purposes, the identifier and
other selected metadata of a key may be retained.
Destruction
The result of actions taken to ensure that media cannot be reused as
originally intended and that information is virtually impossible to recover
or prohibitively expensive.
Detailed design
A process where technical specifications are translated into more detailed
programming specifications, from which computer programs are
developed.
Detailed testing
A test methodology that assumes explicit and substantial knowledge of the
internal structure and implementation detail of the assessment object. Also
known as white box testing.
Detective controls
These are actions taken to detect undesirable events and incidents that have
occurred. Detective controls enhance security by monitoring the
effectiveness of preventive controls and by detecting security incidents
where preventive controls were circumvented.
Device communication modes
Three modes of communication between devices include simplex (one-
way communication in one direction), half-duplex (one-way at a time in
two directions), and full-duplex (two-way directions at the same time). The
half-duplex is used when the computers are connected to a hub rather than
a switch. A hub does not buffer incoming frames. Instead, a hub connects
all the lines internally and electronically.
Dial-back
Synonymous with callback. This is a technical and preventive control.
Dial-up
The service whereby a computer terminal can use the telephone to initiate
and effect communication with a computer.
Dictionary attack
A form of guessing attack in which the attacker attempts to guess a
password using a list of possible passwords that is not exhaustive.
Differential cryptanalysis attacks
A technique used to attack any block cipher. It works by beginning with a
pair of plaintext blocks that differ in only a small number of bits. An attack
begins when some patterns are much more common than other patterns. In
doing so, it looks at pairs of plaintexts and pairs of ciphertexts.
Differential power analysis (DPA)
An analysis of the variations of the electrical power consumption of a
cryptographic module, using advanced statistical methods and/or other
techniques, for the purpose of extracting information correlated to
cryptographic keys used in a cryptographic algorithm.
Diffie-Hellman (DH) group
Value that specifies the encryption generator type and key length to be used
for generating shared secrets.
Digest authentication
Digest authentication uses a challenge-response mechanism for user
authentication with a nonce or arbitrary value sent to the user, who is
prompted for an ID and password. It is susceptible to offline dictionary
attacks and a countermeasure is to use SSL/TLS. Both basic authentication
and digest authentication are useful in protecting information from
malicious bots.
Digital certificate
A password-protected and encrypted file that contains identification
information about its holder. It includes a public key and a unique private
key.
Digital evidence
Electronic information stored or transmitted in a digital or binary form.
Digital forensics
The application of science to the identification, collection, examination,
and analysis of data while preserving the integrity of the information and
maintaining a strict chain of custody for the data.
Digital signature
(1) Electronic information stored or transferred in digital form. (2) A non-
forgeable transformation of data that allows the proof of the source (with
nonrepudiation) and the verification of the integrity of that data. (3) An
asymmetric key operation where the private key is used to digitally sign an
electronic document and the public key is used to verify the signature.
Digital signatures provide authentication and integrity protection. (4) The
result of a cryptographic transformation of data that, when properly
implemented, provides the services of origin authentication, data integrity,
and signer nonrepudiation.
Digital signature algorithm (DSA)
The DSA is used by a signatory to generate a digital signature on data and
by a verifier to verify the authenticity of the signature. It is an asymmetric
algorithm used for digitally signing data.
Digital watermarking
It is the process of irreversibly embedding information into a digital
signal. An example of is embedding copyright information about the
copyright owner. Steganography is sometimes applied in digital
watermarking, where two parties communicate a secret message embedded
in the digital signal. Annotation of digital photographs with descriptive
information is another application of invisible watermarking. While some
file formats for digital media can contain additional information called
metadata, digital watermarking is distinct in that the data is carried in the
signal itself.
Directive controls
Directive controls are broad-based controls to handle security incidents,
and they include management’s policies, procedures, and directives.
Disaster recovery
The process of restoring an information system (IS) to full operation after
an interruption in service, including equipment repair or replacement, file
recovery or restoration, and resumption of service to users.
Disaster recovery plan (DRP)
A written plan for processing critical applications in the event of a major
hardware or software failure or destruction of facilities.
Discretionary access control (DAC)
The basis of this kind of security is that an individual user or program
operating on the user ’s behalf is allowed to specify explicitly the types of
access other users or programs executing on their behalf may have to the
information under the user ’s control. Compare with mandatory access
control.
Discretionary protection
Access control that identifies individual users and their need-to-know and
limits users to the information that they are allowed to see. It is used on
systems that process information with the same level of sensitivity.
Disinfecting
Removing malware from within a file.
Disintegration
A physically destructive method of sanitizing media; the act of separating
into component parts.
Disk arrays
A technique used to improve the performance of data storage media
regardless of the type of computer used. Disk arrays use parity disk
schema to keep track of data stored in a domain of the storage subsystem
and to regenerate it in case of a hardware/software failure. Disk arrays use
multiple disks and if one disk drive fails, the other one becomes available.
They also have seven levels from level zero through six (i.e., redundant
array of independent disks –RAID0 to RAID6). They use several disks in a
single logical subsystem. Disk arrays are also called disk striping. It is a
recovery control.
Disk duplexing
The purpose is the same as disk arrays. The disk controller is duplicated. It
has two or more disk controllers and more than one channel. When one
disk controller fails, the other one is ready to operate. This is a technical
and recovery control and ensures the availability goal.
Disk farm
Data are stored on multiple disks for reliability and performance reasons.
Disk imaging
Generating a bit-for-bit copy of the original media, including free space
and slack space.
Disk mirroring
The purpose is the same as disk arrays. A file server contains two physical
disks and one channel, and all information is written to both disks
simultaneously (disk-to-disk copy). If one disk fails, all of the data are
immediately available from the other disk. Disk mirroring is also called
shadowed disk, and incurs some performance overhead during write
operations and increases the cost of the disk subsystem since two disks are
required. Disk mirroring should be used for critical applications that can
accept little or no data loss. This is a technical and recovery control and
ensures the availability goal. Synonymous with disk shadowing.
Disk replication
Data is written to two different disks to ensure that two valid copies of the
data are always available. Disk replication minimizes the time-windows
for recovery.
Disk striping
Has more than one disk and more than one partition, and is the same as
disk arrays. An advantage of disk arrays includes running multiple drives
in parallel, and a disadvantage includes the fact that its organization is
more complicated than disk farming and highly sensitive to multiple
failures.
Disposal
The act of discarding media with no other sanitization considerations. This
is most often done by paper recycling containing nonconfidential
information but may also include other media. It is giving up control, in a
manner short of destruction.
Disruption
An unplanned event that causes the general system or major application to
be inoperable for an unacceptable length of time (e.g., minor or extended
power outage, extended unavailable network, or equipment or facility
damage or destruction).
Distributed computing
Distributed computing, in contrast to supercomputing, is used with many
users with small tasks or jobs, each of which is solved by one or more
computers. A distributed system consists of multiple autonomous
computers or nodes that communicate through a computer network where
each computer has its own local memory and these computers
communicate with each other by message passing. There is an overlap
between distributed computing, parallel computing, grid computing, and
concurrent computing (Wikipedia).
Distributed denial-of-service (DDoS)
A denial-of-service (DoS) technique that uses numerous hosts to perform
the attack.
A DDoS is a denial-of-service (DoS) technique that uses numerous hosts to
perform the attack. An attacker takes control of many computers, which
then become the sources (“zombies”) for the actual attack. If enough hosts
are used, the total volume of generated network traffic can exhaust not
only the resources of a targeted host but also the available bandwidth for
nearly any organization. DDoS attacks have become an increasingly severe
threat, and the lack of availability of computing and network services now
translates to significant disruption and major financial loss.
Distribution attacks
They focus on the malicious modification of hardware or software at the
factory or during distribution. These attacks can introduce malicious code
into a product such as a backdoor to gain unauthorized access to
information or a system function at a later date.
Document type definition (DTD)
A document defining the format of the contents present between the tags in
an XML and SGML document, and the way they should be interpreted by
the application reading the XML or SGML document.
Domain
A set of subjects, their information objects, and a common security policy.
Domain name system (DNS)
An Internet translation service that resolves domain names to IP addresses
and vice versa. Each entity in a network, such as a computer, requires a
uniquely identifiable network address for proper delivery of message
information. DNS is a protocol used to manage name lookups for
converting between decimal and domain name versions of an address. It
uses a name-server (DNS server), which contains a universe of names
called name-space. Each name-server is identified by one or more IP
addresses. One can intercept and forge traffic for arbitrary name-nodes,
thus impersonating IP addresses. Secure DNS can be accomplished with
cryptographic protocols for message exchanges between name-servers.
DNS transactions include DNS query/response, zone transfers, dynamic
updates, and DNS NOTIFY.
Domain parameter seed
A string of bits that is used as input for a domain parameter generation or
validation process.
Domain parameters
Parameters used with cryptographic algorithms that are usually common
to a domain of users. A DSA or ECDSA cryptographic key pair is
associated with a specific set of domain parameters.
Domain separation
It relates to the mechanisms that protect objects in a system. Domain
consists of a set of objects that a subject can access.
Downgrade
The change of a classification label to a lower level without changing the
contents of the data. Downgrading occurs only if the content of a file meets
the requirements of the sensitivity level of the network for which the data
is being delivered.
Dual backbones
If the primary network goes down, the secondary network will carry the
traffic.
Dual cable
Two separate cables are used: one for transmission and one for reception.
Dual control
The process of utilizing two or more separate entities (usually persons)
operating in concert to protect sensitive functions or information. All
entities are equally responsible. This approach generally involves the split-
knowledge of the physical or logical protection of security parameters.
This is a management and preventive control.
Dual-homed gateway firewall
A firewall consisting of a bastion host with two network interfaces, one of
which is connected to the protected network, the other of which is
connected to the Internet. IP traffic forwarding is usually disabled,
restricting all traffic between the two networks to whatever passes through
some kind of application proxy.
Dual-use certificate
A certificate that is intended for use with both digital signature and data
encryption services.
Due care
Means reasonable care, which promotes the common good. It is
maintaining minimal and customary practices. It is the responsibility that
managers and their organizations have a duty to provide for information
security to ensure that the type of control, the cost of control, and the
deployment of control are appropriate for the system being managed. Both
due care and due diligence are similar to the “prudent man” concept.
Due diligence
Requires organizations to develop and implement an effective security
program to prevent and detect violation of policies and law. It requires that
the organization has taken minimum and necessary steps in its power and
authority to prevent and detect violation of policies and law. Due diligence
is another way of saying “due care.” Both due care and due diligence are
similar to the “prudent man” concept.
Due process
Means following rules and principles so that an individual is treated fairly
and uniformly at all times. It also means fair and equitable treatment to all
concerned parties.
Due professional care
Individuals applying the care and skill expected of a reasonable prudent
and competent professional during their work.
Dumpster diving
Going through a company’s or an individual’s waste containers to find
some meaningful and useful documents and records (information) and
then use that information against that company or individual to steal
identity or to conduct espionage work.
Dynamic binding
Also known as run-time binding or late binding. Dynamic binding refers
to the association of a message with a method during run time, as opposed
to compile time. Dynamic binding means that a message can be sent to an
object without prior knowledge of the object’s class.
Dynamic host configuration protocol (DHCP)
The protocol used to assign Internet Protocol (IP) addresses to all nodes
on the network. DHCP allows network administrators to automate and
control from a central position the assignment of IP address
configurations. The DHCP server is required to log host-names or
message authentication code addresses for all clients. DHCP cannot handle
manual configurations where a portion of the network IP addresses needs
to be excluded or reserved for severs, routers, firewalls, and administrator
workstations. Therefore, the DHCP server should be timed to prevent
unauthorized configurations.
Dynamic HTML
A collection of dynamic HTML technologies for generating the Web page
contents on-the-fly. It uses the server-side scripts (e.g., CGI, ASP, JSP, PHP,
and Perl) as well as the client-side scripts (e.g., JavaScript, JavaApplets,
and Active- X controls).
Dynamic separation of duty (DSOD)
Separation of duties can be enforced dynamically (i.e., at access time), and
the decision to grant access refers to the past access history (e.g., a cashier
and an accountant are the same person but play only one role at a time).
One type of DSOD is a two-person rule, which states that the first user to
execute a two-person operation can be any authorized user, whereas the
second user can be any authorized user different from the first. Another
type of DSOD is a history-based separation of duty, which states that the
same subject (role) cannot access the same object for variable number of
times. Popular DSOD policies are the Workflow and Chinese wall policies.
Dynamic subsystem
A subsystem that is not continually present during the execution phase of
an information system. Service-oriented architectures and cloud
computing architectures are examples of architectures that employ
dynamic subsystems.
Dynamic Web documents
Dynamic Web documents (pages) are written in CGI, PHP, JSP, ASP,
JavaScript, and Active-X Controls.
E
E2E
Exchange-to-exchange (E2E) is an e-commerce model in which electronic
exchanges formally connect to one another for the purpose of exchanging
information (e.g., stockbrokers/dealers with stock markets and vice versa).
Easter egg
An Easter egg is hidden functionality within an application program,
which becomes activated when an undocumented, and often convoluted, set
of commands and keystrokes are entered. Easter eggs are typically used to
display the credits given for the application development team and are
intended to be nonthreatening.
Eavesdropping
(1) Passively monitoring network communications for data and
authentication credentials. (2) The unauthorized interception of
information-bearing emanations through the use of methods other than
wiretapping. (3) A passive attack in which an attacker listens to a private
communication. The best way to thwart this attack is by making it very
difficult for the attacker to make any sense of the communication by
encrypting all messages. Also known as packet snarfing.
E-business patterns
Patterns for e-business are a group of proven reusable assets that can be
used to increase the speed of developing and deploying net-centric
applications, like Web-based applications.
Education (information security)
Education integrates all of the security skills and competencies of the
various functional specialties into a common body of knowledge and
strives to produce IT security specialists and professionals capable of
vision and proactive response.
Egress filtering
(1) Filtering of outgoing network traffic. (2) Blocking outgoing packets
that should not exit a network. (3) The process of blocking outgoing
packets that use obviously false Internet Protocol (IP) addresses, such as
source addresses from internal networks.
El Gamal algorithm
A signature scheme derived from a modification of exponentiation
ciphers. Exponentiation is a mathematical process where one number is
raised to some power.
Electromagnetic emanation attack
An intelligence-bearing signal, which, if intercepted and analyzed,
potentially discloses the information that is transmitted, received, handled,
or otherwise processed by any information-processing equipment.
Electromagnetic emanations (EME)
Signals transmitted as radiation through the air and through conductors.
Electromagnetic interference
An electromagnetic disturbance that interrupts, obstructs, or otherwise
degrades or limits the effective performance of electronic or electrical
equipment.
Electronic auction (e-auction)
Auctions conducted online in which (1) a seller invites consecutive bids
from multiple buyers and the bidding price either increases or decreases
sequentially (forward auction), (2) a buyer invites bids and multiple sellers
respond with the price reduced sequentially, and the lowest bid wins
(backward or reverse auction), (3) multiple buyers propose biding prices
and multiple sellers respond with asking prices simultaneously and both
prices are matched based on the quantities of items on both sides (double
auction) and (4) sellers and buyers interact in one industry or for one
commodity (vertical auction). Prices are determined dynamically through
the bidding process. Usually, negotiations and bargaining power can take
place between one buyer and one seller due to supply and demand. Reverse
auction is practiced in B2B or G2B e-commerce. Limitations of e-auctions
include minimal security for C2C auctions (i.e., no encryption), possibility
of fraud (i.e., defective products), and limited buyer participation in terms
of invitation only or open to dealers only. B2B auctions are secure due to
use of private lines.
Electronic authentication
The process of establishing confidence in user identities electronically
presented to an information system.
Electronic business XML (ebXML)
Sponsored by UN/CEFACT and OASIS, a modular suite of specifications
that enable enterprises of any size and in any geographical location to
perform business-to-business (B2B) transactions using XML.
Electronic commerce (EC)
Using information technology to conduct the business functions such as
electronic payments and document interchange. It is the process of buying,
selling, or exchanging products, services, or information via computer
networks. EC models include B2B, B2B2C, B2C, B2E, C2B, C2C, and E2E.
EC security risks arising from technical threats include DoS, zombies,
phishing, Web server and Web page hijacking, botnets, and malicious code
(e.g., viruses, worms, and Trojan horses) and nontechnical threats include
pretexting and social engineering.
Electronic credentials
Digital documents used in authentication that bind an identity or an
attribute to a subscriber ’s token.
Electronic data interchange (EDI) system
The electronic transfer of specially formatted standard business documents
(e.g., purchase orders, shipment instructions, invoices, payments, and
confirmations) sent between business partners. EDI is a direct computer-to-
computer exchange between two organizations, and it can use either a
value-added network (VAN-EDI) or the Internet (Web-EDI) with XML
standards.
Electronic evidence
Information and data of investigative value that is stored on or transmitted
by an electronic device.
Electronic funds transfer (EFT) system
Customers paying their bills electronically through electronic funds
transfers from banks to credit card companies and others.
Electronic mail header
The section of an e-mail message that contains vital information about the
message, including origination date, sender, recipient(s), delivery path,
subject, and format information. The header is generally left in clear text
even when the body of the e-mail message is encrypted. The body contains
the actual message.
Electronic serial number (ESN)
(1) A number encoded in each cellular phone that uniquely identifies each
cellular telephone manufactured. (2) A unique 32-bit number programmed
into code division multiple access (CDMA) phones when they are
manufactured.
Electronic signature
A method of signing an electronic message that (1) identifies and
authenticates a particular person as the source of the electronic message
and (2) indicates such person’s approval of the information contained in
the electronic message.
Electronic surveillance
The acquisition of a non-public communication by electronic means
without the consent of a person who is a party to an electronic
communication. It does not include the use of radio direction-finding
equipment solely to determine the location of a transmitter.
Electronic vaulting
A system is connected to an electronic vaulting provider to allow
file/program backups to be created automatically at offsite storage.
Electronic vaulting and remote journaling require a dedicated off-site
location (e.g., hot site or offsite storage site) to receive the transmissions
and a connection with limited bandwidth.
Elliptic curve DH (ECDH)
Elliptic curve Diffie-Hellman (ECDH) algorithm is used to support key
establishment.
Elliptic curve digital signature algorithm (ECDSA)
A digital signature algorithm that is an analog of digital signature
algorithm (DSA) using elliptic curve mathematics.
Emanation attack
An intelligence-bearing signal, which, if intercepted and analyzed,
potentially discloses the information that is transmitted, received, handled,
or otherwise processed by any information-processing equipment. A low
signal-to-noise ratio at the receiver is preferred to prevent emanation
attack. Techniques such as control zones and white noise can be used to
protect against emanation attacks.
Emanation hardware
An electronic signal emitted by a hardware device not explicitly allowed
by its specification.
Emanations security
Protection resulting from measures taken to deny unauthorized individuals
using information derived from intercept and analysis of compromising
emissions from crypto-equipment or an information system.
Embedded system
An embedded system that performs or controls a function, either in whole
or in part, as an integral element of a larger system or subsystem (e.g.,
flight simulators).
Emergency response
Immediate action taken upon occurrence of events such as natural
disasters, fire, civil disruption, and bomb threats in order to protect lives,
limit the damage to property, and minimize the impact on computer
operations.
Emergency response time (EMRT)
The time required for any computer resource to be recovered from
disruptive events. It is the time required to reestablish an activity from an
emergency or degraded mode to a normal mode. EMRT is also called
time-to-recover (TTR).
Emissions security
The protection resulting from all measures taken to deny unauthorized
persons information of value that might be derived from intercept and
from an analysis of compromising emanations from crypto-equipment,
computer systems, and telecommunications systems.
Encapsulating security payload (ESP)
An IPsec message header designed to provide a mix of security services,
including confidentiality, data origin authentication, connectionless
integrity, anti-replay service, and limited traffic flow confidentiality.
Encapsulating security payload (ESP) protocol
IPsec security protocol that can provide encryption and/or integrity
protection for packet headers and data.
Encapsulation
(1) The principle of structuring hardware and software components such
that the interface between components is clean and well-defined and that
exposed means of input, output, and control other than those that exist in
the interface do not exist. (2) The packaging of data and procedures into a
single programmatic structure. In object-oriented programming
languages, encapsulation means that an object’s data structures are hidden
from outside sources and are accessible only through the object’s
protocol.
Enclave
A collection of information systems connected by one or more internal
networks under the control of a single authority and security policy. The
systems may be structured by physical proximity or by function,
independent of location.
Enclave boundary
It is a point at which an enclave’s internal network service layer connected
to an external network’s service layer (i.e., to another enclave or to a wide-
area network).
Encrypt
(1) To convert plaintext into ciphertext, unintelligible forms, through the
use of a cryptographic algorithm. (2) A generic term encompassing
encipher and encode.
Encrypted cookies
Some websites create encrypted cookies to protect the data from
unauthorized access.
Encrypted file system (EFS)
In an encrypted file system (EFS), keys are used to encrypt a file or group
of files. It can either encrypt each file with a distinct symmetric key or
encrypt a set of files using the same symmetric key. The symmetric keys
can be generated from a password using public key cryptography standard
(PKCS) and protected with trusted platform module (TPM) chip through its
key cache management. EFS, which is based on public-key encryption,
integrates tightly with the public key infrastructure (PKI) features that have
been incorporated into Windows XP. The actual logic that performs the
encryption is a system service that cannot be shut down. This program
feature is designed to prevent unauthorized access, but has an added benefit
of rendering the encryption process completely transparent to the user.
Each file that a user may encrypt is encrypted using a randomly generated
file encryption key (FEK).
Encrypted key (ciphertext key)
A cryptographic key that has been encrypted using an approved security
function with a key encrypting key, a PIN, or a password to disguise the
value of the underlying plaintext key.
Encrypted network
A network on which messages are encrypted (e.g., using DES, AES, or
other appropriate algorithms) to prevent reading by unauthorized parties.
Encryption
(1) Conversion of plaintext to ciphertext though the use of a cryptographic
algorithm. (2) The process of changing plaintext into ciphertext for the
purpose of security or privacy.
Encryption algorithm
A set of mathematically expressed rules for rendering data unintelligible
by executing a series of conversions controlled by a key.
Encryption certificate
A certificate containing a public key that is used to encrypt electronic
messages, files, documents, or data transmissions, or to establish or
exchange a session key for these same purposes.
Encryption process
(1) The process of changing plaintext into ciphertext for the purpose of
security or privacy. (2) Encryption is the conversion of data into a form,
called a ciphertext, which cannot be easily understood by unauthorized
people. (3) It is the conversion of plaintext to ciphertext through the use of
a cryptographic algorithm. (4) The process of a confidentiality mode that
transforms usable data into an unreadable form.
End-point protection platform
It is safeguards implemented through software to protect end-user
computers such as workstations and laptops against attack (e.g., antivirus,
antispyware, antiadware, personal firewalls, and hot-based intrusion
detection systems).
End-point security
End-point protection platforms require end-point security products such as
(1) use of anti-malware software; if not available, use of rootkit detectors,
(2) use of personal firewalls, (3) use of host-based intrusion detection and
prevention systems, (4) use of mobile code restrictively, (5) use of
cryptography in file encryption, full disk encryption, and VPN
connections, (6) implementation of TLS or XML gateways or firewalls, (7)
placing remote access servers in internal DMZ, and (8) use of diskless
nodes and thin clients with minimal functionality.
End-to-end encryption
(1) Encryption of information at the origin within a communications
network and postponing decryption to the final destination point. (2)
Communications encryption in which data is encrypted when being passed
through a network, but routing, addresses, headers, and trailer information
are not encrypted (i.e., remains visible). (3) It is encryption of information
at its origin and decryption at its intended destination without intermediate
decryption. This is a technical and preventive control.
End-to-end security
The safeguarding of information in a secure telecommunication system by
cryptographic or protected distribution system means from point of origin
to point of destination. This is a technical and preventive control.
End-to-end testing
A testing approach to verify that a defined set of interrelated systems that
collectively support an organizational core business area or function
interoperates as intended in an operational environment. It is conducted
when a major system in the end-to-end chain is modified or replaced.
End-user device
A personal computer (e.g., desktop and laptop), consumer device (e.g.,
personal digital assistant [PDA] and smart phone), or removable storage
media (e.g., USB flash drive, memory card, external hard drive, and
writeable CD or DVD) that can store information.
Enhanced messaging service (EMS)
An improved message system for global system for mobile
communications (GSM) mobile phone allowing picture, sound, animation,
and text elements to be conveyed through one or more concatenated short
message service (SMS).
Enterprise architecture
The description of an enterprise’s entire set of information systems: how
they are configured, how they are integrated, how they interface to the
external environment at the enterprise’s boundary, how they are operated
to support the enterprise mission, and how they contribute to the
enterprise’s overall security posture.
Entity
(1) Any participant in an authentication exchange; such a participant may
be human or nonhuman, and may take the role of the claimant and/or
verifier. (2) It is either a subject (an active element generally in the form of
a person, process, or device that causes information to flow among objects
or changes the system state) or an object (a passive element that contains
or receives information). Note: Access to an object potentially implies
access to the information it contains. (3) It is an active element in an open
system. (4) It is an individual (person) or organization, device, or process.
(5) A collection of information items conceptually grouped together and
distinguished from their surroundings. An entity (party) is described by its
attributes, and entities can be linked or have relationships to other entities
(parties).
Entity integrity
A tuple in a relation cannot have a null value for any of the primary key
attributes.
Entity-relationship-attribute (ERA) diagram
Used for data intensive application systems and shows the relationships
between entities and attributes of a system.
Entrapment
The deliberate planting of apparent flaws in a system for the purpose of
detecting attempted penetrations.
Entropy
(1) The uncertainty of a random variable. (2) A measure of the amount of
uncertainty that an attacker faces to determine the value of a secret. Entropy
is usually stated in bits.
Environmental failure protection
The use of features to protect against a compromise of the security of a
cryptographic module due to environmental conditions or fluctuations
outside of the module’s normal operating range.
Environmental failure testing
The use of specific test methods to provide reasonable assurance that the
security of a cryptographic module will not be compromised by
environmental conditions or fluctuations outside of the module’s normal
operating range.
Environmental threats
Examples of environmental threats include equipment failure, software
errors, telecommunications network outage, and electric power failure.
Ephemeral key pairs
Ephemeral key agreement keys are generated and distributed during a
single key agreement process (e.g., at the beginning of a communication
session) and are not reused. These key pairs are used to establish a shared
secret (often in combination with static key pairs); the shared secret is
subsequently used to derive shared keying material. Not all key agreement
schemes use ephemeral key pairs, and when used, not all entities have an
ephemeral key pair.
Ephemeral keys
Short-lived cryptographic keys that are statistically unique to each
execution of a key establishment process and meet other requirements of
the key type (e.g., unique to each message or session).
Equipment life cycle
Four phases of equipment life cycle (asset management) include:
Authorization and acquisition (phase 1), Inventory and audit (phase 2), Use
and maintenance (phase 3), and Dispose or replace (Phase 4). Inventory
and audit includes tagging the assets, maintaining an inventory of
electronic records, taking periodic inventory of these assets through
physical counting, and reconciling the difference between the physical
count and the book count. Maintenance includes preventive and remedial
maintenance, which can be performed onsite, offsite, or both. Examples of
equipment located in functional user departments and IT department
include routers, printers, scanners, CPUs, disk drives, and tape drives.
Erasable programmable read-only memory (EPROM)
A subclass of ROM chip that can be erased and reprogrammed many times.
Erasure
A process by which a signal recorded on magnetic media is removed (i.e.,
degaussed). Erasure may be accomplished in two ways, (1) by alternating
current (AC) erasure, by which the information is destroyed by applying
an alternating high- and low-magnetic field to the media or (2) by direct
current (DC) erasure, by which the media are saturated by applying a
unidirectional magnetic field. Process intended to render magnetically
stored information irretrievable by normal means.
Error
(1) The difference between a computed, observed, or measured value and
the true, specified, or theoretically correct value or condition. (2) An
incorrect step, process, or data definition often called a bug. (3) An
incorrect result. (4) A human action that produces an incorrect result. (5) A
system deviation that may have been caused by a fault. (6) A bit error is the
substitution of a ‘0’ bit for a ‘1’ bit, or vice versa.
Error analysis
The use of techniques to detect errors, to estimate/predict the number of
errors, and to analyze error data both singly and collectively.
Error correction
Techniques that attempt to recover from detected data transmission errors.
Error-correction code
A technique in which the information content of the error-control data of a
data unit can be used to correct errors in that unit.
Error-detection code
A code computed from data and comprised of redundant bits of
information designed to detect, but not correct, unintentional changes in
the data.
Escrow
Something (e.g., a document or an encryption key) that is “delivered to a
third person to be given to the grantee upon the fulfillment of a condition.”
Escrow arrangement
(1) Placing an electronic cryptographic key and rules for its retrieval into
a storage medium maintained by a rusted third party. (2) Something (e.g., a
document, software source code, or an encryption key) that is delivered to
a third person to be given to the grantee only upon the fulfillment of a
condition or a contract.
Ethernet
Ethernet is the most widely installed protocol for local-area network
(LAN) technology. It uses CSMA/CD for channel allocation. Older
versions of Ethernet used a thick coaxial original cable (classic Ethernet),
which is obsolete now. Newer versions of Ethernet use a thin coaxial cable
with no hub needed, twisted-pair wire (low cost), fiber optics (good
between buildings), and switches. Because the Internet Protocol (IP) is a
connectionless protocol, it fits well with the connectionless Ethernet
protocol. Ethernet uses the bus topology. Ethernet is classified as thick,
thin, fast, switched, and gigabit Ethernet based on the cable used and the
speed of service. Ethernet operates in the data link layer of the ISO/OSI
reference model based on the IEEE 802.3 standard and uses the 48-bit
addressing scheme. The gigabit Ethernet supports both full-duplex and
half-duplex communication modes, and because no connection is possible,
the CSMA/CD protocol is not used.
Evaluation
The process of examining a computer product or system with respect to
certain criteria.
Evaluation assurance level (EAL)
One of seven increasingly rigorous packages of assurance requirements
from Common Criteria (CC) Part 3. Each numbered package represents a
point on the CC’s predefined assurance scale. An EAL can be considered a
level of confidence in the security functions of an IT product or system.
Event
(1) Something that occurs within a system or network. (2) Any observable
occurrence in a network or system.
Event aggregation
The consolidation of similar log entries into a single entry containing a
count of the number of occurrences of the event.
Event correlation
Finding relationships between two or more log entries.
Event normalization
Covering each log data field to a particular data representation and
categorizing it consistently.
Event reduction
Removing unneeded data fields from all log entries to create a new log
that is smaller in size.
Evidence life cycle
The evidence life cycle starts with evidence collection and identification;
analysis; storage; preservation and transportation; presentation in court;
and ends when the evidence is returned to the victim (owner). The evidence
life cycle is connected with the chain of evidence.
Examine
A type of assessment method that is characterized by the process of
checking, inspecting, reviewing, observing, studying, or analyzing one or
more assessment objects to facilitate understanding, achieve clarification,
or obtain evidence, the results of which are used to support the
determination of security control effectiveness over time.
Exclusive-OR operation (XOR)
The bitwise addition, modulo 2, of two bit strings of equal length.
Exculpatory evidence
Evidence that tends to decrease the likelihood of fault or guilt.
Executive steering committee
Committees that manage the information portfolio of the organization.
Exhaustive search attack
Uses computer programs to search for a password for all possible
combinations. An exhaustive attack consists of discovering secret data by
trying all possibilities and checking for correctness. For a four-digit
password, you might start with 0000 and move on to 0001, 0002, and so
on until 9999.
Expert systems
Expert systems use artificial intelligence programming languages to help
human beings make better decisions.
Exploit code
A program that enables attackers to automatically break into a system.
Exploitable channel
Channel that allows the violation of the security policy governing an
information system and is usable or detectable by subjects external to the
trusted computing base (TCB).
Exposure
Caused by the undesirable events. Exposure = Attack + Vulnerability.
Extensibility
(1) A measure of the ease of increasing the capability of a system. (2) The
ability to extend or expand the capability of a component so that it handles
the additional needs of a particular implementation.
Extensible Access Control Markup Language (XACML)
A general-purpose language for specifying access control policies.
Extensible authentication protocol (EAP)
A standard means of extending challenge handshake authentication
protocol (CHAP) and password authentication protocol (PAP) to include
additional authentication data such as biometric data. EAP is used in
authenticating remote users. Legacy EAP methods use MD5-Challenge,
One-Time Password, and Generic Token Card. Robust EAP methods use
EAP-TLS, EAP-TTLS, PEAP, and EAP-FAST.
Extensible hypertext Markup Language (XHTML)
A unifying standard that brings the benefits of XML to those of HTML.
Extensible Markup Language (XML)
A cross-platform, extensible, and text-based standard markup language for
representing structured data. It provides a cross-platform, software- and
hardware-independent tool for transmitting information. XML is a meta-
language, a coding language for describing programming languages used
on the Web. XML uses standard generalized markup language (SGML) on
the Web, and it is like Hypertext Markup Language (HTML). The Web
browser interprets the XML tags for the right meaning of information in
Web documents and pages. It is a flexible text format designed to describe
data for electronic publishing.
Exterior border gateway protocol (EBGP)
A border gateway protocol (BGP) operation communicating routing
information between two or more autonomous systems (ASs).
External information system
An information system or component that is outside of the authorization
boundary established by the organization and for which the organization
has no direct control over the implementation of required security controls
or the assessment of security control effectiveness.
External information system service provider
A provider of external information system services to an organization
through a variety of consumer-producer relationships. Examples include
joint venture, business partnerships, outsourcing arrangements, licensing
agreements, and supply chain arrangements.
External network
A network not controlled by an organization.
External testing (security)
External security testing is conducted from outside the organization’s
security perimeter.
Extreme programming
Extreme programming (XP) is the most well known and widely
implemented agile development method for software products. XP uses a
test-driven and bottom-up software development approach.
Extranet
A private network that uses web technology, permitting the sharing of
portions of an enterprise’s information or operations with suppliers,
vendors, partners, customers, or other enterprises.
F
Failover
(1) The capability to switch over automatically without human intervention
or warning to a redundant or standby information system upon the failure
or abnormal termination of the previously active system. (2) It is a backup
concept in that when the primary system fails, the backup system is
automatically activated.
Fail-safe
An automatic protection of programs and/or processing systems when
hardware or software failure is detected in a computer system. It is a
condition to avoid compromise in the event of a failure or have no chance
of failure. This is a technical and corrective control.
Fail-safe default
Asserts that access decisions should be based on permission rather than
exclusion. This equates to the condition in which lack of access is the
default, and the “protection scheme” recognizes permissible actions rather
than prohibited actions. Also, failures due to flaws in exclusion-based
systems tend to grant (unauthorized) permissions, whereas permission-
based systems tend to fail-safe with permission denied.
Fail-secure
The system preserves a secure condition during and after an identified
failure.
Fail-soft
A selective termination of affected nonessential processing when hardware
or software failure is determined to be imminent in a computer system. A
computer system continues to function because of its resilience. Examples
of its application can be found in distributed data processing systems. This
is a technical and corrective control.
Fail-stop processor
A processor that can constrain the failure rate and protects the integrity of
data. However, it is likely to be more vulnerable to denial-of-service (DoS)
attacks.
Failure
It is a discrepancy between external results of a program’s operation and
software product requirements. A software failure is evidence of software
faults.
Failure access
A type of incident in which unauthorized access to data results from
hardware or software failure.
Failure control
A methodology used to detect imminent hardware or software failure and
provide fail-safe or fail-soft recovery in a computer system (ANSI and
IBM).
Failure rate
The number of times the hardware ceases to function in a given time
period.
Fallback procedures
(1) In the event of a failure of transactions or the system, the ability to
fallback to the original or alternate method for continuation of processing.
(2) The ability to go back to the original or alternate method for
continuation of computer processing.
False acceptance
When a biometric system incorrectly identifies an individual or
incorrectly verifies an impostor against a claimed identity.
False acceptance rate (FAR)
The probability that a biometric system will incorrectly identify an
individual or will fail to reject an impostor. The rate given normally
assumes passive impostor attempts. The FAR is stated as the ratio of the
number of false acceptances divided by the number of identification
attempts.
False match rate
Alternative to false acceptance rate. Used to avoid confusion in
applications that reject the claimant if their biometric data matches that of
an applicant.
False negative
(1) An instance of incorrectly classifying malicious activity or content as
benign. (2) An instance in which a security tool intended to detect a
particular threat fails to do so. (3) When a tool does not report a security
weakness where one is present.
False non-match rate
Alternative to false rejection rate. Used to avoid confusion in applications
that reject the claimant if their biometric data matches that of an applicant.
False positive
(1) An instance in which a security tool incorrectly classifies benign
activity or content as malicious. (2) When a tool reports a security
weakness where no weakness is present. (3) An alert that incorrectly
indicates that malicious activity is occurring.
False positive rate
The number of false positives divided by the sum of the number of false
positives and the number of true positives.
False rejection
When a biometric system fails to identify an applicant or fails to verify the
legitimate claimed identity of an applicant.
False rejection rate (FRR)
The probability that a biometric system will fail to identify an applicant, or
verify the legitimate claimed identity of an applicant. The FRR is stated as
the ratio of the number of false rejections divided by the number of
identification attempts.
Fault
A physical malfunction or abnormal pattern of behavior causing an
outage, error, or degradation of communications services on a
communications network. Fault detection, error recovery, and failure
recovery must be built into a computer system to tolerate faults.
Fault injection testing
Unfiltered and invalid data are injected as input into an application
program to detect faults in resource operations and execution functions.
Fault management
The prevention, detection, reporting, diagnosis, and correction of faults
and fault conditions. Fault management includes alarm surveillance,
trouble tracking, fault diagnosis, and fault correction.
Fault-tolerance mechanisms
The ability of a computer system to continue to perform its tasks after the
occurrence of faults and operate correctly even though one or more of its
component parts are malfunctioning. Synonymous with resilience.
Fault tolerant controls
The ability of a processor to maintain effectiveness after some subsystems
have failed. These are hardware devices or software products such as disk
mirroring or server mirroring aimed at reducing loss of data due to
system failures or human errors. It is the ability of a processor to maintain
effectiveness after some subsystems have failed. This is a technical and
preventive control and ensures availability control.
Fault-tolerant programming
Fault tolerant programming is robust programming plus redundancy
features, and is partially similar to N-version programming.
Feature
An advantage attributed to a system.
Federated trust
Trust established within a federation, enabling each of the mutually
trusting realms to share and use trust information (e.g., credentials)
obtained from any of the other mutually trusting realms.
Federation
A collection of realms (domains) that have established trust among
themselves. The level of trust may vary, but typically include authentication
and may include authorization.
Fetch protection
A system-provided restriction to prevent a program from accessing data in
another user ’s segment of storage. This is a technical and preventive
control.
Fiber-optic cable
A method of transmitting light beams along optical fibers. A light beam,
such as that produced in a laser, can be modulated to carry information. A
single fiber-optic channel can carry significantly more information than
most other means of information transmission. Optical fibers are thin
strands of glass or other transparent material.
File
(1) A collection of related records. (2) A collection of information
logically grouped into a single entity and referenced by a unique name,
such as a filename.
File descriptor attacks
File descriptors are non-negative integers that the system uses to keep
track of files rather than using specific filenames. Certain file descriptors
have implied uses. When a privileged program assigns an inappropriate
file descriptor, it exposes that file to compromise.
File encryption
The process of encrypting individual files on a storage medium and
permitting access to the encrypted data only after proper authentication is
provided.
File encryption key (FEK)
Each owner ’s file is encrypted under a different randomly generated
symmetric file encryption key (FEK).
File infector virus
A virus that attaches itself to executable program files, such as word
processors, spreadsheet applications, and computer games.
File integrity checker
Software that generates, stores, and compares message digests for files to
detect changes to the files.
File protection
The aggregate of all processes and procedures in a system designed to
inhibit unauthorized access, contamination, or deletion of a file.
File security
The means by which access to computer files is limited to authorized users
only.
File server
Sends and receives data between workstation and the server.
File system
A mechanism for naming, storing, organizing, and accessing files stored
on logical volumes.
File transfer protocol (FTP)
A means to exchange remote files across a TCP/IP network and requires an
account on the remote computer. Different versions of FTP include trivial
FTP (not secure), secure FTP, and anonymous FTP using the “username”
anonymous (not secure).
Finger table
Used for node lookup in peer-to-peer (P2P) networks. Each node
maintains a finger table with entries, indexes, and node identifiers. Each
node stores the IP addresses of the other nodes.
Finite state machine (FSM) model
The finite state machine (FSM) model is used for protocol modeling to
demonstrate the correctness of a protocol. Mathematical techniques are
used in specifying and verifying the protocol correctness. In FSM, each
protocol machine of the sender or receiver is in a specific state, consisting
of all the values of its variables and the program counter. From each state,
there are zero or more possible transitions to other states. FSM is a
mathematical model of a sequential machine that is composed of a finite
set of input events, a finite set of output events, a finite set of states, a
function that maps states and input to output, a function that maps states and
inputs to states (a state transition function), and a specification that
describes the initial state. FSMs are used for real-time application systems
requiring better user interface mechanisms (menu-driven systems). In
other words, FSM defines or implements the control structure of a system.
Firewall
(1) A process integrated with a computer operating system that detects and
prevents undesirable applications and remote users from accessing or
performing operations on a secure computer; security domains are
established which require authorization to enter. (2) A product that acts as a
barrier to prevent unauthorized or unwanted communications between
sections of a computer network. (3) A device or program that controls the
flow of network traffic between networks or hosts that employ differing
security postures. (4) A gateway that limits access between networks in
accordance with local security policy. (5) A system designed to prevent
unauthorized accesses to or from a private network. (6) Often used to
prevent Internet users from accessing private networks connected to the
Internet.
Firewall control proxy
The component that controls a firewall’s handling of a call. The firewall
control proxy can instruct the firewall to open specific ports that are
needed by a call, and direct the firewall to close these ports at call
termination.
Firewall environment
A firewall environment is a collection of systems at a point on a network
that together constitute a firewall implementation. The environment could
consist of one device or many devices such as several firewalls, intrusion
detection systems, and proxy servers.
Firewall platform
A firewall platform is the system device upon which a firewall is
implemented. An example of a firewall platform is a commercial
operating system running on a personal computer.
Firewall rule set
A firewall rule set is a table of instructions that the firewall uses for
determining how packets should be routed between its interfaces. In
routers, the rule set can be a file that the router examines from top to
bottom when making routing decisions.
Firmware
(1) Software permanently installed inside the computer as part of its main
memory to provide protection from erasure or loss if electrical power is
interrupted. (2) The programs and data components of a cryptographic
module that are stored in hardware within the cryptographic boundary and
cannot be dynamically written or modified during execution.
Fit-gap analysis
This analysis is a common technique, which can be applied to help define
the nature of the required service components. It examines the components
within the context of requirements and makes a determination as to the
suitability of the service component.
Flash ROM
Flash read only memory (ROM) is nonvolatile memory that is writable.
Flaw
An error of commission, omission, or oversight in a system that allows
protection mechanisms to be bypassed or disabled. Synonymous with
loophole or fault.
Flaw-based DoS attacks
These make use of software errors to consume resources. Patching and
upgrading software can prevent the flaw-based DoS attacks.
Flooding
Sending large numbers of messages to a host or network at a high rate.
Flooding attacks
Flooding attacks most often involve copying valid service requests and
resending them to a service provider. The attacker may issue repetitive
SOAP/XML messages in an attempt to overload the Web service. This type
of activity may not be detected as an intrusion because the source IP
address is valid, the network packer behavior is valid, and the SOAP/XML
message is well- formed. But the business behavior is not legitimate
resulting in a DoS attack. Techniques for detecting and handling DoS can
be applied against flooding attacks.
Flow
A particular network communication session occurring between hosts.
Flow control
A strategy for protecting the contents of information objects from being
transferred to objects at improper security levels. It is more restrictive than
access control.
Flow-sensitive analysis
Analysis of a computer program that takes into account the flow of
control.
Focused testing
A test methodology that assumes some knowledge of the internal structure
and implementation detail of the assessment object. Focused testing is also
known as gray box testing.
Folder
An organizational structure used by a file system to group files.
Folder encryption
The process of encrypting individual folders on a storage medium and
permitting access to the encrypted files within the folders only after proper
authentication is provided.
Forensic computer
The practice of gathering, retaining, and analyzing computer-related data
for investigative purposes in a manner that maintains the integrity of the
data.
Forensic copy
An accurate bit-for-bit reproduction of the information contained on an
electronic device or associated media, whose validity and integrity has
been verified using an accepted algorithm.
Forensic hash
It is used to maintain the integrity of an acquired data by computing a
cryptographically strong, non-reversible hash value over the acquired
data. A hash code value is computed using several algorithms.
Forensic process
It is the process of collecting, examining, analyzing, and reporting of facts
to gain a better understanding of an event of interest.
Forensic specialist
A professional who locates, identifies, collects, analyzes, and examines
data while preserving the data's integrity and maintaining a strict chain of
custody of information discovered.
Formal verification
The process of using formal proofs to demonstrate the consistency (design
verification) between a formal specification of a system and a formal
security policy model or (implementation verification) between the formal
specification and its program implementation.
Forward cipher
One of the two functions of the block cipher algorithm that is selected by
the cryptographic key.
Forward engineering
The traditional process of moving from high-level abstractions and
logical, implementation-independent designs to the physical
implementation of a system.
Frame relay
A type of fast packet technology using variable length packets called
frames. By contrast, a cell-relay system such as asynchronous transfer
mode (ATM) transports user data in fixed-sized cells.
Freeware
Software made available to the public at no cost. The author retains the
copyright rights and can place restrictions on the program’s use.
Frequency analysis attacks
A sequence of letters and words used in cryptographic keys, messages, and
conversations between people when they are transforming the plaintext
into ciphertext. This transformation is of two types: substitution and
permutation. Both substitution ciphers (shifts the letters and words used in
the plaintext) and transposition ciphers (permutes or scrambles the letters
and words used in the plaintext) are subject to frequency analysis attack.
These ciphers can be simple or complex, where the former uses a short
sequence of letters and words and the latter uses a long sequence of letters
and words. The goal of the attacker is to determine the cryptographic key
used in the transformation of the plaintext into the ciphertext to complete
his attack.
Front-end processors (FEP)
A front-end processor (FEP) is a programmed-logic or stored-program
device that interfaces data communication equipment with an input/output
bus or the memory of a data processing computer.
Full disk encryption (FDE)
The process of encrypting all the data on the hard drive used to boot a
computer, including the computer ’s operating system, and permitting
access to the data only after successful authentication with the full disk
encryption product. FDE is also called whole disk encryption.
Full-scale testing
Full-scale testing or full-interruption testing is disruptive and costly to an
organization’s business processes and operations as computer systems will
not be available on a 24×7 schedule.
Full tunneling
A method that causes all network traffic to go through the tunnel to the
organization.
Fully connected topology
Fully connected topology is a network topology in which there is a direct
path (branch) between any two nodes. With n nodes, there are n (n–1) / 2
direct paths or branches.
Functional design
A process in which the user ’s needs are translated into a system’s technical
specifications.
Functional testing
The portion of security testing in which the advertised security
mechanisms of a system are tested, under operational conditions, for
correct operation. This is a management and preventive control.
Functionality
Distinct from assurance, the functional behavior of a system. Functionality
requirements include confidentiality, integrity, availability, authentication,
and safety.
Fuzz testing
Similar to fault injection testing in that invalid data is input into the
application via the environment, or input by one process into another
process. Fuzz testing is implemented by tools called fuzzers, which are
programs or script that submit some combination of inputs to the test
target to reveal how it responds.
Fuzzy logic
It uses set theory, which is a mathematical notion that an element may have
partial membership in a set. Fuzzy logic is used in insurance and financial
risk assessment application systems.
G
G2B
Government-to-business (G2B) is an electronic government (e-
government) model where interactions are taking place between
governments and businesses and vice versa. Examples of interactions
include procurement and acquisition transactions with business entities and
payments to them (e.g., U.S. DoD doing business with Defense
Contractors). Reverse auction is practiced in B2B or G2B e-commerce.
G2C
Government-to-citizens (G2C) is an electronic government model where
interactions are taking place between a government and its citizens.
Examples of interactions include entitlement payments (e.g., retirement and
Medicare benefits), tax receipts, and refund payments.
G2E
Government-to-employees (G2E) is an electronic government model
where interactions are taking place between government agencies and their
employees.
G2G
Government-to-government (G2G) is an electronic government model
where interactions are taking place within a government agency and those
between other government agencies.
Galois counter mode (GCM) algorithm
Provides authenticated encryption and authenticated decryption functions
for both confidential data and non- confidential data. Each of these
functions is relatively efficient and parallel; consequently, high-throughput
implementations are possible in both hardware and software. GCM
provides stronger authentication assurance than a non-cryptographic
checksum or error detecting code; in particular, GCM can detect both
accidental modifications of the data and intentional, unauthorized
modifications. The GCM is constructed with a symmetric key block cipher
key a block size of 128 bits and a key size of at least 128 bits. The GCM is
a mode of operation of the AES algorithm.
Galois message authentication code (GMAC)
Provides authenticated encryption and authenticated decryption for non-
confidential data only. GMAC is a specialized GCM when the GCM input is
restricted to data that is not be encrypted; and GMAC is simply an
authentication mode on the input data.
Gateway
It is an interface between two networks and a means of communicating
between networks. It is designed to reduce the problems of interfacing
different networks or devices. The networks involved may be any
combination of local networks that employ different level protocols or
local and long-haul networks. It facilitates compatibility between networks
by converting transmission speeds, protocols, codes, or security measures.
Gateways operate in the application layer and transport layer of the
ISO/OSI reference model.
General packet radio service (GPRS)
A packet switching enhancement to global system for mobile
communications (GSM) and time division multiple access (TDMA)
wireless networks to increase data transmission speeds.
General support system (GSS)
An interconnected information resource under the same direct
management controls that share common functionality. It normally
includes hardware, software, information, data, applications,
communications, facilities, and people and provides support for a variety
of users and/or applications. Individual applications support different
mission-related functions. Users may be from the same or different
organizations.
Generalized testing
A test methodology that assumes no knowledge of the internal structure
and implementation detail of the assessment object. Also known as black-
box testing.
Global positioning system (GPS)
(1) A system for determining position by comparing radio signals from
several satellites. (2) A network of satellites providing precise location
determination to receivers.
Global supply chain
A system of organizations, people, activities, information, and resources,
international in scope, involved in moving products or services from
supplier/producer to consumer/customer.
Global system for mobile communications (GSM)
A set of standards for second generation cellular networks currently
maintained by the third generation partnership project (3GPP).
Gopher
A protocol designed to allow a user to transfer text or binary files among
computer hosts across networks.
Graduated security
A security system that provides several levels (e.g., low, moderate, or
high) of protection based on threats, risks, available technology, support
services, time, human concerns, and economics.
Granularity
(1) An expression of the relative size of a data object. (2) The degree to
which access to objects can be restricted. (3) Granularity can be applied to
both the actions allowable on objects, as well as to the users allowed to
perform those actions of the object. (4) The relative fineness or coarseness
by which a mechanism can be adjusted. For example, protection at the file
level is considered to be coarse granularity, whereas protection at the field
level is considered to be of finer granularity. (5) The phrase “the
granularity of a single user” means the access control mechanism can be
adjusted to include or exclude any single user.
Graphical user interface (GUI)
A combination of menus, screen design, keyboard commands, command
language, and help screens that together create the way a user interacts with
a computer. Allows users to move in and out of programs and manipulate
their commands by using a pointing device (often a mouse). Synonymous
with user interface.
Gray box testing
A test methodology that assumes some knowledge of the internal structure
and implementation detail of the assessment object. Focused testing is also
known as gray box testing.
Grid computing
A form of distributed computing whereby a super virtual computer is
composed of many networked and loosely coupled computers working
together to perform very large tasks. The grid handles non-interactive
workloads that involve a large number of files that are heterogeneous and
geographically dispersed. Grids are constructed with middleware and
software libraries, and the grid computers are connected to a network (that
is, private, public, or the Internet) with a conventional network interface,
such as Ethernet. There is an overlap between grid computing, distributed
computing, parallel computing, and mesh computing (Wikipedia).
Group
A set of subjects.
Groupware
Software that recognizes the significance of groups by providing system
functions to support the collaborative activities of work groups.
Guard (hardware and software)
A mechanism limiting the exchange of information between information
systems or subsystems. It operates as a gatekeeper in the form of an
application layer guard to implement firewall mechanisms, such as
performing identification and authentication functions and enforcing
security policies. Guard functionality includes such features as
cryptographic invocation check on information that is allowed outside the
protected enclave and data content filtering to support sensitivity regrade
decisions. The guard functionality, although effective for non-real-time
applications (e.g., e-mail) on networks with low sensitivity, has been
difficult to scale to highly classified networks and real-time applications.
Guessing entropy
A measure of the difficulty that an attacker has to guess the average
password used in a system. Entropy is stated in bits. The attacker is
assumed to know the actual password frequency distribution.
Guessing (password)
The act of repeatedly attempting to authenticate using default passwords,
dictionary words, and other possible passwords.
H
H.225
A gatekeeper telephony protocol used in the PC-to-gatekeeper channel (the
International Telecommunications Union (ITU) standard).
H.245
A telephony protocol used to allow terminals to negotiate options (the ITU
standard).
H.248
A protocol used in large deployment for gateway decomposition (the ITU
standard).
H.323
A gateway protocol used in the Internet telephony systems operating with
packet-switched networks providing voice and video calling and signaling
(the ITU standard).
Hacker
Any unauthorized user who gains, or attempts to gain, access to an
information system, regardless of motivation.
Handler
A type of program used in distributed denial-of-service (DDoS) attacks to
control agents distributed throughout a network. Also refers to an incident
handler, which refers to a person who performs computer-security
incident response work.
Handshake
Involves passing special characters (XON/XOFF) between two devices or
between two computers to control the flow of information. When the
receiving computer cannot continue to receive data, it transmits an XOFF
that tells the sending computer to stop transmitting. When transmission can
resume, the receiving computer signals the sending computer with an
XON. Two types of handshake exist: hardware and software. The hardware
handshake uses non-data wires for transmission and the software
handshake uses data wires as in modem-to-modem communications over
telephone lines.
Handshaking procedure
A dialogue between two entities (e.g., a user and a computer, a computer
and another computer, or a program and another program) for the purpose
of identifying and authenticating the entities to one another.
Hardening
Configuring a host’s operating system and application systems to reduce
the host’s security weaknesses.
Hardware and software monitors
Hardware monitors work by attaching probes to processor circuits and
detecting and recording events at those probes. Software monitors are
programs that execute in a computer system to observe and report on the
behavior of the system.
Hardware segmentation
The principle of hardware segmentation provides hardware transparency
when hardware is designed in a modular fashion and when it is
interconnected. A failure in one module should not affect the operation of
other modules. Similarly, a module attacked by an intruder should not
compromise the entire system. System architecture should be arranged so
that vulnerable networks or network segments can be quickly isolated or
taken off-line in the event of an attack. Examples of hardware that need to
be segmented includes network switches, physical circuits, and power
supply equipment.
Hardware tokens
Hardware tokens (also called hard tokens or eTokens) are devices with
computing capability integrated into the device.
Hash algorithm
Algorithm that creates a hash based on a message.
Hash-based message authentication code (HMAC)
(1) A symmetric key authentication method using hash function. (2) A
message authentication code (MAC) that uses a cryptographic key in
conjunction with a hash function. (3) A MAC that utilizes a keyed hash.
Hash code
The string of bits that is the output of a hash function.
Hash function
A function that maps a bit string of arbitrary length to a fixed length bit
string. Approved hash functions satisfy the following properties: (1) one-
way states that it is computationally infeasible to find any input that maps to
any pre-specified output, and (2) collision resistant states that it is
computationally infeasible to find any two distinct inputs that map to the
same output. The hash function may be used to produce a checksum, called
a hash value or message digest, for a potentially long string or message.
Hash total
The use of specific mathematical formulae to produce a quantity (often
appended to and) used as a checksum or validation parameter for the data it
protects. This is a technical and detective control.
Hash value
(1) The fixed-length bit string produced by a hash function. (2) The result
of applying a hash function to information. See message digest.
Hashing
The process of using a mathematical algorithm against data to produce a
numeric value that is representative of that data.
Hedging
Taking a position opposite to the exposure or risk. Because they reduce
exposures and risks, risk mitigation techniques are examples of hedging.
High assurance guard
An enclave boundary protection device that controls access between a LAN
that an enterprise system has a requirement to protect, and an external
network that is outside the control of the enterprise system, with a high
degree of assurance.
High availability
A failover feature to ensure availability during device or component
interruptions.
High-impact system
An information system in which at least one security objective (i.e.,
confidentiality, integrity, or availability) is assigned a potential impact
value of high.
High-level data link control (HDLC) protocol
HDLC is a bit-oriented protocol with frame structure consisting of
address, control, data, and checksum (cyclic redundancy code) fields
(Tanenbaum).
Hijacking
An attack that occurs during an authenticated session with a database or
system. The attacker disables a user ’s desktop system, intercepts responses
from the application, and responds in ways that probe the session.
Holder-of-key assertion
An assertion that contains a reference to a symmetric key or a public key
(corresponding to a private key) possessed by the subscriber. The relying
party may require the subscriber to prove their identity.
Honeynet
A network of honeypots designed to attract hackers so that their intrusions
can be detected and analyzed, and to study the hackers’ behavior.
Organizations should consult their legal counsel before deploying a
honeynet for any legal ramifications of monitoring an attacker ’s activity.
Honeypot
A fake production system designed with firewalls, routers, Web services,
and database servers that looks like a real production system, but acts as a
decoy and is studied to see how attackers do their work. It is a host
computer that is designed to collect data on suspicious activity and has no
authorized users other than security administrators and attackers.
Organizations should consult their legal counsel before deploying a
honeypot for any legal ramifications of monitoring an attacker ’s activity.
Host
(1) Any node that is not a router. (2) Any computer-based system
connected to the network and containing the necessary protocol interpreter
software to initiate network access and carry out information exchange
across the communications network. (3) The term can refer to almost any
kind of computer, including a centralized mainframe that is a host to its
terminals, a server that is host to its clients, or a desktop personal
computer (PC) that is host to its peripherals. In network architectures, a
client station (user ’s machine) is also considered a host because it is a
source of information to the network, in contrast to a device, such as a
router or switch that directs traffic. This definition encompasses typical
mainframe computers and workstations connected directly to the
communications sub-network and executing the inter-computer
networking protocols. A terminal is not a host because it does not contain
the protocol software needed to perform information exchange. A router
or switch is not a host either. A workstation is a host because it does have
such capability. Host platforms include operating systems, file systems,
and communications stacks.
Host-based firewall
A software-based firewall installed on a server to monitor and control its
incoming and outgoing network traffic. Security in host-based firewalls is
generally at the application level, rather than at a network level.
Host-based intrusion detection system (IDS)
IDS operate on information collected from within an individual computer
system. This vantage point allows host-based IDSs to determine exactly
which processes and user accounts are involved in a particular attack on
the operating system. Furthermore, unlike network-based IDSs, host-based
IDSs can more readily “see” the intended outcome of an attempted attack,
because they can directly access and monitor the data files and system
processes usually targeted by attacks. It is a program that monitors the
characteristics of a single host and the events occurring within the host to
identify and stop suspicious activity.
Host-based security
The technique of securing an individual system from attack. It is dependent
on an operating system and its version.
Host-to-front-end protocol
A set of conventions governing the format and control of data that are
passed from a host to a front-end machine.
Hot failover device
Computer systems will have at least one backup mechanism in that when
the primary device fails or is taken off-line, the hot failover device comes
online and maintains all existing communications sessions; no disruption
of communications occurs. This concept can be applied to firewalls.
Hotfix
Microsoft’s term to bundle hotfixes (patches) into service packs for easier
and faster installation.
Hot-site
(1) An alternate site with a duplicate IT already set up and running, which
is maintained by an organization or its contractor to ensure continuity of
service for critical systems in the event of a disaster. (2) A fully
operational offsite data processing facility equipped with hardware and
system software to be used in the event of a disaster.
Hot spare
A hot spare drive is a physical hot standby drive installed in the RAID disk
array that is active and connected but is inactive until an active drive fails.
When a key component fails, the hot spare is switched into operation. A hot
spare reduces the mean time to recovery (MTTR), thus supporting
redundancy and availability. Hot spare requires hot swapping or hot
plugging by a human operator (Wikipedia).
Hot spots
Hot spots consist of one or more Wi-Fi access points positioned on a
ceiling or wall in a public place to provide maximum wireless coverage
for a wireless LAN.
Hot wash
Hot wash is a debriefing session conducted immediately after an exercise
or test of an information system with the testing team, non-testing staff,
and other participants to share problems and experiences.
Hubs
A hub can be thought of a central place from which all connections are
made between networks and computers. Hubs are simple devices that
connect network components, sending a packet of data to all other
connected devices. Hubs operate in the physical layer of the ISO/OSI
reference model.
Human threats
Examples of human threats include intentional/unintentional errors;
sabotage of data, systems, and property; implanting of malicious code; and
terrorist attacks.
Hybrid attack (password)
A form of guessing attack in which the attacker uses a dictionary that
contains possible passwords and then uses variations through brute force
methods of the original passwords in the dictionary to create new potential
passwords. Hybrid Attack = Dictionary Attack + Brute Force Attack.
Hybrid security control
A security control that has the properties of both a common security
control and a system-specific security control (i.e., one part of the control
is deemed to be common, whereas another part of the control is deemed to
be system-specific).
Hybrid topology
Hybrid topology is a combination of any two different basic network
topologies (e.g., combination of star topology and bus topology). The tree
topology is an example of a hybrid topology where a linear bus backbone
connects star-configured networks.
Hyperlink
An electronic link providing direct access from one distinctively marked
place in a hypertext or hypermedia document to another in the same or a
different document.
Hypertext markup language (HTML)
A markup language that is a subset of standard generalized markup
language (SGML) and is used to create hypertext and hypermedia
documents on the Web incorporating text, graphics, sound, video, and
hyperlinks. It is a mechanism used to create Web pages on the Internet.
Hypertext transfer protocol (HTTP)
(1) The native protocol of the Web, used to transfer hypertext documents
on the Internet. (2) A standard method for communication between clients
and Web servers.
Hypervisor
The hypervisor or virtual machine (VM) monitor is an additional layer of
software between an operating system and hardware platform that is used
to operate multitenant VMs in cloud services. Besides virtualized
resources, the hypervisor normally supports other application
programming interfaces (APIs) to conduct administrative operations, such
as launching, migrating, and terminating VM instances. It is the
virtualization component that manages the guest operating systems (OSs)
on a host and controls the flow of instructions between the guest OSs and
the physical hardware. Compared with a traditional non-virtualized
implementation, the addition of a hypervisor causes an increase in the
attack surface, which is risky.
I
Identification
(1) The process of verifying the identity of a user, process, or device,
usually as a prerequisite for granting access to resources in an IT system.
(2) The process of discovering the true identity (i.e., origin, initial history)
of a person or item from the entire collection of similar persons or items.
Identification comes before authentication.
Identifier
A unique data string used as a key in the biometric system to name a
person’s identity and its associated attributes.
Identity
(1) A unique name of an individual person. Because the legal names of
persons are not necessarily unique, the identity of a person must include
sufficient additional information (for example, an address or some unique
identifier such as an employee or account number) to make the complete
name unique. (2) It is information that is unique within a security domain
and which is recognized as denoting a particular entity within that domain.
(3) The set of physical and behavioral characteristics by which an
individual is uniquely recognizable.
Identity-based access control (IBAC)
An access control mechanism based only on the identity of the subject and
object. An IBAC decision grants or denies a request based on the presence
of an entity on an access control list. IBAC and discretionary access
control are considered equivalent.
Identity-based security policy
A security policy based on the identities and/or attributes of the object
(system resource) being accessed and of the subject (e.g., user, group of
users, process, or device) requesting access.
Identity binding
Binding of the vetted claimed identity to the individual (through
biometrics) according to the issuing authority.
Identity management
Identity management system comprised of one or more systems or
applications that manages the identity verification, validation, and issuance
process.
Identity proofing
(1) A process by which a credential service provider (CSP) and a
registration authority (RA) validate sufficient information to uniquely
identify a person. (2) The process of providing sufficient information
(e.g., identity history, credentials, and documents) to a personal identity
verification (PIV) registrar when attempting to establish an identity.
Identity registration
The process of making a person’s identity known to the personal identity
verification (PIV) system, associating a unique identifier with that identity,
and collecting and recording the person’s relevant attributes into the
system.
Identity token
A smart card, a metal key, or some other physical token carried by a
system user that allows user identity validation.
Identity verification
The process of confirming or denying that a claimed identity is correct by
comparing the credentials (i.e., something you know, something you have,
something you are) of a person requesting access with those previously
proven and stored in the personal identity verification (PIV) card or
system and associated with the identity being claimed.
Impact
The magnitude of harm that can be expected to result from the
consequences of unauthorized disclosure of information, unauthorized
modification of information, unauthorized destruction of information, loss
of information, or loss of information system availability.
Impersonating
An attempt to gain access to a computer system by posing as an authorized
user. Synonymous with masquerading, spoofing, and mimicking.
Implementation attacks
Implementation attacks can occur when hardware or software is not
implemented properly or is not used correctly. For example, if a secure
socket layer (SSL) protocol or transport layer security (TLS) protocol is
implemented improperly or used incorrectly, it is subjected to a man-in-
the-middle (MitM) attack. This attack occurs when a malicious entity
intercepts all communication between the Web client and the Web server
with which the client is attempting to establish an SSL/TLS connection.
Inappropriate usage
A person who violates acceptable use of any network or computer policies.
In-band management
In in-band management, a secure shell (SSH) session is established with the
connectivity device (e.g., routers and switches) in a distributed local-area
network (LAN).
Incident
(1) An occurrence that actually or potentially jeopardizes the
confidentiality, integrity, or availability of an information system or the
information the system processes, stores, or transmits or that constitutes a
violation or imminent threat of violation of computer security policies,
acceptable use policies, or standard security practices.
Incident handling
The mitigation of violations of security policies and recommended
practices.
Incident indications
A sign that an incident (e.g., malware) may have occurred or may be
currently occurring.
Incident precursors
(1) A sign that a malware attack may occur in the future. (2) A sign that an
attacker may be preparing to cause an incident.
Incident response plan
The documentation of a predetermined set of instructions or procedures to
detect, respond to, and limit consequences of a malicious cyber attack
against an organization’s IT system(s).
Incident-response team
A multidisciplined team consisting of technical, legal, audit, and public
affairs specialists to address adverse events.
Incineration
A physically destructive method of sanitizing media; the act of burning
completely to ashes.
Incomplete parameter checking
A system design fault that exists when all parameters have not been fully
checked for accuracy and consistency by the operating system, thus makes
the system vulnerable to penetration.
Incorrect file and directory permissions
File and directory permissions control the access users and processes have
to files and directories. Appropriate permissions are critical to the security
of any system. Poor permissions could allow any number of attacks,
including the reading or writing of password files or the addition of hosts
to the list of trusted remote hosts.
Inculpatory evidence
Evidence that tends to increase the likelihood of fault or guilt.
Independent validation and verification
Review, analysis, and testing conducted by an independent party
throughout the life cycle of software development to ensure that the new
software meets user or contract requirements.
Indication
A sign that an incident (e.g., malware) may have occurred or may be
currently occurring.
Individual accountability
The ability to positively associate the identity of a user with the time,
method, and degree of system access.
Inference
Derivation of new information from known information. The inference
problem refers to the fact that the derived information may be classified at
a level for which the user is not cleared. Users may deduce unauthorized
information from the legitimate information they acquire. Inference is a
problem that derives primarily from poor database design.
Inference attacks
An inference attack occurs when a user or intruder is able to deduce
information to which he had no privilege from information to which he
has privilege. It is a part of traffic analysis attacks.
Information architecture
The technologies, interfaces, and geographical locations of functions
involved with an organization’s information activities.
Information assurance
Measures that protect and defend data/information and information
systems by ensuring their availability, integrity, authentication,
confidentiality, and nonrepudiation. These measures include providing for
restoration of information systems by incorporating protection, detection,
and reaction capabilities.
Information density
The total amount and quality of information available to all market
participants, consumers, and merchants.
Information economics
Deals with the principle that the costs to obtain information should be
equal to or less than the benefits to be derived from the information.
Information engineering
An approach to planning, analyzing, designing, and developing an
information system with an enterprise-wide perspective and an emphasis
on data and architectures.
Information flow
The sequence, timing, and direction of how information proceeds through
an organization.
Information flow control
Access control based on restricting the information flow into an object
(e.g., Bell and La Padula model).
Information owner
An official with responsibility for establishing controls for information
generation, collection, processing, dissemination, and disposal.
Information portal
A single point of access through a Web browser to business information
inside and/or outside an organization.
Information quality
Information quality is composed of three elements such as utility, integrity,
and objectivity.
Information resources
Information and related resources, such as personnel, equipment, funds,
and information technology.
Information rights
The rights that individuals and organizations have regarding information
that pertains to them.
Information security
The protection of information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction in order to
provide confidentiality, integrity, and availability.
Information security architecture
An embedded, integral part of the enterprise architecture that describes the
structure and behavior for an enterprise’s security processes, information
security systems, personnel and organizational subunits, showing their
alignment with the enterprise’s mission and strategic plans.
Information security policy
Aggregate of directives, regulations, rules, and practices that prescribe
how an organization manages, protects, and distributes information.
Information security program plan
A formal document that provides an overview of the security requirements
for an organization-wide information security program and describes the
program management controls and common controls in place or planned
for meeting those requirements.
Information system (IS)
A discrete set of information resources organized for the collection,
processing, maintenance, use, sharing, dissemination, or disposition of
information.
Information system owner
An official responsible for the overall procurement, development,
integration, modification, or operation and maintenance of an information
system.
Information system resilience
The ability of an information system to continue to: (1) operate under
adverse conditions or stress, even if in a degraded or debilitated state,
while maintaining essential operational capabilities; and (2) recover to an
effective operational posture in a time frame consistent with mission
needs. It supports agile defense strategy and is the same as resilience.
Information system security officer (ISSO)
Individual assigned responsibility by the senior agency information
security officer, authorizing official, management official, or information
system owner for ensuring the appropriate operational security posture is
maintained for an information system or program.
Information-systems (IS) security
The protection afforded to information systems in order to preserve the
availability, integrity, and confidentiality of the systems and information
contained within the systems. Such protection is the application of the
combination of all security disciplines that will, at a minimum, include
communications security, emanation security, emission security, computer
security, operational security, information security, personnel security,
industrial security, resource protection, and physical security.
Information systems security engineering
The art and science of discovering users’ information protection needs and
then designing and making information systems, with economy and
elegance, so they can safely resist the forces to which they may be
subjected.
Information technology (IT)
(1) Any equipment or interconnected system or sub-system of equipment
that is used in the automatic acquisition, storage, manipulation,
management, movement, control, display, switching, interchange,
transmission, or reception of data or information by an organization or its
contractor. (2) The term IT includes computers, ancillary equipment,
software, firmware, and similar procedures, services (including support
services), and related resources.
Information-technology (IT) architecture
An integrated framework for evolving or maintaining existing IT and
acquiring new IT to achieve the organization’s strategic goals. A complete
IT architecture should consist of both logical and technical components.
The logical architecture provides the high-level description of the
organization’s mission, functional requirements, information
requirements, system components, and information flows among the
components. The technical architecture defines the specific IT standards
and rules used to implement the logical architecture.
Information type
A specific category of information (e.g., privacy, medical, proprietary,
financial, investigative, contractor sensitive, and security management)
defined by an organization or in some instances, by a specific law,
executive order, directive, policy, or regulation.
Information value
(1) The value of information is dependent on who needs the information
(i.e., insider or outsider of an organization) and its worth to this person.
(2) A qualitative measure of the importance of the information based upon
factors such as level of robustness of the information assurance controls
allocated to the protection of information based upon mission criticality,
the sensitivity (e.g., classification and compartmentalization) of the
information, releasability to other entities, perishability/longevity of the
information (e.g., short life data versus long life data), and potential impact
of loss of confidentiality, integrity, and availability of the information.
Infrastructure component
Software unit that provides application functionality not related to business
functionality, such as error/message handling, audit trails, or security.
Ingress filtering
(1) Filtering of incoming network traffic. (2) Blocking incoming packets
that should not enter a network. (3) The process of blocking incoming
packets that use obviously false IP addresses, such as reserved source
addresses.
Inheritance
(1) A situation in which an information system or an application system
receives protection from security controls (or portions of security
controls) that are implemented by other entities either internal or external
to the organization where the system resides. (2) A mechanism that allows
objects of a class to acquire part of their definition from another class
(called a super class). Inheritance can be regarded as a method for sharing
a behavioral description.
Initial program load (IPL)
A process of copying the resident operating system into the computer ’s
read memory.
Initialization vector (IV)
(1) A non-secret binary vector used in defining the starting point of an
encryption process within a cryptographic algorithm. (2) A data block that
some modes of operation require as an additional initial input.
Inline sensor
A sensor deployed so that the network traffic it is monitoring must pass
through it.
Input block
A data block that is an input to either the forward cipher function or the
inverse cipher function of the block cipher algorithm.
Insider attack
An attack originating from inside a protected network, either malicious or
nonmalicious.
Instant messaging (IM)
A facility for exchanging messages in real-time with other people over the
Internet and tracking the progress of the conversation.
Integrated services digital network (ISDN)
A worldwide digital communications network evolving from existing
telephone services. The goal of ISDN is to replace the current analog
telephone system with totally digital switching and transmission facilities
capable of carrying data ranging from voice to computer transmission,
music, and video. Computers and other devices are connected to ISDN
lines through simple, standardized interfaces. When fully implemented,
ISDN is expected to provide users with faster, more extensive
communications services in data, video, and voice.
Integration test
A process to confirm that program units are linked together and that they
interface with files or databases correctly. This is a management and
preventive control.
Integrity
(1) The property that protected and sensitive data has not been modified or
deleted in an unauthorized and undetected manner. (2) Preservation of the
original quality and accuracy of data in written or electronic form. (3)
Guarding against improper information modification or destruction, (4)
Ensuring information nonrepudiation and authenticity. (5) The ability to
detect even minute changes in the data.
Integrity level
A level of trustworthiness associated with a subject or object.
Intellectual property
Useful artistic, technical, and/or industrial information, knowledge or
ideas that convey ownership and control of tangible or virtual usage
and/or representation.
Intended signatory
An entity that intends to generate digital signatures in the future.
Interception
The process of slipping in between communications and hijacking
communications channels.
Interdiction
The act of impeding or denying the use of a computer system resource to a
user.
Interface
The common boundary between independent systems or modules where
communication takes place.
Interface profile
The sub-component that provides the capability to customize the
component for various users. The interface profile can specify the
business rules and workflow that are to be executed when the component is
initialized or it can be tailored to suit different deployment architectures
and business rules. The profile can specify the architectural pattern that
complements the service component.
Inter-file analysis
Analysis of code residing in different files that have procedural, data, or
other interdependencies.
Internal border gateway protocol (IBGP)
A border gateway protocol operation communicating routing information
within an autonomous system.
Internal control
A process within an organization designed to provide reasonable
assurance regarding the achievement of the following primary objectives
(1) the reliability and integrity of information, (2) compliance with
policies, plans, procedures, laws, regulations, and contracts, (3) the
safeguarding of assets, (4) the economical and efficient use of resources,
and (5) the accomplishment of established objectives and goals for
operations and programs.
Internal network
A network where (1) the establishment, maintenance, and provisioning of
security controls are under the direct control of organizational employees
or contractors or (2) cryptographic encapsulation or similar security
technology implemented between organization-controlled endpoints
provides the same effect. An internal network is typically organization-
owned, yet may be organization-controlled, while not being organization-
owned.
Internal security audit
A security audit conducted by personnel responsible to the management of
the organization being audited.
Internal security controls
Hardware, firmware, and software features within an information system
that restrict access to resources (hardware, software, and data) only to
authorized subjects (persons, programs, processes, or devices). Examples
of internal security controls are encryption, digital signatures, digital
certificates, and split knowledge. The security controls can be classified as
(1) supporting, preventive, detective, corrective, and recovery controls, (2)
management, technical, operational, and compensating controls, and (3)
common controls, system-specific, and hybrid controls.
Internal testing (security)
It is similar to external (security) testing except that the testers are on the
organization’s internal network behind the security perimeter.
Internet
The Internet is the single, interconnected, worldwide system of
commercial, governmental educational, and other computer networks that
share (1) the protocol suites and (2) the name and address spaces. The
Internet is a decentralized, global network of computers (Internet hosts),
linked by the use of common communications protocols (TCP/IP). The
Internet allows users worldwide to exchange messages, data, and images. It
is worldwide “network of networks” that uses the TCP/IP protocol suite
for communications.
Internet-based EDI
Web EDI that operates on the Internet, and is widely accessible to most
companies, including small-to-medium enterprises.
Internet control message protocol (ICMP)
A message control and error-reporting protocol between a host server and
a gateway to the Internet. ICMP is used by a device, often a router, to report
and acquire a wide-range of communications-related information.
Internet key exchange (IKE) protocol
Protocol used to negotiate, create, and manage security associations (SAs).
Internet message access protocol (IMAP)
A mailbox access protocol defined by IETF RFC 3501. IMAP is one of the
most commonly used mailbox access protocols, and offers a much wider
command set than post office protocol (POP). It is a method of
communication used to read electronic messages stored in a remote server.
Internet protocol (IP)
The network-layer protocol in the TCP/IP stack used in the Internet. The IP
is a connectionless protocol that fits well with the connectionless Ethernet
protocol. However, the IP does not fit well with the connection-oriented
ATM network.
Internet protocol (IP) address
An IP address is a unique number for a computer that is used to determine
where messages transmitted on the Internet should be delivered. The IP
address is analogous to a house number for ordinary postal mail.
Internet Protocol security (IPsec)
An IEEE Standard, RFC 2411, protocol that provides security capabilities
at the Internet Protocol (IP) layer of communications. IPsec’s key
management protocol is used to negotiate the secret keys that protect
virtual private network (VPN) communications, and the level and type of
security protections that will characterize the VPN. The most widely used
key management protocol is the Internet key exchange (IKE) protocol.
IPsec is a standard consisting of IPv6 security features ported over to the
current version of IPv4. IPsec security features provide confidentiality,
data integrity, and nonrepudiation services.
Internet service provider (ISP)
ISP is an entity providing a network connection to the global Internet.
Interoperability
(1) A measure of the ability of one set of entities to physically connect to
and logically communicate with another set of entities. (2) The ability of
two or more systems or components to exchange information and to use
the information that has been exchanged. (3) The capability of systems,
subsystems, or components to communicate with one another, to exchange
services, and to use information including content, format, and semantics.
Interoperability testing
Testing to ensure that two or more communications products (hosts or
routers) can interwork and exchange data.
Interpreted virus
A virus that is composed of source code that can be executed only by a
particular application or service.
Interpreter
(1) A program that processes a script or other program expression and
carries out the requested action, in accordance with the language
definition. (2) A support program that reads a single source statement,
translates that statement to machine language, executes those machine-level
instructions, and then moves on to the next source statement. An interpreter
operates on a “load and go” method.
Inter-procedural analysis
Analysis between calling and called procedures within a computer
program.
Intranet
A private network that is employed within the confines of a given
enterprise (e.g., internal to a business or agency). An organization’s
intranet is usually protected from external access by a firewall. An intranet
is a network internal to an organization but that runs the same protocols as
the network external to the organization (i.e., the Internet). Every
organizational network that runs the TCP/IP protocol suite is an Intranet.
Intrusion
Attacks or attempted attacks from outside the security perimeter of an
information system, thus bypassing the security mechanisms.
Intrusion detection
(1) Detection of break-ins or break-in attempts either manually or via
software expert systems that operate on logs or other information
available on the network. (2) The process of monitoring the events
occurring in a computer system or network and analyzing them for signs
of possible incidents.
Intrusion detection and prevention system (IDPS)
Software that automates the process of monitoring the events occurring in
a computer system or network, and analyzing them for signs of possible
incidents and attempting to stop detected possible incidents.
Intrusion detection system (IDS)
Hardware or software product that gathers and analyzes information from
various areas within a computer or a network to identify possible security
breaches, which include intrusions (attacks from outside the organization)
and misuse (attacks from within the organization).
Intrusion detection system load balancer
A device that aggregates and directs network traffic to monitoring systems,
such as intrusion detection and prevention sensors.
Intrusion prevention
The process of monitoring the events occurring in a computer system or
network, analyzing them for signs of possible incidents, and attempting to
stop detected possible incidents.
Intrusion prevention systems (IPS)
(1) Systems that can detect an intrusive activity and can also attempt to stop
the activity, ideally before it reaches its targets. (2) Software that has all the
capabilities of an intrusion detection system and can also attempt to stop
possible incidents.
Inverse cipher
(1) A series of transformations that converts ciphertext to plaintext, using
the cipher key. (2) The block cipher algorithm function that is the inverse
of the forward cipher function when the same cryptographic key is used.
Investigation process
Four phases exist in a computer security incident investigation process:
initiating the investigation (phase 1), testing and validating the incident
hypothesis (phase 2), analyzing the incident (phase 3), and presenting the
evidence (phase 4). The correct order of the investigation process is:
gather facts (phase 1); interview witnesses (phase 1); develop incident
hypothesis (phase 1); test and validate the hypothesis (phase 2); analyze
(phase 3); and report the results to management and others (phase 4).
Inward-facing
It refers to a system that is connected on the interior of a network behind a
firewall.
IP address
An Internet Protocol (IP) address is a unique number for a computer that is
used to determine where messages transmitted on the Internet should be
delivered. The IP address is analogous to a house number for ordinary
postal mail.
IP payload compression (IPComp) protocol
Protocol used to perform lossless compression for packet payloads.
IP spoofing
Refers to sending a network packet that appears to come from a source
other than its actual source.
Isolation
The containment of subjects and objects in a system in such a way that they
are separated from one another, as well as from the protection controls of
the operating system.
ISO (International Organization for Standardization)
An organization established to develop and define data processing
standards to be used throughout participating countries.
IT-related risk
The net mission/business impact considering (1) the likelihood that a
particular threat source will exploit, or trigger, particular information
system vulnerability, and (2) the resulting impact if this should occur. IT-
related risks arise from legal liability or mission/business loss due to, but
not limited to (i) unauthorized (malicious, nonmalicious, or accidental)
disclosure, modification, or destruction of information, (ii) nonmalicious
errors and omissions, (iii) IT disruptions due to natural or man-made
disasters, (iv) failure to exercise due care and due diligence in the
implementation and operation of the IT function.
IT security awareness and training program
Explains proper rules of behavior for the use of organization’s IT systems
and information. The program communicates IT security policies and
procedures that need to be followed.
IT security education
IT security education seeks to integrate all of the security skills and
competencies of the various functional specialists into a common body of
knowledge, adds a multi-discipline study of concepts, issues, and
principles (technological and social), and strives to produce IT security
specialists and professionals capable of vision and proactive response.
IT security goal
The five security goals are confidentiality, availability, integrity,
accountability, and assurance.
IT security investment
An IT application or system that is solely devoted to security. For instance,
intrusion detection system (IDS) and public key infrastructure (PKI) are
examples of IT security investments.
IT security metrics
Metrics based on IT security performance goals and objectives.
IT security policy
The documentation of IT security decisions in an organization. Three
basic types of policy exist (1) Program policy high-level policy used to
create an organization’s IT security program, define its scope within the
organization, assign implementation responsibilities, establish strategic
direction, and assign resources for implementation. (2) Issue-specific
policies address specific issues of concern to the organization, such as
contingency planning, the use of a particular methodology for systems
risk management, and implementation of new regulations or law. These
policies are likely to require more frequent revision as changes in
technology and related factors take place. (3) System-specific policies
address individual systems, such as establishing an access control list or in
training users as to what system actions are permitted. These policies may
vary from system to system within the same organization. In addition,
policy may refer to entirely different matters, such as the specific
managerial decisions setting an organization’s electronic mail policy or
fax security policy.
IT security training
IT security training strives to produce relevant and needed security skills
and competencies by practitioners of functional specialties other than IT
security (e.g., management, systems design and development, acquisition,
and auditing). The most significant difference between training and
awareness is that training seeks to teach skills, which allow a person to
perform a specific function, whereas awareness seeks to focus an
individual’s attention on an issue or set of issues. The skills acquired
during training are built upon the awareness foundation, and in particular,
upon the security basics and literacy material.
J
Jamming
An attack in which a device is used to emit electromagnetic energy on a
wireless network’s frequency to make it unusable by the network.
Java
A programming language invented by Sun Microsystems. It can be used as
a general-purpose application programming language with built-in
networking libraries. It can also be used to write small applications called
applets. The execution environment for Java applets is intended to be safe;
executing an applet should not modify anything outside the WWW
browser. Java is an object-oriented language similar to C++ but simplified
to eliminate language features that cause common programming errors.
Java source code files (files with a Java extension) are compiled into a
format called bytecode (files with a .class extension), which can then be
executed by a Java interpreter. Compiled Java code can run on most
computers because Java interpreters and runtime environments, known as
Java Virtual Machines (VMs), exist for most operating system, including
UNIX, the Macintosh OS, and Windows. Bytecode can also be converted
directly into machine language instructions by a just-in-time compiler.
JavaScript
A scripting language developed by Netscape to enable Web authors to
design interactive sites. Although it shares many of the features and
structures of the full Java language, it was developed independently.
JavaScript can interact with HTML source code, enabling Web authors to
spice up their sites with dynamic content. JavaScript is endorsed by a
number of software companies and is an open language that anyone can
use without purchasing a license. Recent browsers from Netscape and
Microsoft support it, though Internet Explorer supports only a subset,
which Microsoft calls Jscript.
Jitter
Non-uniform delays that can cause packets to arrive and be processed out
of sequence.
Job rotation
A method of reducing the risk associated with a subject performing a
(sensitive) task by limiting the amount of time the subject is assigned to
perform the task before being moved to a different task. Both job rotation
and job vacation practices make a person less vulnerable to fraud and
abuse.
Joint photographic experts group (JPEG)
The JPEG is a multimedia standard for compressing continuous-tone still
pictures or photographs. It is the result of joint efforts from ITU, ISO, and
IEC.
Journal
It is an audit trail of system activities, which is useful for file/system
recovery purposes. This is a technical and detective control.
K
Kerberos
Kerberos is an authentication tool used in local logins, remote
authentication, and client-server requests. It is a means of verifying the
identities of principals on an open network. Kerberos accomplishes this
without relying on the authentication, trustworthiness, or physical security
of hosts while assuming all packets can be read, modified, and inserted at
will. Kerberos uses a trust broker model and symmetric cryptography to
provide authentication and authorization of users and systems on the
network. In classic Kerberos, users share a secret password with a key
distribution center (KDC). The user, Alice, who wants to communicate with
another user, Bob, authenticates to the KDC and is furnished a ticket by the
KDC to use to authenticate with Bob. When Kerberos authentication is
based on passwords, the protocol is known to be vulnerable to off-line
dictionary attacks by eavesdroppers who capture the initial user-to-KDC
exchange.
Kernel
The hardware, firmware, and software elements of a trusted computing
base (TCB) that implements the reference monitor concept. It must mediate
all accesses, be protected from modification, and be verifiable as correct.
It is the most trusted portion of a system that enforces a fundamental
property and on which the other portions of the system depend.
Key
(1) A parameter used in conjunction with a cryptographic algorithm that
determines its operation. Examples include the computation of a digital
signature from data and the verification of a digital signature. (2) A value
used to control cryptographic operations, such as decryption, encryption,
signature generation or signature verification.
Key agreement
A key establishment procedure (either manual or electronic) where the
resultant keying material is a function of information contributed by two
or more participants, so that no party can predetermine the value of the
keying material independent of the other party’s contribution.
Key attack
(1) An attacker ’s goal is to prevent a system user ’s work simply by
holding down the ENTER or RETURN key on a terminal that has not been
logged on. This action initiates a very high-priority process that takes over
the CPU in an attempt to complete the logon process. This is a resource
starvation attack in that it consumes systems resources such as CPU
utilization and memory. Legitimate users are deprived of their share of
resources. (2) A data scavenging method, using resources available to
normal system users, which may include advanced software diagnostic
tools.
Key bundle
The three cryptographic keys (Key 1, Key 2, Key 3) that are used with a
triple-data- encryption algorithm (TDEA) mode.
Key confirmation
A procedure to provide assurance to one party (the key confirmation
recipient) that another party (the key conformation provider) actually
possesses the correct secret keying material and/or shared secret.
Key encrypting key
A cryptographic key that is used for the encryption or decryption of other
keys.
Key entry
A process by which a key and its associated metadata is entered into a
cryptographic module in preparation for active use.
Key escrow
The processes of managing (e.g., generating, storing, transferring, and
auditing) the two components of a cryptographic key by two component
holders. A key component is the two values from which a key can be
derived.
Key escrow system
A system that entrusts the two components comprising a cryptographic key
(e.g., a device unique key) to two key component holders (also called
escrow agents).
Key establishment
(1) The process by which a cryptographic key is securely shared between
two or more security entities, either by transporting a key from one entity
to another (key transport) or deriving a key from information shared by
the entities (key agreement). (2) A function in the life cycle of keying
material; the process by which cryptographic keys are securely distributed
among cryptographic modules using manual transport methods (e.g., key
loaders), automated methods (e.g., key transport and/or key agreement
protocols), or a combination of automated and manual methods (consists
of key transport plus key agreement).
Key exchange
The process of exchanging public keys in order to establish secure
communications.
Key expansion
Routine used to generate a series of Round Keys from the Cipher Key.
Key generation material
Random numbers, pseudo-random numbers, and cryptographic parameters
used in generating cryptographic keys.
Key label
A text string that provides a human-readable and perhaps machine-readable
set of descriptors for the key.
Key lifecycle state
One of the set of finite states that describes the accepted use of a
cryptographic key in its lifetime. These states include pre-activation;
active, suspended, deactivated and revoked; compromised; destroyed; and
destroyed compromised.
Key list
A printed series of key settings for a specific crypto-net. Key lists may be
produced in list, pad, or printed tape format.
Key loader
A self-contained unit that is capable of storing at least one plaintext or
encrypted cryptographic key or key component that can be transferred,
upon request, into a cryptographic module.
Key management
The activities involving the handling of cryptographic keys and other
related security parameters (e.g., initialization vectors, counters, identity
verifications and passwords) during the entire life cycle of the keys,
including their generation, storage, establishment, entry and output, and
destruction (zeroization).
Key management infrastructure (KMI)
A framework established to issue, maintain, and revoke keys
accommodating a variety of security technologies, including the use of
software.
Key output
A process by which a cryptographic key and its bound metadata are
extracted from a cryptographic module, usually for remote storage.
Key owner
An entity (e.g., person, group, organization, device, and module)
authorized to use a cryptographic key or key pair and whose identity is
associated with a cryptographic key or key pair.
Key pair
A public key and its corresponding private key; a key pair is used with a
public key algorithm.
Key recover
To reconstruct a damaged or destroyed cryptographic key after an accident
or abnormal circumstance or to obtain an electronic cryptographic key
from a trusted third party after satisfying the rules for retrieval.
Key renewal
The process used to extend the validity period of a cryptographic key so
that it can be used for an additional time period.
Key retrieval
To obtain an electronic cryptography key from active or archival
electronic storage, a backup facility, or an archive under normal
operational circumstances.
Key space
The total number of possible values that a key, such as a password, can
have.
Key transport
(1) A process used to move a cryptographic key from one protected
domain to another domain, including both physical and electronic methods
of movement. (2) A key establishment procedure whereby one party (the
sender) selects and encrypts the keying material and then distributes the
material to another party (the receiver). (3) The secure transport of
cryptographic keys from one cryptographic module to another module.
Key transport key pairs
A key transport key pair may be used to transport keying material from an
originating entity to a receiving entity during communications, or to
protect keying material while in storage. The originating entity in a
communication (or the entity initiating the storage of the keying material)
uses the public key to encrypt the keying material; the receiving entity (or
the entity retrieving the stored keying material) uses the private key to
decrypt the encrypted keying material.
Key update
A process used to replace a previously active key with a new key that is
related to the old key.
Key validate
A process by which cryptographic parameters (e.g., domain parameters,
private keys, public keys, certificates, and symmetric keys) are tested as
being appropriate for use by a particular cryptographic algorithm for a
specific security service and application and that they can be trusted.
Key value (key)
The secret code used to encrypt and decrypt a message.
Key wrapping
A method of encrypting keys (along with associated integrity information)
that provides both confidentiality and integrity protection using a
symmetric key algorithm.
Keyboard attack
A data scavenging method, using resources available to normal system
users, which may include advanced software diagnostic tools.
Keyed-hash based message authentication code (HMAC)
A message authentication code that uses a cryptographic key in
conjunction with a hash function. It creates a hash based on both a message
and a secret key.
Keying material
The data (e.g., keys and initialization vectors) necessary to establish and
maintain cryptographic keying relationships.
Keystroke logger
A form of malware that monitors a keyboard for action events, such as a
key being pressed, and provides the observed keystrokes to an attacker.
Keystroke monitoring
The process used to view or record both the keystrokes entered by a
computer user and the computer ’s response during an interactive session.
Keystroke monitoring is usually considered a special case of audit trails.
Killer packets
A method of disabling a system by sending Ethernet or Internet Protocol
(IP) packets that exploit bugs in the networking code to crash the system. A
similar action is done by synchronized floods (SYN floods), which is a
method of disabling a system by sending more SYN packets than its
networking code can handle.
Knapsack algorithm
Uses an integer programming technique. In contrast to RSA, the encryption
and decryption functions are not inverse. It requires a high bandwidth and
generally is insecure due to documented security breaches.
L
Label
(1) An explicit or implicit marking of a data structure or output media
associated with an information system representing the FIPS 199 security
category, or distribution limitations or handling caveats of the information
contained therein. (2) A piece of information that represents the security
level of an object and that describes the sensitivity of the information in the
object. Similar to security label.
Labeling
Process of assigning a representation of the sensitivity of a subject or
object.
Laboratory attack
A data scavenging method through the aid of what could be precise or
elaborate powerful equipment.
Latency
Measures the delay from first bit in to first bit out. It is the time delay of
data traffic through a network, switch, port, and link. Also, see data latency
and packet latency.
Lattice
A partially ordered set for which every pair of elements has a greatest
lower bound and a least upper bound.
Layered solution
The judicious placement of security protection and attack countermeasures
that can provide an effective set of safeguards (controls) that are tailored
to the unique needs of a customer ’s situation. It is a part of security-in-
depth or defense-in-depth strategy.
Layering
It uses multiple, overlapping protection mechanisms so that failure or
circumvention of any individual protection approach will not leave the
system unprotected. It is a part of security-in-depth or defense-in-depth
strategy.
Least functionality
The information system security function should configure the
information system to provide only essential capabilities and specifically
prohibits or restricts the use of risky (by default) and unnecessary
functions, ports, protocols, and/or services. This is based on the principle
of least functionality or minimal functionality.
Least privilege
(1) Offering only the required functionality to each authorized user so that
no one can use functions that are not necessary. (2) The security objective
of granting users only those accesses they need to perform their official
duties.
Least significant bit(s)
The right-most bit(s) of a bit string.
Legacy environment
It is a typical custom environment usually involving older systems or
applications.
Letter bomb
A logic bomb, contained in electronic mail, triggered when the mail is
read.
Library
A collection of related data files or programs.
License
An agreement by a contractor to permit the use of copyrighted software
under certain terms and conditions.
Life cycle management
The process of administering an automated information system throughout
its expected life, with emphasis on strengthening early decisions that affect
system costs and utility throughout the system’s life.
Lightweight directory access protocol (LDAP)
LDAP is a software protocol for enabling anyone to locate organizations,
individuals, and other resources (e.g., files and devices in a network)
whether on the Internet or on a corporate intranet.
Line of defenses
A variety of security mechanisms deployed for limiting and controlling
access to and use of computer system resources. They exercise a directing
or restraining influence over the behavior of individuals and the content of
computer systems. The line-of-defenses form a core part of defense-in-
depth strategy or security-in-depth strategy. They can be grouped into four
categories—first, second, last, and multiple depending on their action
priorities and needs. A first line-of-defense is always preferred over the
second or the last. If the first line-of-defense is not available for any
reason, the second line-of-defense should be applied. If the second line-of-
defense is not available or does not work, then the last line-of-defense
must be applied. Note that multiple lines-of-defenses are stronger than a
single line-of-defense, whether the single defense is first, second, or last.
Linear cryptanalysis attacks
Uses pairs of known plaintext and corresponding ciphertext to generate
keys.
Link control protocol (LCP)
One of the features of the point-to-point protocol (PPP) used for bringing
lines up, testing them, and taking them down gracefully when they are not
needed. It supports synchronous and asynchronous circuits and byte-
oriented and bit-oriented encodings (Tanenbaum).
Link encryption
Link encryption (online encryption) encrypts all of the data along a
communications path (e.g., a satellite link, telephone circuit, or T3 line).
Since link encryption also encrypts routing data (i.e., headers, trailers, and
addresses), communications nodes need to decrypt the data to continue
routing so that all information passing over the link is encrypted in its
entirety. It provides good protection against external threats such as traffic
analysis, packet sniffers, and eavesdroppers. This is a technical and
preventive control.
List-oriented protection system
A computer protection system in which each protected object has a list of
all subjects authorized to access it. Compare with ticket-oriented protection
system.
Local access
Access to an organizational information system by a user (or an
information system) communicating through an internal organization-
controlled network (e.g., local-area network) or directly to a device
without the use of a network.
Local-area network (LAN)
A group of computers and other devices dispersed over a relatively limited
area and connected by a communications link that enables a device to
interact with any other on the network. A user-owned, user-operated, high-
volume data transmission facility connecting a number of communicating
devices (e.g., computers, terminals, word processors, printers, and mass
storage units) within a single building or several buildings within a
physical area. A LAN is a computer network that spans a relatively small
area. Most LANs are confined to a single building or group of buildings.
However, one LAN can be connected to other LANs over any distance via
telephone lines and radio waves. A system of LANs connected in this way
is called a wide-area network (WAN). Bridges and switches are used to
interconnect different LANs. LANs and MANs are non-switched networks,
meaning they do not use routers.
Local delivery agent (LDA)
A program running on a mail server that delivers messages between a
sender and recipient if their mailboxes are both on the same mail server.
An LDA may also process the message based on a predefined message
filter before delivery.
Location-based commerce (L-commerce)
A mobile-commerce (m-commerce) application targeted to a customer
whose location, preferences, and needs are known in real time.
Lock-and-key protection system
A protection system that involves matching a key or password with a
specific access requirement.
Locking-based attacks
Attacks that degrade a system performance and service. This attack is used
to hold a critical system locked most of the time, releasing it only briefly
and occasionally. The result is a slow running browser. This results in a
degradation of service, a mild form of DoS. Countermeasures against
locking-based attacks include system backups and upgrading/patching
software can help in maintaining a system’s integrity.
Locks
Locks are used to prevent concurrent updates to a record. Various types of
locks include page-level, row-level, area-level, and record-level. This is a
technical and preventive control.
Lockstep computing
Lockstep systems are redundant computing systems that run the same set of
operations at the same time in parallel. The output from lockstep
operations can be compared to determine if there has been a fault. The
lockstep systems are set up to progress from one state to the next state, as
they closely work together. When a new set of inputs reaches the system,
the system processes them, generates new outputs, and updates its state.
Lockstep systems provide redundancy against hardware failures, not
against software failures. Other redundant configurations include dual
modular redundancy (DMR) systems and triple modular redundancy
(TMR) systems. In DMR, computing systems are duplicated. Unlike the
lockstep systems, there is a master/slave configuration in DMR where the
slave is a hot-standby to the master. When the master fails at some point,
the slave is ready to continue from the previous known good state. In
TMR, computing systems are triplicated as voting systems. If one unit’s
output disagrees with the other two, the unit is detected as having failed.
The matched output from the other two is treated as correct. Similar to
lockstep systems, DMR and TMR systems provide redundancy against
hardware failures, not against software failures (Wikipedia).
Log
A record of the events occurring within an organization’s systems and
networks. Log entries are individual records within a log.
Log analysis
Studying log entries to identify events of interest or suppress log entries
for insignificant events.
Log archival
Retaining logs for an extended period of time, preferably on removable
media, a storage area network (SAN), or a specialized log archival
appliance or server.
Log clearing
Removing all entries from a log that precede certain date and time.
Log compression
Storing a log file in a way that reduces the amount of storage space needed
for the file without altering the meaning of its contents.
Log conversion
Parsing a log in one format and storing its entries in a second format.
Log correlation
Correlating events by matching multiple log entries from a single source
or multiple sources based on logged values, such as timestamps, IP
addresses, and event types.
Log file integrity checking
Comparing the current message digest for a log file to the original
message digest to determine if the log file has been modified.
Log filtering
The suppression of log entries from analysis, reporting, or long-term
storage because their characteristics indicate that they are unlikely to
contain information of interest.
Log management
The process for generating, transmitting, storing, analyzing, and disposing
of log data.
Log management infrastructure
The hardware, software, networks, and media used to generate, transmit,
store, analyze, and dispose of log data.
Log-off
Procedure used to terminate connections. Synonymous with log-out, sign-
out, and sign-off.
Log-on
Procedure used to establish the identity of the user and the levels of
authorization and access permitted. Synonymous with log-in, sign-in, and
sign-on.
Log parsing
Extracting data from a log so that the parsed values can be used as input
for another logging process.
Log preservation
Keeping logs that normally would be discarded, because they contain
records of activity of particular interest.
Log reduction
Removing unneeded entries from a log to create a new log that is smaller
in size.
Log reporting
Displaying the results of log analysis.
Log retention
Archiving logs on a regular basis as part of standard operating procedure
or standard operational activities.
Log rotation
Closing a log file and opening a new log file when the first log file is
considered to be complete.
Log viewing
Displaying log entries in a human-readable format.
Logic bomb
(1) A resident computer program that triggers the penetration of an
unauthorized act when particular states of the system are realized. (2) A
Trojan horse set to trigger upon the occurrence of a particular logical
event. (3) It is a small, malicious program activated by a trigger (such as a
date or the number of times a file is accessed), usually to destroy data or
source code.
Logical access control
The use of information-related mechanisms (e.g., passwords) rather than
physical mechanisms (e.g., keys and locks) for the provision of access
control.
Logical access perimeter security controls
Acting as a first-line-of-defense, e-mail gateways, proxy servers, and
firewalls provide logical access perimeter security controls.
Logical link control (LLC) protocol
The LLC protocol hides the differences between the various kinds of IEEE
802 networks by providing a single format and interface to the network
layer. LLC forms the upper half of the data-link layer with the MAC
sublayer below it.
Logical protection
Protection against unauthorized access (including unauthorized use,
modification, substitution, and disclosure in the case of credentials service
providers (CSPs) by means of the module software interface (MSI) under
operating system control. The MSI is a set of commands used to request
the services of the module, including parameters that enter or leave the
module’s cryptographic boundary as part of the requested service. Logical
protection of software sensitive security parameters (SSPs) does not
protect against physical tampering. SSP includes critical security
parameters and public security parameters.
Logical record
Collection of one or more data item values as viewed by the user.
Logical system definition
The planning of an automated information system prior to its detailed
design. This would include the synthesis of a network of logical elements
that perform specific functions.
Loop testing
It is an example of white-box testing technique that focuses exclusively on
the validity of loop constructs. Unstructured loops should e redesigned to
reflect the use of structured programming constructs because they are
difficult and time-consuming to test.
Low-impact system
An information system in which all three security objectives (i.e.,
confidentiality, integrity, or availability) are assigned a potential impact
value of low.
M
Machine types
(1) A real machine is the physical computer in a virtual machine
environment. A real-time system is a computer and/or software that reacts
to events before the events become obsolete. For example, airline collision
avoidance systems must process radar input, detect a possible collision,
and warn air traffic controllers or pilots while they still have time to react.
(2) A virtual machine is a functional simulation of a computer and its
associated devices, including an operating system. (3) Multi-user machines
have at least two execution states or modes of operation: privileged and
unprivileged. The execution state must be maintained in such a way that it
is protected from the actions of untrusted users. Some common privileged
domains are those referred to as: executive, master, system, kernel, or
supervisor, modes; unprivileged domains are sometimes called user,
application, or problem states. In a two-state machine, processes running in
a privileged domain may execute any machine instruction and access any
location in memory. Processes running in the unprivileged domain are
prevented from executing certain machine instructions and accessing
certain areas of memory. Examples of machines include Turing, Mealy,
and Moore machines.
Macro virus
(1) A specific type of computer virus that is encoded as a macro embedded
in some document and activated when the document is handled. (2) A virus
that attaches itself to application documents, such as word processing files
and spreadsheets, and uses the application’s macro-programming language
to execute and propagate.
Magnetic remanence
A measure of the magnetic flux density remaining after removal of the
applied magnetic force. It refers to any data remaining on magnetic
storage media after removal of the electrical power.
Mail server
A host that provides “electronic post office” facilities. It stores incoming
mail for distribution to users and forwards outgoing mail. The term may
refer to just the application that performs this service, which can reside on
a machine with other services. This term also refers to the entire host
including the mail server application, the host operating system, and the
supporting hardware. Mail server administrators are system architects
responsible for the overall design and implementation of mail servers.
Mail transfer agent (MTA)
A program running on a mail server that receives messages from mail
user agents (MUAs) or other MTAs and either forwards them to another
MTA or, if the recipient is on the MTA, delivers the message to the local
delivery agent (LDA) for delivery to the recipient (e.g., Microsoft
Exchange).
Mail user agent (MUA)
A mail client application used by an end user to access a mail server to
read, compose, and send e-mail messages (e.g., Microsoft Outlook).
Mailbombing
Flooding a site with enough mail to overwhelm its electronic mail (e-mail)
system. Used to hide or prevent receipt of e-mail during an attack, or as
retaliation against a website.
Main mode
Mode used in IPsec phase 1 to negotiate the establishment of an Internet
key exchange security association (IKESA) through three pairs of
messages.
Maintainability
The effort required locating and fixing an error in an operational program
or the effort required to modify an operational program (flexibility).
Maintenance hook
Special instructions in software to allow easy maintenance and additional
feature development. These are not clearly defined during access for
design specification. Hooks frequently allow entry into the code at unusual
points or without the usual checks, so they are a serious security risk if
they are not removed prior to live implementation. Maintenance hooks are
special types of trapdoors.
Major application
An application that requires special attention to security because of the risk
and magnitude of the harm resulting from the loss, misuse, or
unauthorized access to, or modification of, the information in the
application. A breach in a major application might comprise many
individual application programs and hardware, software, and
telecommunications components. Major applications can be either a major
application system or a combination of hardware and software in which
the only purpose of the system is to support a specific mission-related
function.
Malicious code
(1) Software or firmware intended to perform an unauthorized process that
will have adverse impact on the confidentiality, integrity, or availability of
an information system. (2) A program that is written intentionally to carry
out annoying or harmful actions, which includes viruses, worms, Trojan
horses, or other code-based entity that successfully infects a host. Same as
malware.
Malicious code attacks
Malicious code attackers use an attack-in-depth strategy to carry out their
goal of attacking with programs written intentionally to cause harm or
destruction.
Malicious mobile code
Software that is transmitted from a remote system to be executed on a local
system, typically without the user ’s explicit instruction. It is growing with
the increased use of Web browsers. Many websites use mobile code to add
legitimate functionality, including Active X, JavaScript, and Java.
Unfortunately, although it was initially designed to be secure, mobile code
has vulnerabilities that allow entities to create malicious programs. Users
can infect their computers with malicious mobile code (e.g., a Trojan
horse program that transmits information from the user ’s PC) just by
visiting a website.
Malware
A computer program that is covertly placed onto a computer with the intent
to compromise the privacy, accuracy, confidentiality, integrity, availability,
or reliability of the victim’s data, applications, or operating system, or
otherwise annoying or disrupting the victim. Common types of malware
threats include viruses, worms, malicious mobile code, Trojan horses,
rootkits, spyware, freeware, shareware, and some forms of adware
programs.
Malware signature
A set of characteristics of known malware instances that can be used to
identify known malware and some new variants of known malware.
Man-in-the-middle (MitM) attack
(1) A type of attack that takes advantage of the store-and-forward
mechanism used by insecure networks such as the Internet (also called
bucket brigade attack). (2) Actively impersonating multiple legitimate
parties, such as appearing as a client to an access point and appearing as an
access point to a client. This allows an attacker to intercept
communications between an access point and a client, thereby obtaining
authentication credentials and data. (3) An attack on the authentication
protocol run in which the attacker positions himself in between the
claimant and verifier so that he can intercept and alter data traveling
between them. (4) An attack against public key algorithms, where an
attacker substitutes his public key for the requested public key.
Managed or enterprise environment
An inward-facing environment that is very structured and centrally
managed.
Managed interfaces
Managed interfaces allow connections to external networks or information
systems consisting of boundary protection devices arranged according to
an organization’s security architecture.
Managed interfaces employing boundary protection devices include
proxies, gateways, routers, firewalls, software/hardware guards, or
encrypted tunnels (e.g., routers protecting firewalls and application
gateways residing on a protected demilitarized zone). Managed interfaces,
along with controlled interfaces, use boundary protection devices. These
devices prevent and detect malicious and other unauthorized
communications.
Management controls
The security controls (i.e., safeguards or countermeasures) for an
information system that focus on the management of risk and the
management of information system security. They include actions taken to
manage the development, maintenance, and use of the system, including
system-specific policies, procedures, rules of behavior, individual roles
and responsibilities, individual accountability, and personnel security
decisions.
Management message (WMAN/WiMAX)
A management message (MM) is a message used for communications
between a BS and SS/MS. These messages (e.g., establishing
communication parameters, exchanging privacy settings, and performing
system registration events) are not encrypted and thus are susceptible to
eavesdropping attacks.
Management network
A separate network strictly designed for security software management.
Management server
A centralized device that receives information from sensors or agents and
manages them.
Mandatory access control
Access controls that are driven by the results of a comparison between the
user ’s trust-level/clearance and the sensitivity designation of the
information. A means of restricting access to objects (system resources)
based on the sensitivity (as represented by a label) of the information
contained in the objects and the formal authorization (i.e., clearance) of
subjects (users) to access information of such sensitivity.
Mandatory protection
The result of a system that preserves the sensitivity labels of major data
structures in the system and uses them to enforce mandatory access
controls.
Mantraps
Mantraps provide additional security at the entrances to high-risk areas.
For highly sensitive areas, mantraps require a biometric measure such as
fingerprints combined with the weight of the person entering the facility.
Market analysis
Useful in the supply chain activities employing the chain-in-depth concept.
Market analysis is conducted when the information system owner does not
know who the potential suppliers or integrators are or would like to
discover alternative suppliers or integrators or the suppliers of the
suppliers or integrators. The market analysis should identify which
companies can provide the required items or make suggestions for
possible options. Some ways to gather information about potential
suppliers or integrators include open sources (such as the press), Internet,
periodicals, and fee-based services.
Marking
The process of placing a sensitivity designator (e.g., confidential) with data
such that its sensitivity is communicated. Marking is not restricted to the
physical placement of a sensitivity designator, as might be done with a
rubber stamp, but can involve the use of headers for network messages,
special fields in databases, and so on.
Markov models
They are graphical techniques used to model a system with regard to its
failure states in order to evaluate the reliability, safety, or availability of
the system.
Markup language
A system (as HTML or SGML) for marking or tagging a document that
indicates its logical structure (as paragraphs) and gives instructions for its
layout on the page for electronic transmission and display.
Masquerading
(1) Impersonating an authorized user and gaining unauthorized privileges.
(2) An unauthorized agent claiming the identity of another agent. (3) An
attempt to gain access to a computer system by posing as an authorized
user. (4) The pretense by an entity to be a different entity. Synonymous
with impersonating, spoofing, or mimicking.
Mass mailing worm
A worm that spreads by identifying e-mail addresses, often by searching an
infected system, and then sending copies of itself to those addresses, either
using the system’s e-mail client or a self-contained mailer built into the
worm itself.
Master boot record (MBR)
A special region on bootable media that determines which software (e.g.,
operating system and utility) will be run when the computer boots from the
media.
Maximum signaling rate
The maximum rate, in bits per second, at which binary information can
transfer in a given direction between users over telecommunication system
facilities dedicated to a particular information transfer transaction. This
happens under conditions of continuous transaction and no overhead
information.
Maximum stuffing rate
The maximum rate at which bits are inserted or deleted.
Maximum tolerable downtime
The amount of time business processes can be disrupted without causing
significant harm to the organization’s mission.
Mean-time-between-failures (MTBF)
(1) The average length of time a system is functional or the average time
interval between failures. (2) The total functioning life of an item divided
by the total number of failures during the measurement interval of
minutes, hours, and days. (3) The average length of time a system or a
component works without fault between consecutive failures. MTBF
assumes that the failed system is immediately repaired as in MTTR
(repair). A high MTBF means high system reliability. MTBF = MTTF +
MTTR (repair).
Mean-time-between-outages (MTBO)
The mean-time between equipment failures that results in a loss of system
continuity or unacceptable degradation, as expressed by MTBO =
MTBF/(1-FFAS), where MTBF is the nonredundant mean-time between
failures, and FFAS is the fraction of failures for which the failed hardware
or software is bypassed automatically. A high MTBO means high system
availability.
Mean-time-to-data loss (MTTDL)
The average time before a loss of data occurs in a given disk array and is
applicable to RAID technology. A low MTTDL means high data reliability.
Mean-time-to-failure (MTTF)
The average time to the next failure. It is the time taken for a part or system
to fail for the first time. MTTF assumes that the failed system is not
repaired. A high MTTF means high system reliability.
Mean-time-to-recovery (MTTR)
The time following a failure to restore a RAID disk array to its normal
failure-tolerant mode of operation. This time includes the replacement of
the failed disk and the time to rebuild the disk array. A low MTTR means
high system availability.
Mean-time-to-repair (MTTR)
(1) The amount of time it takes to resume normal operation. (2) The total
corrective maintenance time divided by the total number of corrective
maintenance actions during a given period of time. A low MTTR means
high system reliability.
Mean-time-to-restore (MTTR)
The average time to restore service following system failures that result
on service outages. The time to restore includes all time from the
occurrence of the failure until the restoral of service. A low MTTR means
high system availability.
Measures
All the output produced by automated tools (for example, IDS/IPS,
vulnerability scanners, audit record management tools, configuration
management tools, and asset management tools) and various information
security program-related data (for example, training and awareness data,
information system authorization data, contingency planning and testing
data, and incident response data). Measures also include security
assessment evidence from both automated and manual collection methods.
A “measure” is the result of gathering data from the known sources.
Mechanisms
An assessment object that includes specific protection-related items (for
example, hardware, software, or firmware) employed within or at the
boundary of an information system.
Media
Physical devices or writing surfaces including, but not limited to, magnetic
tapes, optical disks, magnetic disks, large-scale integration (LSI) memory
chips, flash ROM, and printouts (but not including display media) onto
which information is recorded, stored, or printed within an information
system.
Media access control address
A hardware address that uniquely identifies each component of an IEEE
802-based standard. On networks that do not conform to the IEEE 802
standard but do conform to the ISO/OSI reference model, the node address
is called the Data Link Control (DLC) address.
Media gateway
It is the interface between circuit switched networks and IP network. Media
gateway handles analog/digital conversion, call origination and reception,
and quality improvement functions such as compression or echo
cancellation.
Media gateway control protocol (MGCP)
MGCP is a common protocol used with media gateways to provide
network management and control functions.
Media sanitization
A general term referring to the actions taken to render data written on
media unrecoverable by both ordinary and extraordinary means.
Medium/media access control protocols
Protocols for the medium/media access control sublayer, which is the
bottom part of the data link layer of the ISO/OSI reference model, include
carrier sense multiple access with collision avoidance and collision
detection (CSMA/CA and CSMA/CD), wavelength division multiple access
(WDMA), Ethernet (thick, thin, fast, switched, and gigabit), logical link
control (LLC), the 802.11 protocol stack for wireless LANs, the 802.15 for
Bluetooth, the 802.16 for Wireless MANs, and the 802.1Q for virtual
LANs. These are examples of broadcast networks with multi-access
channels.
Meet-in-the-middle (MIM) attack
Occurs when one end is encrypted and the other end is decrypted, and the
results are matched in the middle. MIM attack is made on block ciphers.
Melting
A physically destructive method of sanitizing media; to be changed from a
solid to a liquid state generally by the application of heat. Same as
smelting.
Memorandum of understanding/agreement
A document established between two or more parties to define their
respective roles and responsibilities in accomplishing a particular goal.
Regarding IT, it defines the responsibilities of two or more organizations
in establishing, operating, and securing a system interconnection.
Memory cards
Memory cards are data storage devices used for personal authentication,
access authorization, card integrity, and application systems.
Memory protection
It is achieved through the use of system partitioning, non-modifiable
executable programs, resource isolation, and domain separation.
Memory resident virus
A virus that stays in the memory of infected systems for an extended
period of time.
Memory scavenging
The collection of residual information from data storage.
Mesh computing
Provides application processing and load balancing capacity for Web
servers using the Internet cache. It pushes applications, data, and computing
power away from centralized points to local points of networks. It deploys
Web server farms and clustering concepts, and is based on “charge for
network services” model. Mesh computing implies non-centralized points
and node-less availability.
Advantages include (1) reduced transmission costs, reduced latency, and
improved quality-of-service (QoS) due to a decrease in data volume that
must be moved across the network, (2) improved security due to data
encryption and firewalls, and (3) limited bottlenecks and single point of
failure due to replicated information across distributed networks of Web
servers and de-emphasized central network points. Other names for mesh
computing include peer-to-peer computing
Mesh topology
Mesh topology is a network topology in which there are at least two nodes
with two or more paths between them. The mesh topology is made up of
multiple, high-speed paths between several end-points, and provides a high
degree of fault tolerance due to many redundant interconnections between
nodes. In a true mesh topology, every node has a connection to every other
node in the network.
Message authentication code
(1) A cryptographic checksum on data that uses a symmetric key to detect
both accidental and intentional modifications of the data. (2) A
cryptographic checksum that results from passing data through a message
authentication algorithm.
Message digest (MD)
(1) A digital signature that uniquely identifies data and has the property that
changing a single bit in the data will cause a completely different message
digest to be generated. (2) The result of applying a hash function to a
message; also known as hash value. (3) A cryptographic checksum
typically generated for a file that can be used to detect changes to the file.
Secure Hash Algorithm-1 (SHA-1) is an example of a message digest
algorithm. (4) It is the fixed size result of hashing a message.
Message identifier (MID)
A field that may be used to identify a message. Typically, this field is a
sequence number.
Message modification
Altering a legitimate message by deleting, adding to, changing, or
reordering it.
Message passing
The means by which objects communicate. Individual messages may
consist of the name of the message, the name of the target object to which
it is being sent, and arguments, if any. When an object receives a message,
a method is invoked which performs an operation that exhibits some part
of the object’s behavior.
Message passing systems
Used in object-oriented application systems.
Message replay
Passively monitoring transmissions and retransmitting messages, acting as
if the attacker were a legitimate user.
Messaging interface
The linkage from the service component to various external software
modules (e.g., enterprise component, external system, and gateway)
through the use of message middleware (i.e., performing message-routing,
data-transformation, and directory-services) and other service
components.
Metadata
(1) Information used to describe specific characteristics, constraints,
acceptable uses, and parameters of another data item such as cryptographic
key. (2) It is data referring to other data; data (e.g., data structures, indices,
and pointers) that are used to instantiate an abstraction (e.g., process, task,
segment, file, or pipe). (3) A special database, also referred to as a data
dictionary, containing descriptions of the elements (e.g., relations,
domains, entities, or relationships) of a database. (4) Information
regarding files and folders themselves, such as file and folder names,
creation dates and times, and sizes.
Metrics
Tools designed to facilitate decision making and improve performance
and accountability through collection, analyses, and reporting of relevant
performance-related data. A “metric” is designed to organize data into
meaningful information to support decision making (for example,
dashboards).
Metropolitan-area network (MAN)
A network concept aimed at consolidating business operations and
computers spread out in a town or city. Wired MANs are mainly used by
cable television networks. MANs and LANs are non-switched networks,
meaning they do not use routers. The scope of a MAN falls between a LAN
and a WAN.
Middleware
Software that sits between two or more types of software and translates
information between them. For example, it can sit between an application
system and an operating system, a network operating system, or a database
management system.
Migration
A term generally referring to the moving of data from an online storage
device to an off-line or low-priority storage device, as determined by the
system or as requested by the system user.
Mimicking
An attempt to gain access to a computer system by posing as an authorized
user. Synonymous with impersonating, masquerading, and spoofing.
Min-entropy
A measure of the difficulty that an attacker has to guess the most
commonly chosen password used in a system. It is the worst-case measure
of uncertainty for a random variable with the greatest lower bound. The
attacker is assumed to know the most commonly used password(s).
Minimization
A risk-reducing principle that supports integrity by containing the
exposure of data or limiting opportunities to violate integrity.
Minimizing target value
A risk-reducing practice that stresses the reduction of potential losses
incurred due to a successful attack and/or the reduction of benefits that an
attacker might receive in carrying out such an attack.
Minimum security controls
These controls include management, operational, and technical controls to
protect the confidentiality, integrity, and availability objectives of an
information system. The tailored baseline controls become the minimum
set of security controls after adding supplementary controls based on gap
analysis to achieve adequate risk mitigation. Three sets of baseline
controls (i.e., low-impact, moderate-impact, and high-impact) provide a
minimum security control assurance.
Minor application
An application, other than a major application, that requires attention to
security due to the risk and magnitude of harm resulting from the loss,
misuse, or unauthorized access to or modification of the information in
the application. Minor applications are typically included as part of a
general support system.
Mirroring
Several mirroring methods include data mirroring, disk mirroring, and
server mirroring. They all provide backup mechanisms so if one disk
fails, the data is available from the other disks.
Misappropriation
Stealing or making unauthorized use of a service.
Mistake-proofing
It is a concept to prevent, detect, and correct inadvertent human or machine
errors occurring in products and services. It is also called poka-yoke
(Japanese term) and idiot-proofing.
Mobile code
(1) A program (e.g., script, macro, or other portable instruction) that can
be shipped unchanged to a heterogeneous collection of platforms and
executed with identical semantics. (2) Software programs or parts of
programs obtained from remote information systems, transmitted from a
remote system or across a network, and executed on a local information
system without the user ’s explicit installation, instruction, or execution.
Java, JavaScript, Active-X, and VBScript are examples of mobile code
technologies that provide the mechanisms for the production and use of
mobile code. Mobile code can be malicious or nonmalicious.
Mobile commerce (MC)
Mobile commerce (m-commerce) is conducted using mobile devices such
as cell phones and personal digital assistants (PDAs) for wireless banking
and shopping purposes. M-commerce uses wireless application protocol
(WAP). It is any business activity conducted over a wireless
telecommunications networks.
Mobile-site
A self-contained, transportable shell custom-fitted with the specific IT
equipment and telecommunications necessary to provide full recovery
capabilities upon notice of a significant disruption.
Mobile software agent
Programs that are goal-directed and capable of suspending their execution
on one platform and moving to another platform where they resume
execution.
Mobile subscriber (WMAN/WiMAX)
A mobile subscriber (MS) is a station capable of moving at greater speeds
and supports enhanced power of operations (i.e., self-powered) for laptop
computers, notebook computers, and cellular phones.
Mode of operation
(1) A set of rules for operating on data with a cryptographic algorithm and
a key; often includes feeding all or part of the output of the algorithm back
into the input of the algorithm, either with or without additional data being
processed (e.g., cipher feedback, output feedback, and cipher block
chaining). (2) An algorithm for the cryptographic transformation of data
that features a symmetric key block cipher algorithm.
Modem
Acronym for modulation and demodulation. During data transmission, the
modem converts the computer representation of data into an audio signal
for transmission of telephone, teletype, or intercom lines. When receiving
data, the modem converts the audio signal to the computer data
representation.
Moderate-impact system
An information system in which at least one security objective (i.e.,
confidentiality, integrity, or availability) is assigned a potential impact
value of moderate and no security objective is assigned a potential impact
value of high.
Modular design
Information system project design that breaks the development of a project
into various pieces (modules), each solving a specific part of the overall
problem. These modules should be as narrow in scope and brief in
duration as practicable. Such design minimizes the risk to an organization
by delivering a net benefit separate from the development of other pieces.
Modular software
Software that is self-contained logical sections, or modules, which carry
out well-defined processing actions.
Modularity
Software attributes that provide a structure of highly independent modules.
Monitoring
Recording of relevant information about each operation by a subject on an
object maintained in an audit trail for subsequent analysis.
Moore’s law
States that that the number of transistors per square inch on an integrated
circuit (IC) chip used in computers doubles every 18 months, the
performance (microprocessor processing speed) of a computer doubles
every 18 months, the cost of a CPU power is halved every 18 months, or
the size of computer programs is increased in less than 18 months, where
the latter is not a Moore’s law.
Most significant bit(s)
The left-most bit(s) of a bit string.
Motion picture experts group (MPEG)
The MPEG is a multimedia standard used to compress videos consisting of
images and sound. MPEG-1 is used for storing movies on CD-ROM while
MPEG-2 is used to support higher resolution HDTVs. MPEG-2 is a
superset of MPEG-1.
Multi-exit discriminator (MED)
A Border Gateway Protocol (BGP) attribute used on external links to
indicate preferred entry or exit points (among many) for an autonomous
system (AS). An AS is one or more routers working under a single
administration operating the same routing policy.
Multi-drop
Network stations connected to a multipoint channel at one location.
Multifactor authentication
Authentication using two or more factors to achieve the authentication
goal. Factors include (2) something you know (e.g., password/PIN), (2)
something you have (e.g., cryptographic identification device or token), or
(3) something you are (e.g., biometric).
Multi-hop problem
The security risks resulting from a mobile software agent visiting several
platforms.
Multilevel secure
A class of system containing information with different sensitivities that
simultaneously permits access by users with different security clearances
and needs-to-know but prevents users from obtaining access to
information for which they lack authorization.
Multilevel security mode
A mode of operation that allows two or more classification levels of
information to be processed simultaneously within the same system when
not all users have a clearance or formal access approval for all data
handled by a computer system.
Multimedia messaging service (MMS)
An accepted standard for messaging that lets users send and receive
messages formatted with text, graphics, photographs, audio, and video
clips.
Multipartite virus
A virus that uses multiple infection methods, typically infecting both files
and boot sectors.
Multiple component incident
A single incident that encompasses two or more incidents.
Multiplexers
A multiplexer is a device for combining two or more information
channels. Multiplexing is the combining of two or more information
channels onto a common transmission medium.
Multipoint
A network that enables two or more stations to communicate with a single
system on one communications line.
Multi-processing
A computer consisting of several processors that may execute programs
simultaneously.
Multi-programming
The concurrent execution of several programs. It is the same as multi-
tasking.
Multipurpose Internet mail extension (MIME)
(1) A specification for formatting non-ASCII messages so that they can be
sent over the Internet. MIME enables graphics, audio, and video files to be
sent and received via the Internet mail system, using the SMTP protocol. In
addition to e-mail applications, Web browsers also support various MIME
types. This enables the browser to display or output various files that are
not in HTML format. (2) A protocol that makes use of the headers in an
IETF RFC 2822 message to describe the structure of rich message content.
Multi-tasking
The concurrent execution of several programs. It is the same as
multiprogramming.
Multi-threading
Program code that is designed to be available for servicing multiple tasks
at once, in particular by overlapping inputs and output.
Mutation analysis
The purpose of mutation analysis is to determine the thoroughness with
which an application program has been tested and, in the process, detect
errors. A large set of version or mutation of the original program is
created by altering a single element of the program (e.g., variable,
constant, or operator) and each mutant is then tested with a given collection
of test datasets.
Mutual authentication
Occurs when parties at both sides of a communication activity authenticate
each other. Providing mutual assurance regarding the identity of subjects
and/or objects. For example, a system needs to authenticate a user, and the
user needs to authenticate that the system is genuine.
N
NAK attack
See Negative acknowledgment (NAK) attack
Name spaces
Names are given to objects, which are only meaningful to a single subject,
and thus cannot be addressed by other subjects.
Natural threats
Examples of natural threats include hurricanes, tornados, floods, and fires.
Need-to-know
The necessity for access to, knowledge of, or possession of specific
information required to perform official tasks or services. The custodian,
not the prospective recipient, of the classified or sensitive unclassified
information determines the need-to-know.
Need-to-know violation
The disclosure of classified or other sensitive information to a person
cleared but who has no requirement for such information to carry out
assigned job duties.
Need-to-withhold
The necessity to limit access to some confidential information when broad
access is given to all the information.
Negative acknowledgement (NAK) attack
(1) In binary synchronous communications, a transmission control
character is sent as a negative response to data received by an attacker. A
negative response means a reply was received that indicate that data was
not received correctly or that a command was incorrect or unacceptable.
(2) A penetration technique capitalizing on a potential weakness in an
operating system that does not handle asynchronous interrupts properly,
thus leaving the system in an unprotected state during such interrupts. An
NAK means that a transmission was received with error (negative). An
ACK (acknowledgment) means that a transmission was received without
error (positive).
Net-centric architecture
A complex system of systems composed of subsystems and services that
are part of a continuously evolving, complex community of people,
devices, information, and services interconnected by a network that
enhances information sharing and collaboration. Examples of this
architecture include service-oriented architectures and cloud computing
architectures.
Net present value (NPV) method
The most straightforward economic comparison is net present value
(NPV). NPV is the difference between the present value (PV) of the benefits
and the PV of the costs.
This method can be used to assess the financial feasibility of an investment
in information security program.
Network
(1) Two or more systems connected by a communications medium. (2) An
open communications medium, typically, the Internet, that is used to
transport messages between the claimant and other parties. Unless
otherwise stated no assumptions are made about the security of the
network; it is assumed to be open and subject to active attacks (e.g.,
impersonation, man-in-the-middle, and session hijacking) and passive
attacks (e.g., eavesdropping) at any point between the parties (e.g.,
claimant, verifier, CSP, or relying party).
Network access control (NAC)
A feature provided by some firewalls that allows access based on a user ’s
credentials and the results of health checks performed on the telework
client device.
Network address translation (NAT)
(1) A routing technology used by many firewalls to hide internal system
addresses from an external network through use of an addressing schema.
(2) A mechanism for mapping addresses on one network to addresses on
another network, typically private addresses to public addresses.
Network address translation (NAT) and port address translation (PAT)
Both NAT and PAT are used to hide internal system addresses from an
external network by mapping internal addresses to external addresses, by
mapping internal addresses to a single external address or by using port
numbers to link external system addresses with internal systems.
Network administrator
A person responsible for the overall design, implementation, and
maintenance of a network. The scope of responsibilities include
overseeing network security, installing new applications, distributing
software upgrades, monitoring daily activity, enforcing software licensing
agreements, developing a storage management program, and providing
for routine backups.
Network architecture
The philosophy and organizational concept for enabling communications
among data processing equipment at multiple locations. The network
architecture specifies the processors and terminals and defines the
protocols and software used to accomplish accurate data communications.
The set of layers and protocols (including formats and standards) that
define a network.
Network-based intrusion detection systems (IDSs)
IDSs which detect attacks by capturing and analyzing network packets.
Listening on a network segment or switch, one network-based IDS can
monitor the network traffic affecting multiple hosts that are connected to
the network segment.
Network-based intrusion prevention system
A program that performs packet sniffing and analyzes network traffic to
identify and stop suspicious activity.
Network-based threats
Examples include (1) Web spoofing attack, which allows an impostor to
shadow not only a single targeted server, but also every subsequent server
accessed, (2) masquerading as a Web server using a man-in-the-middle
(MitM) attack, whereby requests and responses are conveyed via the
imposter as a watchful intermediary, (3) eavesdropping on messages in
transit between a browser and server to glean information at a level of
protocol below HTTP, (4) modifying the DNS mechanisms used by a
computer to direct it to a false website to divulge sensitive information
(i.e., pharming attack), (5) performing denial-of-service (DoS) attacks
through available network interfaces, and (6) intercepting messages in
transit and modify their contents, substitute other contents, or simply
replaying the transmission dialogue later in an attempt to disrupt the
synchronization or integrity of the information.
Network behavior analysis system
An intrusion detection and prevention system (IDPS) that examines
network traffic to identify and stop threats that generate unusual traffic
flows.
Network configuration
A specific set of network resources that form a communications network at
any given point in time, the operating characteristics of these network
resources, and the physical and logical connections that have been defined
between them.
Network congestion
Occurs when an excess traffic is sent through some part of the network,
which is more than its capacity to handle.
Network connection
Any logical or physical path from one host to another that makes possible
the transmission of information from one host to the other. An example is
a TCP connection. Also, when a host transmits an IP datagram employing
only the services of its “connection-less” IP interpreter, there is a
connection between the source and the destination hosts for this
transaction.
Network control protocol (NCP)
Network Control Protocol (NCP) is one of the features of the Point-to-
Point Protocol (PPP) used to negotiate network-layer options independent
of the network layer protocol used.
Network device
A device that is part of and can send or receive electronic transmissions
across a communications network. Network devices include end-system
devices such as computers, terminals, or printers; intermediary devices
such as bridges and routers that connect different parts of the
communications network; and link devices or transmission media.
Network interface card (NIC)
Network interface cards are circuit boards used to transmit and receive
commands and messages between a PC and a LAN. A NIC operates in the
Data Link Layer of the ISO/OSI Reference model.
Network layer
Portion of an open system interconnection (OSI) system responsible for
data transfer across the network, independent of both the media
comprising the underlying sub-networks and the topology of those sub-
networks.
Network layer security
Protects network communications at the layer that is responsible for
routing packets across networks.
Network management
The discipline that describes how to monitor and control the managed
network to ensure its operation and integrity and to ensure that
communications services are provided in an efficient manner. Network
management consists of fault management, configuration management,
performance management, security management, and accounting
management.
Network management architecture
The distribution of responsibility for management of different parts of the
communications network among different managing-software-products. It
describes the organization of the management of a network. The three
types of network management architectures are the centralized, distributed,
and distributed hierarchical network management architectures.
Network management protocol
A protocol that conveys information pertaining to the management of the
communications network, including management operations from
managers as well as responses to polling operations, notifications, and
alarms from agents.
Network management software
Software that provides the capabilities for network and security
monitoring and managing the network infrastructure, allowing systems
personnel to administer the network effectively from a central location.
Network overload
A network begins carrying an excessive number of border gateway
protocol (BGP) messages, overloading the router control processors and
reducing the bandwidth available for data traffic.
Network protection device
A product such as a firewall or intrusion detection device that selectively
blocks packet traffic based on configurable and emergent criteria.
Network protection testing
Testing that is applicable to network protection devices.
Network scanning tool
It involves using a port scanner to identify all hosts potentially connected
to an organization’s network, the network services operating on those
hosts (e.g., FTP and HTTP), and specific applications. The goal is to
identify all active hosts and open ports.
Network security
The protection of networks and their services from all natural and human-
made hazards. This includes protection against unauthorized access,
modification, or destruction of data; denial-of of-service; or theft.
Network security layer
Protecting network communications at the layer of the TCP/IP model that
is responsible for routing packets across networks.
Network service worm
A worm that spreads by taking advantage of vulnerability in a network
service associated with an operating system or an application system.
Network size
The total number of network devices managed within the network and all
its subcomponents.
Network sniffing
A passive technique that monitors network communication, decodes
protocols, and examines headers and payloads for information of interest.
Network sniffing is both a review technique and a target identification and
analysis technique.
Network tap
A direct connection between a sensor and the physical network media
itself, such as a fiber optic cable.
Network topology
The architectural layout of a network. The term has two meanings: (1) the
structure, interconnectivity, and geographic layout of a group of networks
forming a larger network and (2) the structure and layout of an individual
network within a confined location or across a geographic area. Common
topologies include bus (nodes connected to a single backbone cable), ring
(nodes connected serially in a closed loop), star (nodes connected to a
central hub), and mesh.
Network transparency
Network transparency is the ability to simplify the task of developing
management applications, hiding distribution details. There are different
aspects of transparency such as access failure, location, migration
replication, and transaction. Transparency means the network components
or segments cannot be seen by insiders and outsiders and that actions of
one user group cannot be observed by other user groups. It is achieved
through process isolation and hardware segmentation concepts.
Network weaving
It is a penetration technique in which different communication networks
are linked to access an information system to avoid detection and
traceback.
Network worm
A worm that copies itself to another system by using common network
facilities and causes execution of the copy program on that system.
Neural networks
They are artificial intelligence systems built around concepts similar to the
way the human brain’s Web of neural connections to identify patterns,
learn, and reach conclusions.
Node
A computer system connected to a communications network and
participates in the routing of messages within that network. Networks are
usually described as a collection of nodes connected by communications
links. A communication point at which subordinate items of data originate.
Examples include cluster controllers, terminals, computers, and networks.
Nondiscretionary access controls
A policy statement that access controls cannot be changed by users, but
only through administrative actions.
Noninvasive attack
An attack that can be performed on a cryptographic module without direct
physical contact with the module. Examples include differential power
analysis attack, electromagnetic emanation attack, simple power analysis
attack, and timing analysis attack.
Nonlocal maintenance
Maintenance activities conducted by individuals communicating through a
network, either an external network (e.g., the Internet) or an internal
network.
No-lone zone
It is an area, room, or space that, when staffed, must be occupied by two or
more security cleared individuals who remain within sight of each other.
Nonce
(1) An identifier, a counter, a value, or a message number that is used only
once. These numbers are freshly generated random values. Nonce is a
time-varying value with a negligible chance of repeating (almost non-
repeating). (2) A nonce could be a random value that is generated anew or
each instance of a nonce, a timestamp, a sequence number, or some
combination of these. (3) A randomly generated value used to defeat
“playback” attacks in communication protocols. One party randomly
generates a nonce and sends it to the other party. The receiver encrypts it
using the agreed-upon secret key and returns it to the sender. Because the
sender randomly generated the nonce, this defeats playback attacks because
the replayer cannot know in advance the nonce the sender will generate.
The receiver denies connections that do not have the correctly encrypted
nonce. (4) Nonce is a value used in security protocols that is never
repeated with the same key. For example, challenges used in challenge-
response authentication protocols generally must not be repeated until
authentication keys are changed, or there is a possibility of a replay attack.
Using a nonce as a challenge is a different requirement than a random
challenge because a nonce is not necessarily unpredictable.
Nonrepudiation
(1) An authentication that with high assurance can be asserted to be genuine
and that cannot subsequently be refuted. It is the security service by which
the entities involved in a communication cannot deny having participated.
Specifically, the sending entity cannot deny having sent a message
(nonrepudiation with proof of origin) and the receiving entity cannot deny
having received a message (nonrepudiation with proof of delivery). This
service provides proof of the integrity and origin of data that can be
verified by a third party. (2) Assurance that the sender of information is
provided with proof of delivery and the recipient is provided with proof of
the sender ’s identity, so neither can later deny having processed the
information. (3) A service that is used to provide assurance of the integrity
and origin of data in such a way that the integrity and origin can be
verified and validated by a third party as having originated from a specific
entity in possession of the private key (i.e., the signatory). (4) Protection
against an individual falsely denying having performed a particular action.
It provides the capability to determine whether a given individual took a
particular action such as creating information, sending a message,
approving information, and receiving a message.
Nonreversible action
A type of action that supports the principle of accountability by preventing
the reversal and/or concealment of activity associated with sensitive
objects.
Nontechnical countermeasure
A security measure that is not directly part of the network information
security processing system, taken to help prevent system vulnerabilities.
Nontechnical countermeasures encompass a broad range of personal
measures, procedures, and physical facilities that can deter an adversary
from exploiting a system (e.g., security guards, visitor escort, visitor
badge, locked closets, and locked doors).
N-person control
A method of controlling actions of subjects (people) by distributing a task
among more than one (N) subject.
N-version programming
N-version programming is based on design or version diversity. The
different versions are executed in parallel and the results are voted on.
O
Obfuscation technique
A way of constructing a virus to make it more difficult to detect.
Object
The basic unit of computation. An object has a set of “operations” and a
“state” that remembers the effect of operations. Classes define object types.
Typically, objects are defined to represent the behavioral and structural
aspects of real-world entities. Object is a state, behavior, and identity; the
terms “instance” and “object” are interchangeable. A passive entity that
contains or receives information. Access to an object by a subject
potentially implies access to the information it contains. Examples of
objects include devices, records, blocks, tables, pages, segments, files,
directories, directory trees, processes, domain, and programs, as well as
bits, bytes, words, fields, processors, video displays, keyboards, clocks,
printers, network nodes, and so on.
Object code or module
(1) A source code compiled to convert to object code, a machine-level
language. (2) Instructions in machine-readable language are produced by a
compiler or assembler from source code.
Object identifier
A specialized formatted number that is registered with an internationally
recognized standards organization. It is the unique alphanumeric or
numeric identifier registered under the ISO registration standard to
reference a specific object or object class.
Object reuse
The reassignment and reuse of a storage medium (e.g., page frame, disk
sector, and magnetic tape) that once contained one or more objects. To be
securely reused and assigned to a new subject, storage media must contain
no residual data (magnetic remanence) from the object(s) previously
contained in the media.
Off-card
Refers to data that is not stored within the personal identity verification
(PIV) card or to a computation that is not performed by the integrated
circuit chip of the PIV card.
Off-line attack
An attack where the attacker obtains some data (typically by eavesdropping
on an authentication protocol run or by penetrating a system and stealing
security files) that he can analyze in a system of his own choosing.
Off-line cracking
Off-line cracking occurs when a cryptographic token is exposed using
analytical methods outside the electronic authentication mechanism (e.g.,
differential power analysis on stolen hardware cryptographic token and
dictionary attacks on software PKI token). Countermeasures include using
a token with a high entropy token secret and locking up the token after a
number of repeated failed activation attempts. .
Off-line cryptosystem
A cryptographic system in which encryption and decryption are performed
independently of the transmission and reception functions.
Off-line storage
Data storage on media physically removed from the computer system and
stored elsewhere (e.g., a magnetic tape or a disk).
Offsite storage
A location remote from the primary computer facility where backup
programs, data files, forms, and documentation, including a contingency
plan, are stored. These are used at backup computer facilities during a
disaster or major interruption at the primary computer facility.
On-access scanning
Configuring a security tool to perform real-time scans of each file for
malware as the file is downloaded, opened, or executed.
On-card
Refers to data that is stored within the personal identity verification (PIV)
card or to a computation that is performed by the integrated circuit chip of
the PIV card.
On-demand scanning
Allowing users to launch security tool scans for malware on a computer as
desired.
One-time password generator
Password is changed after each use and is useful when the password is not
adequately protected from compromise during login. (For example, the
communication line is suspected of being tapped.) This is a technical and
preventive control.
One-way hash algorithm
Hash algorithms that map arbitrarily long inputs into a fixed-size output
such that it is very difficult (computationally infeasible) to find two
different hash inputs that produce the same output. Such algorithms are an
essential part of the process of producing fixed-size digital signatures that
can both authenticate the signer and provide for data integrity checking
(detection of input modification after signature).
Online attack
An attack against an authentication protocol where the attacker either
assumes the role of a claimant with a genuine verifier or actively alters the
authentication channel. The goal of the attack may be to gain authenticated
access or learn authentication secrets.
Online certificate status protocol (OCSP)
An online protocol used to determine the status of a public key certificate
between a certificate authority (CA) and relying parties. OCSP responders
should be capable of processing both signed and unsigned requests and
should be capable of processing requests that either include or exclude the
name of the relying party making the request. OCSP responders should
support at least one algorithm such as RSA with padding or ECDSA for
digitally signing response messages.
Online guessing attack
An attack in which an attacker performs repeated logon trials by guessing
possible values of the token authenticator. Examples of attacks include
dictionary attacks to guess passwords or guessing of secret tokens. A
countermeasure is to use tokens that generate high entropy authenticators.
Open design
The principle of open design stresses that design secrecy or the reliance on
the user ignorance is not a sound basis for secure systems. Open design
allows for open debate and inspection of the strengths, or origins of a lack
of strength, of that particular design. Secrecy can be implemented through
the use of passwords and cryptographic keys, instead of secrecy in design.
Open Pretty Good Privacy (OpenPGP)
A protocol defined in IETF RFC 2440 and 3156 for encrypting messages
and creating certificates using public key cryptography. Most mail clients
do not support OpenPGP by default; instead, third-party plug-ins can be
used in conjunction with the mail clients. OpenPGP uses a “Web of trust”
model for key management, which relies on users for management and
control, making it unsuitable for medium- to large-scale implementations.
Open security environment (OSE)
An environment that includes systems in which one of the following
conditions holds true: (1) application developers (including maintainers)
do not have sufficient clearance or authorization to provide an acceptable
presumption that they have not introduced malicious logic and (2)
configuration control does not provide sufficient assurance that
applications are protected against the introduction of malicious logic prior
to and during the operation of application systems.
Open system interconnection (OSI)
A reference model of how messages should be transmitted between any
two end-points of a telecommunication network. The process of
communication is divided into seven layers, with each layer adding its own
set of special, related functions. The seven layers are the application layer,
presentation, session, transport, network, data link, and physical layer.
Most telecommunication products tend to describe themselves in relation
to the OSI reference model. This model is a single reference view of
communication that provides a common ground for education and
discussion.
Open systems
Vendor-independent systems designed to readily connect with other
vendors’ products. To be an open system, it should conform to a set of
standards determined from a consensus of interested participants rather
than just one or two vendors. Open systems allow interoperability among
products from different vendors. Major benefits include portability,
scalability, and interoperability.
Open Web application security project (OWASP)
A project dedicated to enabling organizations to develop, purchase, and
maintain applications that can be secured and trusted. In 2010, OWASP
published a list of Top 10 application security risks. These include
injection; cross-site scripting; broken authentication and session
management; insecure direct object references; cross-site request forgery;
security misconfiguration; insecure cryptographic storage; failure to
restrict URL access; insufficient transport layer protection; and unvalidated
redirects and forwards.
Operating system (OS)
The software “master control application” that runs the computer. It is the
first program loaded when the computer is turned on, and its main
component, the kernel, resides in memory at all times. The operating
system sets the standards for all application programs (e.g., Web server
and mail server) that run in the computer. The applications communicate
with the operating system for most user interface and file management
operations.
Operating system fingerprinting
Analyzing characteristics of packets sent by a target, such as packet
headers or listening ports, to identity the operating system in use on the
target.
Operating system log
Provides information on who used computer resources, for how long, and
for what purpose. Unauthorized actions can be detected by analyzing the
operating system log. This is a technical and detective control.
Operational controls
Day-to-day procedures and mechanisms used to protect operational
systems and applications. They include security controls (i.e., safeguards
or countermeasures) for an information system that are primarily
implemented and executed by people, as opposed to systems.
Operational environment
It includes standalone, managed or custom environments, where the latter
is either a specialized security-limited functionality or a legacy
environment.
Originator usage period (crypto-period)
The period of time in the crypto-period of a symmetric key during which
cryptographic protection may be applied to data.
Outage
The period of time for which a communication service or an operation is
unavailable.
Output block
A data block that is an output of either the forward cipher function or the
inverse cipher function of the block cipher algorithm.
Outward-facing
Refers to a system that is directly connected to the Internet.
Over-the-air-key distribution
Providing electronic key via over-the-air rekeying, over-the-air key
transfer, or cooperative key generation.
Over-the-air key transfer
Electronically distributing key without changing traffic encryption key
used on the secured communications path over which the transfer is
accomplished.
Over-the-air rekeying (OTAR)
Changing traffic encryption key or transmission security key in remote
cryptographic equipment by sending new key directly to the remote
cryptographic equipment over the communications path it secures. OTAR
is a key management protocol specified for digital mobile radios and
designed for unclassified, sensitive communications. OTAR performs key
distribution and transfer functions. Three types of keys are used in OTAR:
a key-wrapping key, a traffic-encryption key, and a message authentication
code (MAC).
Overt channel
A communication path within a computer system or network designed for
the authorized transfer of data. Compare with covert channel.
Overt testing
Security testing performed with the knowledge and consent of the
organization’s IT staff.
Overwrite procedure
(1) A software process that replaces data previously stored on storage
media with a predetermined set of meaningless data or random patterns.
(2) The obliteration of recorded data by recording different data on the
same storage surface. (3) Writing patterns of data on top of the data stored
on a magnetic medium.
Out-of-band management
In out-of-band management, the communications device is accessed via a
dial-up circuit with a modem, directly connected terminal device, or LANs
dedicated to managing traffic.
Owner of data
The individual or group that has responsibility for specific data types and
that is charged with the communication of the need for certain security-
related handling procedures to both the users and custodians of this data.
P
P2P
Free and easily accessible software that poses risks to individuals and
organizations.
P3P
According to the Platform for Privacy Preferences Project (P3P), users
are given more control over personal information gathered on websites
they visit.
P-box
Permutation box (P-box) is used to effect a transposition on an 8-bit input
in a product cipher. This transposition, which is implemented with simple
electrical circuits, is done so fast that it does not require any computation,
just signal propagation. The P-box design, which is implemented in
hardware for cryptographic algorithm, follows Kerckhoff’s principle
(security-by-obscurity) in that an attacker knows that the general method is
permuting the bits, but he does not know which bit goes where. Hence,
there is no need to hide the permutation method. P-boxes and S-boxes are
combined to form a product cipher, where wiring of the P-box is placed
inside the S-box; the correct sequence is S-box first and P-box next
(Tanenbaum).
Packet
A piece of a message, usually containing the destination address,
transmitted over a network by communications software.
Packet churns
Rapid changes in packet forwarding disrupt packet delivery, possibly
affecting congestion control.
Packet filter
(1) A routing device that provides access control functionality for host
addresses and communication sessions. (2) A type of firewall that
examines each packet and accepts or rejects it based on the security policy
programmed into it in the form of traffic rules. (3) A router to block or
filter protocols and addresses. Packet filtering specifies which types of
traffic should be permitted or denied and how permitted traffic should be
protected, if at all.
Packet latency
The time delay in processing voice packets as in Voice over Internet
Protocol (VoIP).
Packet looping
Packets enter a looping path, so that the traffic is never delivered.
Packet replay
Refers to the recording and retransmission of message packets in the
network. It is frequently undetectable but can be prevented by using packet
time-stamping and packet-sequence counting.
Packet sniffer
Software that observes and records network traffic. It is a passive
wiretapping.
Packet snarfing
Also known as eavesdropping.
Padded cell systems
An attacker is seamlessly transferred to a special padded cell host.
Padding
Meaningless data added to the start or end of messages. They are used to
hide the length of the message or to add volume to a data structure that
requires a fixed size.
Pairwise trust
Establishment of trust by two entities that have direct business agreements
with each other.
Parameters
Specific variables and their values used with a cryptographic algorithm to
compute outputs useful to achieve specific security goals.
Pareto’s law
It is called the 80/20 rule, which can be applied to IT in that 80 percent of
IT-related problems come from 20 percent of IT-related causes or issues.
Parity
Bit(s) used to determine whether a block of data has been altered.
Parity bit
A bit indicating whether the sum of a previous series of bits is even or odd.
Parity checking
A hardware control that detects data errors during transmission. It
compares the sum of a previous set of bits with the parity bit to determine
if an error in the transmission or receiving of the message has occurred.
This is a technical and detective control.
Parkinson’s law
Parkinson’s law states that work expands to fill the time available for its
completion. Regarding IT, we can state an analogy that data expands to fill
the bandwidth available for data transmission.
Partitioned security mode
Information system security mode of operation wherein all personnel have
the clearance, but not necessarily formal access approved and need-to-
know, for all information handled by an information system.
Partitioning
The act of logically dividing a media into portions that function as
physically separate units.
Passive attack
(1) An attack against an authentication protocol where the attacker
intercepts data traveling along the network between the claimant and
verifier, but does not alter the data (i.e., eavesdropping). (2) An attack that
does not alter systems or data.
Passive fingerprinting
Analyzing packet headers for certain unusual characteristics or
combinations of characteristics that are exhibited by particular operating
systems or applications.
Passive security testing
Security testing that does not involve any direct interaction with the targets,
such as sending packets to a target.
Passive sensor
A sensor that is deployed so that it monitors a copy of the actual network
traffic.
Passive testing
Nonintrusive security testing primarily involving reviews of documents
such as policies, procedures, security requirements, software code, system
configurations, and system logs.
Passive wiretapping
The monitoring or recording of data while data is transmitted over a
communications link, without altering or affecting the data.
Passphrase
A relatively long password consisting of a series of words, such as a
phrase or full sentence.
Password
(1) A protected/private string of letters, numbers, and/or special characters
used to authenticate an identity or to authorize access to data and system
resources. (2) A secret that a claimant memorizes and uses to authenticate
his identity. (3) Passwords are typically character strings (e.g., letters,
numbers, and other symbols) used to authenticate an identity or to verify
access authorizations. This is a technical and preventive control.
Password authentication protocol (PAP)
A protocol that allows enables peers connected by a Point-to- Point
Protocol (PPP) link to authenticate each other using the simple exchange
of a user-name and password. It is not a secure protocol because it
transmits data in a plaintext.
Password cracker
An application testing for passwords that can be easily guessed such as
words in the dictionary or simple strings of characters (e.g., “abcdefgh” or
“qwertyuiop”).
Password cracking
The process of recovering secret passwords stored in a computer system
or transmitted over a network.
Password protected
(1) The ability to protect a file using a password access control, protecting
the data contents from being viewed with the appropriate viewer unless the
proper password is entered. (2) The ability to protect the contents of a file
or device from being accessed until the correct password is entered.
Password synchronization
It is a technology that takes a password from the user and changes the
passwords on other system resources to be the same as that password so
that the user can use the same password when authenticating to each system
resource.
Password system
A system that uses a password or passphrase to authenticate a person’s
identity or to authorize a person’s access to data and that consists of a
means for performing one or more of the following password operations:
generation, distribution, entry, storage, authentication, replacement,
encryption and/or decryption of passwords.
Patch
(1) An update to an operating system, application, or other software issued
specifically to correct particular problems with the software. (2) A section
of software code inserted into a program to correct mistakes or to alter the
program, generally supplied by the vendor of software. (3) A patch
(sometimes called a “fix”) is a “repair job” for a piece of programming. A
patch is the immediate solution to an identified problem that is provided to
users; it can sometimes be downloaded from the software maker ’s website.
The patch is not necessarily the best solution for the problem, and the
product developers often find a better solution to provide when they
package the product for its next release. A patch is usually developed and
distributed as a replacement for or an insertion in compiled code (that is,
in a binary file or object module). In many operating systems, a special
program is provided to manage and track the installation of patches.
Patch management
(1) The systematic notification, identification, deployment, installation, and
verification of operating system and application software code revisions,
which are known as patches, hot fixes, and service packs. (2) The process
of acquiring, testing, and distributing patches to the appropriate
administrators and users throughout the organization.
Payback method
The payback period is stated in years and estimates the time it takes to
recover the original investment outlay. The payback period is calculated by
dividing the net investment by the average annual operating cash inflows.
The payback method can be used to assess the financial feasibility of an
investment in information security program.
Payload
(1) The portion of a virus that contains the code for the virus’s objective,
which may range from the relatively benign (e.g., annoying people and
stating personal opinions) to the highly malicious (e.g., forwarding
personal information to others and wiping out systems and files). (2) A
protection for packet headers and data in the Internet Protocol security
(IPsec). (3) Information passed down from the previous layer to the next
layer in a TCP/IP network. (4) A life-cycle function of a worm where it is
the code that carries to perform a task beyond its standard life-cycle
functions. (5) The input data to the counter with cipher-block chaining-
message authentication code (CCM) generation-encryption process that is
both authenticated and encrypted.
Peer review
A quality assurance method in which two or more programmers review
and critique each other ’s work for accuracy and consistency with other
parts of the system and detect program errors. This is a management and
detective control.
Peer-to-peer computing
See Mesh computing.
Peer-to-peer (P2P) file sharing program
Free and easily accessible software that poses risks to individuals and
organizations. It unknowingly enables users to copy private files,
downloads material that is protected by the copyright laws, downloads a
virus, or facilitates a security breach.
Peer-to-peer (P2P) network
Each networked host computer running both the client and server parts of
an application system.
Perfective maintenance
All changes, insertions, deletions, modifications, extensions, and
enhancements made to a system to meet the user ’s evolving or expanding
needs.
Performance metrics
They provide the means for tying information security controls’
implementation, efficiency, effectiveness, and impact levels.
Performance testing
A testing approach to assess how well a system meets its specified
performance requirements.
Persistent cookie
A cookie stored on a computer ’s hard drive indefinitely so that a website
can identify the user during subsequent visits. These cookies are set with
expiration dates and are valid until the user deletes them.
Personal digital assistant (PDA)
A handheld computer that serves as a tool for reading and conveying
documents, electronic mail, and other electronic media over a
communications link, and for organizing personal information, such as a
name-and-address database, a to-do list, and an appointment calendar.
Personal identification number (PIN)
(1) A password consisting only of decimal digits. (2) A secret that a
claimant memorizes and uses to authenticate his identity.
Personal identity verification (PIV) card
A physical artifact (e.g., identity card and smart card) issued to an
individual that contains stored identity credentials (e.g., photograph,
cryptographic keys, and digitized fingerprint representation) such that the
claimed identity of the cardholder can be verified against the stored
credentials by another person (human readable and verifiable) or an
automated process (computer readable and verifiable).
Penetration
The successful act of bypassing the security mechanisms of a system.
Penetration signature
The characteristics or identifying marks produced by a penetration.
Penetration study
A study to determine the feasibility and methods for defeating system
controls.
Penetration testing
(1) A test methodology in which assessors, using all available
documentation (e.g., system design, source code, and manuals) and
working under specific constraints, attempt to circumvent or defeat the
security features of an information system. (2) Security testing in which
evaluators mimic real-world attacks in an attempt to identify ways to
circumvent the security features of an application, system, or network.
Penetration testing often involves issuing real attacks on real systems and
data, using the same tools and techniques used by actual attackers. Most
penetration tests involve looking for combinations of vulnerabilities on a
single system or multiple systems that can be used to gain more access
than could be achieved through a single vulnerability.
Per-call key
A unique traffic encryption key is generated automatically by certain
secure telecommunications systems to secure single voice or data
transmissions.
Perfect forward secrecy
An option available during quick mode that causes a new-shared secret to
be created through a Diffie-Hellman exchange for each IPsec SA (security
association).
Perimeter
A boundary within which security controls are applied to protect assets. A
security perimeter typically includes a security kernel, some trusted-code
facilities, hardware, and possibly some communications channels.
Perimeter-based security
The technique of securing a network by controlling access to all entry and
exit points of the network.
Perimeter protection (logical)
The security controls such as e-mail gateways, proxy servers, and
firewalls provide logical access perimeter security controls, and they act
as the first line-of-defense.
Perimeter protection (physical)
The objective of physical perimeter or boundary protection is to deter
trespassing and to funnel employees, visitors, and the public to selected
entrances. Gates and security guards provide the perimeter protection.
Permissions
A description of the type of authorized interactions (such as read, write,
execute, add, modify, and delete) that a subject can have with an object.
Personal-area network (PAN)
It is used by an individual or in a home-based business connecting desktop
PC, laptop PC, notebook PC, and PDA with a mouse, keyboard, and printer.
Personal computer (PC)
A desktop or laptop computer running a standard PC operating system
(e.g., Windows Vista, Windows XP, Linux/UNIX, and Mac OS X).
Personal firewall
A software-based firewall installed on a desktop or laptop computer to
monitor and control its incoming and outgoing network traffic, and which
blocks communications that are unwanted.
Personal firewall appliance
A device that performs functions similar to a personal firewall for a group
of computers on a home network.
Personnel screening
A protective measure applied to determine that an individual’s access to
sensitive, unclassified automated information is admissible. The need for
and extent of a screening process are normally based on an assessment of
risk, cost, benefit, and feasibility as well as other protective measures in
place. Effective screening processes are applied in such a way as to allow a
range of implementation, from minimal procedures to more stringent
procedures commensurate with the sensitivity of the data to be accessed
and the magnitude of harm or loss that could be caused by the individual.
This is a management and preventive control.
Personnel security
It includes the procedures to ensure that access to classified and sensitive
unclassified information is granted only after a determination has been
made about a person’s trustworthiness and only if a valid need-to-know
exists. It is the procedures established to ensure that all personnel who have
access to sensitive information have the required authority as well as
appropriate clearances.
Petri net model
The Petri net model is used for protocol modeling to demonstrate the
correctness of a protocol. Mathematical techniques are used in specifying
and verifying the protocol correctness. A Petri net model has four basic
elements, such as places (states), transitions, arcs (input and output), and
tokens. A transition is enabled if there is at least one input token in each of
its input places (states). Petri nets are a graphical technique used to model
relevant aspects of the system behavior and to assess and improve safety
and operational requirements through analysis and redesign. They are used
for concurrent application systems that need data synchronization
mechanisms and for analyzing thread interactions.
Pharming attack
(1) An attack in which an attacker corrupts an infrastructure service such as
domain name service (DNS) causing the subscriber to be misdirected to a
forged verifier/relying party, and revealing sensitive information,
downloading harmful software, or contributing to a fraudulent act. (2)
Using technical means (e.g., DNS server software) to redirect users into
accessing a fake website masquerading as a legitimate one and divulging
personal information.
Phishing attack
(1) An attack in which the subscriber is lured (usually through an e-mail)
to interact with a counterfeit verifier, and tricked into revealing
information that can be used to masquerade as that subscriber to the real
verifier. (2) A digital form of social engineering technique that uses
authentic-looking but phony (bogus) e-mails to request personal
information from users or direct them to a fake website that requests such
information. (3) Tricking or deceiving individuals into disclosing
sensitive personal information through deceptive computer-based means.
Physical access controls
The controls over physical access to the elements of a system can include
controlled areas, barriers that isolate each area, entry points in the
barriers, and screening measures at each of the entry points.
Physical protection system
The primary functions of a physical protection system include detection,
delay, and response.
Physical security
(1) It includes controlling access to facilities that contain classified and
sensitive unclassified information. (2) It also addresses the protection of
the structures that contain the computer equipment. (3) It is the application
of physical barriers and control procedures as countermeasures against
threats to resources and sensitive information. (4) It is the use of locks,
guards, badges, and similar administrative measures to control access to
the computer and related equipment.
Piggybacking, data frames
Electronic piggybacking is a technique of temporarily delaying outgoing
acknowledgements of data frames so that they can be attached to the next
outgoing data frames.
Piggybacking entry
Unauthorized physical access gained to a facility or a computer system via
another user ’s legitimate entry or system connection. It is same as
tailgating.
Pilot testing
Using a limited version of software in restricted conditions to discover if
the programs operate as intended.
Ping-of-Death attack
Sends a series of oversized packets via the ping command. The ping server
reassembles the packets at the host machine. The result is that the attack
could hang, crash, or reboot the system. This is an example of buffer
overflow attack.
PIV issuer
An authorized identity card creator that procures blank identity cards,
initializes them with appropriate software and data elements for the
requested identity verification and access control application, personalizes
the cards with the identity credentials of the authorized subjects, and
delivers the personalized cards to the authorized subjects along with
appropriate instructions for protection and use.
PIV registrar
An entity that establishes and vouches for the identity of an applicant to a
PIV issuer. The PIV registrar authenticates the applicant’s identity by
checking identity source documents and identity proofing, and ensures a
proper background check has been completed, before the credential is
issued.
PIV sponsor
An individual who can act on behalf of a department or organization to
request a PIV card for an applicant.
Plain old telephone service (POTS)
A basic and conventional voice telephone system with a wireline (wired)
telecommunication connection. POTS contains a POTS coder decoder
(CODEC) as a digital audio device and a POTS filter (DSL filter). Three
major components of POTS include local loops (analog twisted pairs
going into houses and businesses), trunks (digital fiber optics connecting
the switching offices), and switching offices (where calls are moved from
one trunk to another). A potential risk or disadvantage of POTS is
eavesdropping due to physical access to tap a telephone line or penetration
of a switch. An advantage of POTS or mobile phone is that they can serve
as a backup for PBX and VoIP system during a cable modem outage or
DSL line outage.
Plaintext
(1) Data input to the cipher or output from the inverse cipher. (2)
Intelligible data that has meaning and can be read, understood, or acted
upon without the application of decryption (i.e., plain, clear text,
unencrypted text, or usable data). (3) Usable data that is formatted as input
to a mode of operation.
Plaintext key
An unencrypted cryptographic key.
Plan of action and milestones (POA&M)
A document that identifies tasks needing to be accomplished. It details
resources required to accomplish the elements of the plan, any milestones
in meeting the tasks, and scheduled completion dates for the milestones.
Plan-do-check-act (PDCA) cycle
The PDCA cycle is a core management tool for problem solving and
quality improvement. The “plan” calls for developing an implementation
plan for initial effort followed by organization-wide effort. The “do” part
carries out the plan on a small scale using a pilot organization, and later
on a large scale. The “check” part evaluates lessons learned by pilot
organization. The “act” part uses lessons learned to improve the
implementation.
Platform
(1) A combination of hardware and the most prevalent operating system
for that hardware. (2) It is the hardware and systems software on which
applications software is developed and operated. (3) It is the hardware,
software, and communications required to provide the processing
environments to support one or more application software systems. (4) It
is the foundation technology (bottom-most layer) of a computer system.
(5) It is also referred to the type of computer (hardware) or operating
system (software) being used.
Point-to-point network
Adjacent nodes communicating with one another.
Point-to-Point Protocol (PPP)
Point-to-Point Protocol (PPP) is a character-oriented protocol. It is a data-
link framing protocol used to frame data packets on point-to-point lines. It
is used to connect a remote workstation over a phone line and to connect
home computers to the Internet. The Internet needs PPP for router-to-
router traffic and for home user-to-ISP traffic. PPP provides features such
as link control protocol (LCP) and network control protocol (NCP). PPP is
a multiprotocol framing mechanism for use over modems, HDLC bit-
serial lines, and SONET networks. PPP supports error detection, option
negotiation, header compression, and reliable transmission using an
HDLC. PPP uses byte stuffing on dial-up modem lines, so all frames are an
integral number of bytes. PPP is a variant of the HDLC data-link framing
protocol and includes PAP, CHAP, and others.
Point-to-Point Tunneling Protocol (PPTP)
A protocol that provides encryption and authentication services for remote
dial-up and LAN-to-LAN connections. It has a control session and a data
session.
Policy
A document that delineates the security management structure and clearly
assigns security responsibilities and lays the foundation necessary to
reliably measure progress and compliance.
Policy- Based Access Control (PBAC)
A form of access control that uses an authorization policy that is flexible in
the types of evaluated parameters (e.g., identity, role, clearance,
operational need, risk, and heuristics).
Policy decision point (PDP)
Mechanism that examines requests to access resources, and compares them
to the policy that applies to all requests for accessing that resource to
determine whether specific access should be granted to the particular
requester who issued the request under consideration.
Policy enforcement point (PEP)
Mechanism (e.g., access control mechanism of a file system or Web
server) that actually protects (in terms of controlling access to) the
resources exposed by Web services.
Polyinstantiation
Polyinstantiation allows a relation to contain multiple rows with the same
primary key; the multiple instances are distinguished by their security
levels.
Polymorphism
Polymorphism refers to being able to apply a generic operation to data of
different types. For each type, a different piece of code is defined to
execute the operation. In the context of object systems, polymorphism
means that an object’s response to a message is determined by the class to
which it belongs.
Pop-up window
A standalone Web browser pane that opens automatically when a Web page
is loaded or a user performs an action designed to trigger a pop-up
window.
Port
(1) A physical entry or exit point of a cryptographic module that provides
access to the module for physical signals represented by logical
information flows (physically separated ports do not share the same
physical pin or wire). (2) An interface mechanism (e.g., a connector, a pin,
or a cable) between a peripheral device (e.g., terminal) and the CPU.
Port protection device (PPD)
A port protection device is fitted to a communication port of a host
computer and authorizes access to the port itself, prior to and independent
of the computer ’s own access control functions.
Port scanner
A program that can remotely determine which ports on a system are open
(e.g., whether systems allow connections through those ports).
Portal
A high-level remote access architecture that is based on a server that offers
teleworkers access to one or more application systems through a single
centralized interface.
Portal VPN
A single standard secure socket layer (SSL) connection to a website to
secure access to multiple network services.
Portfolio management
It refers to activities related to the management of IT resources, as one
would manage investments in a stock portfolio. The IT portfolio facilitates
the alignment of technology investments with business needs and focuses
on mitigating IT investment risks.
Ports
Ports are commonly used to gain information or access to computer
systems. Well-known port numbers range from 0 through 1,023, whereas
registered port numbers run from 1,024 through 49,151. When a service
is requested from unknown callers, a service contact port (well-known
port) is defined.
Possession and control of a token
The ability to activate and use the token in an authentication protocol.
Post office protocol (POP)
A standard protocol used to receive electronic mail from a server. It is a
mailbox access protocol defined by IETF RFC 1939 and is one of the most
commonly used mailbox access protocols.
Potential impact
The loss of confidentiality, integrity, or availability could be expected to
have (1) a limited adverse effect (low), (2) a serious adverse effect
(moderate), or (3) a severe or catastrophic adverse effect (high) on
organizational operations, systems, assets, individuals, or other
organizations.
Power monitoring attack
Uses varying levels of power consumption by the hardware during
computations. It is a general class of side channel attack (Wikipedia).
Pre-activation state
A cryptographic key lifecycle state in which a key has not yet been
authorized for use.
Pre-boot authentication (PBA)
The process of requiring a user to authenticate successfully before
decrypting and booting an operating system.
Precursor
(1) A sign that a malware attack may occur in the future. (2) A sign that an
attacker may be preparing to cause an incident.
Pre-message secret number
A secret number that is generated prior to the generation of each digital
signature.
Presentation layer
Portion of an ISO/OSI reference model responsible for adding structure to
data units that are exchanged.
Pre-shared key
Single key used by multiple IPsec endpoints to authenticate endpoints to
each other.
Pretexting
Impersonating others to gain access to information that is restricted.
Synonymous with social engineering.
Pretty Good Privacy (PGP)
(1) A standard program for securing e-mail and file encryption on the
Internet. Its public-key cryptography system allows for the secure
transmission of messages and guarantees authenticity by adding digital
signatures to messages. (2) A cryptographic software application for the
protection of computer files and electronic mail. (3) It combines the
convenience of the Rivest-Shamir-Adleman (RSA) public-key algorithm
with the speed of the secret-key IDEA algorithm, digital signature, and key
management.
Preventive controls
Actions taken to deter undesirable events and incidents from occurring in
the first place.
Preventive maintenance
Computer hardware and related equipment maintained on a planned basis
by the manufacturer, vendor, or third party to keep them in a continued
operational condition.
Prime number generation seed
A string of random bits that is used to determine a prime number with the
required characteristics.
Principal
An entity whose identity can be authenticated.
Principle of least privilege
The granting of the minimum access authorization necessary for the
performance of required tasks.
Privacy
(1) The right of an individual to self-determination as to the degree to
which the individual is willing to share with others information about
himself that may be compromised by unauthorized exchange of such
information among other individuals or organizations. (2) The right of
individuals and organizations to control the collection, storage, and
dissemination of their information or information about themselves. (3)
Restricting access to subscriber or relying party information.
Privacy impact assessment (PIA)
PIA is an analysis of how information is handled (1) to ensure handling
conforms to applicable legal, regulatory, and policy requirements
regarding privacy, (2) to determine the risks and effects of collecting,
maintaining, and disseminating information in identifiable form in an
electronic information system, and (3) to examine and evaluate protections
and alternative processes for handling information to mitigate potential
privacy risks.
Privacy protection
The establishment of appropriate administrative, technical, and physical
safeguards to ensure the security and confidentiality of data records to
protect both security and confidentiality against any anticipated threats or
hazards that could result in substantial harm, embarrassment,
inconvenience, or unfairness to any individual about whom such
information is maintained.
Private key
(1) The secret part of an asymmetric key pair that is typically used to
digitally sign or decrypt data. (2) A cryptographic key, used with a public
key cryptographic algorithm that is uniquely associated with an entity and
not made public. It is the undisclosed key in a matched key pair—private
key and public key—used in public key cryptographic systems. In a
symmetric (private) key crypto-system, the key of an entity’s key pair is
known only by that entity. In an asymmetric (public) crypto-system, the
private key is associated with a public key. Depending on the algorithm, the
private key may be used to (a) compute the corresponding public key, (b)
compute a digital signature that may be verified by the corresponding
public key, (c) decrypt data that was encrypted by the corresponding public
key, or (d) compute a piece of common shared data, together with other
information. (3) The private key is used to generate a digital signature. (4)
The private key is mathematically linked with a corresponding public key.
Privilege management
Privilege management creates, manages, and stores the attributes and
policies needed to establish criteria that can be used to decide whether an
authenticated entity’s request for access to some resource should be
granted.
Privileged accounts
Individuals who have access to set “access rights” for users on a given
system. Sometimes referred to as system or network administrative
accounts.
Privileged data
Data not subject to usual security rules because of confidentiality imposed
by law, such as legal and medical files.
Privileged function
A function executed on an information system involving the control,
monitoring, or administration of the system.
Privileged instructions
A set of instructions (e.g., interrupt handling or special computer
instructions) to control features (such as storage protection features)
generally executable only when a computer system is operating in the
executive state.
Privileged process
A process that is afforded (by the kernel) some privileges not afforded
normal user processes. A typical privilege is the ability to override the
security *.property. Privileged processes are trusted.
Privileged user
An individual who has access to system control, monitoring, or
administration functions (e.g., system administrator, information system
security officer, system maintainer, and system programmer).
Probative data
Information that reveals the truth of an allegation.
Probe
A device program managed to gather information about an information
system or its users.
Problem
Often used interchangeably with anomaly, although problem has a more
negative connotation, and implies that an error, fault, failure, or defect
does exist.
Problem state
A state in which a computer is executing an application program with
faults.
Procedural security
The management constraints; operational, administrative, and
accountability procedures; and supplemental controls established to
provide protection for sensitive information. Synonymous with
administrative security.
Process
Any specific combination of machines, tools, methods, materials, and/or
people employed to attain specific qualities in a product or service.
Process isolation
The principle of process isolation or separation is employed to preserve
the object’s wholeness and subject’s adherence to a code of behavior.
Process reengineering
A procedure that analyzes control flow. A program is examined to create
overview architecture with the purpose of transforming undesirable
programming constructs into more efficient ones. Program restructuring
can play a major role in process reengineering.
Process separation
See process isolation.
Profiling
Measuring the characteristics of expected activity so that changes to it can
be more easily identified.
Proof carrying code
As a part of technical safeguards for active content, proof carrying code
defines properties that are conveyed with the code, which must be
successfully verified before the code is executed.
Proof-by-knowledge
A claimant authenticates his identity to a verifier by the use of a password
or PIN that he has knowledge of. The proof-by-knowledge applies to
mobile device authentication and robust authentication.
Proof-by-possession
A claimant authenticates his identity to a verifier by the use of a token or
smart card and an authentication protocol. The proof-by-possession
applies to mobile device authentication and robust authentication.
Proof-by-property
A claimant authenticates his identity to a verifier by the use of a biometric
such as fingerprints. The proof-by-property applies to mobile device
authentication and robust authentication.
Proof-of-concept
A new idea or modified idea is put to test by developing a prototype model
to prove whether the idea or the concept works.
Proof-of-correctness
Applies mathematical proofs-of-correctness to demonstrate that a
computer program conforms exactly to its specifications and to prove that
the functions of the computer programs are correct.
Proof-of-correspondence
The design of a cryptographic module is verified by a formal model and
informal proof-of-correspondence between the formal model and the
functional specifications.
Proof-of-origin
A proof-of-origin is the basis to prove an assertion. For example, a private
signature key is used to generate digital signatures as a proof-of-origin.
Proof-of-possession
A verification process whereby it is proven that the owner of a key pair
actually has the private key associated with the public key. The owner
demonstrates the possession by using the private key in its intended
manner.
Proof-of-possession protocol
A protocol where a claimant proves to a verifier that he possesses and
controls a token (e.g., a key or password).
Proof-of-wholeness
Having all of an object’s parts or components include both the sense of
unimpaired condition (i.e., soundness) and being complete and undivided
(i.e., completeness). The proof-of-wholeness applies to preserving the
integrity of objects in that different layers of abstraction for objects cannot
be penetrated and their internal mechanisms cannot be modified or
destroyed.
Promiscuous mode
A configuration setting for a network interface card that causes it to accept
all incoming packets that it sees, regardless of their intended destinations.
Proprietary protocol
A protocol, network management protocol, or suite of protocols
developed by a private company to manage network resources
manufactured by that company.
Protected channel
A session wherein messages between two participants are encrypted and
integrity is protected using a set of shared secrets; a participant is said to
be authenticated if the other participant can link possession of the session
keys by the first participant to a long-term cryptographic token and verify
the identity associated with that token.
Protection bits
A mechanism commonly included in UNIX and UNIX-like systems that
controls access based on bits specifying read, write, or execute
permissions for a file’s (or directory’s) owner, group, or other.
Protection profile (PP)
A Common Criteria (CC) term for a set of implementation-independent
security requirements for a category of Targets of Evaluation (TOEs) that
meet specific consumer needs. It is an implementation-independent
statement of security needs for a product type.
Protection ring
One of a hierarchy of privileged modes of a system that gives certain
access rights to user programs and processes authorized to operate in a
given mode.
Protection suite
It is a set of parameters that are mandatory for IPsec phase 1 negotiations
(encryption algorithm, integrity protection algorithm, authentication
method, and Diffie-Hellman group).
Protective distribution system (PDS)
Wire line or fiber optic system that includes adequate safeguards and/or
countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to
permit its use for the transmission of unencrypted information.
Protective measures
Physical, administrative, personnel, and technical security measures which,
when applied separately or in combination, are designed to reduce the
probability of harm, loss, or damage to, or compromise of an unclassified
computer system or sensitive and/or mission-critical information.
Protective technologies
Special tamper-evident features and materials employed for the purpose of
detecting tampering and deterring attempts to compromise, modify,
penetrate, extract, or substitute information processing equipment and
cryptographic keying material. Examples include white noise and zone of
control.
Protocol
A set of rules (i.e., data formats and semantic and syntactic procedures) for
communications that computers use when sending signals between
themselves or permit entities to exchange information. It establishes
procedures the way in which computers or other functional units transfer
data.
Protocol converter
A protocol converter is a device that changes one type of coded data to
another type of coded data for computer processing.
Protocol data unit (PDU)
A unit of data specified in a protocol and consisting of protocol
information and, possibly, user data.
Protocol entity
Entity that follows a set of rules and formats (semantic and syntactic) that
determines the communication behavior of other entities.
Protocol governance
A protocol is a set of rules and formats, semantic and syntactic, permitting
information systems to exchange data related to security functions.
Organizations use several protocols for specific purposes (such as,
encryption and authentication mechanisms) in various systems. Some
protocols are compatible with each other while others are not, similar to
negative interactions from prescription drugs. Protocol governance
requires selecting the right protocols for the right purpose and at the right
time to minimize their incompatibility and ineffectiveness (that is, not
providing privacy and not protecting IT assets). It also requires a constant
and ongoing monitoring to determine the best time for a protocol’s
eventual replacement or substitution with a better one.
In addition to selecting standard protocols that were approved by the
standard setting bodies, protocols must be operationally-efficient and
security-effective. Examples include (1) DES, which is weak in security
and AES, which is strong in security, and (2) WEP, which is weak in
security and WPA, which is strong in security.
Protocol machine
A finite state machine that implements a particular protocol.
Protocol run
An instance of the exchange of messages between a claimant and a verifier
in a defined authentication protocol that results in the authentication (or
authentication failure) of the claimant.
Protocol tunneling
A method used to ensure confidentiality and integrity of data transmitted
over the Internet, by encrypting data packets, sending them in packets
across the Internet, and decrypting them at the destination address.
Proxy
(1) A program that receives a request from a client, and then sends a
request on the client’s behalf to the desired destination. (2) An agent that
acts on behalf of a requester to relay a message between a requester agent
and a provider agent. The proxy appears to the provider agent Web service
to be the requester. (3) An application or device acting on behalf of
another in responding to protocol requests. (4) A proxy is an application
that “breaks” the connection between client and server. (5) An intermediary
device or program that provides communication and other services
between a client and server. The proxy accepts certain types of traffic
entering or leaving a network, processes it, and forwards it. This
effectively closes the straight path between the internal and external
networks, making it more difficult for an attacker to obtain internal
addresses and other details of the organization’s internal network.
Proxy agent
A proxy agent is a software application running on a firewall or on a
dedicated proxy server that is capable of filtering a protocol and routing it
to between the interfaces of the device.
Proxy server
A server that sits between a client application, such as a Web browser, and a
real server. It intercepts all requests to the real server to see if it can fulfill
the requests itself. If not, it forwards the request to the real server. A device
or product that provides network protection at the application level by
using custom programs for each protected application. These programs
can act as both a client and server and are proxies to the actual application.
Proxy servers are available for common Internet services; for example, a
hypertext transfer protocol (HTTP) proxy used for Web access and a
simple mail transfer protocol (SMTP) proxy used for e-mail. Proxy
servers are also called application gateway firewall or proxy gateway.
Pseudonym
A subscriber name that has been chosen by the subscriber that is not
verified as meaningful by identity proofing.
Pseudorandom number generator (PRNG)
An algorithm that produces a sequence of bits that are uniquely determined
from an initial value called a “seed.” The output of the PRNG “appears” to
be random, i.e., the output is statistically indistinguishable from random
values. A cryptographic PRNG has the additional property that the output is
unpredictable, given that the seed is not known.
Public key
(1) The public part of an asymmetric key pair that is typically used to
verify signatures or encrypt data. (2) A cryptographic key used with a
public key cryptographic algorithm, that is uniquely associated with an
entity and that may be made public. It is the key in a matched key pair of
private-key and public-key that is made public, for example, posted in a
public directory. In an asymmetric (public) key crypto-system, the public
key is associated with a private key. The public key may be known by
anyone and, depending on the algorithm, may be used to (i) verify a digital
signature that is signed by the corresponding private key, (ii) encrypt data
that can be decrypted by the corresponding private key, or (iii) compute a
piece of common shared data. (3) The public key is used to verify a digital
signature. (4) The public key is mathematically linked with a
corresponding private key.
Public key certificate
A set of data that unambiguously identifies an entity, contains the entity’s
public key, and is digitally signed by a trusted third party (certification
authority, CA). A digital document issued and digitally signed by the
private key of a CA that binds the name of a subscriber to a public key. The
certificate indicates that the subscriber identified in the certificate has sole
control and access to the private key. A subscriber is an individual or
business entity that has contracted with a CA to receive a digital certificate
verifying an identity for digitally signing electronic messages.
Public key (asymmetric) cryptographic algorithm
A cryptographic algorithm that uses two related keys (a public key and a
private key). The two keys have the property that deriving the private key
from the public key is computationally infeasible. Public key cryptography
uses “key pairs,” a public key and a mathematically related private key.
Given the public key, it is infeasible to find the private key. The private key
is kept secret, whereas the public key may be shared with others. A
message encrypted with the public key can only be decrypted with the
private key. A message can be digitally signed with the private key, and
anyone can verify the signature with the public key. Public key
cryptography is used to perform (1) digital signatures, (2) secure
transmission or exchange of secret keys, and/or (3) encryption and
decryption. Cryptography that uses separate keys for encryption and
decryption; also known as asymmetric cryptography.
Public key cryptography (reversible)
An asymmetric cryptographic algorithm where data encrypted using the
public key can only be decrypted using the private key and, conversely,
data encrypted using the private key can only be decrypted using the public
key.
Public key cryptography standard (PKCS)
The PKCS is used to derive a symmetric encryption key from a password,
which can be guessed relatively easily.
Public key infrastructure (PKI)
(1) A framework that is established to issue, maintain, and revoke public
key certificates. (2) A set of policies, processes, server platforms, software
and workstations used for the purpose of administering certificates and
public-private key pairs, including the ability to issue, maintain, and
revoke public key certificates. (3) An architecture that is used to bind
public keys to entities, enable other entities to verify public key bindings,
revoke such bindings, and provide other services critical to managing
public keys. (4) The PKI includes the hierarchy of certificate authorities
(CAs) that allow for the deployment of digital certificates that support
encryption, digital signatures, and authentication to meet business needs
and security requirements.
Public security parameter (PSP)
The PSP deals with security-related public information (e.g., public key)
whose modification can compromise the security of a cryptographic
module.
Public seed
A starting value for a pseudorandom number generator. The value
produced by the random number generator (RNG) may be made public.
The public seed is often called a “salt.”
Public switched telephone network (PSTN)
The PSTN is used in the traditional telephone lines. It uses high bandwidth
and has quality-related problems. However, the physical security of a
PSTN is higher. Voice over IP security (VoIP) is an alternative to the PSTN
with reduced bandwidth usage and quality superior to the conventional
PSTN.
Pull technology
Products and services are pulled by companies based on customer orders.
Pulverization
A physically destructive method of sanitizing media; the act of grinding to
a powder or dust.
Purging
(1) The orderly review of storage and removal of inactive or obsolete data
files. (2) The removal of obsolete data by erasure, by overwriting of
storage, or by resetting registers. (3) To render stored application, files,
and other information on a system unrecoverable. (4) Rendering sanitized
data unrecoverable by laboratory attack methods.
Push technology
Technology that allows users to sign up for automatic downloads of online
content, such as virus signature file updates, patches, news, and website
updates, to their e-mail addresses or other designated directories on their
computers. Products and services are pushed by companies to customers
regardless of their orders.
Q
Q.931
A protocol used for establishing and releasing telephone connections (the
ITU standard).
Quality assurance (QA)
(1) All actions taken to ensure that standards and procedures are adhered to
and that delivered products or services meet performance requirements.
(2) The planned systematic activities necessary to ensure that a component,
module, or system conforms to established technical requirements. (3) The
policies, procedures, and systematic actions established in an enterprise
for the purpose of providing and maintaining a specified degree of
confidence in data integrity and accuracy throughout the lifecycle of the
data, which includes input, update, manipulation, and output.
Quality control (QC)
A management function whereby control of the quality of (1) raw
materials, assemblies, finished products, parts, and components, (2)
services related to production, and (3) management, production, and
inspection processes is exercised for the purpose of preventing undetected
production of defective materials or the rendering of faulty services.
Quality of protection (QoP)
The quality of protection (QoP) requires that overall performance of a
system should be improved by prioritizing traffic and considering rate of
failure or average latency at the lower layer protocols. For Web services
to truly support QoS, existing QoS support must be extended so that the
packets corresponding to individual Web service messages can be routed
accordingly to achieve predictable performance. Two standards such as
WS-Reliability and WS-Reliable Messaging provide some level of QoS
because both of these standards support guaranteed message delivery and
message ordering. Note that QoP is related to quality of service (QoS) and
DoS which, in turn, related to DoQ.
Quality of service (QoS)
The quality of service (QoS) is the handling capacity of a system or
service. (1) It is the time interval between request and delivery of a
message, product, or service to the client or customer. (2) It is the
guaranteed throughput level expressed in terms of data transfer rate. (3) It
is the performance specification of a computer communications channel
or system. (4) It is measured quantitatively in terms of performance
parameters such as signal-to-noise ratio, bit error ratio, message
throughput rate, and call blocking probability. (5) It is measured
qualitatively in terms of excellent, good, fair, poor, or unsatisfactory for a
subjective rating of telephone communications quality in which listeners
judge the transmission quality. (6) It is a network property that specifies a
guaranteed throughput level for end-to-end services, which is critical for
most composite Web services in delivering enterprise-wide service-
oriented distributed systems. (7) It is important in defining the expected
level of performance a particular Web service will have. (8) It is the
desired or actual characteristics of a service but not always those of the
network service. (9) It is the measurable end-to-end performance
properties of a network service, which can be guaranteed in advance by a
service-level agreement (SLA) between a user and a service provider, so
as to satisfy specific customer application requirements. Examples of
performance properties include throughput (bandwidth), transit delay
(latency), error rates, priority, security, packet loss, and packet jitter. Note
that QoS is related to quality of protection (QoP) and DoS which, in turn,
is related to DoQ.
Quick mode
Mode used in IPsec phase 2 to negotiate the establishment of an IPsec
security association (SA).
Quantum computing
Performed with a quantum computer using quantum science concepts (for
example, superposition and entanglement) to represent data and perform
computational operations on these data. Quantum computing is based on a
theoretical model such as a Turing machine and is used in military
research and information security purposes (for example, cryptanalysis)
with faster algorithms. It deals with large word size quantum computers in
which the security of integer factorization and discrete log-based public-
key cryptographic algorithms would be threatened. This would be a major
negative result for many cryptographic key management systems, which
rely on these algorithms for the establishment of cryptographic keys.
Lattice-based public-key cryptography would be resistant to quantum
computing threats.
Quantum cryptography
It is related to quantum computing technology, but viewed from a different
perspective. Quantum cryptography is a possible replacement for public
key algorithms that hopefully will not be susceptible to the attacks enabled
by quantum computing.
Quarantine
To store files containing malware in isolation for future disinfection or
examination.
R
Race conditions
Race conditions can occur when a program or process has entered into a
privileged mode but before the program or process has given up its
privileged mode. A user can time an attack to take advantage of this
program or process while it is still in the privileged mode. If an attacker
successfully manages to compromise the program or process during its
privileged state, then the attacker has won the “race.” Common race
conditions occur in signal handling and core-file manipulation, time-of-
check to time-of-use (TOC-TOU) attacks, symbolic links, and object-
oriented programming errors.
Radio frequency identification (RFID)
It is a form of automatic identification and data capture that uses electric or
magnetic fields at radio frequencies to transmit information in a supply
chain system.
Rainbow attacks
Rainbow attacks occur in two ways: using rainbow tables, which are used
in password cracking, and using preshared keys (PSKs) in a wireless
local-area network (WLAN) configuration. Password cracking threats
include discovering a character string that produces the same encrypted
hash as the target password. In PSK environments, a secret passphrase is
shared between base stations and access points, and the keys are derived
from a passphrase that is shorter than 20 characters, which are less secure
and subject to dictionary and rainbow attacks.
Rainbow tables
Rainbow tables are lookup tables that contain pre-computed password
hashes, often used during password cracking. These tables allow an
attacker to crack a password with minimal time and effort.
Random access memory (RAM)
A place in the central processing unit (CPU) of a computer where data and
programs are temporarily stored during computer processing.
Random number generator (RNG)
A process used to generate an unpredictable series of numbers. Each
individual value is called random if each of the values in the total
population of values has an equal probability of being selected.
Random numbers
Random numbers are used in the generation of cryptographic keys,
nonces, and authentication challenges.
Reachability analysis
Reachability analysis is helpful in detecting whether a protocol is correct.
An initial state corresponds to a system when it starts running. From the
initial state, the other states can be reached by a sequence of transitions.
Based on the graph theory, it is possible to determine which states are
reachable and which are not.
Read-only memory (ROM)
A place where parts of the operating system programs and language
translator programs are permanently stored in microcomputer.
Read/write exploits
Generally, a device connected by FireWire has full access to read-and-
write data on a computer memory. The FireWire is used by audio devices,
printers, scanners, cameras, and GPS. Potential security risks in using
these devices include grabbing and changing the screen contents; searching
the memory for login ID and passwords; searching for cryptographic keys
and keying material stored in RAM; injecting malicious code into a
process; and introducing new processes into the system.
Recipient usage period (crypto-period)
The period of time during the crypto-period of a symmetric key during
which the protected information is processed.
Reciprocal agreement
An agreement that allows two organizations to back up each other.
Reciprocity
A mutual agreement among participating organizations to accept each
other ’s security assessments in order to reuse information system
resources and/or to accept each other ’s assessed security posture in order
to share information.
Record retention
A management policy and procedure to save originals of business
documents, records, and transactions for future retrieval and reference.
This is a management and preventive control.
Records
The recordings (automated and/or manual) of evidence of activities
performed or results achieved (e.g., forms, reports, and test results), which
serve as a basis for verifying that the organization and the information
system are performing as intended. Also used to refer to units of related
data fields (i.e., groups of data fields that can be accessed by a program
and that contain the complete set of information on particular items).
Recovery
Process of reconstituting a database to its correct and current state
following a partial or complete hardware, software, network, operational,
or processing error or failure.
Recovery controls
The actions necessary to restore a system’s computational and processing
capability and data files after a system failure or penetration. Recovery
controls are related to recovery point objective (RPO) and recovery time
objective (RTO).
Recovery point objective (RPO)
The point in time in to which data must be recovered after an outage in
order to resume computer processing.
Recovery procedures
Actions necessary to restore data files of an information system and
computational capability after a system failure.
Recovery time objective (RTO)
(1) The overall length of time an information system’s components can be
in the recovery phase before negatively impacting the organization’s
mission or business functions. (2) The maximum acceptable length of time
that elapses before the unavailability of the system severely affects the
organization.
RED/BLACK concept
A separation of electrical and electronic circuits, components, equipment,
and systems that handle unencrypted information (RED) in electrical form
from those that handle encrypted information (BLACK) in the same form.
RED concept (encryption)
It is a designation applied to cryptographic systems when data/information
or messages that contains sensitive or classified information that is not
encrypted.
Red team
(1) A group of people authorized and organized to emulate a potential
adversary’s attack or exploitation capabilities against an enterprise’s
security posture. The red team’s objective is to improve enterprise
information assurance by demonstrating the impacts of successful attacks
and by demonstrating what works for the defenders (i.e., the blue team) in
an operational environment). (2) A test team that performs penetration
security testing using covert methods and without the knowledge and
consent of the organization’s IT staff, but with full knowledge and
permission of upper management. The old name for the red team is tiger
team.
Red team exercise
An exercise, reflecting real-world conditions, that is conducted as a
simulated adversarial attempt to compromise organizational missions
and/or business processes to provide a comprehensive assessment of the
security capability of the information system and the organization itself.
Reduced sign-on (RSO)
The RSO is a technology that allows a user to authenticate once and then
access many, but not all, of the resources that the user is authorized to use.
Redundancy
(1) A concept that can constrain the failure rate and protects the integrity of
data. Redundancy makes a confidentiality goal harder to achieve. If there
are multiple sites with backup data, then confidentiality could be broken if
any of the sites gets compromised. Also, purging some of the data on a
backup device could be difficult to do. (2) It is the use of duplicate
components to prevent failure of an entire system upon failure of a single
component and the part of a message that can be eliminated without loss of
essential information. (3) It is a duplication of system components (e.g.,
hard drives), information (e.g., backup and archived files), or personnel
intended to increase the reliability of service and/or decrease the risk of
information loss.
Redundant array of independent disk (RAID)
A cluster of disks used to back up data onto multiple disk drives at the
same time, providing increased data reliability and increased input/output
performance. Seven classifications for RAID are numbered as RAID-0
through RAID-6. RAID storage units offer fault-tolerant hardware with
varying degrees. Nested or hybrid RAID levels occur with two deep levels.
A simple RAID configuration with six disks includes four data disks, one
parity disk, and one hot spare disk. Problems with RAID include correlated
failures due to drive mechanical issues, atomic write semantics (meaning
that the write of the data either occurred in its entirety or did not occur at
all), write cache reliability due to a power outage, hardware
incompatibility with software, data recovery in the event of a failed array,
untimely drive errors recovery algorithm, increasing recovery times due
to increased drive capacity, and operator skills in terms of correct
replacement and rebuild of failed disks, and exposure to computer viruses
(Wikipedia).
RAID-0: A block-level striping without parity or mirroring and
has no redundancy, no fault-tolerance, no error checking, and a
greater risk of data loss. However, because of its low overhead
and parallel write strategy, it is the fastest in performance for
both reading and writing. As the data is written to the drive, it is
divided up into sequential blocks, and each block is written to the
next available drive in the array. RAID-0 parameters include a
minimum of two disks. The space efficiency is 1 and it has a zero
fault tolerance disk.
RAID-1: Mirroring without parity or striping and offers the
highest level of redundancy because there are multiple complete
copies of the data at all times (supports disk shadowing and disk
duplexing). Because it maintains identical copies on separate
drives, RAID-1 is slow in write performance and fast read
performance, and it can survive multiple (N-1) drive failures.
This means, if N is three, two drives could fail without incurring
data loss. RAID-1 parameters include a minimum of two disks.
The space efficiency is 1/N, and it has a (N-1) fault tolerance
disks.
RAID-2: Bit-level striping with dedicated hamming-code parity.
RAID-2 parameters include a minimum of three disks; space
efficiency is (1- 1/N). Log2 (N-1), and recover from one disk
failure. A minimum of three disks must be present for parity to be
used for fault tolerance because the parity is an error protection
scheme.
RAID-3: Byte-level striping with dedicated parity. RAID-3
parameters include a minimum of three disks. The space
efficiency is (1- 1/N), and it has one fault tolerance disk.
RAID-4: A block-level striping with dedicated parity. RAID-4
parameters include a minimum of three disks. The space
efficiency is (1- 1/N), and one fault tolerance disk.
RAID-5: A block-level striping with distributed parity. It
combines the distributed form of redundancy with parallel disk
access. It provides high read-and-write performance, including
protection against drive failures. The amount of storage space is
reduced due to the parity information taking 1/N of the space,
giving a total disk space of (N-1) drives where N is the number of
drives. A single drive failure in the set can result in reduced
performance of the entire set until the failed drive has been
replaced and rebuilt. A data loss occurs in the event of a second
drive failure. RAID-5 parameters include a minimum of three
disks. The space efficiency is (1- 1/N) and it has one fault
tolerance disk.
RAID-6: A block-level striping with double distributed parity
providing fault tolerance from two drive failures and is useful
for high-availability systems. Double parity gives time to rebuild
the array without the data being at risk if a single additional drive
fails before the rebuild is complete. RAID-6 parameters include a
minimum of four disks. The space efficiency is (1- 2/N). It has
two fault tolerance disks and two parity disks.
Reference monitor
(1) A security engineering term for IT functionality that (i) controls all
access, (ii) is small, (iii) cannot be bypassed, (iv) is tamper-resistant, and
(v) provides confidence that the other four items are true. (2) The concept
of an abstract machine that enforces Target of Evaluation (TOE) access
control policies. (3) Useful to any system providing multilevel secure
computing facilities and controls.
Reference monitor concept
An access control concept referring to an abstract machine that mediates
all access to objects (e.g., a file or program) by subjects (e.g., a user or
process). It is a design concept for an operating system to assure secrecy
and integrity.
Reference validation mechanism
An implementation of the reference monitor concept. A security kernel is a
type of reference validation mechanism. To be effective in providing
protection, the implementation of a reference monitor must be (1) tamper-
proof, (2) always invoked, and (3) simple and small enough to support the
analysis and tests leading to a high degree of assurance that it is correct.
Referential integrity
A database has referential integrity if all foreign keys reference existing
primary keys.
Reflection attack
Occurs when authentication is based on a shared secret key and by
breaking a challenge-response protocol with multiple sessions opened at
the same time. A countermeasure against reflection attacks is to prove the
user identity first so that protocol is not subject to the reflection attack.
Reflector attack
A host sends many requests with a spoofed source address to a service on
an intermediate host. The service used is typically a user datagram
protocol (UDP) based, which makes it easier to spoof the source address
successfully. Attackers often use spoofed source addresses because they
hide the actual source of the attack. The host generates a reply to each
request and sends these replies to the spoofed address. Because the
intermediate host unwittingly performs the attack, that host is known as a
reflector. During a reflector attack, a DoS could occur to the host at the
spoofed address, the reflector itself, or both hosts.
Registration
The process through which a party applies to become a subscriber of a
credential service provider (CSP) and a registration authority (RA)
validates the identity of that party on behalf of the CSP.
Registration authority (RA)
A trusted entity that establishes and vouches for the identity of a subscriber
to a credential service provider (CSP). The RA’s organization is
responsible for assignment of unique identifiers to registered objects. The
RA may be an integral part of a CSP, or it may be independent of a CSP,
but is has a relationship to the CSP(s).
Regrade
Data is regraded when information is transferred from high to low or
from low to high network data and users. Automated techniques such as
processing, filtering, and blocking are used during data regrading.
Regression testing
A method to ensure that changes to one part of the software system do not
adversely impact other parts.
Rekey
The process used to replace a previously active cryptographic key with a
new key that was created completely and independently of the old key.
Related-key cryptanalysis attack
These attacks choose a relation between a pair of keys but do not choose
the keys themselves. These attacks are independent of the number of
rounds of the cryptographic algorithm.
Relay station (WMAN/WiMAX)
A relay station (RS) is a subscriber station (SS) that is configured to
forward traffic to other stations in a multi-hop security zone.
Release
The process of moving a baseline configuration item between
organizations, such as from software vendor to customer. The process of
returning all unused disk space to the system when a dataset is closed at the
end of processing.
Reliability
(1)The extent to which a computer program can be expected to perform its
intended function with the required precision on a consistent basis. (2) The
probability of a given system performing its mission adequately for a
specified period of time under the expected operating conditions.
Relying party
An entity that relies upon the subscriber ’s credentials or verifier ’s
assertion of an identity, typically to process a transaction or grant access to
information or a system.
Remanence
The residual information that remains on a storage medium after erasure
or clearing.
Remedial maintenance
Hardware and software maintenance activities conducted by individuals
communicating external to an information system security perimeter or
through an external, nonorganization-controlled network (for example, the
Internet).
Remediation plan
A plan to perform the remediation of one or more threats or
vulnerabilities facing an organization’s systems. The plan typically
includes options to remove threats and vulnerabilities and priorities for
performing the remediation.
Remote access
(1) Access to an organizational information system by a user or an
information system communicating through an external, non-
organization-controlled network (e.g., the Internet). (2) The ability for an
organization’s users to access its non-public computing resources from
locations other than the organization’s facilities.
Remote administration tool
A program installed on a system that allows remote attackers to gain
access to the system as needed.
Remote journaling
Transaction logs or journals are transmitted to a remote location. If the
server needed to be recovered, the logs or journals could be used to
recover transactions, applications, or database changes that occurred after
the last server backup. Remote journaling can either be conducted though
batches or be communicated continuously using buffering software.
Remote journaling and electronic vaulting require a dedicated offsite
location (that is, hot-site or offsite storage site) to receive the
transmissions and a connection with limited bandwidth.
Remote maintenance
Maintenance activities conducted by individuals communicating through
an external, nonorganization-controlled network (e.g., the Internet).
Remote maintenance attack
Some hardware and software vendors who have access to an
organization’s computer systems for problem diagnosis and remote
maintenance work can modify database contents or reconfigure network
elements to their advantage.
Remote system control
Remotely using a computer at an organization from a telework computer.
Removable media
Portable electronic storage media such as magnetic, optical, and solid-state
devices, which can be inserted into and removed from a computing device,
and are used to store text, video, audio, and image information. Such
devices have no independent processing capabilities. Examples of
removable media include hard disks, zip drives, compact disks, thumb
drives, flash drives, pen drives, and similar universal serial bus (USB)
storage devices. Removable media are less risky than the nonremovable
media in terms of security breaches.
Repeater
A device to amplify the received signals and it operates in the physical
layer of the ISO/OSI reference model.
Replay
One can eavesdrop upon another ’s authentication exchange and learn
enough to impersonate a user. It is used in conducting an impersonation
attack.
Replay attack
(1) An attack that involves the capture of transmitted authentication or
access control information and its subsequent retransmission with the
intent of producing an unauthorized effect or gaining unauthorized access.
(2) An attack in which the attacker can replay previously captured
messages (between a legitimate claimant and a verifier) to masquerade as
that claimant to the verifier or vice versa.
Repository
A database containing information and data relating to certificates; may
also be referred to as a directory.
Request for comment (RFC)
An Internet standard, developed, and published by the Internet Engineering
Task Force (IETF).
Requirement
A statement of the system behavior needed to enforce a given policy.
Requirements are used to derive the technical specification of a system.
Reserve keying material
Cryptographic key held to satisfy unplanned needs. It is also called a
contingency key where a key is held for use under specific operational
conditions or in support of specific contingency plans.
Residue
Data left in storage after information-processing operations are complete;
but before degaussing or overwriting has taken place.
Residual data
Data from deleted files or earlier versions of existing files.
Residual risk
The remaining, potential risk after all IT security measures are applied.
There is a residual risk associated with each threat.
Resilience
(1) The capability to quickly adapt and recover from any known or
unknown changes to the environment through holistic implementation of
risk management, contingency measures, and continuity planning. (2) The
capability of a computer system to continue to function correctly despite
the existence of a fault or faults in one or more of its component parts.
Resource
Anything used or consumed while performing a function. The categories
of resources are time, information, objects (information containers), or
processors (the ability to use information). Specific examples are CPU
time, terminal connect time, amount of directly addressable memory, disk
space, number of input/output requests per minute, and so on.
Resource encapsulation
A method by which the reference-monitor mediates accesses to an
information system resource. Resource is protected and not directly
accessible by a subject. Satisfies requirement for accurate auditing of
resource usage.
Resource isolation
It is the containment of subjects and objects in a system in such a way that
they are separated from one another, as well as from the protection
controls of the operating system.
Responder
The entity that responds to the initiator of the authentication exchange.
Restart
The resumption of the execution of a computer program using the data
recorded at a checkpoint. This is a technical and recovery control.
Restore
The process of retrieving a data set migrated to off-line storage and
restoring it to online storage. This is a technical and recovery control.
Retention program
A program to save documents, forms, history logs, master and transaction
data files, computer programs (both source and object level), and other
documents of the system until no longer needed. Retention periods should
satisfy organization and legal requirements.
Return on investment (ROI)
A ratio indicating what percentage of the investment the annual benefit in
terms of cash flow is. It is calculated as annual operating cash inflows
divided by the annual net investment.
The ROI can be used to assess the financial feasibility of an investment in
information security program.
Reverse engineering
Used to gain a better understanding of the current system’s complexity and
functionality and to identify “trouble spots.” Errors can be detected and
corrected, and modifications can be made to improve system performance.
The information gained during reverse engineering can be used to
restructure the system, thus making the system more maintainable.
Maintenance requests can then be accomplished easily and quickly.
Software reengineering also enables the reuse of software components
from existing systems. The knowledge gained from reverse engineering
can be used to identify candidate systems composed of reusable
components, which can then be used in other applications. Reverse
engineering can also be used to identify functionally redundant parts in
existing application systems.
Reversible data hiding
A technique that allows images to be authenticated and then restored to
their original form by removing the watermark and replacing the image
data, which had been overwritten. This makes the images acceptable for
legal purposes.
Review board
The authority responsible for evaluating and approving or disapproving
proposed changes to a system and ensuring implementation of approved
changes. This is a management and preventive control.
Review techniques
Passive information security testing techniques, generally conducted
manually, used to evaluate systems, applications, networks, policies, and
procedures to discover vulnerabilities. Review techniques include
documentation review, log review, ruleset review, system configuration
review, network sniffing, and file-integrity checking.
Revision
A change to a baseline configuration item that encompasses error
correction, minor enhancements, or adaptations but to which there is no
change in the functional capabilities.
Revoked state
The cryptographic key lifecycle state in which a currently active
cryptographic key is not to be used to encode, encrypt, or sign again
within a domain or context.
Reuse
Any use of a preexisting software artifact (e.g., component and
specification) in a context different from that in which it was created.
Rijndael algorithm
Cryptographic algorithm specified in the advanced encryption standard
(AES).
Ring topology
Ring topology is a network topology in which all nodes are connected to
one another in the shape of a closed loop, so that each node is connected
directly to two other nodes, one on either side of it. These nodes are
attached to repeaters connected in a closed loop. Two kinds of ring
topology exist: token ring and token bus.
Risk
(1) A measure of the likelihood and the consequence of events or acts that
could cause a system compromise, including the unauthorized disclosure,
destruction, removal, modification, or interruption of system assets. (2)
The level of impact on organizational operations (including mission,
functions, image, or reputation), organizational assets, individuals, or
other organizations resulting from the operation of an information system
given the potential impact of a threat and the likelihood of that threat
occurring. (3) It is the chance or likelihood of an undesirable outcome. In
general, the greater the likelihood of a threat occurring, the greater the
risk. A risk determination requires a sign-off letter from functional users.
(4) A risk is a combination of the likelihood that a threat will occur, the
likelihood that a threat occurrence will result in an adverse impact, and the
severity of the resulting adverse impact. (5) It is the probability that a
particular security threat will exploit a system’s vulnerability. Reducing
either the vulnerability or the threat reduces the risk. Risk = Threat +
Vulnerability.
Risk adaptive or adaptable access control (RAdAC)
In RAdAC, access privileges are granted based on a combination of a
user ’s identity, mission need, and the level of security risk that exists
between the system being accessed and a user. RAdAC uses security
metrics, such as the strength of the authentication method, the level of
assurance of the session connection between the system and a user, and the
physical location of a user, to make its risk determination.
Risk analysis
The process of identifying the risks to system security and determining the
likelihood of occurrence, the resulting impact, and the additional
safeguards (controls) that mitigate this impact. It is a part of risk
management and synonymous with risk assessment.
Risk assessment
The process of identifying risks to organizational operations (including
mission, functions, image, or reputation), organizational assets,
individuals, or other organizations by determining the probability of
occurrence, the resulting impact, and additional security controls that
would mitigate this impact. Part of risk management, synonymous with
risk analysis, incorporates threat and vulnerability analyses, and considers
mitigations provided by planned or in-place security controls.
Risk index
The difference between the minimum clearance/authorization of system
users and the maximum sensitivity (e.g., classification and categories of
data processed by a system).
Risk management
The program and supporting processes to manage information security
risk to organizational operations (including mission, functions, image, or
reputation), organizational assets, individuals, or other organizations
resulting from the operation of an information system. It includes (1)
establishing the context for risk-related activities, (2) assessing risk, (3)
responding to risk once determined, and (4) monitoring risk over time.
The process considers effectiveness, efficiency, and constraints due to
laws, directives, policies, or regulations. This is a management and
preventive control.
Risk Management = Risk Assessment + Risk Mitigation + Risk Evaluation.
Risk mitigation involves prioritizing, evaluating, and implementing the
appropriate risk-reducing controls and countermeasures recommended
from the risk assessment process.
Risk monitoring
Maintaining ongoing awareness of an organization’s risk environment,
risk management program, and associated activities to support risk
decisions.
Risk profile
Risk profiling is conducted on each data center or computer system to
identify threats and to develop controls and polices in order to manage
risks.
Risk reduction
The features of reducing one or more of the factors of risk (e.g., value at
risk, vulnerability to attack, threat of attack, and protection from risk).
Risk response
Accepting, avoiding, mitigating, sharing, or transferring risk to
organizational operations and assets, individuals, or other organizations.
Risk tolerance
The level of risk an entity is willing to assume in order to achieve a
potential desired result.
Rivest-Shamir-Adelman (RSA) algorithm
A public-key algorithm used for key establishment and the generation and
verification of digital signatures, encrypt messages, and provide key
management for the data encryption standard (DES) and other secret key
algorithms.
Robust authentication
Requires a user to possess a token in addition to a password or PIN (i.e.,
two-factor authentication). This type of authentication is applied when
accessing an internal computer systems and e-mails. Robust authentication
can also create one-time passwords.
Robust programming
Robust programming, also called defensive programming, makes a
system more reliable with various programming techniques.
Robustness
A characterization of the strength of a security function, mechanism,
service, or solution, and the assurance (or confidence) that it is
implemented and functioning correctly.
Role
(1) A distinct set of operations required to perform some particular
function. (2) A collection of permissions in role-based access control
(RBAC), usually associated with a role or position within an organization.
Role-based access control (RBAC)
(1) Access control based on user roles (e.g., a collection of access
authorizations a user receives based on an explicit or implicit assumption
of a given role). Role permissions may be inherited through a role
hierarchy and typically reflect the permissions needed to perform defined
functions within an organization. A given role may apply to a single
individual or to several individuals. (2) A model for controlling access to
resources where permitted actions on resources are identified with roles
rather than with individual subject identities. It is an access control based
on specific job titles, functions, roles, and responsibilities.
Role-based authentication
A cryptographic module authenticates the authorization of an operator to
assume a specific role and perform a corresponding set of services.
Role-based security policy
Access rights are grouped by role names and the use of resources is
restricted to individuals authorized to assume the associated roles.
Rollback
Restores the database from one point in time to an earlier point.
Rollforward
Restores the database from a point in time when it is known to be correct
to a later time.
Root cause analysis
A problem-solving tool that uses a cause-and-effect (C&E) diagram. This
diagram analyzes when a series of events or steps in a process creates a
problem and it is not clear which event or step is the major cause of the
problems. After examination, significant root causes of the problem are
discovered, verified, and corrected. The C&E diagram is also called a
fishbone or Ishikawa diagram and is a good application in managing a
computer security incident response as a remediation step.
Rootkit
(1) A set of tools used by an attacker after gaining root-level access to a
host to conceal the attacker ’s activities on the host and permit the attacker
to maintain root-level access to the host through covert means. (2) A
collection of files that is installed on a system to alter the standard
functionality of the system in a malicious and stealthy way.
Rotational cryptanalysis
A generic attack against algorithms that rely on three operations: modular
addition, rotation, and XOR (exclusive OR). Algorithms relying on these
operations are popular because they are relatively inexpensive in both
hardware and software and operate in constant time, making them safe
from timing attacks in common implementations (Wikipedia).
Rotation of duties
A method of reducing the risk associated with a subject performing a
(sensitive) task by limiting the amount of time the subject is assigned to
perform the task before being moved to a different task.
Round key
Round keys are values derived by the cipher key using the key expansion
routine; they are applied to the state in the cipher and inverse cipher.
Round-robin DNS
A technique of load distribution, load balancing, or fault-tolerance
provisions with multiple, redundant Internet Protocol (IP) service hosts
(for example, Web servers and FTP servers). It manages the domain name
system (DNS) response to address requests from client computers
according to a statistical model. It works by responding to DNS requests
not only with a single IP address, but also a list of IP addresses of several
servers that host identical services. The order in which IP addresses from
the list are returned is the basis for the term round robin. With each DNS
response, the IP addresses sequence in the list is permuted. This is unlike
the usual basic IP address handling methods based on network priority and
connection timeout (Wikipedia).
Route flapping
A situation in which Border Gateway Protocol (BGP) sessions are
repeatedly dropped and restarted, normally as a result of router problems
or communication line problems. Route flapping causes changes to the
BGP routing tables.
Router
(1) A physical or logical entity that receives and transmits data packets or
establishes logical connections among a diverse set of communicating
entities (usually supports both hardwired and wireless communication
devices simultaneously). (2) A node that interconnects sub-networks by
packet forwarding. (3) A device that connects two or more networks or
network segments, and may use Internet Protocol (IP) to route messages.
(4) A device that keeps a record of network node addresses and current
network status, and it extends LANs. (5) A router operates in the network
layer of the ISO/OSI reference model.
Router-based firewall
Security is implemented using screening routers as the primary means of
protecting the network.
Routine variation
A risk-reducing principle that underlies techniques, reducing the ability of
potential attackers to anticipate scheduled events in order to minimize
associated vulnerabilities.
Rubber-hose cryptanalysis
The extraction of cryptographic secrets (for example, the password to an
encrypted file) from a person by coercion or torture in contrast to a
mathematical or technical cryptanalytic attack. The term rubber-hose
refers to beating individuals with a rubber hose until they cooperate in
revealing cryptographic secrets. Rubber-hose and social engineering
attacks are not a general class of side channel attack (Wikipedia).
Rule-based access control (RuBAC)
Access control based on specific rules relating to the nature of the subject
and object, beyond their identities such as security labels. A RuBAC
decision requires authorization information and restriction information to
compare before any access is granted. RuBAC and MAC are considered
equivalent.
Rule-based security policy
A security policy based on global rules imposed for all subjects. These
rules usually rely on a comparison of the sensitivity of the objects being
assessed and the possession of corresponding attributes by the subjects
requesting access.
Rules of behavior (ROB)
Rules established and implemented concerning use of, security in, and
acceptable level of risk of the system. Rules will clearly delineate
responsibilities and expected behavior of all individuals with access to the
system. The organization establishes and makes readily available to all
information system users a set of rules that describes their responsibilities
and expected behavior with regard to information system usage.
Rules of engagement (ROE)
Detailed guidelines and constraints regarding the execution of information
security testing. The white team establishes the ROE before the start of a
security test. It gives the test team authority to conduct the defined activities
without the need for additional permissions.
Rules of evidence
The general rules of evidence require that the evidence must be sufficient
to support a finding, must be competent (reliable), must be relevant based
on facts and their applicability, and must be significant (material and
substantive) to the issue at hand. The chain of custody should accommodate
the rules of evidence and the chain of evidence.
Ruleset
(1) A table of instructions used by a controlled (managed) interface to
determine what data is allowable and how the data is handled between
interconnected systems. Rulesets govern access control functionality of a
firewall. The firewall uses these rulesets to determine how packets should
be routed between its interfaces. (2) A collection of rules or signatures that
network traffic or system activity is compared against to determine an
action to take, such as forwarding or rejecting a packet, creating an alert,
or allowing a system event.
S
S/MIME
(1) A version of the multipurpose Internet mail extension (MIME) protocol
that supports encrypted messages. (2) A set of specifications for securing
electronic mail. The basic security services offered by secure/MIME
(S/MIME) are authentication, nonrepudiation of origin, message integrity,
and message privacy. Optional security services by S/MIME include signed
receipts, security labels, secure mailing lists, and an extended method of
identifying the signer ’s certificate(s). S/MIME is based on RSA’s public-
key encryption technology.
Safe harbor principle
Principles that are intended to facilitate trade and commerce between the
U.S. and European Union for use solely by U.S. organizations receiving
personal data from the European Union. It is based on self-regulating
policy and enforcement mechanism where it meets the objectives of
government regulations but does not involve government enforcement.
Safeguards
Protective measures prescribed to meet the security requirements (i.e.,
confidentiality, integrity, and availability) specified for an information
system and to protect computational resources by eliminating or reducing
the vulnerability or risk to a system. Safeguards may include security
features, management constraints, personnel security, and security of
physical structures, areas, and devices to counter a specific threat or attack.
Available safeguards include hardware and software devices and
mechanisms, policies, procedures, standards, guidelines, management
controls, technical controls, operational controls, personnel controls, and
physical controls. Synonymous with security controls and
countermeasures.
Salami technique
In data security, it pertains to fraud spread over a large number of
individual transactions (e.g., a program that does not round off figures but
diverts the leftovers to a personal account).
Salt
A nonsecret value that is used in a cryptographic process, usually to ensure
that the results of computations for one instance cannot be reused by an
attacker.
Salting (password)
The inclusion of a random value in the password hashing process that
greatly decreases the likelihood of identical passwords returning the same
hash.
Sandbox
A system that allows an untrusted application to run in a highly controlled
environment where the application’s permissions are restricted to an
essential set of computer permissions. In particular, an application in a
sandbox is usually restricted from accessing the file system or the network.
A widely used example of applications running inside a sandbox is a
JavaApplet. A behavioral sandbox uses runtime monitor for ensuring the
execution of mobile code, conforming to the enforcement model.
Sandbox security model
Java’s security model, in which applets can operate, creating a safe
sandbox for applet processing.
Sandboxing
(1) A method of isolating application modules into distinct fault domains
enforced by software. The technique allows untrusted programs written in
an unsafe language, such as C, to be executed safely within the single
virtual address space of an application. Untrusted machine interpretable
code modules are transformed so that all memory accesses are confined to
code and data segments within their fault domain. Access to system
resources can also be controlled through a unique identifier associated
with each domain. (2) New malicious code protection products introduce a
“sandbox” technology allowing users the option to run programs such as
Java and Active-X in quarantined sub-directories of systems. If malicious
code is detected in a quarantined program, the system removes the
associated files, protecting the rest of the system. (3) A method of isolating
each guest operating system from the others and restricting what resources
they can access and what privileges they can have (i.e., restrictions and
privileges).
Sanding
The application of an abrasive substance to the media’s physical recording
surface.
Sanitization
The changing of content information in order to meet the requirements of
the sensitivity level of the network to which the information is being sent. It
is a process to remove information from media so that information
recovery is not possible. It includes removing all classified labels,
markings, and activity logs. Synonymous with scrubbing.
S-box
Nonlinear substitution table boxes (S-boxes) used in several byte
substitution transformations and in the key expansion routine to perform a
one-for-one substitution of a byte value. This substitution, which is
implemented with simple electrical circuits, is done so fast in that it does
not require any computation, just signal propagation. The S-box design,
which is implemented in hardware for cryptographic algorithm, follows
Kerckhoff’s principle (security-by-obscurity) in that an attacker knows that
the general method is substituting the bits, but he does not know which bit
goes where. Hence, there is no need to hide the substitution method. S-
boxes and P-boxes are combined to form a product cipher, where wiring
of the P-box is placed inside the S-box. (that is, S-box is first and P-box is
next.) S-boxes are used in the advanced encryption standard (Tanenbaum).
Scalability
(1) A measure of the ease of changing the capability of a system. (2) The
ability to support more users, concurrent sessions, and throughput than a
single SSL-VPN device can typically handle. (3) The ability to move
application software source code and data into systems and environments
that have a variety of performance characteristics and capabilities without
significant modification.
Scanning
(1) Sequentially going through combinations of numbers and letters to
look for access to telephone numbers and secret passwords. (2) Sending
packets or requests to another system to gain information to be used in a
subsequent attack.
Scavenging
Searching through object residue (file storage space) to acquire
unauthorized data.
Scenario analysis
An information system's vulnerability assessment technique in which
various possible attack methods are identified and the existing controls are
examined in light of their ability to counter such attack methods.
Schema
A set of specifications that defines a database. Specifically, it includes
entity names, sets, groups, data items, areas, sort sequences, access keys,
and security locks.
Scoping guidance
Specific factors related to technology, infrastructure, public access,
scalability, common security controls, and risk that can be considered by
organizations in the applicability and implementation of individual
security controls in the security control baseline.
Screen scraper
A computer program that extracts data from websites. The program
captures information from a computer display not intended for processing,
captures the bitmap data from a computer screen, or queries the graphical
controls used in an application to obtain references to the underlying
programming objects. Screen scrapers can extract data from mobile
devices (such as, PDAs and SmartPhones) and non-mobile devices.
Regarding security threats, the screen scraper belongs to the malware
family in that its similar to malware threats including keyloggers,
spyware, bad adware, rootkits, backdoors, and bots.
Screened host firewall
It combines a packet-filtering router with an application gateway located
on the protected subnet side of the router.
Screened subnet firewall
Conceptually, it is similar to a dual-homed gateway, except that an entire
network, rather than a single host is reachable from the outside. It can be
used to locate each component of the firewall on a separate system, thereby
increasing throughput and flexibility.
Screening router
A router is used to implement part of a firewall’s security by configuring it
to selectively permit or deny traffic at a network level.
Script
(1) A sequence of instructions, ranging from a simple list of operating
system commands to full-blown programming language statements, which
can be executed automatically by an interpreter. (2) A sequence of
commands, often residing in a text file, which can be interpreted and
executed automatically. (3) Unlike compiled programs, which execute
directly on a computer processor, a script must be processed by another
program that carries out the indicated actions.
Scripting language
A definition of the syntax and semantics for writing and interpreting
scripts. Typically, scripting languages follow the conventions of a simple
programming language, but they can also take on a more basic form such
as a macro or a batch file. JavaScript, VBScript, Tcl, PHP, and Perl are
examples of scripting languages.
Secrecy
Denial of access to information by unauthorized individuals.
Secret key
A cryptographic key that is used with a secret key (symmetric)
cryptographic algorithm that is uniquely associated with one or more
entities and is not being made public. A key used by a symmetric algorithm
to encrypt and decrypt data. The use of the term “secret” in this context
does not imply a classification level, but rather implies the need to protect
the key from disclosure or substitution.
Secret key (symmetric) cryptographic algorithm
A cryptographic algorithm that uses a single, secret key for both
encryption and decryption. This is the traditional method used for
encryption. The same key is used for both encryption and decryption. Only
the party or parties that exchange secret messages know the secret key. The
biggest problem with symmetric key encryption is securely distributing the
keys. Public key techniques are now often used to distribute the symmetric
keys. An encryption algorithm that uses only secret keys. Also known as
private-key encryption.
Secure channel
An information path in which the set of all possible senders can be known
to the receivers or the set of all possible receivers can be known to the
senders, or both.
Secure communication protocol
A communication protocol that provides the appropriate confidentiality,
authentication, and content integrity protection.
Secure configuration management
The set of procedures appropriate for controlling changes to a system’s
hardware and software structure for the purpose of ensuring that changes
will do not lead to violations of the system’s security policy.
Secure erase
An overwrite technology using a firmware-based process to overwrite a
hard drive, such as ATA or SCSI.
Secure hash
A hash value that is computationally infeasible to find a message which
corresponds to a given message digest, or to find two different messages
which produce the same digest.
Secure hash standard
This standard specifies four secure hash algorithms (SHAs): SHA-1, SHA-
256, SHA-384, and SHA-512 for computing a condensed representation of
electronic data (message) called a message digest. SHAs are used with
other cryptographic algorithms, such as the digital signature algorithms
and keyed-hash message authentication code (HMAC), or in the generation
of random numbers (bits).
Secure hypertext-transfer protocol (S/HTTP)
A message-oriented communication protocol that extends the HTTP
protocol. It coexists with HTTP’s messaging model and can be easily
integrated with HTTP applications.
Secure multipurpose Internet mail extension (S/MIME)
A protocol for encrypting messages and creating certificates using public
key cryptography. S/MIME is supported by default installations of many
popular mail clients. It uses a classic, hierarchical design based on
certificate authorities for its key management, thus making it suitable for
medium- to large-scale implementations.
Secure operating system
An operating system that effectively controls hardware and software
functions in order to provide the level of protection appropriate to the
value of the data and resources managed by the operating system.
Secure sockets layer (SSL)
(1) A protocol that provides end-to-end encryption of application layer
network traffic. It provides privacy and reliability between two
communicating applications. It is designed to encapsulate other protocols,
such as HTTP. SSL v3.0 has been succeeded by IETF’s TLS. (2) An
authentication and security protocol widely implemented in browsers and
Web servers for protecting private information during transmission via the
Internet.
Secure sockets layer (SSL) and transport layer security (TLS)
SSL is a protocol developed by Netscape for transmitting private
documents via the Internet. SSL is based on public key cryptography, used
to generate a cryptographic session that is private to a Web server and a
client browser. SSL works by using a public key to encrypt data that is
transferred over the SSL connection. Most Web browsers support SSL and
many websites use the protocol to obtain confidential user information,
such as credit card numbers. By convention, URLs that require an SSL
connection start with “https” instead of “http.” SSL has been superseded by
the newer TLS protocol. There are only minor differences between SSL
and TLS.
Secure state
A condition in which no subject can access any object in an unauthorized
manner.
Security
The quality of state-of-being cost-effectively protected from undue losses
(e.g., loss of goodwill, monetary loss, and loss of ability to continue
operations). Preservation of the authenticity, integrity, confidentiality, and
ensured service of any sensitive or nonsensitive system-valued function
and/or information element. Security is a system property. Security is
much more than a set of functions and mechanisms. IT security is a system
characteristic as well as a set of mechanisms that span the system both
logically and physically.
Security administrator
A person dedicated to performing information security functions for
servers and other hosts, as well as networks.
Security architecture
A description of security principles and an overall approach for
complying with the principles that drive the system design; i.e., guidelines
on the placement and implementation of specific security services within
various distributed computing environments.
Security assertions markup language (SAML)
(1) An XML-based security specification for exchanging authentication
and authorization information between trusted entities over the Internet.
Security typically involves checking the credentials presented by a party
for authentication and authorization. SAML standardizes the representation
of these credentials in an XML format called ‘‘assertions,” enhancing the
interoperability between disparate applications. (2) A specification for
encoding security assertions in the extensible markup language (XML). (3)
A protocol consisting of XML-based request and response message
formats for exchanging security information, expressed in the form of
assertions about subjects and between online business partners.
Security association (SA)
It is a set of values that define the features and protections applied to a
connection.
Security association (WMAN/WiMAX)
A security association (SA) is the logical set of security parameters
containing elements required for authentication, key establishment, and
data encryption.
Security association lifetime
How often each security association (SA) should be recreated, based on
elapsed time or the amount of network traffic.
Security assurance
It is the degree of confidence one has that the security controls operate
correctly and that they protect the system as intended.
Security attribute
(1) An abstraction representing the basic properties or characteristics of an
entity with respect to safeguarding information, typically associated with
internal data structures (e.g., records, buffers, and files) within the
information system and used to enable the implementation of access
control and flow control policies, reflect special dissemination, handling
or distribution instructions, or support other aspects of the information
security policy. (2) A security-related quality of an object and it can be
represented as hierarchical levels, bits in a bit map, or numbers.
Compartments, caveats, and release markings are examples of security
attributes, which are used to implement a security policy.
Security audit
An examination of security procedures and measures for the purpose of
evaluating their adequacy and compliance with established policy. This is a
management and detective control.
Security authorization
The official management decision to authorize operation of an
information system and to explicitly accept the risk to an organization’s
operations and assets based on the implementation of an agreed-upon set
of security controls.
Security banner
It is a banner at the top or bottom of a computer screen that states the
overall classification of the system in large, bold type. It can also refer to
the opening screen that informs users of the security implications of
accessing a computer resource (i.e., conditions and restrictions on system
and/or data use).
Security boundaries
The process of uniquely assigning information resources to an
information system defines the security boundary for that system.
Information resources consist of information and related resources, such
as personnel, equipment, funds, and information technology. The scope of
security boundaries includes (1) both internal and external systems, (2)
both logical and physical access security controls, and (3) both interior
and exterior perimeter security controls.
Security breach
A violation of controls of a particular information system such that
information assets or system components are unduly exposed.
Security categorization
The process of determining the security category (the restrictive label
applied to classified or unclassified information to limit access) for
information or an information system.
Security category
The characterization of information or an information system based on an
assessment of the potential impact that a loss of confidentiality, integrity,
or availability of such information or information system would have on
organizational operations, organizational assets, employees and other
individuals, and other organizations.
Security clearances
Formal authorization is required for subjects to access information
contained in objects.
Security control assessment
The testing and/or evaluation of the management, operational, and
technical security controls in an information system to determine the extent
to which the controls are implemented correctly, operating as intended,
and producing the desired outcome with respect to meeting the security
requirements for the system (i.e., confidentiality, integrity, and
availability).
Security control baseline
The set of minimum security controls defined for a low-impact, moderate-
impact, or high-impact information system.
Security control effectiveness
The measure of correctness of implementation (i.e., how consistently the
control implementation complies with the security plan) and how well the
security plan meets organizational needs in accordance with current risk
tolerance.
Security control enhancements
Statements of security capability to (1) build in additional, but related,
functionality to a basic control, and/or (2) increase the strength of a basic
control.
Security control inheritance
A situation in which an information system or application receives
protection from security controls that are developed, implemented,
assessed, authorized, and monitored by entities other than those
responsible for the system or application. These entities can be either
internal or external to the organization where the system or application
resides. Common controls are inherited.
Security controls
The management, operational, and technical controls (i.e., safeguards or
countermeasures) prescribed for an information system to protect the
confidentiality, integrity, and availability of the system and its information.
Security domain
(1) Implements a security policy and administered by a single authority. (2)
A set of subjects, their information objects, and a common security policy.
Security evaluation
An evaluation to assess the degree of trust that can be placed in systems for
the secure handling of sensitive information. It is a major step in the
certification and accreditation process.
Security event management tools (SEM)
A type of centralized logging software that can facilitate aggregation and
consolidation of logs from multiple information system components. The
SEM tools help an organization to integrate the analysis of vulnerability
scanning information, performance data, network monitoring, and system
audit record information, and provide the ability to identify inappropriate
or unusual activity. For example, the SEM tools can facilitate audit record
correlation and analysis with vulnerability scanning information to
determine the veracity of the vulnerability scans and correlating attack
detection events with scanning results. The sources of audit record
information include operating systems, application servers (for example,
Web servers and e-mail servers), security software, and physical security
devices such as badge readers.
Security failure
Any event that is a violation of a particular system’s explicit or implicit
security policy.
Security fault analysis
A security analysis, usually performed on hardware at gate level, to
determine the security properties of a device when a hardware fault is
detected.
Security fault injection test
Involves data perturbation (i.e., alteration of the type of data the execution
environment components pass to the application, or that the application’s
components pass to one another). Fault injection can reveal the effects of
security defects on the behavior of the components themselves and on the
application as a whole.
Security features
The security-relevant functions, mechanisms, and characteristics of system
hardware and software. Security features are a subset of system security
safeguards.
Security filter
A set of software routines and techniques employed in a computer system
to prevent automatic forwarding of specified data over unprotected links
or to unauthorized persons.
Security flaw
An error of commission or omission in a computer system that may allow
protection mechanisms to be bypassed.
Security functions
The hardware, software, and firmware of the information system
responsible for supporting and enforcing the system security policy and
supporting the isolation of code and data on which the protection is based.
Security goals
The five security goals are confidentiality, availability, integrity,
accountability, and assurance.
Security governance
Information security governance are defined as the process of establishing
and maintaining a framework and supporting management structure and
processes. They provide assurance that information security strategies are
aligned with and are supportive of business objectives, are consistent with
applicable laws and regulations through adherence to policies and internal
controls, and provide assignment of responsibility, all in an effort to
manage risk. Note that information security governance is a part of
information technology governance, which, in turn, is a part of corporate
governance.
The information security management should integrate its information
security governance activities with the overall organization structure and
activities by ensuring appropriate participation of management officials in
overseeing implementation of information security controls throughout
the organization. The key activities that facilitate such integration are
information security strategic planning, information security governance
structures (that is, centralized, decentralized, and hybrid), establishment of
roles and responsibilities, integration with the enterprise architecture,
documentation of security objectives (such as, confidentiality, integrity,
availability, accountability, and assurance) in policies and guidance, and
ongoing monitoring.
In addition, security governance committee should ensure that appropriate
security staff represents in the acquisitions and divestitures of new business
assets or units, performing due diligence reviews.
Organizations can use a variety of data originating from the ongoing
information security program activities to monitor performance of
programs under their purview, including plans of action and milestones,
performance measurement and metrics, continuous assessment,
configuration management and control, network monitoring, and incident
and event statistics.
Security impact analysis (SIA)
The analysis conducted by an organization official, often during the
continuous monitoring phase of the security certification and accreditation
process, to determine the extent to which changes to the information
system have affected the security state of the system.
Security incident
Any incident involving classified information in which there is a deviation
from the requirements of governing security regulations. Compromise,
inadvertent disclosure, need-to-know violation, planting of malicious
code, and administrative deviation are examples of a security incident.
Security incident triad
Includes three elements such as detect, respond, and recover. An
organization should have the ability to detect an attack, respond to an
attack, and recover from an attack by limiting consequences or impacts
from an attack.
Security-in-depth
See Defense-in-depth.
Security kernel
The central part of a computer system (software and hardware) that
implements the fundamental security procedures for controlling access to
system resources. A most trusted portion of a system that enforces a
fundamental property and on which the other portions of the system
depend.
Security label
(1) The means used to associate a set of security attributes with a specific
information object as part of the data structure for that object. Labels could
be designated as proprietary data or public data. (2) A marking bound to a
resource (which may be a data unit) that names or designates the security
attributes of that resource. (3) Explicit or implicit marking of a data
structure or output media associated with an information system
representing the security category, or distribution limitations or handling
caveats of the information contained therein.
Security level
A hierarchical indicator of the degree of sensitivity to a certain threat. It
implies, according to the security policy being enforced, a specific level of
protection. A clearance level associated with a subject or a classification
level (or sensitivity label) associated with an object.
Security life of data
The time period during which data has security value.
Security management
The process of monitoring and controlling access to network resources.
This includes monitoring usage of network resources, recording
information about usage of resources, detecting attempted or successful
violations, and reporting such violations.
Security management dashboard
A tool that consolidates and communicates information relevant to the
organizational security posture in near-real time to security management
stakeholders.
Security management infrastructure (SMI)
A set of interrelated activities providing security services needed by other
security features and mechanisms. SMI functions include registration,
ordering, key generation, certificate generation, distribution, accounting,
compromise recovery, re-key, destruction, data recovery, and
administration.
Security marking
Human-readable information affixed to information system components,
removable media, or system outputs indicating the distribution limitations,
handling caveats and applicable security markings.
Security measures
Elements of software, firmware, hardware, or procedures included in a
system for the satisfaction of security specifications.
Security mechanism
A device designed to provide one or more security services usually rated
in terms of strength of service and assurance of the design.
Security metrics
Security metrics strive to offer a quantitative and objective basis for
security assurance.
Security model
A formal presentation of the security policy enforced by the system. It must
identify the set of rules and practices that regulate how a system manages,
protects, and distributes sensitive information.
Security objectives
The five security objectives are confidentiality, availability, integrity,
accountability, and assurance. Some use only three objectives such as
confidentiality, integrity, and availability.
Security-by-obscurity
A countermeasure principle that does not work in practice because
attackers can compromise the security of any system at any time. The
meaning of this principle is that trying to keep something secret when it is
not does more harm than good.
Security-oriented code review
A code review, or audit, investigates the coding practices used in the
application. The main objective of such reviews is to discover security
defects and potentially identify solutions.
Security parameters
The variable secret components that control security processes; examples
include passwords, encryption keys, encryption initialization vectors,
pseudo-random number generator seeds, and biometrics identity
parameters.
Security parameters index
Randomly chosen value that acts as an identifier for an IPsec connection.
Security perimeter
A physical or logical boundary that is defined for a system, domain, or
enclave, within which a particular security policy, security control, or
security architecture is applied to protect assets. A security perimeter
typically includes a security kernel, some trusted-code facilities, hardware,
and possibly some communications channels.
Security plan
A formal document providing an overview of the security requirements
for an information system or an information security program and
describing the security controls in place or planned for meeting those
requirements.
Security policy
Refers to the conventional security services (e.g., confidentiality, integrity,
and availability) and underlying mechanisms and functions. (2) The set of
laws, rules, criteria, and practices that regulate how an organization
manages, protects, and distributes sensitive information and critical
systems. (3) The statement of required protection for the information
objects.
Security policy filter
A secure subsystem of an information system that enforces security policy
on the data passing through it.
Security posture
The security status of an enterprise’s networks, information, and systems
based on information assurance resources (e.g., people, hardware,
software, and policies) and capabilities in place to manage the defense of
the enterprise and to react as the situation changes.
Security priorities
Security priorities need to be developed so that investments on those areas
of highest sensitivity or risk can be allocated.
Security program assessment
An assessment of an organization’s information security program to
ensure that information and information system assets are adequately
secured.
Security protections
Measures against threats that are intended to compensate for a computer ’s
security weaknesses.
Security requirements
(1) The types and levels of protection necessary for equipment, data,
information, applications, and facilities to meet security policy. (2)
Requirements levied on an information system that are derived from laws,
executive orders, directives, policies, procedures, standards, instructions,
regulations, organizational mission or business case needs to ensure the
confidentiality, integrity, and availability of the information being
processed, stored, or transmitted.
Security safeguards
The protective measures and controls prescribed to meet the security
requirements specified for a computer system. Those safeguards may
include but are not necessarily limited to hardware and software security
features; operating procedures; accountability procedures; access and
distribution controls; management constraints; personnel security; and
physical security, which cover structures, areas, and devices.
Security service
(1) A processing or communication service that is provided by a system to
give a specific kind of protection to resources, where said resources reside
with said system or reside with other systems, for example, an
authentication service or a PKI-based document attribution and
authentication service. A security service is a superset of authentication,
authorization, and accounting (AAA) services. Security services typically
implement portions of security policies and are implemented via security
mechanisms. (2) A service, provided by a layer of communicating open
systems, that ensures adequate security of the systems or of data transfers.
(3) A capability that supports one, or many, of the security goals. Examples
of security services are key management, access control, and
authentication.
Security specification
A detailed description of countermeasures (safeguards) required to protect
a computer system or network from unauthorized (accidental or
unintentional) disclosure, modification, and destruction of data or denial
of service.
Security strength
(1) A measure of the computational complexity associated with recovering
certain secret and/or security-critical information concerning a given
cryptographic algorithm from known data (e.g., plaintext/ciphertext pairs
for a given encryption algorithm). (2) A number associated with the
amount of work (that is, the number of operations) that is required to break
a cryptographic algorithm or module. The average amount of work
needed is 2 raised to the power of (security strength minus 1). The security
strength, sometimes, is referred to as a security level.
Security tag
An information unit containing a representation of certain security-related
information (e.g., a restrictive attribute bit map).
Security target (ST)
A set of security requirements and specifications drawn from the Common
Criteria (CC) for IT security evaluation to be used as the basis for
evaluation of an identified target of evaluation (TOE). It is an
implementation-dependent statement of security needs for a specific
identified TOE.
Security test & evaluation (ST&E)
It is an examination and analysis of the safeguards required to protect an
information system, as they have been applied in an operational
environment, to determine the security posture of that system.
Security testing
The major goal is to determine that an information system protects data
and maintains functionality as intended. It is a process used to determine
that the security features of a computer system are implemented as
designed and that they are adequate for a proposed application
environment. This process includes hands-on functional testing,
penetration testing, and verification. The purpose is to assess the
robustness of the system and to identify security vulnerabilities. This is a
management and preventive control.
Security vulnerability
A property of system requirements, design, implementation, or operation
that could be accidentally triggered or intentionally exploited and result in
a security failure.
Security zone (WMAN/WiMAX)
A security zone (SZ) is a set of trusted relationships between a base station
(BS) and a group of relay stations (RSs) in WiMAX architecture. An RS
can only forward traffic to RSs or subscriber stations (SSs) within its
security zone.
Seed key
It is the initial key used to start an updating or key generation process.
Seed RNG
Seed is a secret value that is used once to initialize a deterministic random
bit generator in order to generate random numbers and then is destroyed.
Seeding model
A seeding model can be used as an indication of software reliability (i.e.,
error detection power) of a set of test cases.
Seepage
The accidental flow to unauthorized individuals of data or information,
access to which is presumed to be controlled by computer security
safeguards.
Self-signed certificate
A public key certificate whose digital signature may be verified by the
public key contained within the certificate. The signature on a self-signed
certificate protects the integrity of the data, but does not guarantee
authenticity of the information. The trust of self-signed certificates is based
on the secure procedures used to distribute them.
Sendmail attack
Involves sending thousands of e-mail messages in a single day to unwitting
e-mail receivers. It takes a long time to read through the subject lines to
find the desired e-mail, thus wasting the receiver ’s valuable time. This is a
form of spamming attack. Recent sendmail attacks fall into the categories
of remote penetration, local penetration, and remote DoS.
Sensitive data
Data that require a degree of protection due to the risk and magnitude of
loss or harm which could result from inadvertent or deliberate disclosure,
alteration, or destruction of the data (e.g., personal or proprietary data). It
includes both classified and sensitive unclassified data.
Sensitive label
A piece of information that represents the security level of an object. It is
the basis for mandatory access control decisions. Compare with security
label.
Sensitive levels
A graduated system of marking (e.g., low, moderate, and high)
information and information processing systems based on threats and risks
that result if a threat is successfully conducted.
Sensitive security parameter (SSP)
Sensitive security parameter (SSP) contains both critical security
parameter (CSP) and public security parameter (PSP). In other words, SSP
= CSP + PSP.
Sensitive system
A computer system that requires a degree of protection because it
processes sensitive data or because of the risk and magnitude of loss or
harm that could result from improper operation or deliberate manipulation
of the application system.
Sensitivity analysis
Sensitivity analysis is based on a fault-failure model of software and is
based on the premise that software testability can predict the probability
that failure will occur when a fault exists given a particular input
distribution. A sensitive location is one in which faults cannot hide during
testing. The internal states are perturbed to determine sensitivity. This
technique requires instrumentation of the code and produces a count of the
total executions through an operation, an infection rate estimate, and a
propagation analysis.
Sensitivity and criticality
A method developed to describe the value of an information system by its
owner by taking into account the cost, capability, and jeopardy to mission
accomplishment or human life associated with the system.
Sensor
An intrusion detection and prevention system (IDPS) component that
monitors and analyzes network activity and may also perform prevention
actions.
Separation
An intervening space established by the act of setting or keeping apart.
Separation of duties
(1) A security principle that divides critical functions among different
employees in an attempt to ensure that no one employee has enough
information or access privilege to perpetrate damaging fraud. (2) A
principle of design that separates functions with differing requirements for
security or integrity into separate protection domains. Separation of duty is
sometimes implemented as an authorization rule, specifying that two or
more subjects are required to authorize an operation. The goal is to ensure
that no single individual (acting alone) can compromise an application
system’s features and its control functions. For example, security function
is separated from security operations. This is a management and
preventive control.
Separation of name spaces
A technique of controlling access by precluding sharing; names given to
objects are only meaningful to a single subject and thus cannot be
addressed by other subjects.
Separation of privileges
The principle of separation of privileges asserts that protection
mechanisms where two keys (held by different parties) are required for
access are stronger mechanisms than those requiring only one key. The
rationale behind this principle is that “no single accident, deception, or
breach of trust is sufficient” to circumvent the mechanism. In computer
systems the separation is often implemented as a requirement for multiple
conditions (access rules) to be met before access is allowed.
Serial line Internet Protocol (SLIP)
A protocol for carrying IP over an asynchronous serial communications
line. Point-to-Point Protocol (PPP) replaced the SLIP.
Server
(1) A host that provides one or more services for other hosts over a
network as a primary function. (2) A computer program that provides
services to other computer programs in the same or another computer. (3)
A computer running a server program is frequently referred to as a server,
though it may also be running other client (and server) programs.
Server administrator
A system architect responsible for the overall design, implementation, and
maintenance of a server.
Server-based threats
These threats are due to poorly implemented session-tracking, which may
provide an avenue of attack. Similarly, user-provided input might
eventually be passed to an application interface that interprets the input as
part of a command, such as a Structured Query Language (SQL)
command. Attackers may also inject custom code into the website for
subsequent browsers to process via cross-site scripting (XSS). Subtle
changes introduced into the Web server can radically change the server ’s
behavior (including turning a trusted entity into malicious one), the
accuracy of the computation (including changing computational
algorithms to yield incorrect results), or the confidentiality of the
information (e.g., disclosing collected information).
Server farm
A physical security control that uses a network configuration mechanism
to monitor theft or damage because all servers are kept in a single, secure
location.
Server load balancing
Network traffic is distributed dynamically across groups of servers
running a common application so that no one server is overwhelmed.
Server load balancing increases server availability and application system
availability, and could be a viable contingency measure when it is
implemented among different sites. In this regard, the application system
continues to operate as long as one or more sites remain operational.
Server mirroring
The purpose is the same as the disk arrays. A file server is duplicated
instead of the disk. All information is written to both servers
simultaneously. This is a technical and recovery control, and ensures the
availability goal.
Server-side scripts
The server-side scripts such as CGI, ASP, JSP, PHP, and Perl are used to
generate dynamic Web pages.
Server software
Software that is run on a server to provide one or more services.
Service
A software component participating in a service-oriented architecture
(SOA) that provides functionality or participates in realizing one or more
capabilities.
Service-component
Modularized service-based applications that package and process together
service interfaces with associated business logic into a single cohesive
conceptual module. The aim of a service-component in a service-oriented
architecture (SOA) is to raise the level of abstraction in software services
by modularizing synthesized service functionality and by facilitating
service reuse, service extension, specialization, and service inheritance.
The desired features of a service component include encapsulation,
consumability, extensibility, standards-based (reuse), industry best
practices and patterns, well-documented, cohesive set of services, and
well-defined and broadly available licensing or service-level agreement
(SLA).
Service interface
The set of published services that the component supports. These technical
interfaces must be aligned with the business services outlined in the service
reference model.
Service-level agreement (SLA)
A service contract between a network service provider and a subscriber
guaranteeing a particular service’s quality characteristics. These
agreements are concerned about network availability and data-delivery
reliability.
Service-oriented architecture (SOA)
A collection of services that communicate with each other. The
communication can involve either simple data passing or it could involve
two or more services coordinating some activity.
Service set identifier (SSID)
A name assigned to a wireless access point.
Session cookie
A temporary cookie that is valid only for a single website session. It is
erased when the user closes the Web browser, and is stored in temporary
memory.
Session hijack attack
An attack in which the attacker can insert himself between a claimant and a
verifier subsequent to a successful authentication exchange between the
latter two parties. The attacker can pose as a subscriber to the verifier or
vice versa to control session data exchange.
Session initiation protocol (SIP)
SIP is a standard for initiating, modifying, and terminating an interactive
user session that involves multimedia elements such as video, voice,
instant messaging, online games, and virtual reality. It is one of the leading
signaling protocols for Voice over IP (VoIP) along with H.323.
Session key
The cryptographic key used by a device (module) to encrypt and decrypt
data during a session. A temporary symmetric key that is only valid for a
short period. Session keys are typically random numbers that can be
chosen by either party to a conversation, by both parties in cooperation
with one another, or by a trusted third party.
Session layer
Portion of an OSI system responsible for adding control mechanisms to
the data exchange.
Session locking
A feature that permits a user to lock a session upon demand or locks the
session after it has been idle for a preset period of time.
Shared secret
A secret used in authentication that is known to the claimant and the
verifier.
Shareware
Software distributed free of charge, often through electronic bulletin
boards, may be freely copied, and for which a nominal fee is requested if
the program is found useful.
Shim
A layer of host-based intrusion detection and prevention code placed
between existing layers of code on a host that intercepts data and analyzes
it.
Short message service (SMS)
A cellular network facility that allows users to send and receive text
messages of up to 160 alphanumeric characters on their handset.
Shoulder surfing attack
Stealing passwords or personal identification numbers by looking over
someone’s shoulder. It is also called a keyboard logging attack because a
keyboard is used to enter passwords and identification numbers. Shoulder
surfing attack can also be done at a distance using binoculars or other
vision-enhancing devices, and these attacks are common when using
automated teller machines and point-of-sale terminals. A simple and
effective practice to avoid this attack is to shield the keypad with one hand
while entering the required data with the other hand.
Shred
A method of sanitizing media; the act of cutting or tearing into small
particles.
Shrink-wrapped software
Commercial software used “ out-of-the-box” without change (i.e.,
customization). The term derives from the plastic wrapping used to seal
microcomputer software.
Side channel attacks
Side channel attacks result from the physical implementation of a
cryptosystem. Examples of these attacks include timing attacks, power
monitoring attacks, TEMPEST attacks, and thermal imaging attacks.
Improper error handling in cryptographic operation can also allow side
channel attacks. In all these attacks, side channel leakage of information
occurs during the physical operation of a cryptosystem through
monitoring of sound from computations, observing from a distance, and
introducing faults into computations, thus revealing secrets such as the
cryptographic key, system-state information, initialization vectors, and
plaintext. Side channel attacks are possible even when transmissions
between a Web browser and server are encrypted. Note that side channel
attacks are different from social engineering attacks where the latter
involves deceiving or coercing people who have the legitimate access to a
cryptosystem. In other words, the focus of side channel attacks is on data
and information, not on people. Countermeasures against the side channel
attacks include implementing physical security over hardware, jamming
the emitted channel with noise (white noise), designing isochronous
software so it runs in a constant amount of time independent of secret
values, designing software so that it is PC-secure, building secure CPUs
(asynchronous CPUs) so they have no global timing reference, and
retransmitting the failed (error prone) transmission with a predetermined
number of times.
Sign-off
Functional users are requested and required to approve in writing their
acceptance of the system at various stages or phases of the system
development life cycle (SDLC).
Signal-to-noise ratio
It is the ratio of the amplitude of the desired signal to the amplitude of
noise signals at a given point in time in a telecommunications system.
Usually, the signal-to-noise ratio is specified in terms of peak-signal-to-
peak-noise ratio, to avoid ambiguity. A low ratio at the receiver is
preferred to prevent emanation attack.
Signatory
The entity that generates a digital signature on data using a private key.
Signature
(1) A recognizable, distinguishing pattern associated with an attack, such as
a binary string in a virus or a particular set of keystrokes used to gain
unauthorized access to a system. (2) A pattern that corresponds to a known
threat. (3) The ability to trace the origin of the data.
Signature-based detection
The process of comparing signatures against observed events to identify
possible incidents.
Signature certificate
A public key certificate that contains a public key intended for verifying
digital signatures rather than encrypting data or performing any other
cryptographic functions.
Signature (digital)
A process that operates on a message to assure message source authenticity
and integrity, and may be required for source non-repudiation.
Signature generation
The process of using a digital signature algorithm and a private key to
generate a digital signature on data. Only the possessor of the user ’ private
key can perform signature generation.
Signature validation
The mathematical verification of the digital signature and obtaining the
appropriate assurances (e.g., public key validity and private key
possession).
Signature verification
The process of using a digital signature algorithm and a public key to
verify a digital signature. Anyone can verify the signature of a user by
employing that user ’s public key.
Signed data
The data or message upon which a digital signature has been computed.
Simple mail transfer protocol (SMTP)
It is the most commonly used mail transfer agent (MTA) protocol as
defined by IETF RFC 2821. It is the primary protocol used to transfer
electronic mail messages on the Internet. SMTP is a host-to-host e-mail
protocol. An SMTP server accepts e-mail messages from other systems
and stores them for the addressees. It does not provide for reliable
authentication and does not require the use of encryption, thus allowing e-
mail messages to be easily forged.
Simple Network Management Protocol (SNMP)
A Network Management Protocol used with a TCP/IP suite of protocols.
SNMP specifies a set of management operations for retrieving and altering
information in a management information base, authorization procedures
for accessing information base tables, and mappings to lower TCP/IP
layers. SNMP (1) is used to manage and control IP gateways and the
networks to which they are attached, (2) uses IP directly, bypassing the
masking effects of TCP error correction, (3) has direct access to IP
datagrams on a network that may be operating abnormally, thus requiring
careful management, (4) defines a set of variables that the gateway must
store, and (5) specifies that all control operations on the gateway are a
side-effect of fetching or storing those data variables (i.e., operations that
are analogous to writing commands and reading status). SNMP version 3
should be used because the basic SNMP, SNMP version 1, and SNMP
version 2 are not secure.
Simple Object Access Protocol (SOAP)
The Simple Object Access Protocol (SOAP) is an approach for
performing remote procedure calls (RPCs) between application programs
in a language-independent and system-independent manner. SOAP uses the
extensible markup language (XML) for communicating between
application programs on heterogeneous platforms. The client constructs a
request as an XML message and sends it to the server, using HTTP. The
server sends back a reply as an XML-formatted message. SOAP is an
XML-based protocol for exchanging structured information in a
decentralized, distributed environment. The SOAP has headers and
message paths between nodes.
Simple power analysis (SPA) attack
A direct (primarily visual) analysis of patterns of instruction execution (or
execution of individual instructions), obtained through monitoring the
variations in electrical power consumption of a cryptographic module, for
the purpose of revealing the features and implementations of
cryptographic algorithms and subsequently the values of cryptographic
keys.
Simplicity in security
Security mechanisms and information systems in general should be as
simple as possible. Complexity is at the root of many security
vulnerabilities and breaches.
Single-hop problem
The security risks resulting from a mobile software agent moving from its
home platform to another platform.
Single point-of-failure
A security risk due to concentration of risk in one place, system, process,
or with one person. Examples include placement of Web servers and DNS
servers, primary telecommunication services, centralized identity
management, central certification authority, password synchronization,
single sign-on systems, firewalls, Kerberos, converged networks with
voice and data, cloud storage services, and system administrators.
Single sign-on (SSO)
A SSO technology allows a user to authenticate once and then access all the
resources the user is authorized to use.
Sink tree
A sink tree shows the set of optimal routes from all sources to a given
destination, rooted at the destination. The goal of all routing algorithms is
to identify and use the sink trees for all routers. A sink tree does not
contain any loops so each packet is delivered within a finite and bounded
number of hops. A spanning tree uses the sink tree for the router initiating
the broadcast. A spanning tree is a subset of the subnet that includes all the
routers but does not contain any loops.
Six-sigma
The phrase six-sigma is a statistical term that measures how far a given
process deviates from perfection. The central idea behind six-sigma is that
if one can measure how many “defects” are in a process, one can
systematically figure out how to eliminate them and get as close to zero
defects as possible.
Skimming
The unauthorized use of a reader to read tags without the authorization or
knowledge of the tag’s owner or the individual in possession of the tag.
Sliding window protocols
Sliding window protocols, which are used to integrate error control and
flow, are classified in terms of the size of the sender ’s window and the size
of the receiver ’s window. When the sender ’s window and the receiver ’s
window are equal to 1, the protocol is said to be in the stop-and-wait
condition. When the sender ’s window is greater than 1, the receiver can
either discard all frames or buffer out-of-order frames. Examples of
sliding window protocols, which are bit-oriented protocols, include SDLC,
HDLC, ADCCP, and LAPB. All these protocols use flag bytes to delimit
frames and bit stuffing to prevent flag bytes from occurring in the data.
(Tanenbaum)
Smart card
A credit card-sized card with embedded integrated circuits that can store,
process, and communicate information. It has a built-in microprocessor
and memory that is used for identification of individuals or financial
transactions. When inserted into a reader, the card transfers data to and
from a central computer. A smart card is more secure than a magnetic
stripe card and can be programmed to self-destruct if the wrong password
is entered too many times. This is a technical and preventive control.
Smart grid computing
Consists of interoperable standards and protocols that facilitate in
providing centralized electric power generation, including distributed
renewable energy resources and energy storage. Ensuring cyber security
of the smart grid is essential because it improves power reliability, quality,
and resilience. The goal is to build a safe and secure smart grid that is
interoperable, end-to-end. Smart grid computing needs cyber security
measures as it uses cyber computing.
Smelting
A physically destructive method of sanitizing media to be changed from a
solid to a liquid state generally by the application of heat. Same as melting.
Smurf attack
A hacker sends a request for information to the special broadcast address
of a network attached to the Internet. The request sparks a flood of
responses from all the nodes on this first network. The answers are then
sent to a second network that becomes a victim. If the first network has a
larger capacity for sending out responses than the second network is
capable of receiving, the second network experiences a DoS problem as its
resources become saturated or strained.
Sniffer attack
Software that observes and records network traffic. On a TCP/IP network,
sniffers audit information packets. It is a network-monitoring tool, usually
running on a PC.
Social engineering
(1) The act of deceiving an individual into revealing sensitive information
by associating with the individual to gain confidence and trust. (2) A
person’s ability to use personality, knowledge of human nature, and social
skills (e.g., theft, trickery, or coercion) to steal passwords, keys, tokens, or
telephone toll calls. (3) Subverting information system security by using
nontechnical (social) means. (4) The process of attempting to trick
someone into revealing information (e.g., a password) that can be used to
attack systems or networks. (5) An attack based on deceiving users or
administrators at the target site and is typically carried out by an adversary
telephoning users or operators and pretending to be an authorized user, to
attempt to gain illicit access to systems. (6) A general term for attackers
trying to trick people into revealing sensitive information or performing
certain actions, such as downloading and executing files that appear to be
benign but are actually malicious.
Social engineering for key discovery attacks
It is important for functional users to protect their private cryptographic
keys from unauthorized disclosure and from social engineering attacks.
The latter attack can occur when users die or leave the company without
revealing their passwords to the encrypted data. The attacker can get hold
of these passwords using tricky means and access the encrypted data.
Examples of other-related social engineering attacks include presenting a
self-signed certificate unknown to the user, exploiting vulnerabilities in a
Web browser, taking advantage of a cross-site scripting (XSS)
vulnerability on a legitimate website, and taking advantage of the
certificate approval process to receive a valid certificate and apply it to the
attacker ’s own site.
SOCKS
(1) An Internet Protocol to allow client applications to form a circuit-level
gateway to a network firewall via a proxy service. (2) This protocol
supports application-layer firewall traversal. The SOCKS protocol
supports both reliable TCP and UDP transport services by creating a shim-
layer between the application and the transport layers. The SOCKS
protocol includes a negotiation step whereby the server can dictate which
authentication mechanism it supports. (3) A networking-proxy protocol
that enables full access across the SOCKS server from one host to another
without requiring direct IP reachability. (4) The SOCKS server
authenticates and authorizes the requests, establishes a proxy connection,
and transmits the data. (5) SOCKS are commonly used as a network
firewall that enables hosts behind a SOCKS server to gain full access to the
Internet, while preventing unauthorized access from the Internet to the
internal hosts. SOCKS is an abbreviation for SOCKetServer.
Softlifting
Illegal copying of licensed software for personal use.
Software
The computer programs and possibly associated data dynamically written
and modified.
Software assurance
Level of confidence that software is free from vulnerabilities, either
intentionally designed into the software or accidentally inserted at anytime
during its life cycle, and that the software functions in the intended manner.
Software-based fault isolation
A method of isolating application modules into distinct fault domains
enforced by software. The technique allows untrusted programs written in
an unsafe programming language (e.g., C) to be executed safely within the
single virtual address space of an application. Access to system resource
can also be controlled through a unique identifier associated with each
domain.
Software cages
As a part of technical safeguards for active content, software cages
constrain the mobile code’s behavior (e.g., privileges or functions) during
execution. Software cage and quarantine mechanism are part of behavior
controls that dynamically intercept and thwart attempts by the subject code
to take unacceptable actions that violate a security policy. Mobile code
based on predefined signatures (i.e., content inspection) refers to
technologies such as dynamic sandbox, dynamic monitors, and behavior
monitors, which are used for controlling the behavior of mobile code.
Statistics are used to verify the behavioral model.
Software development methodologies
Methodologies for specifying and verifying design programs for system
development. Each methodology is written for a specific computer
language.
Software enhancement
Significant functional or performance improvements.
Software engineering
The use of a systematic, disciplined, quantifiable approach to the
development, operation, and maintenance of software, that is, the use of
engineering principles in the development of software.
Software escrow arrangement
Something (e.g., a document, software source code, or an encryption key)
that is delivered to a third person to be given to the grantee only upon the
fulfillment of a condition or a contract.
Software library
The controlled collection of configuration items associated with defined
baselines: Three libraries can exist: (1) dynamic library used for newly
created or modified software elements, (2) controlled library used for
managing current baselines and controlling changes to them, and (3) static
library used to archive baselines.
Software life cycle
The sequence of events in the development or acquisition of software.
Software maintenance
Activities that modify software to keep it performing satisfactorily.
Software operation
Routine activities that make the software perform without modification.
Software performance engineering
A method for constructing software to meet performance objectives.
Software quality assurance
The planned systematic pattern of all actions necessary to provide adequate
confidence that the product or process by which the product is developed
conforms to established requirements.
Software reengineering
The examination and alteration of a subject system to reconstitute it in a
new form and the subsequent implementation of the new form. Software
reengineering consists of reverse engineering followed by some form of
forward engineering or modification. One reason to consider
reengineering is the possible reduction of software maintenance costs. The
goal is to improve the quality of computer systems.
Software release
An updated version of commercial software to correct errors, resolve
incompatibilities, or improve performance.
Software reliability
The probability that given software operates for some time period, without
system failure due to a software fault, on the machine for which it was
designed, given that it is used within design limits.
Software repository
A permanent, archival storage place for software and related
documentation.
Software security
Those general-purpose (executive, utility, or software development tools)
and application programs and routines that protect data handled by a
computer system and its resources.
Source code
A series of statements written in a human-readable computer programming
language.
Spam
The abuse of electronic messaging systems to indiscriminately send
unsolicited bulk commercial e-mail messages and junk e-mails.
Spam filtering software
A computer program that analyzes e-mails to look for characteristics of
spam, and typically places messages that appear to be spam in a separate e-
mail folder.
Spamming
Posting identical messages to multiple unrelated newsgroups on the
Internet (e.g., USENET). Often used as cheap advertising to promote
pyramid schemes or simply to annoy other people.
Spanning port
A switch port that can see all network traffic going through the switch.
Spanning tree
Multicast and broadcast routing is performed using spanning trees, which
makes excellent use of bandwidth where each router must know which of
its lines belong to the tree. The spanning tree is also used in conducting
risk analysis, to build plug-and-play bridges, and to build Internet relay
chat (IRC) server network so it routes messages according to a shortest-
path algorithm.
Specialized security with limited functionality
An environment encompassing systems with specialized security
requirements, in which higher security needs typically result in more
limited functionality.
Specification
(1) An assessment object that includes document-based artifacts (e.g.,
policies, procedures, plans, system security requirements, functional
descriptions, and architectural designs) associated with an information
system. (2) A technical description of the desired behavior of a system, as
derived from its requirements. (3) A specification is used to develop and
test an implementation of a system.
Split domain name system (DNS)
Implementation of split domain name system (DNS) requires a minimum
of two physical files (zone files) or views. One file or view should
exclusively provide name resolution for hosts located inside the firewall
and for hosts outside the firewall. The other file or view should provide
name resolution only for hosts located outside the firewall on in the DMZ
and not for any hosts inside the firewall. In other words, split DNS requires
one physical file for external clients and one physical file for internal
clients.
Split knowledge
(1) A process by which a cryptographic key is split into multiple key
components, individually sharing no knowledge of the original key, which
can be subsequently input into, or output from, a cryptographic module by
separate entities and combined to recreate the original cryptographic key.
(2) The condition under which two or more parties separately have part of
the data, that, when combined, will yield a security parameter or that will
allow them to perform some sensitive function. (3) The separation of data
into two or more parts, with each part constantly kept under control of
separate authorized individuals or teams so that no one individual will be
knowledgeable of the total data involved.
Split tunneling
(1) A virtual private network (VPN) client feature that tunnels all
communications involving an organization’s internal resources through
the VPN, thus protecting them, and excludes all other communications
from going through the tunnel. (2) A method that routes organization-
specific traffic through the SSL VPN tunnel, but other traffic uses the
remote user ’s default gateway.
Spoofing attacks
Many spoofing attacks exist. An example is the Internet Protocol (IP)
spoofing attack, which refers to sending a network packet that appears to
come from a source other than its actual source. It involves (1) the ability
to receive a message by masquerading as the legitimate receiving
destination or (2) masquerading as the sending machine and sending a
message to a destination.
Spread spectrum
Uses a wide band of frequencies to send radio signals. Instead of
transmitting a signal on one channel, spread spectrum systems process the
signal and spread it across a wider range of frequencies.
Spyware
(1) It is malware intended to violate a user ’s privacy. (2) It is a program
embedded within an application that collects information and periodically
communicates back to its home site, unbeknownst to the user. Spyware
programs have been discovered with many shareware or freeware
programs and even some commercial products, without notification of this
hidden functionality in the license agreement or elsewhere. Notification of
this hidden functionality may not occur in the license agreement. News
reports have accused various spyware programs of inventorying software
on the user ’s system, collecting or searching out private information, and
periodically shipping the information back to the home site. (3) It is
software that is secretly or surreptitiously installed into an information
system to gather information on individuals or organizations without their
knowledge. It is a type of malicious code and malware.
Spyware detection and removal utility
A program that monitors a computer to identify spyware and prevent or
contain spyware incidents.
Stackguarding
Stackguarding technology makes it difficult for attackers to exploit buffer
overflows and to prevent worms from gaining control of low-privilege
accounts.
Standard
An established basis of performance used to determine quality and
acceptability. A published statement on a topic specifying characteristics,
usually measurable, that must be satisfied or achieved in order to comply
with the standard.
Standalone system
A small office/home office (SOHO) environment.
Standard generalized markup language (SGML)
A markup language used to define the structure and to manage documents
in electronic form.
Standard user account
A user account with limited privileges that will be used for general tasks
such as reading e-mail and surfing the Web.
Star topology
Star topology is a network topology in which peripheral nodes are
connected to a central node (station) in that all stations are connected to a
central switch or hub. An active star network has an active central node that
usually has the means to prevent echo-related problems.
State attacks
Asynchronous attacks that deal with timing differences and changing states.
Examples include time-of-check to time-of-use (TOC-TOU) attack and
race conditions.
Stateful inspection
Packet filtering that also tracks the state of connections and blocks packets
that deviate from the expected state.
Stateful protocol analysis
A firewalling capability that improves upon standard stateful inspection by
adding basic intrusion detection technology. This technology consists of
an inspection engine that analyzes protocols at the application layer to
compare vendor-developed profiles of benign protocol activity against
observed events to identify deviations, allowing a firewall to allow or deny
access based on how an application is running over a network.
Stateless inspection
See “Packet filtering.”
State transition diagram (STD)
It shows how a system moves from one state to another, or as a matrix in
which the dimensions are state and input. STDs detects errors such as
incomplete requirements specifications and inconsistent requirements.
STDs represent a sequential, natural flow of business transactions. STD are
used in real-time application systems to express concurrency of tasks.
They are also called state charts.
Static key
It is a key that is intended for use for a relatively long period of time and is
typically intended for use in many instances of a cryptographic key
establishment scheme. Static key is in contrast with an ephemeral key,
where the latter is used for a short period of time.
Static key agreement key pairs
Static key agreement key pairs are used to establish shared secrets between
entities, often in conjunction with ephemeral key pairs. Each entity uses
their private key agreement key(s), the other entity’s public key agreement
key(s) and possibly their own public key agreement key(s) to determine the
shared secret. The shared secret is subsequently used to derive shared
keying material. Note that in some key agreement schemes, one or more of
the entities may not have a static key agreement pair.
Static separation of duty (SSOD)
As a security mechanism, SSOD addresses two separate but related
problems: static exclusivity and assurance principle.
Static exclusivity is the condition for which it is considered dangerous for
any user to gain authorization for conflicting sets of capabilities (e.g., a
cashier and a cashier supervisor). The motivations for exclusivity relations
include, but are not limited to, reducing the likelihood of fraud or
preventing the loss of user objectivity.
Assurance principle is the potential for collusion where the greater the
number of individuals that are involved in the execution of a sensitive
business function, such as purchasing an item or executing a trade, the less
likely any one user will commit fraud or that any few users will collude in
committing fraud.
Separation of duties constraints may require that two roles be mutually
exclusive, because no user should have the privileges from both roles.
Popular SSOD policies are the RBAC and RuBAC.
Static Web documents
Static Web documents (pages) are written in HTML, XHTML, ASCII,
JPEG, XML, and XSL.
Stealth mode
Operating an intrusion detection and prevention sensor without IP
addresses assigned to its monitoring network interfaces.
Steering committee
A group of management representatives from each user area of IT services
that establishes plans and priorities and reviews project’s progress and
problems for the purpose of making management decisions.
Steganography
Deals with hiding messages and obscuring who is sending or receiving
them. The art and science of communicating in a way that hides the
existence of the communication. For example, a child pornography image
can be hidden inside another graphic image file, audio file, or other file
format.
Step restart
A restart that begins at the beginning of a job step. The restart may be
automatic or deferred, where deferral involves resubmitting the job.
Storage security
The process of allowing only authorized parties to access stored
information.
Stream attack
The process of ending transmission control protocol (TCP) packets to a
series of ports with random sequence numbers and random source Internet
Protocol (IP) addresses. The result is high CPU usage leading to resource
starvation effect. Once the attack subsided, the system returns to normal
conditions.
Stream cipher algorithm
An algorithm that converts plaintext into ciphertext one bit at a time and its
security depends entirely on the insides of the keystream generator. Stream
ciphers are good for continuous streams of communication traffic.
Stress testing
Application programs tested with test data chosen for maximum,
minimum, and trivial values, or parameters. The purpose is to analyze
system behavior under increasingly heavy workloads and severe operating
conditions, and, in particular, to identify points of system failure.
Stretching (password)
The act of hashing each password and its salt thousands of times, which
makes the creation of rainbow tables more time-consuming.
Striped core
A communications network architecture in which user data traversing a
core IP network is decrypted, filtered, and re-encrypted one or more times
in a red gateway. The core is striped because the data path is alternately
black, red, and black.
Strongly bound credentials
Strongly bound credential mechanisms (e.g., a signed public key
certificate) require little or no additional integrity protection.
Structure charts
A tool used to portray the logic of an application system on a hierarchical
basis, showing the division of the system into modules and the interfaces
among modules. Like data flow diagrams (DFDs), structure charts can be
drawn at different levels of detail from the system level to a paragraph
level within a program. Unlike DFDs, structure charts indicate decision
points and explain how the data will be handled in the proposed system. A
structure charts is derived directly from the DFD with separate branches
for input, transformation, and output.
Subclass
A class that inherits from one or more classes.
Subject
Technically, subject is a process-domain pair. An active entity (e.g., a
person, a process or device acting on behalf of user, or in some cases the
actual user) that can make a request to perform an operation on an object
(e.g., information to flow among objects or changes a system state). It is
the person whose identity is bound in a particular credential.
Subject security level
A subject’s security level is equal to the security level of the objects to
which it has both read and write access. A subject’s security level must
always be dominated by the clearance of the user with which the subject is
associated.
Subscriber
(1) An entity that has applied for and received a certificate from a
certificate authority. (2) A party who receives a credential or token from a
credential service provider (CSP) and becomes a claimant in an
authentication protocol.
Subscriber identity module (SIM)
A smart card chip specialized for use in global system for mobile
communications (GSM) equipment.
Subscriber station (WMAN/WiMAX)
A subscriber station (SS) is a fixed wireless node and is available in
outdoor and indoor models and communicates only with BSs, except
during mesh network operations.
Substitution table box
Nonlinear substitution table boxes (S-boxes) used in several byte
substitution transformations and in the key expansion routine to perform a
one-for-one substitution of a byte value. This substitution, which is
implemented with simple electrical circuits, is done so fast in that it does
not require any computation, just signal propagation. The S-box design,
which is implemented in hardware for cryptographic algorithm, follows
Kerckhoff’s principle (security-by-obscurity) in that an attacker knows that
the general method is substituting the bits, but he does not know which bit
goes where. Hence, there is no need to hide the substitution method. S-
boxes and P-boxes are combined to form a product cipher, where wiring
of the P-box is placed inside the S-box (i.e., S-box is first and P-box is
next). S-boxes are used in the advanced encryption standard (AES).
Subsystem
A major subdivision or component of an information system consisting of
information, information technology, and personnel that perform one or
more specific functions.
Superuser
A user who is authorized to modify and control IT processes, devices,
networks, and file systems.
Supervisor state
One of two generally possible states in which a computer system may
operate and in which only certain privileged instructions may be executed.
The other state in which a computer system may operate is problem-state
in which privileged instructions may not be executed. The distinction
between the supervisor state and the problem state is critical to the integrity
of the system.
Supplementary controls
The process of adding security controls or control enhancements to a
baseline security control in order to adequately meet the organization’s
risk management needs. These are considered additional controls; after
comparing the tailored baseline controls with security requirements
definition or gap analysis, these controls are added to make up for the
missing or insufficient controls.
Supply chain
A system of organizations, people, activities, information, and resources
involved in moving a product or service from supplier/producer to
consumer/customer. It uses a defense-in-breadth strategy.
Supply chain attack
An attack that allows an adversary to utilize implants or other
vulnerabilities inserted prior to installation in order to infiltrate data or
manipulate IT hardware, software, operating systems, IT peripherals or
services at any point during the life cycle of a product or service.
Support software
All software that indirectly supports the operation of a computer system
and its functional applications such as macroinstructions, call routines, and
read and write routines.
Supporting controls
Generic controls that underlie most IT security capabilities. These controls
must be in place in order to implement other controls, such as prevent,
detect, and recover. Examples include identification, cryptographic key
management, security administration, an system protection.
Susceptibility analysis
Examination of all susceptibility information to identify the full range of
mitigation desired or possible that can diminish the impacts from exposure
of vulnerabilities or access by threats.
Suspended state
The cryptographic key life cycle state used to temporarily remove a
previously active key from that status but making provisions for later
returning the key to active status, if appropriate.
Symbolic links
A symbolic link or symlink is a file that points to another file. Often, there
are programs that will change the permissions granted to a file. If these
programs run with privileged permissions, a user could strategically
create symlinks to trick these programs into modifying or listing critical
system files.
Symmetric key algorithm
A cryptographic algorithm that uses the same secret key for an operation
and its complement (e.g., encryption and decryption, or create a message
authentication code and to verify the code).
Symmetric key cryptography
(1) A cryptographic key that is used to perform both the cryptographic
operation and its inverse (e.g., to encrypt and decrypt a message or create a
message authentication code and to verify the code). (2) A single
cryptographic key that is used with a secret (symmetric) key algorithm.
Synchronization (SYN) flood attack
(1) A stealth attack because the attacker spoofs the source address of the
SYN packet, thus making it difficult to identify the perpetrator. (2) A
method of overwhelming a host computer on the Internet by sending the
host a high volume of SYN packets requesting a connection but never
responding to the acknowledgement packets returned by the host. In some
cases, the damage can be very serious. (3) A method of disabling a system
by sending more SYN packets than its networking code can handle.
Synchronization protocols
Protocols that allow users to view, modify, and transfer or update data
between a cell phone or personal digital assistant (PDA) and a PC or vice
versa. The two most common synchronization protocols are Microsoft’s
ActiveSync and Palm’s HotSync.
Synchronous communication
The transmission of data at very high speeds using circuits in which the
transfer of data is synchronized by electronic clock signals. Synchronous
communication is used within the computer and in high-speed mainframe
computer networks.
Synchronous optical network (SONET)
A physical layer standard that provides an international specification for
high-speed digital transmission via optical fiber. At the source interface,
signals are converted from electrical to optical form. They are then
converted back to electrical form at the destination interface.
Synchronous transmission
The serial transmission of a bit stream in which each bit occurs at a fixed
time interval and the entire stream is preceded by a specific combination of
bits that initiate the timing.
Syntax error
An error resulting from the expression of a command in a way that
violates a program’s syntax rules. Syntax rules specify precisely how a
command, statement, or instruction must be given to the computer so that it
can recognize and process the instruction correctly.
Syslog
A protocol that specifies a general log entry format and a log entry
transport mechanism. Log facility is the message type for a syslog
message.
System
A discrete set of information resources organized for the collection,
processing, maintenance, use, sharing, dissemination, or disposition of
information. A generic term used for briefness to mean either a
major/minor application (MA) or a general support system (GSS).
System administrator
A person who manages a multiuser computer system, including its
operating system and applications, and whose responsibilities are similar
to that of a network administrator. A system administrator would perform
systems programmer activities with regard to the operating system and
network control programs.
System availability
(1) A timely, reliable access to data, system, and information services for
authorized users. (2) A measure of the amount of time that the system is
actually capable of accepting and performing a user ’s work. (3) The
availability of communication ports and the amount or quantity of service
received in a given period. (4) Can be viewed as a component of system
reliability. The availability of a computer system can be expressed as a
percentage in several ways, as follows:
Availability = (Uptime)/(Uptime + Downtime) × 100
Availability = (Available time/Scheduled time) × 100
Availability = [(MTTF)/(MTTF + MTTR)] × 100
Availability = (MTTF/MTBF) × 100
System confidentiality
Assurance that information is not disclosed to unauthorized individuals,
processes, or devices.
System development life cycle (SDLC)
A systematic process for planning, analyzing, designing, developing,
implementing, operating, and maintaining a computer-based application
system. The scope of activities associated with a system, encompassing the
system’s initiation, development and acquisition, implementation,
operation and maintenance, and ultimately its disposal that instigates
another system initiation.
System development methodologies
Methodologies developed through software engineering to manage the
complexity of system development. Development methodologies include
software engineering aids and high-level design analysis tools.
System high
The highest security level supported by a system at a particular time or in a
particular environment (e.g., military/weapon systems, aircraft systems,
and nuclear systems).
System integrity
(1) Quality of a system or product reflecting the logical correctness and
reliability of the operating system; verification that the original contents of
information have not been altered or corrupted. (2) The quality that a
system has when it performs its intended function in an unimpaired
manner, free from unauthorized manipulation of the system, whether
intentional or accidental.
System integrity exposure
A condition that exists when there is a potential of one or more programs
that can bypass the installation’s control and (a) circumvent or disable
store or fetch protection, (b) access a protected resource, and (c) obtain
control in authorized (supervisor) state. This condition can lead to
compromise of systems protection mechanisms and data integrity.
System inventory
Organizations require a system inventory in place. All systems in the
inventory should be categorized as a first step in support of the security
planning activity and eventually in the assessment of the security controls
implemented on the system.
System life
A projection of the time period that begins with the installation of a system
resource (e.g., software or hardware) and ends when the organization’s
need for that resource has terminated.
System low
The lowest security level supported by a computer system at a particular
time or in a particular environment.
System manager
The IT manager who is responsible for the operation of a computer
system.
System parameter
A factor or property whose value determines a characteristic or behavior
of the system.
System reliability
The terms system reliability and system availability are closely related and
often used (although incorrectly) synonymously. For example, a system
that fails frequently but is restarted quickly has high availability even
though its reliability is low. To distinguish between the two, reliability can
be thought of as the quality of service and availability as the quantity of
service. System reliability is measured in terms of downtime hours in a
given period of time.
System resilience
The ability of a computer system to continue to function correctly despite
the existence of a fault or faults in one or more of its component parts.
System security plan
Formal document that provides an overview of the security requirements
for the information system and describes the security controls in place or
planned for meeting those requirements.
System-specific control
A security control for an information system that has not been designated
as a common security control or the portion of a hybrid control that is to
be implemented within an information system.
Systems engineering
The systematic application of technical and managerial processes and
concepts to transform an operational need into an efficient, cost-effective
system using an iterative approach to define, analyze, design, build, test,
and evaluate the system.
Systems software
(1) A major category of programs used to control the computer and
process other programs, such as secure operating systems,
communications control programs, and database managers. (2) Contrasts
with applications software, which comprises the data entry, update, query,
and report programs that process an organization’s data. (3) The operating
system and accompanying utility programs that enable a user to control,
configure, and maintain the computer system, software, and data.
System transparency
Transparency is the ability to simplify the task of developing management
applications, hiding distribution details. There are different aspects of
transparency such as access failure, location, migration replication, and
transaction. Transparency means the network components or segments
cannot be seen by insiders and outsiders and that actions of one user group
cannot be observed by other user groups. It is achieved through process
isolation and hardware segmentation concepts.
Switches
Switches, in the form of routers, interconnect when the systems forming
one workgroup are physically separated from the systems forming other
workgroups. For example, Ethernet switches establish a data link in which
a circuit or a channel is connected to an Ethernet network. Switches and
bridges are used to interconnect different LANs. A switch operates in the
Data Link Layer of the ISO/OSI reference model.
T
T- lines
High-speed data lines leased from communications providers such as T-1
lines.
Tailgating
Same as piggybacking.
Tailored security control baseline
A set of security controls resulting from the application of tailoring
guidance to the security control baseline. Tailoring is the process by which
a security control baseline is modified based on (1) the application of
scoping guidance; (2) the specification of compensating security controls,
if needed; and (3) the specification of organization-defined parameters in
the security controls via explicit assignment and selection statements. In
other words, the tailoring process modifies or aligns the baseline controls
to fit the system conditions.
Tainted input
Input data that has not been examined or sanitized prior to use by an
application.
Tamper
Unauthorized modification that alters the proper functioning of
cryptographic or automated information system security equipment in a
manner that degrades the security or functionality it provides.
Tamper detection
The automatic determination by a cryptographic module that an attempt
has been made to compromise the physical security of the module.
Tamper evidence
The external indication that an attempt has been made to compromise the
physical security of a cryptographic module. The evidence of the tamper
attempt should be observable by an operator subsequent to the attempt.
Tamper response
The automatic action taken by a cryptographic module when a tamper
attempt has been detected.
Tandem computing Tandem computers use single point tolerance system to
create nonstop systems with uptimes measured in years. Single point
tolerance means single backup where broken parts can be swapped out with
new ones while the system is still operational (that is, hot swapping). The
single point tolerant systems should have high mean time between failures
(MTBF) and low mean time to repair (MTTR) before the backup fails
(Wikipedia).
Tap
An analog device that permits signals to be inserted or removed from a
twisted pair or coax cable.
Target of evaluation (TOE)
A Common Criteria (CC) term for an IT product or system and its
associated administrator and user guidance documentation that is the
subject of a security evaluation. A product that has been installed and is
being operated according to its guidance.
Target identification and analysis techniques
Information security testing techniques, mostly active and generally
conducted using automated tools, used to identify systems, ports, services,
and potential vulnerabilities. These techniques include network discovery,
network port and service identification, vulnerability scanning, wireless
scanning, and application security testing.
Target vulnerability validation techniques
Active information security testing techniques that corroborate the
existence of vulnerabilities. These techniques include password cracking,
remote access testing, penetration testing, social engineering, and physical
security testing.
TCP wrappers
Transmission control protocol (TCP) wrapper, a network security tool,
allows the administrator to log connections to TCP service. It can also
restrict incoming connections to these services from systems. These
features are useful when tracking or controlling unwanted network
connection attempts.
Teardrop attack
This freezes vulnerable hosts by exploiting a bug in the fragmented packet
re-assembly routines. A countermeasure is to install software patches and
upgrades.
Technical attack
An attack that can be perpetrated by circumventing or nullifying hardware
and software protection mechanisms, rather than by subverting system
personnel or other users.
Technical controls
(1) An automated security control employed by the system. (2) The
security controls (i.e., safeguards or countermeasures) for an information
system that are primarily implemented and executed by the information
system through mechanisms contained in the hardware, software, or
firmware components of the system.
Technical security
The set of hardware, firmware, software, and supporting controls that
implement security policy, accountability, assurance, and documentation.
Technical vulnerability
A hardware, firmware, communication, or software flaw that leaves a
computer processing system open for potential exploitation, either
externally or internally, thereby resulting in risk for the owner, user, or
manager of the system.
Technology convergence
It occurs when two or more specific and compatible technologies are
combined to work in harmony. For example, in a data center physical
facility, physical security controls (keys, locks, and visitor escort), logical
security controls (biometrics and access controls), and environmental
controls (heat and humidity) can be combined for effective implementation
of controls. These controls can be based on
Technology gap
A technology that is needed to mitigate a threat at a sufficient level but is
not available.
Telecommuting
The ability for an organization’s employees and contractors to conduct
work from locations other than the organization’s facilities.
Telework
The ability for an organization’s employees and contractors to conduct
work from locations other than the organization’s facilities.
Telework device
A consumer device or PC used for performing telework.
Telnet
Protocol used for (possibly for remote) login to a computer host.
TEMPEST
A short name referring to investigation, study, and control of
compromising emanations from telecommunications and automated
information systems equipment. (i.e., spurious electronic signals emitted
by electrical equipment). A low signal-to-ratio is preferred to control the
tempest shielded equipment.
TEMPEST attack
Based on leaked electromagnetic radiation, which can directly provide
plaintext and other information that an attacker needs to attack. It is a
general class of side channel attack (Wikipedia).
Test
A type of assessment method that is characterized by the process of
exercising one or more assessment objects under specified conditions to
compare actual with expected behavior, the results of which are used to
support the determination of security control effectiveness over time.
Test design
The test approach and associated tests.
Test harness
Software that automates the software engineering testing process to test the
software as thoroughly as possible before using it on a real application. If
appropriate, the component should include the source code (for “white
box” components) and a “management application” if the data managed by
the component must be entered or updated independent of the consuming
application. Finally, a component should be delivered with samples of
consumption of the component to indicate how the component operates
within an application environment.
Test plan
A plan that details the specific tests and procedures to be followed when
testing software.
Test procedure
Detailed instructions for the setup, execution, and evaluation of results for
a given test case.
Testability
Effort required for testing a computer program to ensure it performs its
intended function.
Test-word
A string of characters (a test-word) is appended by a sending institution to
a transaction sent over unprotected telex/telegraph networks. The receiving
institution repeats the same process using the received transaction data, and
was thereby able to verify the integrity of the transaction. A test-word is an
early-technology realization of a seal.
Thick client
In a client/server system, a thick client is a software application that
requires programs other than just the browser on a user ’s computer, that
is, it requires code on both a client and server computers (e.g., Microsoft
Outlook). The terms “thin” and “thick” refer to the amount of code that
must be run on the client computer. Thick clients are generally less secure
than thin clients in the way encryption keys are handled.
Thin client
In a client/server system, a thin client is a software application that requires
nothing more than a browser and can be run only on the user ’s computer
(e.g., Microsoft Word). The terms “thin” and “thick” refer to the amount of
code that must be run on the client computer. Thin clients are generally
more secure than thick clients in the way encryption keys are handled.
Thrashing
A situation that occurs when paging on a virtual memory system is so
frequent that little time is left for useful work.
Thread testing
It examines the execution time behavior of computer programs. A thread
can be a sequence of programmer statements (source code) or machine
instructions (object code). Petri nets can be used to analyze thread
interactions. In the finite-state-machine (FSM) model, program paths are
converted to threads.
Threat
An entity or event with the potential to harm a system. Threats are possible
dangers to a computer system, which may result in the interception,
alteration, obstruction, or destruction of computing resources, or in some
other way disrupt the system. It is any circumstance or event with the
potential to adversely impact organization operations (including mission,
functions, image or reputation), organizational assets, individuals, and
other organizations through an information system via unauthorized
access, destruction, disclosure, modification of information, and/or denial
of service. Threat is the potential for a threat-source to successfully exploit
a particular information system’s vulnerability. It is an activity (deliberate
or unintentional) with the potential for causing harm to an automated
information system and a potential violation of system security. Threats
arise from internal system failures, human errors, attacks, and natural
catastrophes. Threats can be viewed in terms of categories and classes, as
shown in the following table:
Cate g orie s Classe s
Human categories Intentional or unintentional
Environmental categories Natural or man-made (fabricated)
Threat agent/source
The intent and method targeted at the intentional exploitation of
vulnerability or a situation and method that may accidentally trigger
vulnerability. It is a method used to exploit vulnerability in a system,
operation, or facility.
Threat analysis
The examination of threat-sources against system vulnerabilities to
determine the threats for a particular system in a particular operational
environment. Threat is threat-source and vulnerability pair, which can be
analyzed in parallel. However, threat analysis cannot be performed until
after vulnerability analysis has been conducted because vulnerabilities lead
to threats, which, in turn, lead to risks.
Threat assessment
A process of formally evaluating the degree of threat to an information
system or enterprise and describing the nature of the threat.
Threat event
A catastrophic occurrence. Examples include fire, flood, power outage,
and hardware/software failures.
Threat monitoring
The analysis, assessment, and review of audit trails and other data
collected to search out system events that may constitute violations or
attempted violations of system security.
Threat-source/agent
The intent and method targeted at the intentional exploitation of a
vulnerability or a situation and method that may accidentally trigger a
vulnerability. It is a method used to exploit vulnerability in a system,
operation, or facility.
Threshold
A value that sets the limit between normal and abnormal behavior.
Ticket-oriented protection system
A computer protection system in which each subject maintains a list of
unforgeable bit patterns, called tickets, one for each object the subject is
authorized to access (e.g., Kerberos). Compare this with list-oriented
protection system.
Tiger team
Conducts penetration testing to attempt a system break-in. It is an old name
to discover system weaknesses and to recommend security controls. The
new name is red team.
Timebomb
A variant of the Trojan horse in which malicious code is inserted to be
triggered later at a particular time. It is a resident computer program that
triggers an unauthorized act as a predefined time.
Time-dependent password
A password that is valid only at a certain time of the day or during a
specified interval of time.
Time division multiple access (TDMA)
Form of multiple access where a single communication channel is shared
by segmenting it by time. Each user is assigned a specific time slot. It is a
technique to interweave multiple conversations into one transponder so as
to appear to get simultaneous conversations.
Time-outs for inactivity
The setting of time limits for either specific activities or for nonactivity.
Time-stamping
The method of including an unforgeable time stamp with object structures,
used for a variety of reasons such as sequence-numbering and expiration
of data.
Time-to-exploitation
The elapsed time between the vulnerability is discovered and the time it is
exploited.
Time-to-Live (TTL) hack
The Time-To-Live (TTL) hack or hop count prevents IP packets from
circulating endlessly in the Internet.
Time-to-recover (TTR)
The time required for any computer resource to be recovered from
disruptive events, specifically, the time required to reestablish an activity
from an emergency or degraded mode to a normal mode. It is also defined
as emergency response time (EMRT).
Timing attack
A side channel attack in which the attacker attempts to compromise a
cryptosystem by analyzing the time taken to execute cryptographic
algorithms. Every logical operation in a computer takes time to execute,
and the time can differ based on the input; with precise measurements of
the time for each operation, an attacker can work backward to the input.
Information can leak from a system through measurement of the time it
takes to respond to certain queries. Timing attacks result from poor
system/program design and implementation methods. Timing attacks and
sidechannel attacks are useful in identifying or reverse-engineering a
cryptographic algorithm used by some device. Other examples of timing
attacks include (1) a clock drift attack where it can be used to build random
number generators, (2) clock skew exploitation based on CPU heating, and
(3) attackers who may find fixed Diffie-Hellman exponents and RSA keys
to break cryptosystems (Wikipedia).
TOC-TOU attack
TOC-TOU stands for Time-of-check to time-of-use. An example of TOC-
TOU attack is when one print job under one user ’s name is exchanged with
the print job for another user. It is achieved through bypassing security
controls by attacking information after the controls were exercised (that is,
when the print job is queued) but before the information is used (that is,
prior to printing the job). This attack is based on timing differences and
changing states.
Token
(1) Something that the claimant possesses and controls (typically a key or
password) used to authenticate the claimant’s identity. (2) When used in the
context of authentication, a physical device necessary for user
identification. (3) A token is an object that represents something else, such
as another object (either physical or virtual). (4) A security token is a
physical device, such as a special smart card, that together with something
that a user knows, such as a PIN, can enable authorized access to a
computer system or network.
Token authenticator
The value that is provided for the protocol stack to prove that the claimant
possesses and controls the token. Protocol messages sent to the verifier are
dependent upon the token authenticator, but they may or may not explicitly
contain it.
Token device
A device used for generating passwords based on some information (e.g.,
time, date, and personal identification number) that is valid for only a brief
period (e.g., one minute).
Top-down approach
An approach that starts with the highest-level component of a hierarchy
and proceeds through progressively lower levels.
Topology
(1) The physical, nonlogical features of a card. A card may have either
standard or enhanced topography. (2) The structure, consisting of paths
and switches, that provides the communications interconnection among
nodes of a network.
Total risk
The potential for the occurrence of an adverse event if no mitigating
action taken (i.e., the potential for any applicable threat to exploit a system
vulnerability).
Tracing
An automated procedure performed by software that shows what program
instructions have been executed in a computer program and in which
sequence they have been executed. Tracing can also be performed
manually by following the path of a transaction or an activity from
beginning to the end and vice versa.
Tracking cookie
A cookie placed on a user ’s computer to track the user ’s activity on
different websites, creating a detailed profile of the user ’s behavior.
Traffic analysis attack
(1) The act of passively monitoring transmissions to identify
communication patterns and participants. (2) A form of passive attack in
which an intruder observes information about calls (although not
necessarily the contents of the messages) and makes inferences from the
source and destination numbers or frequency and length of the messages.
The goal is to gain intelligence about a system or its users, and may not
require the examination of the content of the communications, which may
or may not be decipherable. (3) A traffic flow signal from a reader could
be used to detect a particular activity occurring in the communications
path. (4) An inference attack occurs when a user or intruder is able to
deduce information to which he had no privilege from information to
which he has privilege. Traffic-flow security protection can be used to
counter traffic analysis attacks.
Traffic encryption key (TEK)
A key is used to encrypt plaintext or to super-encrypt previously encrypted
text and/or to decrypt ciphertext.
Traffic-flow security
The protection resulting from encrypting the source and destination
addresses of valid messages transmitted over a communications circuit.
Security is assured due to use of link encryption and because no part of the
data is known to an attacker.
Traffic load
The number of messages input to a network during a specific time period.
Traffic padding or flooding
A protection to conceal the presence of valid messages on a
communications circuit by causing the circuit to appear busy at all times.
Unnecessary data are sent through the circuit to keep it busy and to confuse
the intruder. It is a countermeasure against the threat of traffic analysis.
Trans-border data flow
Deals with the movement and storage of data by automatic means across
national or federal boundaries. It may require data encryption when data is
flowing over some borders.
Transaction
An activity or request to a computer. Purchase orders, changes, additions,
and deletions are examples of transactions recorded in a business
information environment. A logical unit of work for an end user. Also,
used to define a program or a dialog in a computer system.
Transmission control protocol (TCP)
A reliable connection and byte-oriented transport layer protocol within the
TCP/IP suite.
Transmission control protocol/Internet protocol (TCP/IP)
TCP/IP is the protocol suite used by the Internet. A protocol suite is the set
of message types, their formats, and the rules that control how messages
are processed by computers on the network.
Transmission medium
The physical path between transmitters and receivers in a communication
network. A mechanism that supports propagation of digital signals.
Examples of a transmission medium are cables such as leased lines from
common commercial carriers, fiber optic cables, and satellite channels.
Transmittal list
A list, stored and transmitted with particular data items, which identifies the
data in that batch and can be used to verify that no data are missing.
Transport layer
Portion of an open system interconnection (OSI) system responsible for
reliability and multiplexing of data across network to the level required by
the application.
Transport-layer security (TLS)
(1) An authentication and security protocol widely implemented in Web
browsers and Web servers. (2) Provides security at the layer responsible
for end-to-end communications. (3) Provides privacy and data integrity
between two communicating applications. (4) It is designed to encapsulate
other protocols, such as HTTP. TLS is new and SSL is old.
Transport mode
IPsec mode that does not create a new IP header for each protected packet.
Tranquility
A property applied to a set of (typically untrusted) controlled entities
saying that their security level may not change.
Tranquility principle
A request that changes to an object’s access control attributes are
prohibited as long as any subject has access to the object.
Trap
A message indicating that a fault condition may exist or that a fault is likely
to occur. In computer crime investigations, trap and trace means the
attacker ’s phone call is trapped and traced.
Trapdoor
A hidden software or hardware mechanism that responds to a special input
used to circumvent the system’s security controls. Synonymous with
backdoor.
Tree topology
Tree topology is a network topology which resembles an interconnection
of start networks in that individual peripheral nodes are required to
transmit to and receive from one another node only toward a central node.
The tree topology is not required to act as repeaters or regenerators. The
tree topology, which is a variation of bus topology, is subject to a single-
point of failure of a transmission path to the node. The tree topology is an
example of a hybrid topology where a linear bus backbone connects star-
configured networks.
Triangulation
Identifying the physical location of a detected threat against a wireless
network by estimating the threat’s approximate distance from multiple
wireless sensors by the strength of the threat’s signal received by each
sensor, and then calculating the physical location at which the threat would
be the estimated distance from each sensor.
Triple DES (3DES)
An implementation of the data encryption standard (DES) algorithm that
uses three passes of the DES algorithm instead of one as used in ordinary
DES applications. Triple DES provides much stronger encryption than
ordinary DES but it is less secure than AES.
Tripwire
Tripwire, a network security tool, monitors the permissions and
checksums of important system files to detect if they have been replaced or
corrupted. Tripwire can be configured to send an alert to the administrator
should any file’s recomputed checksum fail to match its baseline,
indicating that the file has been altered.
Trojan horse (aka Trojan)
(1) A useful or seemingly useful program that contains hidden code of a
malicious nature. When the program is invoked, so is the undesired
function whose effects may not become immediately obvious. (2) It is a
nonself-replicating program that appears to have a useful purpose, but
actually has a hidden malicious purpose. The name stems from an ancient
exploit of invaders gaining entry to the city of Troy by concealing
themselves in the body of a hollow wooden horse, presumed to be left
behind by the invaders as a gift to the city. (3) A computer program with an
apparent or actual useful function that contains additional (hidden)
functions that surreptitiously exploit the legitimate authorizations of the
invoking process to the detriment of security or integrity. (4) It usually
masquerades as a useful program that a user would wish to execute.
True negative
A tool reports a weakness when it is not present.
True positive
A tool reports a weakness when it is present.
Trust
(1) A characteristic of an entity (e.g., person, process, key, or algorithm)
that indicates its ability to perform certain functions or services correctly,
fairly, and impartially, and that the entity and its identity are genuine. (2) A
relationship between two elements, a set of activities and a security policy
in which element X trusts element Y if and only if X has confidence that Y
will behave in a well-defined way (with respect to the activities) that does
not violate the given security policy. (3) It is a belief that a system meets its
specifications. (4) The willingness to take actions expecting beneficial
outcomes based on assertions by other parties.
Trust anchor (public key)
(1) One or more trusted public keys that exist at the base of a tree of trust
or as the strongest link on a chain of trust and upon which a public key
infrastructure (PKI) is constructed. (2) A public key and the name of a
certification authority (CA) that is used to validate the first certificate in a
sequence of certificates. (3) The trust anchor public key is used to verify
the signature on a certificate issued by a trust anchor CA. The security of
the validation process depends upon the authenticity and integrity of the
trust anchor. Trust anchors are often distributed as self-signed certificates.
Trust anchor (DNS)
A validating DNSSEC-aware resolver uses a public key or hash as a
starting point for building the authentication chain to a signed domain
name system (DNS) response. In general, a validating resolver will need to
obtain the initial values of its trust anchors via some secure or trusted
means outside the DNS protocol. The presence of a trust anchor also
implies that the resolver should expect the zone to which the trust anchor
points to be signed. This is sometimes referred to as a “secure entry point.”
Trust anchor store
The location where trust anchors are stored. Here, store refers to placing
electronic data into a storage medium, which may be accessed and
retrieved under normal operational circumstances by authorized entities.
Trust list
It is the collection of trusted certificates used by the relying parties to
authenticate other certificates.
Trusted certificate
A certificate that is trusted by the relying party on the basis of secure and
authenticated delivery. The public keys included in trusted certificates are
used to start certification paths. It is also known as a trust anchor.
Trusted channel
(1) A mechanism by which two trusted partitions can communicate directly.
(2) A trusted channel may be needed for the correct operation of other
security mechanisms. (3) A trusted channel cannot be initiated by untrusted
software and it maintains the integrity of information that is sent over it.
(4) A channel where the endpoints are known and data integrity and/or data
privacy is protected in transit using SSL, IPsec, and a secure physical
connection. (5) A mechanism through which a cryptographic module
provides a trusted, safe, and discrete communication pathway for sensitive
security parameters (SSPs) and other critical information between the
cryptographic module and the module’s intended communications
endpoint. A trusted channel exhibits a verification component that the
operator or module may use to confirm that the trusted channel exists. A
trusted channel protects against eavesdropping, as well as physical or
logical tampering by unwanted operators/entities, processes, or other
devices, both within the module and along the module’s communication
link with the intended endpoint (e.g., the trusted channel will not allow
man-in-the-middle (MitM) or replay types of attacks). A trusted channel
may be realized in one or more of the following ways: (i) A
communication pathway between the cryptographic module and endpoints
that are entirely local, directly attached to the cryptographic module, and
has no intervening systems, and (ii) A mechanism that cryptographically
protects SSPs during entry and output and does not allow misuse of any
transitory SSPs.
Trusted computer system
(1) A system that employs sufficient hardware and software assurance
measures to allow its use for processing simultaneously a range of
sensitive or classified information. (2) A system believed to enforce a
given set of attributes to a stated degree of assurance (confidence).
Trusted computing
Trusted computing helps network administrators to keep track of host
computers on the network. This tracking and controlling mechanism
ensures that all hosts are properly patched up, the software version is
current, and that they are protected from malware exploitation. Trusted
computing technologies are both hardware-based and software-based
techniques to combat the threat of possible attacks. It includes three
technologies such as trusted platform module, trusted network connect,
and trusted computing software stack.
Trusted computing base (TCB)
The totality of protection mechanisms within a computer system, including
hardware, firmware, and software, where this combination is responsible
for enforcing a security policy. It provides a basic protection environment
and provides additional user services required for a trusted computer
system. The capability of a TCB to correctly enforce a security policy
depends solely on the mechanisms within the TCB and on the correct input
by system administrative personnel of parameters (e.g., a user ’s clearance)
related to the security policy.
Trusted distribution
A trusted method for distributing the trusted computing base (TCB)
hardware, software, and firmware components, both originals and updates,
that provides methods for protecting the TCB from modification during
distribution and for detection of any changes to the TCB that may occur.
Trusted functionality
That which is determined to be correct with respect to some criteria, e.g.,
as established by a security policy. The functionality shall neither fall short
of nor exceed the criteria.
Trusted operating system (TOS)
A trusted operating system is part of a trusted computing base (TCB) that
has been evaluated at an assurance level necessary to protect the data that
will be processed.
Trusted path
(1) A means by which an operator and a security function can
communicate with the necessary confidence to support the security policy
associated with the security function. (2) A mechanism by which a user
(through an input device) can communicate directly with the security
functions of the information system with the necessary confidence to
support the system security policy. This mechanism can only be activated
by the user or the security functions of the information system and cannot
be imitated by untrusted software.
Trusted platform module (TPM) chip
A tamper-resistant integrated circuit built into some computer
motherboards that can perform cryptographic operations (including key
generation) and protect small amounts of sensitive information, such as
passwords and cryptographic keys. TPM chip, through its key cache
management feature, protects the generated keys used in encrypted file
system (EFS).
Trusted relationships
Policies that govern how entities in differing domains honor each other ’s
authorizations. An authority may be completely trusted for example, any
statement from the authority will be accepted as a basis for action or there
may be limited trust, in which case only statements in a specific range are
accepted.
Trusted software
It is the software portion of a trusted computing base (TCB).
Trusted subject
A subject that is part of the trusted computing base (TCB). It has the ability
to violate the security policy but is trusted not to actually do so. For
example, in the Bell-LaPadula model, a trusted subject is not constrained
by the star-property and thus has the capability to write sensitive
information into an object whose level is not dominated by the (maximum)
level of the subject, but it is trusted to only write information into objects
with a label appropriate for the actual level of the information.
Trusted system
Employing sufficient integrity measures to allow its use for processing
intelligence information involving sensitive intelligence sources and
methods.
Trusted third party (TTP)
An entity other than the owner and verifier that is trusted by the owner or
the verifier or both. Sometimes shortened to “trusted party.”
Trustworthiness
(1) The attribute of a person or enterprise that provides confidence to
others of the qualifications, capabilities, and reliability of that entity to
perform specific tasks and fulfill assigned responsibilities. (2) A
characteristic or property of an information system that expresses the
degree to which the system can be expected to preserve the confidentiality,
integrity, and availability of the information being processed, stored, or
transmitted by the system.
Trustworthy system
Computer hardware, software, and procedures that (1) are reasonably
secure from intrusion and misuse, (2) provide a reasonable level of
availability, reliability, and correct operation, (3) are reasonably suited to
performing their intended functions, and (4) adhere to generally accepted
security principles.
Truth table
Computer logic blocks can use combinational logic (without memory) or
sequential logic (with memory). The combinational logic can be specified
by defining the values of the outputs for each possible set of input values
using a truth table. Each entry in the table specifies the value of all the
outputs for that particular input combination. Truth tables can grow in size
quickly and may be difficult to understand. After a truth table is
constructed, it can be optimized by keeping nonzero output values only.
Tuning
Altering the configuration of an intrusion detection and prevention system
(IDPS) to improve its detection accuracy.
Tunnel mode
IPsec mode that creates a new IP header for each protected packet.
Tunnel virtual private network (VPN)
A secure socket layer (SSL) connection that allows a wide variety of
protocols and applications to be run through it.
Tunneled password protocol
A protocol where a password is sent through a protected channel to a
cryptographically authenticated verifier. For example, the transport layer
security (TLS) protocol is often used with a verifier ’s public key
certificate to (1) authenticate the verifier to the claimant, (2) establish an
encrypted session between the verifier and claimant, and (3) transmit the
claimant’s password to the verifier. The encrypted TLS session protects the
claimant’s password from eavesdroppers.
Tunneling
(1) It is a technology enabling one network to send its data via another
network’s connections. Tunneling works by encapsulating a network
protocol within packets carried by the second network. (2) A high-level
remote access architecture that provides a secure tunnel between a
telework client device (a personal computer used by a remote worker) and
a tunneling server through which application system traffic may pass. (3)
A method of circumventing a firewall by hiding a message that would be
rejected by the firewall inside a second, acceptable message.
Tunneling attack
An attack that attempts to exploit a weakness in a system at a level of
abstraction lower than that used by the developer to design and/or test the
system.
Tunneling router
A router or system capable of routing traffic by encrypting it and
encapsulating it for transmission across an untrusted network, for eventual
decryption and de-encapsulation.
Turnstiles
Turnstiles will decrease the everyday piggybacking or tailgating by
forcing people to go through a turnstile one person at a time. Turnstiles
are used in data centers and office buildings.
Twisted-pair wire
Twisted-pair wire is the most commonly used media, and its application is
limited to single building or a few buildings, and used for lower
performance systems.
Two-factor authentication
A type of authentication that requires two independent methods to establish
identity and authorization to perform security services. The three most
recognized factors are (1) something you are (e.g., biometrics), (2)
something you know (e.g., password), and (3) something you have (e.g.,
smart card).
Two-part code
It is a code consisting of an encoding section (first part) arranged in
alphabetical or numeric order and a decoding section (second part)
arranged in a separate alphabetical or numeric order.
Two-person control
Continuous surveillance and monitoring of positive control material at all
times by a minimum of two authorized individuals, each capable of
detecting incorrect and unauthorized procedures with respect to the task
being performed and each familiar with established security and safety
requirements.
Two-person integrity
System of storage and handling designed to prohibit individual access by
requiring the presence of at least two authorized individuals, each capable
of detecting incorrect or unauthorized security procedures with respect to
the task being performed.
Type I and II reports
The Statement on Auditing Standards 70 (SAS 70) of the American
Institute of Certified Public Accountants (AICPA) prescribe Type I and
Type II attestation reports for its clients after the auditors’ review of the
client’s information systems. The SAS 70 is applicable to service
organizations (software companies) that develop, provide, and maintain
software used by user organizations (that is, user clients and customers).
The Type I report states that information systems at the service
organizations for processing user transactions are suitably designed with
internal controls to achieve the related control objectives. The Type II
report states that internal controls at the service organizations are properly
designed and operating effectively. The Type I and the Type II reports are
an essential part of the ISO/IEC 27001 dealing with information
technology, security techniques, and information security management
systems requirements.
Types of evidence
The types of evidence required to be admissible in a court of law to prove
the truth or falsity of a given fact include the best evidence rule (primary
evidence that is natural and in writing), oral testimony from a witness
(secondary and direct evidence), physical evidence (tools and equipment),
Change to circumstantial evidence based on logical inference (introduction
of a defendant's fingerprint or DNA sample), corroborative evidence (oral
evidence consistent with a written document), authentication of records and
their contents, demonstrative evidence (charts and models), and
documentary evidence such as business records produced in the regular
course of business (purchase orders and sales orders).
U
UMTS subscriber identity module (USIM)
A module similar to the SIM in GSM/GPRS networks, but with additional
capabilities suited to third-generation networks.
Unauthorized access
A person gains logical or physical access without permission to a network,
system, application, data, or other IT resource.
Uncertainty
The probability of experiencing a loss as a consequence of a threat event.
A risk event that is an identifiable uncertainty is termed as known unknown.
Unclassified information
Any information that doesn't need to be safeguarded against disclosure but
must be safeguarded against tampering, destruction, or loss due to record
value, utility, replacement cost, or susceptibility to fraud, waste, or abuse.
Unified modeling language (UML)
Activities related to the industry-standard unified modeling language
(UML) for specifying, visualizing, constructing, and documenting the
artifacts of software systems. It simplifies the complex process of software
design, making a “blueprint” for construction.
Uniform resource locator (URL)
It is the global address of documents and other resources on the World
Wide Web. The first part of the address indicates what protocol to use, and
the second part specifies the IP address or the domain name where the
resource is located.
Unit testing
Focuses on testing individual program modules, and is a part of white-box
testing technique. Program modules are collections of program
instructions sufficient to accomplish a single, specific logical function.
Universal description, discovery, and integration (UDDI)
An XML-based lookup service for locating Web services in an Internet
topology. UDDI provides a platform-independent way of describing and
discovering Web services and the Web service providers. The UDDI data
structures provide a framework for the description of basic service
information, and an extensible mechanism to specify detailed service
access information using any standard description language. UDDI is a
single point-of-failure.
Universal mobile telecommunications system (UMTS)
A third-generation mobile phone technology standardized by the 3GPP as
the successor to GSM.
Universal serial bus (USB)
A hardware interface for low-cost and low-speed peripherals such as the
keyboard, mouse, joystick, scanner, printer, and telephony devices.
Unrecoverable bit error rate (UBE)
The rate at which a disk drive is unable to recover data after application of
cyclic redundancy check (CRC) codes and multiple retries.
Update (patch)
An update (sometimes called a “patch”) is a “repair” for a piece of
software (application or operating system). During a piece of a software’s
life, problems (called bugs) will almost invariably be found. A patch is the
immediate solution that is provided to users; it can sometimes be
downloaded from the software vendor ’s website. The patch is not
necessarily the best solution for the problem, and the product developers
often find a better solution to provide when they package the product for
its next release. A patch is usually developed and distributed as a
replacement for or an insertion in compiled code (that is, in a binary file
or object module). In larger operating systems, a special program is
provided to manage and keep track of the installation of patches.
Upgrade
A new version of an operating system, application, or other software.
Usability
A set of attributes that bear on the effort needed for use, and on the
individual assessment of such use, by a stated or implied set of users.
User
An individual, system, or a process authorized to access an information
system by directly interacting with a computer system.
User authentication
User authentication can be achieved with either secret or public key
cryptography. Creating a one-time password is an example of achieving
user authentication and increasing security.
User-based threats
Examples include attackers using social engineering and phishing attacks,
where the attackers try to trick users into accessing a fake website and
divulging personal information. In some phishing attacks, users receive a
legitimate-looking e-mail asking them to update their information on the
company’s website. Instead of legitimate links, however, the URLs in the e-
mail actually point to a rogue website.
User datagram protocol (UDP)
A commonly used transport layer protocol of the TCP/IP suite. It is a
connectionless service without error correction or retransmission of
misordered or lost packets. It is easier to spoof UDP packets than TCP
packets, because there is no initial connection setup (handshake) involved
between the two connected systems. Thus, there is a higher risk associated
with UDP-based services.
User-directed access control
Access control in which users (or subjects generally) may alter the access
rights. Such alterations may be restricted to certain individuals approved
by the owner of an object.
User entitlement
Occurs when a user can access a system’s resources that he is authorized to
access, no more or no less. It assumes that users have certain rights,
obligations, and limitations and that they must adhere to the rules of
behavior (ROB) at all times in order to keep their entitlement in honesty
and integrity. For example, internal users must not misuse or abuse their
access rights because they can modify data and cause damage to computer
systems and IT assets similar to hackers.
User entitlement operates based on the principles of access control lists,
access profiles, access levels, and access types (read, write, execute,
append, modify, delete, or create), and access accountability. Users must
understand the user entitlement rules, which are follows:
Users are assigned with specific roles and de-roles based on their
job duties and responsibilities
User capabilities are revoked from roles and as such are revoked
from users
Objects can be assigned to object groups based on secrecy levels
of the objects
Object groups are organized according to the business functions
of an organization
User ID
A unique symbol or character string used by a system to identify a specific
user.
User interface
A combination of menus, screen design, keyboard commands, command
language, and help screens that together create the way a user interacts with
a computer. Hardware, such as a mouse or touch screen, is also included.
Synonymous with graphical user interface (GUI).
User profile
Patterns of a user ’s activity used to detect changes in normal routines.
Utility computing
Based on the concept of “pay and use” with regards to computing power in
the form of computations, storage, and Web-based services, similar to
public utilities (such as, gas, water, and electricity). Utility computing is
provided through “on demand” computing and supports cloud computing,
grid computing, and distributed computing (Wikipedia).
Utility program
(1) A computer program that supports the operation of a computer. Utility
programs provide file management capabilities, such as sorting, copying,
archiving, comparing, listing, and searching, as well as diagnostic routines
that check the health of the computer system. It also includes compilers or
software that translates a programming language into machine language.
(2) A computer program or routine that performs general data and system-
related functions required by other application software, the operating
system, or users. Examples include copy, sort, or merge files. (3) It is a
program that performs a specific task for an information system, such as
managing a disk drive or printer.
V
Valid password
A personal password that authenticates the identity of an individual when
presented to a password system or an access password that allows the
requested access when presented to a password system.
Validation
(1) The performance of tests and evaluations in order to determine
compliance with security specifications and requirements. (2) The process
of evaluating a system or component (including software) during or at the
end of the development process to determine whether it satisfies specified
requirements. (3) The process of demonstrating that the system under
consideration meets all respects the specification of that system.
Value-added network (VAN)
A network of computers owned or controlled by a single entity used for
data transmission (e.g., EDI and EFT), electronic mail, information
retrieval, and other functions by subscribers. EDI can be VAN-based or
Web-based.
Variable minimization
A method of reducing the number of variables which a subject has access,
not exceeding the minimum required, thereby reducing the risk of
malicious or erroneous actions by that subject. This concept can be
generalized to include data minimization.
Vendor governance
Requires a vendor to establish written policies, procedures, standards, and
guidelines regarding how to deal with its customers or clients in a
professional and business-like manner. It also requires establishing an
oversight mechanism and implementing best practices in the industry.
Customer (user) organizations should consider the following criteria
when selecting potential hardware, software, consulting, or contracting
vendors.
Experience in producing or delivering high quality security
products and services on-time and all the time
A track-record in responding to security flaws in vendor
products, project management skills, and cost and budget controls
Methods to handle software and hardware maintenance, end-user
support, and maintenance agreements
The vendor ’s long-term financial, operational, and strategic
viability
Adherence to rules of engagement (ROE) during contractual
agreements, procurement processes, and red team testing
Verification
(1) The process of comparing two levels of system specification for
proper correspondence (e.g., security policy models with top-level
specification, top-level specification with source code, or source code with
object code). (2) The process of evaluating a system or component
(including software) to determine whether the products of a given
development process satisfy the requirements imposed at the start of that
process. This process may or may not be automated. (3) The process of
affirming that a claimed identity is correct by comparing the offered
claims of identity with previously proven information stored in the identity
card.
Verified name
A subscriber name that has been verified by identity proofing.
Verifier
(1) An entity that verifies the authenticity of a digital signature using the
public key. (2) An entity that verifies the claimant’s identity by verifying
the claimant’s possession of a token using an authentication protocol. To
do this, the verifier may also need to validate credentials that link the token
and identity and check their status. A verifier includes the functions
necessary for engaging in authentication exchanges.
Verifier impersonation attack
A scenario where an attacker impersonates the verifier in an authentication
protocol, usually to capture information (e.g., password) that can be used
to masquerade as that claimant to the real verifier.
Version (configuration management)
It is a change to a baseline configuration item that modifies its functional
capabilities. As functional capabilities are added to, modified within, or
deleted from a baseline configuration item, its version identifier changes.
Note that baselining is first and versioning is next.
Version (software)
A new release of commercial software reflecting major changes made in
functions.
Version control
A mechanism that allows distinct versions of an object to be identified and
associated with independent attributes in a well-defined manner.
Version scanning
The process of identifying the service application and application version
in use.
Victim
A machine or a person that is attacked.
Virtual disk encryption
The process of encrypting a container, which can hold many files and
folders, and permitting access to the data within the container only after
proper authentication is provided. A container is a file encompassing and
protecting other files.
Virtual local-area network (VLAN)
A network configuration in which frames are broadcast within the VLAN
and routed between VLANs. VLANs separate the logical topology of the
LANs from their physical topology.
Virtual machine (VM)
Software that allows a single host to run one or more guest operating
systems.
Virtual network perimeter
A network that appears to be a single protected network behind firewalls,
which actually encompasses encrypted virtual links over untrusted
networks.
Virtual password
A password computed from a passphrase that meets the requirements of
password storage.
Virtual private dial network (VPDN)
A virtual private network (VPN) tailored specifically for dial-up access.
Virtual private network (VPN)
(1) It is used for highly confidential data transmission. (2) It is an Internet
Protocol (IP) connection between two sites over a public IP network so that
only source and destination nodes can decrypt the traffic packets. (3) A
means by which certain authorized individuals (such as remote employees)
can gain secure access to an organization’s intranet by means of an
extranet (a part of the internal network that is accessible via the Internet).
(4) A tunnel that connects the teleworker ’s computer to the organization’s
network. (5) A virtual network, built on top of an existing physical network
that provides a secure communications tunnel for data and other
information transmitted between networks. (6) VPN is used to securely
connect two networks or a network and a client system, over an insecure
network such as the Internet. (7) A VPN typically employs encryption to
secure the connection. (8) It is a protected information system link
utilizing tunneling, security controls, and endpoint address translation
giving the impression of a dedicated (leased) line. (9) A VPN is a logical
network that is established, at the application layer of the open systems
interconnection (OSI) model, over an existing physical network and
typically does not include every node present on the physical network.
Authorized users are granted access to the logical network. For example,
there are a number of systems that enable one to create networks using the
Internet as the medium for transporting data. These systems use encryption
and other security mechanisms to ensure that only authorized users can
access the network and that the data cannot be intercepted.
Virtual (pure-play) organizations
Organizations that conduct their business activities solely online through
the Internet.
Virtualization
The simulation of the software and/or hardware upon which other
software runs using virtual machine. It allows organizations to reduce
costs by running multiple Web servers on a single host computer and by
providing a mechanism for quickly responding to attacks against a Web
server. There are several concepts in virtualization such as application
virtualization, bare metal (native) virtualization, full virtualization, hosted
virtualization, operating system virtualization, para-virtualization, and tape
virtualization.
Virus
(1) It is a self-replicating computer program that runs and spreads by
modifying other programs or files. (2) It is a malware computer program
form that can copy itself and infect a computer without permission or
knowledge of the user. A virus might corrupt or delete data on a computer,
use e-mail programs to spread itself to other computers, or even erase
everything on a hard disk. It is similar to a Trojan horse insofar as it is a
program that hides within a program or data file and performs some
unwanted function when activated. The main difference is that a virus can
replicate by attaching a copy of itself to other programs or files, and may
trigger an additional “payload” when specific conditions are met.
Virus hoax
An urgent warning message about a nonexistent virus.
Virus signature
Alternations to files or applications indicating the presence of a virus,
detectable by virus scanning software.
Virus trigger
A condition that causes a virus payload to be executed, usually occurring
through user interaction (e.g., opening a file, running a program, and
clicking on an e-mail file attachment).
Voice over Internet Protocol (VoIP)
It is the transmission of voice over packet-switched IP networks used in
traditional telephone handsets, conferencing units, and mobile units.
Volatile memory
Memory that loses its content when power is turned off or lost.
Volatile security controls
Measure how frequently a control is likely to change over time subsequent
to its implementation. These controls should be assessed and monitored
more frequently, and examples include configuration management family
(for example, configuration settings, software patches, and system
component inventory). This is because system configurations experience
high rates of change, and unauthorized or unanalyzed changes in the
system configuration often render the system vulnerable to exploits.
Volume encryption
The process of encrypting an entire volume, which is a logical unit of
storage composing a file system, and permitting access to the data on the
volume only after proper authentication is provided.
Vulnerability
Flaws or weaknesses in an information system; system security policies
and procedures; hardware, system design, and system implementation
procedures; internal controls; technical controls; operational controls; and
management controls that could be accidentally triggered or intentionally
exploited by a threat-source and result in a violation of the system’s
security policy. Note that vulnerabilities lead to threats that, in turn, lead to
risks. Vulnerabilities ⇒Threats ⇒Risks.
Vulnerability analysis
The systematic examination of systems in order to determine the adequacy
of security measures, to identify security deficiencies, and to provide data
from which to predict the effectiveness of proposed security measures.
Vulnerability analysis should be performed first followed by threat
analysis because vulnerabilities ⇒threats ⇒risks.
Vulnerability assessment
(1) A formal description and evaluation of the vulnerabilities in an
information system. (2) It is a systematic examination of the ability of a
system or application, including current security procedures and controls
to withstand assault. (3) A vulnerability assessment may be used to (i)
identify weaknesses that would be exploited, (ii) predict the effectiveness
of proposed security measures in protecting information resources from
attack, and (iii) confirm the adequacy of such measures after
implementation.
Vulnerability audit
The process of identifying and documenting specific vulnerabilities in
critical information systems.
Vulnerability database
A security exposure in an operating system or other system software or
application software component. A variety of organizations maintain
publicly accessible databases of vulnerabilities based on the version
number of the software. Each vulnerability can potentially compromise the
system or network if exploited.
Vulnerability scanning tool
A technique used to identify hosts and host attributes, and then to identify
the associated vulnerabilities.
W
Walk throughs
A project management technique or procedure where the programmer,
project team leader, functional users, system analyst, or manager reviews
system requirements, design, and programming and test plans and design
specifications and program code. The objectives are to (1) prevent errors
in logic and misinterpretation of user requirements, design and program
specifications and (2) prevent omissions. It is a management and detective
control. In a system walkthrough, for example, functional users and IS
staff together can review the design or program specifications, program
code, test plans, and test cases to detect omissions or errors and to
eliminate misinterpretation of system or user requirements. System
walkthroughs can also occur within and among colleagues in the IS and
system user departments. It costs less to correct omissions and errors in
the early stages of system development than it does later. This technique
can be applied to both system development and system maintenance.
War dialing
It involves calling a large group of phone numbers to detect active
modems or PBXs.
War driving
When attackers and other malicious parties drive around office parks and
neighborhoods with laptop computers equipped with wireless network
cards in an attempt to connect to open network points is called war driving.
Warez
A term widely used by hackers to denote illegally copied and distributed
commercial software from which all copy protection has been removed.
Warez often contains viruses, Trojan horses, and other malicious code,
and thus is very risky to download and use (legal issues notwithstanding).
Warm-site
An environmentally conditioned workspace that is partially equipped with
IT information systems and telecommunications equipment to support
relocated IT operations in the event of a significant disruption.
Warm start
A restart that allows reuse of previously initialized input and output work
queues. It is synonymous with system restart, initial program load, and
quick start.
Waterfall model
A traditional system development model, which takes a linear and
sequential view of developing an application system. This model will not
bring the operational viewpoint to the requirements phase until the system
is completely implemented.
Watermarking
A type of marking that embeds copyright information about the copyright
owner.
Wavelength division multiple access (WDMA) protocol
The WDMA protocol is an example of medium/media access control
(MAC) sublayer protocol that contains two channels for each station. A
narrow channel is provided as a control channel to signal the station, and a
wide channel is provided so that the station can output data frames.
Weakly bound credentials
Weakly bound credentials (e.g., unencrypted password files) require
additional integrity protection or access controls to ensure that
unauthorized parties cannot spoof and/or tamper with the binding of the
identity to the token representation within the credential.
Weakness
A piece of code that may lead to vulnerability.
Weakness suppression system
A feature that permits the user to a flag a line of code not to be reported by
the tool in subsequent scans.
Web 2.0
The second-generation of Internet-based services that let people
collaborate and create information online in new ways, such as social
networking sites, wikis, and communication tools.
Web administrator
The Web equivalent of a system administrator. Web administrators are
system architects responsible for the overall design, implementation, and
maintenance of a Web server. They may or may not be responsible for
Web content, which is traditionally the purview of the Webmaster.
Web-based threats
Examples include security assertions markup language (SAML) threats and
extensible markup language (XML) threats. Examples of SAML threats
include assertion manufacture, modification, disclosure, repudiation,
redirect, reuse, and substitution. Examples of XML threats include
dictionary attacks, DoS attacks, SQL command injection attacks,
confidentiality and integrity attacks, and XML injection attacks.
Web browser
Client software used to view Web content, which includes the graphical
user interface (GUI), MIME helper applications, language and byte code
Java interpreters, and other similar program components.
Web browser plug-in
A mechanism for displaying or executing certain types of content through
a Web browser.
Web bug
(1) A tiny image, invisible to a user, placed on Web pages in such a way to
enable third parties to track use of Web servers and collect information
about the user, including IP address, host name, browser type and version,
operating system name and version, and Web browser cookies. (2) It is a
tiny graphic on a website that is referenced within the hypertext markup
language (HTML) content of a Web page or e-mail to collect information
about the user viewing the HTML content.
Web content filtering software
A program that prevents access to undesirable websites, typically by
comparing a requested website address to a list of known bad websites with
the help of blacklists.
Web documents
Forms and interactive Web pages are created using hypertext markup
language (HTML). XML can replace HTML.
Webmaster
A person responsible for the implementation of a website. Webmasters
must be proficient in hypertext markup language (HTML) and one or more
scripting and interface languages, such as JavaScript and Perl. They may
or may not be responsible for the underlying server, which is traditionally
the responsibility of the Web server administrator.
Web mining
Data mining techniques for discovering and extracting information from
Web documents. Web mining explores both Web content and Web usage.
Web-oriented architecture (WOA)
A set of Web protocols (e.g., HTTP and plain XML) to provide dynamic,
scalable, and interoperable Web services.
Web portal
Provides a single point of entry into the service-oriented architecture
(SOA) for requester entities, enabling them to access Web services
transparently from any device at virtually any location.
Web server
A computer that provides World Wide Web (WWW) services on the
Internet. It includes the hardware, operating system, Web server software,
transmission control protocol/Internet protocol (TCP/IP), and the website
content (Web pages). If the Web server is used internally and not by the
public, it may be known as an “intranet server.”
Web server administrator
The Web server equivalent of a system administrator. Web server
administrators are system architects responsible for the overall design,
implementation, and maintenance of Web servers. They may or may not be
responsible for Web content, which is traditionally the responsibility of the
Webmaster.
Web service
A software component or system designed to support interoperable
machine or application-oriented interaction over a network. A Web service
has an interface described in a machine-processable format (specifically
services description language WSDL). Other systems interact with the Web
service in a manner prescribed by its description using SOAP messages,
typically conveyed using HTTP with an XML serialization in conjunction
with other Web-related standards.
Web service interoperability (WS-I) basic profile
A set of standards and clarifications to standards that vendors must follow
for basic interoperability with SOAP products.
Web services description language (WSDL)
An XML format for describing network services as a set of endpoints
operating on messages containing either document-oriented or procedure-
oriented information. WSDL complements the universal description,
discovery, and integration (UDDI) standard by providing a uniform way of
describing the abstract interface and protocol bindings and deployment
details of arbitrary network services.
Web services security (WS-Security)
A mechanism for incorporating security information into SOAP messages.
WS-Security uses binary tokens for authentication, digital signatures for
integrity, and content-level encryption for confidentiality.
White box testing
A test methodology that assumes explicit and substantial knowledge of the
internal structure and implementation detail of the assessment object. It
focuses on the internal behavior of a system (program structure and logic)
and uses the code itself to generate test cases. The degree of coverage is
used as a measure of the completeness of the test cases and test effort.
White box testing is performed at individual components level, such as
program or module, but not at the entire system level. It is also known as
detailed testing or logic testing, and should be combined with black box
testing for maximum benefit because neither one by itself does a thorough
testing job. White box testing is structural analysis of a system.
Comprehensive testing is also known as white box testing.
White noise
A distribution of a uniform spectrum of random electrical signals so that
an intruder cannot decipher real data from random (noise) data due to use
of constant bandwidth. White noise is a good security control to prevent
electromagnetic radiations (emanations).
White team
A neutral team of employees acting as observers, referees, and judges
between a red team of mock attackers (offenders) and a blue team of actual
defenders of their enterprise’s use of information systems. The white team
establishes rules of engagement (ROE) and performance metrics for
security tests. The white team is also responsible for deriving lessons-
learned, conducting the post engagement assessment, and communicating
results to management. Occasionally, the white team also performs
incident response activities and addresses bot attacks on an emergency
basis.
Whitelisting
(1) Whitelisting is a method for controlling the installation of software by
ensuring that all software is checked against a list approved by the
organization, (2) Whitelisting technology only allows known good
applications and does not allow any new or unknown exploits to access a
system, (3) A list of discrete entities, such as hosts or applications that are
known to be benign, and (4) A list of e-mail senders known to be benign,
such as a user ’s coworkers, friends, and family. Synonymous with
whitelists.
Whole disk encryption
The process of encrypting all the data on the hard drive used to boot a
computer, including the computer ’s operating system, and permitting
access to the data only after successful authentication with the full disk
encryption product. It is also called full disk encryption (FDE).
Wide-area network (WAN)
(1) A communications network that connects geographically separated
areas. It can cover several sites that are geographically distant. A WAN
may span different cities or even different continents. (2) A network
concept to link business operations and computers used across
geographical locations. (3) A data communications network that spans any
distance and is usually provided by a public carrier. Users gain access to
the two ends of the network circuit and the carrier handles the transmission
and other services in between. WANs are switched networks, meaning they
use routers.
Wi-FI protected access 2 (WPA2)
WPA2 is an implementation of the IEEE 80211i security standard, and its
security is better than that of WEP.
Wiki
A collaborative website where visitors can add, delete, or modify content,
including the work of previous authors.
WiMAX
A wireless standard (IEEE 802.16) for making broadband network
connections over a medium-sized area such as a city for wireless MANs.
WiMAX stands for Worldwide Interoperability for Microwave Access.
Wired Equivalent Privacy (WEP)
A security protocol for wireless local-area networks (WLANs) defined in
the 802.11b standard. WEP was intended to provide the same level of
security as that of a wired LAN. LANs are inherently more secure than
WLANs because LANs have some or the entire network inside a building
that can be protected from unauthorized access. WLANs, which are over
radio waves, therefore are more vulnerable to tampering. WEP attempted
to provide security by encrypting data over radio waves so that it is
protected as it is transmitted from one endpoint to another. NOTE: WEP
has been broken and does not provide an effective security service against
a knowledgeable attacker. Software to break WEP is freely available on the
Internet.
Wireless Access Point (WAP)
It is a device that acts as a conduit to connect wireless communication
devices together to allow them to communicate and create a wireless
network.
Wireless application protocol
A standard for providing cellular telephones, pagers, and other handheld
devices with secure access to e-mail and text-based Web pages. It is a
standard that defines the way in which Internet communications and other
advanced services are provided on wireless mobile devices. It is a suite of
network protocols designed to enable different types of wireless devices to
access files on an Internet-connected Web server.
Wireless fidelity (Wi-Fi)
Wi-Fi is a term describing a wireless local-area network (WLAN) that
observes the IEEE 802.11 family of wireless networking standards.
Wireless intrusion detection and prevention system (WIDPS)
An intrusion detection and prevention system (IDPS) that monitors
wireless network traffic and analyzes its wireless networking protocols to
identify and stop suspicious activity involving the protocols themselves.
Wireless local-area network (WLAN)
A type of local-area network that uses high-frequency radio waves rather
than wires to communicate between nodes. WLAN uses the IEEE 802.11
standard. Specifically, wireless LANs operate with transmission modes
such as infrared, spread spectrum schemes, a multichannel frequency
division multiplexing (FDM) system, and CSMA/CA. WLAN is a
telecommunications network that enables users to make short-range
wireless connections to the Internet or another network such as wireless
MAN or wireless WAN.
Wireless Markup Language (WML)
A scripting language used to create content in the wireless application
protocol (WAP) environment. WML is based on XML minus unnecessary
content to increase speed.
Wireless metropolitan-area network (WMAN)
Wireless MANs are broadband systems that use radio to replace the
telephone connections. WMAN is a telecommunications network that
enables users to make medium-range wireless connections to the Internet
or another network such as wireless LAN or wireless WAN. WMAN uses
the IEEE 802.16 standard (WiMAX) and quality of service (QoS) is
important.
Wireless personal-area networks (WPANs)
They are small-scale wireless networks that require no infrastructure to
operate (e.g., Bluetooth). They are typically used by a few devices in a
single room to communicate without the need to physically connect
devices with cables. WPAN uses the IEEE 802.15 standard.
Wireless Robust Security Network (RSN)
A robust security network (RSN) is defined as a wireless security network
that allows the creation of RSN associations (RSNA) only. RSNAs are
wireless connections that provide moderate to high levels of assurance
against WLAN security threats through the use of a variety of
cryptographic techniques. Wireless RSN uses the IEEE 802.11i standard.
Wireless Sensor Network (WSN)
Wireless sensor network (WSN) is a collection of interconnected wireless
devices that are embedded into the physical environment to provide
measurements of many points over large space. The WSN can be used to
establish building security perimeters and to monitor environmental
changes (e.g., temperature and power) in a building.
Wireless wide-area network (WWAN)
A telecommunications network that offers wireless coverage over a large
geographical area, typically over a cellular phone network.
Wiretapping
(1) The collection of transmitted voice or data and the sending of that data
to a listening device. (2) Cutting in on a communications line to get
information. Two types of wiretapping exist: active and passive. Active
wiretapping is the attaching of an unauthorized device, such as a computer
terminal, to a communications circuit for the purpose of obtaining access
to data through the generation of false messages or control signals or by
altering the communications of legitimate users. Passive wiretapping is the
monitoring and/or recording of data transmitted over a communication
link.
Work factor
The amount of work necessary for an attacker to break the system or
network should exceed the value that the attacker would gain from a
successful compromise.
Workflow Management System (WFMS)
A computerized information system that is responsible for scheduling and
synchronizing the various tasks within the workflow, in accordance with
specified task dependencies, and for sending each task to the respective
processing entity (e.g., Web server or database server). The data resources
that a task uses are called work items. WFMS is the basis for work flow
policy access control system.
Workflow manager
The sub-component that enables one component to access services on
other components to complete its own processing in a service-oriented
architecture (SOA). The workflow manager determines which external
component services must be executed and manages the order of service
execution.
Workstation
(1) A piece of computer hardware operated by a user to perform an
application. Provides users with access to the distributed information
system or other dedicated systems; input/output via a keyboard and video
display terminal; or any method that supplies the user with the required
input/output capability. Computer power embodied within the workstation
may be used to furnish data processing capability at the user level. (2) A
high-powered PC with multifunctions and connected to the host computer.
World Wide Web (WWW)
A system of Internet hosts that support documents formatted in HTML,
which contains links to other documents (hyperlinks), and to audio and
graphics images. Users can access the Web with special applications called
browsers (e.g., Netscape and Internet Explorer).
Worm
A self-replicating and self-contained program that propagates (spreads)
itself through a network into other computer systems without requiring a
host program or any user intervention to replicate.
Write
A fundamental operation that results only in the flow of information from
a subject to an object.
Write access
Permission to write an object.
Write blocker
A device that allows investigators to examine media while preventing data
writes from occurring on the subject media.
Write protection
Hardware or software methods of preventing data from being written to a
disk or other medium.
X
X3.93
Used for data encryption algorithm (All standards starting with X belong
to International Organization for Standards ISO).
X9.9
Used for message authentication.
X9.17
Used for cryptographic key management (Financial Institution Key
Management).
X9.30
Used for digital signature algorithm (DSA) and the secure hash algorithm
(SHA-1).
X9.31
Used for rDSA signature algorithm.
X9.42
Used for agreement of symmetric keys using discrete logarithm
cryptography.
X9.44
Used for the transport of symmetric algorithm keys using reversible
public key cryptography.
X9.52
Used for triple data encryption algorithm (TDEA).
X9.62
Used for elliptic curve digital signature algorithm.
X9.63
Used for key agreement and key transport using elliptic curve-based
cryptography.
X9.66
Used for cryptography device security.
X12
Defines EDI standards for many U.S. industries (e.g., healthcare and
insurance).
X.21
Defines the interface between terminal equipment and public data networks.
X.25
A standard for the network and data link levels of a communications
network. It is a WAN protocol.
X.75
A standard that defines ways of connecting two X.25 networks.
X.121
Network user address used in X.25 communications.
X.400
Used in e-mail as a message handling protocol for reformatting and
sending e-mails.
X.500
A standard protocol used in electronic directory services.
X.509
A standard protocol used in digital certificates and defines the format of a
public key certificate.
X.800
Used as a network security standard.
X. 509 certificate
Two types of X.509 certificates exist: The X.509 public key certificate
(most commonly used) and The X.509 attribute certificate (less commonly
used). The X.509 public key certificate is created with the public key for a
user (or device) and a name for the user (or device), together with optional
information, is rendered unforgeable by the digital signature of the
certification authority (CA) that issued the certificate, and is encoded and
formatted according to the X.509 standard. The X.509 public key
certificate contains three nested elements: (1) the tamper-evident envelope,
which is digitally signed by the source, (2) the basic certificate content
(e.g., identifying information about a user or device and public key), and
(3) extensions that contain optional certificate information.
XACML
Extensible access control markup language (XACML) combined with
extensible markup language (XML) access control policy is a framework
that provides a general-purpose language for specifying distributed access
control policies.
XDSL
Digital subscriber line is a group of broadband technology connecting
home/business telephone lines to an Internet service provider ’s (ISP’s)
central office. Several variations of XDSL exist such as SDSL, ADSL,
IDSL, and HDSL.
XHTML
Extended hypertext markup language (XHTML) is a unifying standard that
brings the benefits of XML to those of HTML. XHTML is the new Web
standard and should be used for all new Web pages to achieve maximum
portability across platforms and browsers.
XML
Extensible markup language, which is a meta-language, is a flexible text
format designed to describe data for electronic publishing. The Web
browser interprets the XML, and the XML is taking over the HTML for
creating dynamic Web documents.
XML encryption
A process/mechanism for encrypting and decrypting XML documents or
parts of documents.
XML gateways
XML gateways provide sophisticated authentication and authorization
services, potentially improving the security of the Web service by having
all simple object access protocol (SOAP) messages pass through a
hardened gateway before reaching any of the custom-developed code.
XML gateways can restrict access based on source, destination, or WS-
Security authentication tokens.
XML schema
A language for describing and defining the structure, content, and
semantics of XML documents.
XML signature
A mechanism for ensuring the origin and integrity of XML documents.
XML signatures provide integrity, message authentication, or signer
authentication services for data of any type, whether located within the
XML that includes the signature or elsewhere.
XOR
Exclusive OR, which is a Boolean operation, dealing with true or false
condition (that is, something is either true or false but not both). It is the
bitwise addition, modulo2, of two bit strings of equal length. For example,
XOR is central to how parity data in RAID levels is created and used within
a disk array (that is, yes parity or no parity). It is used for the protection of
data and for the recovery of missing data.
XOT
X.25 over transmission control protocol (TCP).
XPath
Used to define the parts of an XML document, using path expressions.
XQuery
Provides functionality to query an XML document.
XSL
Extensible style language (XSL) file is used in dynamic content generation
where Web pages can be written in XML and then converted to HTML.
Z
Zero-day attacks
A zero-day attack or threat is a computer threat that tries to exploit
computer application vulnerabilities that are unknown to others,
undisclosed to the software vendor, or for which no security fix is
available. Zero-day attacks, exploits, and incidents are the same.
Zero-day backup
Similar to normal or full backup where it archives all selected files and
marks each as having been backed up. An advantage of this method is the
fastest restore operation because it contains the most recent files. A
disadvantage is that it takes the longest time to perform the backup.
Zero-day exploits
Zero-day exploits (actual code that can use a security vulnerability to carry
out an attack) are used or shared by attackers before the software vendor
knows about the vulnerability. Zero-day attacks, exploits, and incidents are
the same.
Zero-day incidents
Zero-day incidents are attacks through previously unknown weaknesses in
computer networks. Zero-day attacks, exploits, and incidents are the same.
Zero day warez
Zero day warez (negative day) refers to software, games, videos, music, or
data unlawfully released or obtained on the day of public release. Either a
hacker or an employee of the releasing company is involved in copying on
the day of the official release.
Zero fill
To fill unused storage locations in an information system with the
representation of the character denoting “0.”
Zero-knowledge proof
One party proving something to another without revealing any additional
information. This proof has applications in public-key encryption and
smart card implementations.
Zero-knowledge password protocol
A password based authentication protocol that allows a claimant to
authenticate to a verifier without revealing the password to the verifier.
Examples of such protocols include EKE, SPEKE, and SRP.
Zero quantum theory
Zero quantum theory is based on the principles of quantum-mechanics
where eavesdroppers can alter the quantum state of the cryptographic
system.
Zeroize
To remove or eliminate the key from a cryptographic equipment or fill
device.
Zeroization
A method of erasing electronically stored data, cryptographic keys,
credentials service providers (CSPs), and initialization vectors by altering
or deleting the contents of the data storage to prevent recovery of the data.
Zipf ’s law
Applicable to storage management using video servers, where videos can
be stored hierarchically in tape (low capacity) to DVD, magnetic disk, and
RAM (high capacity). The Zipf’s law states that the most popular movie is
seven times as popular as the number seventh movie, which can help in
planning the storage space. An alternative to tape is optical storage.
Zombie
A computer program that is installed on a system to cause it to attack other
computer systems in a chain-like manner.
Zone drift error
A zone drift error results in incorrect zone data at the secondary name
servers when there is a mismatch of data between the primary and
secondary name servers. The zone drift error is a threat due to domain
name system (DNS) data contents.
Zone file
The primary type of domain name system (DNS) data is zone file, which
contains information about various resources in that zone.
Zone of control
Three-dimensional space (expressed in feet of radius) surrounding
equipment that processes classified and/or sensitive information within
which TEMPEST exploitation is not considered practical. It also means
legal authorities can identify and remove a potential TEMPEST
exploitation.
Control zone deals with physical security over sensitive equipment
containing sensitive information. It is synonymous with control zone.
Zone signing key (ZSK)
A zone signing key is an authentication key that corresponds to a private
key used to sign a zone.
Zone transfer
Zone transfer is a part of domain name system (DNS) transactions. Zone
transfer refers to the way a secondary (slave) name server refreshes the
entire contents of its zone file from the primary (master) name server.
Numeric
2TDEA
Two key triple DEA
3TDEA
Three key triple DEA
3DES
Three key triple data encryption standard
1G
First generation of analog wireless technology
2G
Second generation of digital wireless technology
3G
Third generation of digital wireless technology
4G
Fourth generation of digital wireless technology
A
AAA
Authentication, authorization, accounting
ABAC
Attribute-based access control
ACE
Access control entry
ACK
Acknowledgment
ACL
Access control list
ADCCP
Advanced data communication control procedure
ADSL
Asymmetric digital subscriber line
AES
Advanced encryption standard
AES-CBC
Advanced encryption standard – Cipher block chaining
AES-CTR
Advanced encryption standard – Counter mode
AH
Authentication header
AIN
Advanced intelligent networks
AK
Authorization key
ALE
Annual loss expectancy
ALG
Application layer gateway
ANI
Automatic number identification
ANN
Artificial neural network
AP
Access point
APDU
Application protocol data unit
API
Application programming interface
ARP
Address resolution protocol
AS
Authentication server/authentication service/autonomous system
ASCII
American standard code for information interchange
ASP
Active server page
ATA
Advanced technology attachment
ATM
Asynchronous transfer mode/automated teller machine
AV
Anti-virus
AVP
Attribute-value par
B
B2B
Business-to-business electronic commerce model
B2B2C
Business-to-business-to-consumer electronic commerce model
B2C
Business-to-consumer electronic commerce model
B2E
Business-to-employees electronic commerce model
BCP
Business continuity plan
BGP
Border gateway protocol
BIA
Business impact analysis
BIOS
Basic input/output system
BITS
Bump-in-the-stack
BOOTP
Bootstrap protocol
BPI
Business process improvement
BPR
Business process reengineering
BRP
Business recovery (resumption) plan
BS
Base station
BSS
Basic service set
C
C2B
Consumer-to-business electronic commerce model
C2C
Consumer-to-consumer electronic commerce model
C&A
Certification and accreditation
CA
Certification authority
CAC
Common access card
CAN
Campus-area network
CASE
Computer-aided software engineering
CBC
Cipher block chaining
CBC-MAC
Cipher block chaining-message authentication code
CC
Common Criteria
CCE
Common configuration enumeration
CCMP
Cipher block chaining message authentication code protocol
CCTV
Closed circuit television
CDMA
Code division multiple access
CDN
Content delivery network
CEO
Chief executive officer
CER
Crossover error rate (biometrics)
CERT
Computer emergency response team
CFB
Cipher feedback
CGI
Common gateway interface
CHAP
Challenge-handshake authentication protocol
CHIPS
Clearing house interbank payment system
CIDR
Classless inter-domain routing
CIO
Chief information officer
CIRC
Computer incident response center
CIRT
Computer incident response team
CISO
Corporate information security officer
CKMS
Cryptographic key management systems
CM
Configuration management
CMAC
Cipher-based method authentication code
CMM
Capability maturity model
CMS
Configuration management system
CMVP
Cryptographic module validation program
CONOP
Concept of operations (i.e., only one document)
COOP
Continuity of operations
COTS
Commercial off-the-shelf
CP
Certificate policy
CPE
Common platform enumeration
CPS
Certification practice statement
CPU
Central processing unit
CRAM
Challenge-response authentication mechanism
CRC
Cyclic redundancy check
CRL
Certificate revocation list
CRM
Customer relationship management
CS
Client/server
CSIRC
Computer security incident response capability
CSIRT
Computer security incident response team
CSMA/CA
Carrier sense multiple access with collision avoidance
CSMA/CD
Carrier sense multiple access with collision detection
CSRC
Computer security resource center
CSO
Chief security officer
CSP
Credentials service provider/critical security parameter
CTO
Chief technology officer
CTR
Counter mode encryption
CVE
Common vulnerabilities and exposures
CVSS
Common vulnerability scoring system
D
DA
Data administration/administrator/destination address
DAA
Designated approving authority/designated accrediting authority
DAC
Discretionary access control
DAD
Duplicate address detection
DASD
Direct access storage device
DBA
Database administrator
DBMS
Database management system
DC
Domain controller
DCE
Distributed computing environment/data circuit terminating equipment
DCL
Data control language
DD
Data dictionary
DDL
Data definition language
DDP
Distributed data processing
DDOS
Distributed denial-of-service
DEA
Data encryption algorithm
DES
Data encryption standard
DESX
Extended data encryption standard
DFD
Data flow diagram
DH
Diffie-Hellman
DHCP
Dynamic host configuration protocol
DISA
Direct inward system access/U.S. Defense Information Systems Agency
DML
Data manipulation language
DMZ
Demilitarized zone
DNS
Domain name system
DNP
Distributed network protocol
DNS
Domain name system
DOM
Document object model
DoS
Denial-of-service
DoQ
Denial-of-quality
DPA
Differential power analysis
DRP
Disaster recovery plan
DSA
Digital signature algorithm
DSL
Digital subscriber line
DSP
Digital signal processors
DSS
Digital signature standard
DVMRP
Distance vector multicast routing protocol
E
E2E
Exchange-to-exchange electronic commerce model
EAL
Evaluation assurance level
EAP
Extensible authentication protocol
EBCDIC
Extended binary coded decimal interchange code
EBGP
Exterior border gateway protocol
EBTS
Electronic benefit transfer system
EC
Electronic commerce
ECC
Elliptic curve cryptography
ECDSA
Elliptic curve digital signature algorithm
ECDH
Elliptic curve Diffie-Hellman
ECP
Encryption control protocol
ECPA
Electronic communications privacy act
EDC
Error detection code
EDI
Electronic data interchange
EDIFACT
Electronic data interchange for administration, commerce, and transport
EDMS
Electronic document management system
EEPROM
Electronically erasable, programmable read-only memory
EES
Escrowed encryption standard
EFP
Environmental failure protection
EFS
Encrypted file system
EFT
Environmental failure testing
EFTS
Electronic funds transfer system
EGP
Exterior gateway protocol
EH
Extension header
EIDE
Enhanced IDE (integrated drive electronics)
EISA
Extended industry-standard architecture
EME
Electromagnetic emanation
EMRT
Emergency response time
EPICS
Electronic product code information services
ERD
Entity relationship diagram
ERP
Enterprise resource planning
ESN
Electronic serial number
ESP
Encapsulating security payload
EU
European Union
F
FAT
File allocation table
FDDI
Fiber distributed data interface
FDE
Full disk encryption
FDM
Frequency division multiplexing
FEK
File encryption key
FFC
Finite field cryptography
FMEA
Failure mode and effect analysis
FMR
False match rate
FRR
False rejection rate
FSM
Finite-state-machine
FTP
File transfer protocol
G
G2B
Government-to-business electronic commerce model
G2C
Government-to-citizens electronic commerce model
G2E
Government-to-employees electronic commerce model
G2G
Government-to-government electronic commerce model
GCM
Galois counter mode
GKEK
Group key encryption key
GMAC
Galois message authentication code
GPS
Global positioning system
GSM
Global system for mobile communications
GSSP
Generally accepted system security principles
GTC
Generic token card
GUI
Graphical user interface
H
HA
High availability
HAZMAT
Hazardous materials
HDL
Hardware description language
HDLC
High-level data-link control
HDSL
High data rate DSL
HERF
Hazards of electromagnetic radiation to fuel
HERO
Hazards of electromagnetic radiation to ordnance
HERP
Hazards of electromagnetic radiation to people
HERM
Hazards of electromagnetic radiation to materials
HIP
Host identity protocol
HMAC
Hash-based (keyed-hash) message authentication code
HSSI
High-speed serial interface
HTML
Hypertext markup language
HTTP
Hypertext transfer protocol
HTTPS
Hypertext transfer protocol over SSL
HVAC
Heating, ventilation, and air conditioning
I
IA
Identification and authentication/Information assurance
I/O
Input/output
IAB
Internet architecture board
IAM
Information Assurance Manager/Infosec Assessment Methodology
IAO
Information assurance officer
IATF
Information assurance technical framework
IBAC
Identity-based access control
IBC
Iterated block cipher
IBE
Identity-based encryption
IBGP
Internal border gateway protocol
IC
Integrated circuit
ICMP
Internet control message protocol
ICP
Internet cache protocol
ICSA
International computer security association
ICV
Integrity check value
ID
Identification
IDE
Integrated drive electronics
IDEA
International data encryption algorithm
IDMS
Identity management system
IDPS
Intrusion detection and prevention system
IDS
Intrusion detection system
IE
Internet Explorer
IEC
International electro-technical commission
IEEE
Institute of electrical and electronics engineers
IETF
Internet engineering task force
IGMP
Internet group management protocol
IGRP
Interior gateway routing protocol
IGP
Interior Gateway Protocol
IKE
Internet key exchange
IM
Instant messaging
IMAP
Internet Message Access Protocol
IMM
Information management model
IOCE
International organization on computer evidence
IP
Internet Protocol
IPA
Initial privacy assessment
IPComp
Internet Protocol payload compression protocol
IPS
Intrusion prevention system
IPsec
Internet Protocol security
IPX
Internetwork packet exchange
IRC
Internet relay chat
IRTF
Internet research task force
IS
Information system
ISA
Industry-standard architecture
ISAKMP
Internet security association and key management protocol
ISATAP
Intra-site automatic tunnel addressing protocol
ISC2
International information systems security certification and consortium
institute
ISDL
ISDN-based DSL
ISDN
Integrated services digital network
ISF
Information security forum
ISID
Industrial security incident database
ISLAN
Integrated services LAN
ISMAN
Integrated services MAN
ISO
International organization for standardization
ISP
Internet service provider
ISSA
Information Systems Security Association
ISSO
Information systems security officer
IT
Information technology
ITL
Information technology laboratory
ITSEC
Information Technology Security Evaluation Criteria
ITU
International Telecommunication Union
IV
Initialization vector
J
JAD
Joint application design
JBOD
Just a bunch of disks
JCP
Java community process
JIT
Just-in-time
JPEG
Joint photographic experts group
JRE
Java runtime environment
JSM
Java security manager
JSP
Java server page
JVM
Java virtual machine
K
KDC
Key distribution center
KEK
Key encryption key
KG
Key generator
KGD
Key generation and distribution
KMF
Key management facility
KMM
Key management message
KSG
Key stream generator
KSK
Key signing key
KWK
Key wrapping key
L
LAN
Local-area network
LAPB
Link access procedure B
LCD
Liquid crystal display
LCP
Link control protocol
LDA
Local delivery agent
LDAP
Lightweight directory access protocol
LM
LanManager
LMDS
Local multipoint distribution service
LMP
Link manager protocol
LOS
Line-of-sight
LRA
Local registration authority
L2TP
Layer 2 tunneling protocol
LTP
Lightweight transport protocol
M
MAC
Mandatory Access Control/Media Access Control/Medium Access
Control/ message authentication code
MAN
Metropolitan area network
MBR
Master boot record
MC
Mobile commerce
MD
Message digest
MGCP
Media gateway control protocol
MHS
Message handling system
MIC
Message integrity check/message integrity code/mandatory integrity
control
MIDI
Musical instrument digital interface
MIM
Meet-in-the-middle (attack)
MIME
Multipurpose Internet mail extensions
MIN
Mobile identification number
MIP
Mobile Internet protocol
MitM
Man-in-the-middle (attack)
MIPS
Million instructions per second
MMS
Multimedia messaging service
MM
Management message
MOA
Memorandum of agreement
MOU
Memorandum of understanding
MPEG
Moving picture coding experts group
MS
Mobile subscriber
MSI
Module software interface
MSISDN
Mobile subscriber integrated services digital network
MSP
Message security protocol
MTBF
Mean-time-between-failures
MTBO
Mean-time-between-outages
MTD
Maximum tolerable downtime
MTM
Mobile trusted module
MTTDL
Mean-time-to-data loss
MTTF
Mean-time-to-failure
MTTR
Mean-time-to-recovery
Mean-time-to-repair
Mean-time-to-restore
N
NAC
Network Access Control
NAK
Negative acknowledgment
NAP
Network Access Protection
NAPT
Network address and port translation
NAS
Network access server
NAT
Network Address Translation
NBA
Network behavior analysis
NCP
Network Control Protocol
NDAC
Nondiscretionary access control
NetBIOS
Network Basic Input/Output System
NFAT
Network Forensic Analysis Tool
NFS
Network file system/network file sharing
NH
Next header
NIAC
National infrastructure advisory council
NIAP
National information assurance partnership
NIC
Network interface card
NID
Network interface device
NIPC
National infrastructure protection center
NIS
Network information system
NIST
National Institute of Standards and Technology
NISTIR
National Institute of Standards and Technology Interagency Report
NLOS
Nonline-of-sight (non LOS)
NNTP
Network News Transfer Protocol
NS
Name server
NSA
National Security Agency
NTFS
NT file system
NTLM
NT LanManager
NTP
Network Time Protocol
NVD
National Vulnerability Database
NVLAP
National Voluntary Laboratory Accreditation Program
O
OASIS
Organization for the Advancement of Structured Information Standards
OCSP
Online Certificate Status Protocol
OECD
Organization for Economic Co-operation and Development
OFB
Output feedback (mode)
OLE
Object linking and embedding
OOD
Object-oriented design
OOP
Object-oriented programming
ONS
Object naming service
OOB
Out-of-band
OpenPGP
Open Specification for Pretty Good Privacy
OS
Operating system
OSE
Open system environment
OSI
Open system interconnection
OSPF
Open shortest path first
OSS
Open-source software
OTAR
Over-the-air rekeying
OTP
One-time password
OVAL
Open vulnerability and assessment language
P
P2P
Peer-to-peer
P3P
Platform for privacy preferences project
PAC
Protected access credential/privilege attribute certificate
PAD
Packet assembly and disassembly/peer authorization database
PAN
Personal-Area Network
PAP
Password authentication protocol/policy access point
PAT
Port address translation
PATA
Parallel ATA (advanced technology attachment)
PBA
Pre-boot authentication
PBAC
Policy-Based Access Control
PBE
Pre-boot environment
PBX
Private branch exchange
PC
Personal computer
PCI
Payment card industry/personal identity verification card issuer
PCIDSS
Payment card industry data security standard
PCMCIA
Personal computer memory card international association
PCN
Process control network
PCP
IP payload compression protocol
PCS
Process control system
PDA
Personal digital assistant
PDF
Portable document format
PDP
Policy decision point
PDS
Protective distribution systems
PEAP
Protected Extensible Authentication Protocol
PEM
Privacy enhanced mail
PEP
Policy enforcement point
PERT
Program evaluation and review technique
PGP
Pretty Good Privacy
PHP
PHP hypertext preprocessor
PIA
Privacy impact assessment
PII
Personally identifiable information
PIN
Personal identification number
PIP
Policy information point
PIV
Personal identity verification
PKCS
Public key cryptography standard
PKI
Public key infrastructure
PKM
Privacy key management
POA&M
Plan of action and milestones
POC
Point of contact/proof of concept
POP
Post office protocol/proof-of-possession
POS
Point-of-sale
POTS
Plain old telephone service
PP
Protection profile
PPD
Port protection device
PPP
Point-to-Point Protocol
PPTP
Point-to-Point-Tunneling Protocol
PRNG
Pseudorandom number generator
PSK
Pre-shared key
PSP
Public security parameters
PSTN
Public switched telephone network
PTM
Packet transfer mode
PVC
Permanent Virtual Circuit
PVP
Patch and vulnerability group
Q
QA
Quality assurance
QC
Quality control
QoP
Quality of protection
QoS
Quality of service
R
RA
Registration authority
RAD
Rapid application development
RAdAC
Risk adaptive access control
RAD
Rapid application development
RADIUS
Remote Authentication Dial-In User Service
RAID
Redundant array of independent disks
RAM
Random access memory
RAP
Rapid application prototyping
RARP
Reverse Address Resolution Protocol
RAS
Remote Access Server/Registration, Admission, Status channel
RAT
Remote Administration Tool
RBAC
Role-based access control
RBG
Random bit generator
RC
Rivest cipher
RCP
Remote Copy Protocol
RDBMS
Relational database management system
RDP
Remote Desktop Protocol
RED
Random early detection
REP
Robots exclusion protocol
RF
Radio frequency
RFC
Request For Comment
RFI
Radio frequency interference/request for information
RFID
Radio frequency identification
RFP
Request for proposal
RFQ
Request for quote
RIB
Routing information base
RIP
Routing Information Protocol
RMF
Risk management framework
RNG
Random number generator
ROE
Rules of engagement
ROI
Return On Investment
ROM
Read-only memory
RPC
Remote procedure call
RPO
Recovery point objective
RR
Resource record
RS
Relay station
RSA
Rivest-Shamir-Adelman (algorithm)
RSBAC
Ruleset-based access control
RSN
Robust security network
RSO
Reduced sign-on
RSS
Really simple syndication
RSTP
Real-time streaming protocol
RSVP
Resource reservation protocol
RTCP
Real-time transport control protocol
RTF
Rich Text Format
RTO
Recovery time objective
RTP
Real-Time Transport Protocol
RuBAC
Rule-based access control
S
S/MIME
Secure/multipurpose (multipart) Internet mail extensions
SA
Security Association/source address
SACL
System access control list
SAD
Security association database
SAFER
Secure and fast encryption routine
SAML
Security assertion markup language
SAN
Storage area network
SAS
Statement on auditing standards
SATA
Serial ATA (advanced technology attachment)
S-BGP
Secure border gateway protocol
SC
Supply chain
SCAP
Security Content Automation Protocol
SCP
Secure Copy Protocol
SCM
Software configuration management
SCSI
Small Computer Systems Interface
SCTP
Stream Control Transmission Protocol
SD
Secure digital
SDLC
System development lifecycle/Synchronous DataLink Control
SDP
Service Discovery Protocol
SDSL
Symmetrical DSL
SEI
Software Engineering Institute
SEM
Security event management
SET
Secure electronic transaction
SFTP
Secure file transfer protocol
SHA
Secure hash algorithm
SHS
Secure hash standard
SIA
Security impact analysis
SID
Security Identifier
SIM
Subscriber identity module
SIP
Session Initiation Protocol
SKEME
Secure Key Exchange Mechanism
SKIP
Simple Key Management for Internet Protocol
SLA
Service-level agreement
SLIP
Serial Line Interface Protocol
SFTP
Secure file transfer protocol
SHTTP
Secure Hypertext Transfer Protocol
SRPC
Secure remote procedure call
SMDS
Switched Multimegabit Data Service
SME
Subject matter expert
SMS
Short message service/systems management server
SMTP
Simple Mail Transfer Protocol
SNA
System Network Architecture
SNMP
Simple Network Management Protocol
SNTP
Simple Network Time Protocol
SOA
Service-oriented architecture
SOAP
Simple Object Access Protocol/Service-oriented architecture protocol
SOCKS
Socket security
SOHO
Small office/home office
SOL
Single occurrence loss
SONET
Synchronous optical network
SOP
Standard operating procedure
SOW
Statement of work
SP
Service pack
SPA
Simple power analysis
SPI
Security Parameters Index
SPKI
Simple public key infrastructure
SPML
Service Provisioning Markup Language
SPX
Sequenced Packet Exchange
SQL
Structured Query Language
SRTP
Secure Real-Time Transport Protocol
SSDP
Simple Service Discovery Protocol
SSE-CMM
Systems Security Engineering Capability Maturity Model
SPX
Sequential packet exchange
SR
Service release
SS
Subscriber station
SSDP
Simple Service Discovery Protocol
SSH
Secure Shell
SSID
Service set identifier
SSL
Secure Sockets Layer
SSO
Single sign-on
SSP
Sensitive security parameter
ST
Security target
STD
State transition diagram
ST&E
Security test and evaluation
STIG
Security Technical Implementation Guide (by DISA for U.S. DoD)
STS
Security Token Service
SUID
Set-user-ID
SV&V
Software Verification and Validation
SVC
Switched Virtual Network
SWIFT
Society for Worldwide Interbank Financial Telecommunication
SYN
Synchronized
SZ
Security zone
T
TA
Timing analysis
TACACS
Terminal Access Controller Access Control System
TCB
Trusted computing base
TCG
Trusted computing group
TCP
Transmission Control Protocol
T/TCP
Transactional TCP
TCP/IP
Transmission Control Protocol/Internet Protocol
TCSEC
Trusted Computer System Evaluation Criteria
TDEA
Triple Data Encryption Algorithm (Triple DEA or Triple DES)
TDM
Time division multiplexing
TDMA
Time division multiple access
TEK
Traffic encryption key
TFTP
Trivial File Transfer Protocol
TGS
Ticket-granting service
TKIP
Temporal key integrity protocol
TLS
Transport layer security
TOC-TOU
Time-of-check to time-of-use
T&E
Test & evaluation
TOE
Target of evaluation
TOS
Trusted operating system
ToS
Type of Service
TPM
Trusted Platform Module
TQM
Total quality management
TS
Target server
TSIG
Transaction signature
TSN
Transition Security Network
TSP
Time- stamp Protocol
TTL
Time-to-Live
TTR
Time-to-recover
TTLS
Tunneled transport layer security
TTP
Trusted third party
U
UAC
User Account Control
UDDI
Universal description, discovery, and integration
UDF
Universal Disk Format
UDP
User Datagram Protocol
ULP
Upper layer protocol
UML
Unified modeling language
UPS
Uninterruptible power supply
URI
Uniform Resource Identifier
URL
Uniform Resource Locator
USB
Universal Serial Bus
V
V&V
Verification and Validation
VAN
Value-added network
VB
Visual Basic
VBA
Visual Basic for Applications
VBScript
Visual Basic Script
VDSL
Very high-speed DSL
VHD
Virtual hard drive
VHF
Very high frequency
VLAN
Virtual local-area network
VM
Virtual machine
VoIP
Voice over Internet Protocol
VPN
Virtual private network
VRRP
Virtual Router Redundancy Protocol
VSAT
Very small aperture terminal
W
W3C
World Wide Web consortium
WAN
Wide-area network
WAP
Wireless access point/Wireless application protocol
WBS
Work breakdown structure
WCCP
Web Cache Coordination Protocol
WCDMA
Wideband code division multiple access
WDM
Wavelength division multiplexing
WDMA
Wavelength division multiple access
WDP
Wireless Datagram Protocol
WEP
Wired Equivalent Privacy
WfMS
Workflow management system
WiFi
Wireless Fidelity
WiMax
Worldwide Interoperability for Microwave Access
WfMS
Workflow management system
WLAN
Wireless local-area network
WLL
Wireless local loop
WMAN
Wireless metropolitan-area network
WML
Wireless Markup Language
WMM
WiFi multimedia
WOA
Web-oriented architecture
WORM
Write Once, Read Many
WPA
Wi-Fi Protected Access
WPAN
Wireless personal-area network
WS
Web services
WSDL
Web services description language
WS-I
Web service interoperability organization
WSP
Wireless Session Protocol
WTLS
Wireless transport layer security
WTP
Wireless transaction protocol
WWAN
Wireless wide-area network
WWW
World Wide Web
XYZ
XACL
XML Access Control Language
XACML
Extensible Access Control Markup Language
XCBC
XOR cipher block chaining
XCCDF
Extensible configuration checklist description format
XDSL
Digital Subscriber Line
XHTML
Extended hypertext markup language
XML
Extensible Markup Language
XOR
Exclusive OR
XP
Extreme programming
XrML
eXtensible Rights Markup Language
XSD
XML schema definition
XSL
Extensible style language
XSS
Cross-site scripting
ZSK
Zone Signing Key
Acknowledgments
I want to thank the following organizations and institutions for enabling
me to use their publications and reports. They were valuable and
authoritative resources for developing the practice questions, answers, and
explanations.
ISC2, Inc., for the use of its Common Body of Knowledge described
in the “CISSP Candidate Information Bulletin,” January 1, 2012.
National Institute of Standards and Technology (NIST), U.S.
Department of Commerce, Gaithersburg, Maryland, for the use of
various IT-related publications (FIPS, NISTIR, SP 500 series, SP 800
series).
National Communications System (NCS) and the U.S. Department of
Defense (DOD) for their selected IT-related publications.
U.S. Government Accountability Office (GAO), formerly known as
General Accounting Office, Washington, DC, for various IT-related
reports and staff studies.
Office of Technology Assessment (OTA), U.S. Congress,
Washington, DC, for various publications in IT security and privacy
in network technology.
Office of Management and Budget (OMB), Washington, DC, for
selected publications in IT security and privacy.
Federal Trade Commission (FTC), Washington, DC, at www.ftc.gov.
Chief Information Officer (CIO) council, Washington, DC at
www.cio.gov.
Information Assurance Technical Framework (IATF), Release 3.1,
National Security Agency (NSA), Fort Meade, Maryland, September
2002.
Security Technical Implementation Guides (STIGs) by Defense
Information Systems Agency (DISA) developed for the U.S.
Department of Defense (DOD).
I want to thank the following individuals for helping me to improve the
content, quality, and completeness of this book:
Dean Bushmiller, of Austin, Texas, for grouping the author ’s
questions and making them into scenario-based questions and
answers. Dean teaches the CISSP Exam and CISM Exam review
classes to prepare for the exams.
Carol A. Long, executive acquisitions editor at Wiley Publishing, Inc.,
for publishing this book.
Ronald Krutz (technical editor), Apostrophe Editing Services (copy
editor) and all the people at Wiley who made this book possible.
Credits
Executive Editor
Carol Long
Project Editor
Maureen Spears
Technical Editor
Ronald Krutz
Copy Editor
Apostrophe Editing Services
Editorial Manager
Mary Beth Wakefield
Marketing Manager
Ashley Zurcher
Production Manager
Tim Tate
Associate Publisher
Jim Minatel
Proofreader
Kristy Eldredge,
Word One
Indexer
Robert Swanson
Cover Image
© Peter Nguyen / iStockPhoto
Cover Designer
Ryan Sneed
Preface
The purpose of CISSP Practice: 2,250 Questions, Answers, and
Explanations for Passing the Test is to help the Certified Information
Systems Security Professional (CISSP) examination candidates prepare for
the exam by studying and practicing the sample test questions with the goal
to succeed on the exam.
A total of 2,250 traditional multiple-choice (M/C) questions, answers,
and explanations are presented in this book. In addition, a total of 82
scenario-based M/C questions, answers, and explanations are taken from
the traditional 2,250 questions and grouped into the scenario-based format
to give a flavor to the scenario questions. Traditional questions contain
one stem followed by one question set with four choices of a., b., c., and d.,
and scenario questions contain one stem followed by several question sets
with four choices of a., b., c., and d. The scenario-based questions can
focus on more than one domain to test the comprehensive application of
the subject matter in an integrated manner whereas the traditional questions
focus on a single domain.
These 2,250 sample test practice questions are not duplicate questions
and are not taken from the ISC2 or from anywhere else. The author
developed these unique M/C questions for each domain based on the
current CISSP Exam content specifications (see the “Description of the
CISSP Examination” later in this preface). Each unique and insightful
question focuses on a specific and necessary depth and breadth of the
subject matter covered in the CISSP Exam.
The author sincerely believes that the more questions you practice, the
better prepared you are to take the CISSP Exam with greater confidence
because the real exam includes 250 questions. The total number of 2,250
questions represents nine times the number of questions tested on the
exam, thus providing a great value to the CISSP Exam candidate. This
value is in the form of increasing the chances to pass the CISSP Exam.
Because ISC2 did not publish the percentage-weights for ten domains,
the author has assigned the following percentage-weights for each domain
(for example, Domain 1 = 15%) based on what he thinks is important to the
CISSP Exam candidate. These assigned weights are based on the author ’s
assumption that all the ten domains cannot receive equal weight in the
exam due to the differences in relative importance of these domains. These
weights are assigned as a systematic way to distribute the 2,250 questions
among the ten domains, as follows:
Domain 1: Access Control (15%)
Domain 2: Telecommunications and Network Security (15%)
Domain 3: Information Security Governance and Risk Management
(10%)
Domain 4: Software Development Security (10%)
Domain 5: Cryptography (10%)
Domain 6: Security Architecture and Design (10%)
Domain 7: Security Operations (10%)
Domain 8: Business Continuity and Disaster Recovery Planning (5%)
Domain 9: Legal, Regulations, Investigations, and Compliance (10%)
Domain 10: Physical and Environmental Security (5%)
The following table presents the number of traditional questions and
scenario questions for each of the ten domains.
Domain Traditional Que stions Sc e nario Que stions
1 338 (2,250 x 15%) 9
2 338 7
3 225 9
4 225 11
5 225 7
6 225 12
7 225 8
8 112 7
9 225 5
10 112 7
Totals 2,250 82
The real CISSP Exam consists of 250 M/C questions with four choices
of a., b., c., and d. for each question. There can be some scenario-based
questions in addition to most of traditional questions. Regardless of the
type of questions on the exam, there is only one correct answer (choice).
You must complete the entire CISSP Exam in one six-hour session. The
scope of the CISSP Exam consists of the subject matter covered in ten
domains of this book, which is in accordance with the description of the
CISSP Exam (content specifications) as defined in the ISC2’s “CISSP
Candidate Information Bulletin” with an effective date of January 1,
2012. Note that these practice questions are also good for the CISSP Exam
with an effective date of January 1, 2009 because we accommodated both
effective dates (January 2009 and January 2012) due to their minor
differences in the content specifications.
With no bias intended and for the sake of simplicity, the pronoun “he”
has been used throughout the book rather than “he/she” or “she.”
DOMAIN 5: CRYPTOGRAPHY
Overview
The cryptography domain addresses the principles, means, and methods of
disguising information to ensure its integrity, confidentiality, and
authenticity.
Procedures and protocols that meet some or all of the above criteria are
known as cryptosystems. Cryptosystems are often thought to refer only to
mathematical procedures and computer programs; however, they also
include the regulation of human behavior, such as choosing hard-to-guess
passwords, logging off unused systems, and not discussing sensitive
procedures with outsiders.
The candidate is expected to know the basic concepts within
cryptography; public and private key algorithms in terms of their
applications and uses; algorithm construction, key distribution and
management, and methods of attack; the applications, construction, use of
digital signatures to provide authenticity of electronic transactions, and
nonrepudiation of the parties involved; and the organization and
management of the public key infrastructures (PKIs) and digital certificates
distribution and management.