CISSP Terminology Flashcards Preview

CISSP > CISSP Terminology > Flashcards

Flashcards in CISSP Terminology Deck (475):

Acceptable use policy (AUP)

A policy that defines what employees, contractors, and third parties are authorized to do on the organization's IT infrastructure and its assets. AUPs are common for access to IT resources, systems, applications, Internet access, email access, and so on.


Access control

Controls that monitor the flow of information between the subject and object. They ensure that only the operations permitted are performed.


Access control list (ACL)

An ACL is a table or list stored by a router to control access to and from a network by helping the device determine whether to forward or drop packets that are entering or exiting it.


Access creep

The result of employees moving from one position to another within an organization without losing the privileges of the old position but while gaining the additional access of the new position. Thus, over time, employees build up much more access than they should have.


Access point spoofing

The act of pretending to be a legitimate access point with the purpose of tricking individuals to pass traffic by the fake connection so that it can be captured and analyzed.



The traceability of actions performed on a system to a specific system entity or user.



Management's formal acceptance of a system or application.


ACID test

Test that addresses atomicity, consistency, isolation, and durability. Programmers involved in database management use the ACID test to determine whether a database management system has been properly designed to handle transactions.


Active fingerprint

An active method of identifying the operating system of a targeted computer or device that involves injecting traffic into the network.


Address resolution protocol (ARP)

Protocol used to map a known IP address to an unknown physical address.


Ad-hoc mode

An individual computer in ad-hoc operation mode can communicate directly to other client units. No access point is required. Ad-hoc operation is ideal for small networks of no more than 2-4 computers.


Administrative law

A body of regulations, rules, orders, and decisions to carry out regulatory powers, created by administrative agencies.



A mathematical procedure used for solving a problem. Commonly used by in cryptography.


American standard code for information interchange (ASCII)

A standard code for transmitting data, consisting of 128 letters, numerals, symbols, and special codes, each of which is represented by a unique binary number. An ASCII word typically is 8 bits of binary data.


Annualized loss expectancy (ALE)

A formula used to calculate a quantifiable measurement of the impact that a threat will have on an organization if it occurs. ALE is used to calculate the possible loss that could occur over a one-year period. The formula is SLE * ARO = ALE.


Anomaly detection

A type of intrusion detection that looks at behaviors that are not normal with standard activity. These unusually patterns are identified as suspicious.



A virus infection type that places the virus code at the end of the infected file. Asymmetric encryption.



A small Java program that can be embedded in an HTML page. Applets differ from full-fledged Java applications in that they are not allowed to access certain resources on the local computer, such as files and serial devices (modems, printers, and so on), and are prohibited from communicating with most other computers across a network. The current rule is that an applet can make an Internet connection only to the computer from which the applet was sent.



A software program designed to perform a specific task or group of tasks, such as word processing, communications, or database management.


Application controls

A category of controls used to verify the accuracy and completeness of records made by manual or automated processes. Controls used for applications include encryption, batch totals, and data input validation.


Application layer

Highest layer of the seven-layer OSI model. The application layer is used as an interface to applications or communications protocols.


Application programming interface (API)

A set of system-level routines that can be used in an application program for tasks such as basic input/output and file management. In a graphics-oriented operating environment such as Microsoft Windows, high-level support for video graphics output is part of the Windows graphical API.


Arithmetic logic unit (ALU)

A device used for logical and arithmetic operations within a computer.


Artificial intelligence

Computer software that can mimic the learning capability of a human, such as reasoning and learning.



A program that converts the assembly language of a computer program into the machine language of the computer.



An evaluation and/or valuation of IT assets based on predefined measurement or evaluation criteria. This does not typically require an accounting or auditing firm to conduct an assessment such as a risk or vulnerability assessment.



Anything of value owned or possessed by an individual or business.


Asymmetric algorithm

A routine that uses a pair of different but related cryptographic keys to encrypt and decrypt data.


Asymmetric encryption

In cryptography, an asymmetric key algorithm uses a pair of cryptographic keys to encrypt and decrypt. The two keys are related mathematically: A message encrypted by the algorithm using one key can be decrypted by the same algorithm using the other. In a sense, one key "locks" a lock (encryption), but a different key is required to unlock it (decryption).


Asynchronous transfer mode (ATM)

Communication technology that uses high-bandwidth, low-delay transport technology and multiplexing techniques. Through dedicated media connections, it provides simultaneous transport of voice, video, and data signals more than 50 times faster than current technology. ATM might be used in phone and computer networks of the future.


Asynchronous transmission

The method whereby data is sent and received 1 byte at a time.



Occurs with any signal and can be described as a weakening of the signal that increases as the signal travels farther from the source.



A term that typically accompanies an accounting or auditing firm that conforms to a specific and formal methodology and definition for how an investigation is to be conducted with specific reporting elements and metrics being examined (such as a financial audit according to Public Accounting and Auditing Guidelines and Procedures).


Audit trail

A set of records that collectively provide documentary evidence of processing used to aid in tracing from original transactions forward to related records and reports, and/or backward from records and reports to their component source transactions.



A method that enables you to identify someone. Authentication verifies the identity and legitimacy of the individual to access the system and its resources. Common authentication methods include passwords, tokens, and biometric systems.



The process of granting or denying access to a network resource based on the user's credentials.



Ensures that the systems responsible for delivering, storing, and processing data are available and accessible as needed by individuals authorized to use the resources.



A piece of software that allows access to a computer without using the conventional security procedures. Backdoors are often associated with Trojans.


Back orifice

A backdoor program that trojans the end user and gives the attacker the ability to remote control the system.



Copies of programs, databases, other files, and so on are made with the purpose to restore information in case it is lost; for instance, because of a computer failure, a natural disaster, or a virus infection.



The range of frequencies, expressed in hertz (Hz), that can pass over a given transmission channel. The bandwidth determines the rate at which information can be transmitted through the circuit.



The name given to a transmission method in which the entire bandwidth (the rate at which information travels through a network connection) is used to transmit just one signal.



A consistent or established base used to establish a minimum acceptable level of security.


Bayesian filter

A technique used to detect spam. Bayesian filters give a score to each message based on the words and numbers in a message. They are often employed by antispam software to filter spam based on probabilities. Messages with high scores are flagged as spam and can be discarded, deleted, or placed in a folder for review.



A formal model based on confidentiality. It is defined by two basic properties: . Simple Security Property (ss Property)-This property states that a subject at one level of confidentiality is not allowed to read information at a higher level of confidentiality. It is sometimes referred to as "no read up." . Star * Security Property-This property states that a subject at one level of confidentiality is not allowed to write information to a lower level of confidentiality. Also known as "no write down."



A standard test or measurement compares the performance of similar components or systems.


Binary code

A sequence of 0s and 1s used by computer systems as the bases of communication.



A method of verifying a person's identify for authentication by analyzing a unique physical attribute of the individual such as a fingerprint, retinal scanning or palm print.


Blackbox testing

This form of testing occurs when the tester has no knowledge of the target or its network structure.


Block cipher

An encryption scheme in which the data is divided into fixed-size blocks, each of which is encrypted independently of the others.



A symmetric block encryption designed in 1993.


Blu-ray Disc

Designed as a replacement for DVDs. Blu-ray is a high-density optical disk that can hold audio, video, or data.



The act of sending unsolicited messages, pictures, or information to a Bluetooth user.



The theft of information from a wireless device through a Bluetooth connection.



An open standard for short-range wireless communications of data and voice between both mobile and stationary devices. Used in cell phones, PDA, laptops, and other devices.



A heavy round post used to prevent automobiles from ramming buildings or breaching physical security.



A term used to describe robot-controlled workstations that are part of a collection of other robot-controlled workstations.



A Layer 2 device for passing signals between two LANs or two segments of a LAN.



A wired or wireless transmission medium capable of supporting a wide range of frequencies, typically from audio up to video frequencies. It can carry multiple signals by dividing the total capacity of the medium into multiple, independent bandwidth channels, with each channel operating on only a specific range of frequencies.



A type of transmission used on local and wide area networks in which all devices are sent the information from one host.


Brute-force attack

A method of breaking a cipher or encrypted value by trying a large number of possibilities. Brute-force attacks function by working through all possible values. The feasibility of brute-force attacks depends on the key length and strength of the cipher and the processing power available to the attacker.



An amount of memory reserved for the temporary storage of data.


Buffer overflow

In computer programming, this occurs when a software application somehow writes data beyond the allocated end of a buffer in memory. Buffer overflow is usually caused by software bugs and improper syntax and programming, thus opening or exposing the application to malicious code injections or other targeted attack commands.



A common shared channel among multiple computer devices.


Bus LAN configuration

A LAN network design that was developed to connect computers used for 10BASE-5 and 10BASE-2 computer networks. All computers and devices are connected along a common bus or single communication line so that transmissions by one device are received by all.


Business case

A document developed to establish the merits and desirability of a project. This is the information necessary to enable.


Certificate Revocation List (CRL)

approval, authorization, and policymaking bodies to assess a project proposal and reach a reasoned decision, as well as justify the commitment of resources to a project.


Business continuity planning (BCP)

A system or methodology to create a plan for how an organization will resume partially or completely interrupted critical functions within a predetermined time after a disaster or disruption occurs. The goal is to keep critical functions operational.


Business impact analysis (BIA)

A component of the business continuity plan. The BIA looks at all the components that an organization relies on for continued functionality. It seeks to distinguish which are more crucial than others and require a greater allocation of funds in the wake of a disaster.


Capability maturity model (CMM)

A structured model designed by Carnegie Mellon's Software Engineering Institute to improve and optimize the software development life cycle.


Carrier sense multiple access with collision avoidance (CSMA/CA)

The access method used by local area networking technologies such as ethernet.


Carrier sense multiple access with collision detection (CSMA/CD)

The access method used by local area networking technologies such as token ring.



A calamity or misfortune that causes the destruction of facility and data.


Central processing unit (CPU)

One of the central components of a system, the CPU carries out the vast majority of the calculations performed by a computer. It can be thought of as the "brain" of a computer. The CPU is like a manager or boss, telling what the other components of the system should be doing at a given moment.



A digital certificate is a file that uniquely identifies its owner. A certificate contains owner identity information and its owner's public key. Certificates are created by the certificate authority.


Certificate Authority (CA)

Used in the PKI infrastructure to issue certificates and report status information and certificate revocation lists.


Certificate Revocation List (CRL)

The certification authority's listing of invalid certificates, such as compromised, revoked, or superceded certificates. The CRL is used during the digital signature verification process to check the validity of the certificate from which the public verification key is extracted.


Certificate practice statement (CPS)

Provides a detailed explanation of how the certificate authority manages the certificates it issues and associated services such as key management. The CPS acts as a contact between the CA and users, describing the obligations and legal limitations, and setting the foundation for future audits.



The technical review of the system or application.


Challenge handshake authentication protocol (CHAP)

A secure method for connecting to a system. CHAP functions as follows: 1. After the authentication request is made, the server sends a challenge message to the requestor. The requestor responds with a value obtained by using a one-way hash. 2. The server then checks the response by comparing the received hash to one calculated locally by the server. 3. If the values match, the authentication is acknowledged; otherwise, the connection is terminated.


Channel service unit/digital service unit (CSU/DSU)

A telecommunications device used to terminate telephone company equipment, such as a T1, and prepare data for router interface at the customer's premises.


Cipher text

Plain text or clear text is what you have before encryption and cipher text is the encrypted result that is scrambled into an illegible form.


Civil law

A law that usually pertains to the settlement of disputes between individuals, organizations, or groups, and having to do with the establishment, recovery, or redress of private and civil rights. Civil law is not criminal law. It is also called tort law and is mainly for redress or recovery related to wrongdoing.



Describes the relationship between two computer programs in which one program, the client, makes a service request from another program, the server, which fulfills the request. Clients rely on servers for resources, such as files, devices, and even processing power.


Clipping level

The point at which an alarm threshold or trigger occurs.



Cell phone cloning occurs when the hacker copies the electronic serial numbers from one cell phone to another, thereby duplicating the cell phone.


Closed-circuit television (CCTV)

Television cameras used for video surveillance, in which all components are directly linked via cables or other direct means. A system comprising video transmitters that can feed one or more receivers the captured video. Typically used in banks, casinos, shopping centers, airports, or anywhere that physical security can be enhanced by monitoring events. Placement in these facilities is typically at locations where people enter or leave the facility, or at locations where critical transactions occur.


Closed system

A system that is not "open" and, therefore, is a proprietary system. Open systems are those that employ modular designs, are widely supported, and facilitate multi-vendor, multi-technology integration.


Coaxial cable

A cable composed of an insulated central conducting wire wrapped in another cylindrical conductor (the shield). The whole thing is usually wrapped in another insulating layer and an outer protective layer. A coaxial cable has great capacity to carry vast quantities of information. It is typically used in high-speed data and CATV applications.



An acronym for Control Objectives for Information and Related Technology. CobiT is a framework that was designed by SACA to aid in information security best practices.



The extent to which a system or subsystem performs a single function.


Cold site

Location that contains no computing-related equipment except for environmental support such as air conditioners and power outlets, and a security system made ready for installing computer equipment.



These occur when a hashing algorithm such as MD5, creates the same value for two or more different files.


Combination lock

A lock that can be opened by turning dials in a predetermined sequence.


Committed information rate (CIR)

Used when describing the data rate guaranteed by a Frame Rely data communications circuit.


Compact disc (CD)

A means of storing video, audio, and data on an optical disk. CDs were originally designed for digital audio music.


Compensating control

An internal control designed to reduce risk or weakness in an existing control.



A computer program that translates a computer program written in one computer language (called the source language) into an equivalent program written in another computer language (called the object, output, or target language).


Completely connected (mesh) configuration

Type of network configuration designed so that all devices are connected to all others with many redundant interconnections between network devices.


Computer-aided software engineering (CASE)

The use of software tools to assist in the development and maintenance of software. Tools used in this way are known as CASE tools.


Computer incident response team (CIRT)

An organization developed to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve organizations ability to respond to computer and network security issues.


Concurrency control

In computer science, or more specifically, in the field of databases, a method used to ensure that database transactions are executed in a safe manner (that is, without data loss). Concurrency control is especially applicable to database-management systems, which must ensure that transactions are executed safely and that they follow the ACID rules.



Data or information is not made available or disclosed to unauthorized persons.


Confidentiality agreement

An agreement that employees, contractors, or third-party users must read and sign prior to being granted access rights and privileges to the organization's IT infrastructure and its assets.


Contingency planning

The process of preparing to deal with calamities and noncalamitous situations before they occur so that the effects are minimized.



The state or quality of being continuous or unbroken, without interruption and with a succession of parts intimately united.



A message from a website given to an individual's web browser on the workstation device. The workstation browser stores this text message in a text file. The message is sent back to the web server each time that the browser goes to that website.



The legal protection given to authors or creators that protects their expressions on a specific subject against unauthorized copying. It is applied to books, paintings, movies, literary works, and any other medium of use.


Corporate governance

The method by which a corporation is directed, administered, or controlled. It includes the laws and customs affecting that direction, as well as the goals for which it is governed. How objectives of an organization are set, the means of attaining such objectives, how performance-monitoring guidelines are determined, and ways to emphasize the importance of using resources efficiently are significant issues within the makeup of such method.


Corrective controls

Internal controls designed to resolve problems soon after they arise.



The extent of the complexity of interconnections with other modules.


Covert channel

An unintended communication path that allows a process to transfer information in such a way that violates a system's security policy.



A term derived from "criminal hacker," someone who acts in an illegal manner.


Criminal law

Laws pertaining to crimes against the state or conduct detrimental to society. These violations of criminal statues are punishable by law and can include monitory penalties and jail time.


Critical path methodology (CPM)

Determines what activities are critical and what dependencies exist among the various tasks.



The quality, state, degree, or measurement of the highest importance.


Crossover error rate (CER)

The CER is a comparison measurement for different biometric devices and technologies to measure their accuracy. The CER is the point at which FAR and FRR are equal or cross over. The lower the CER, the more accurate the biometric system.


Cryptographic key

A value used in the cryptographic process of encryption or decryption.


Data communications

The transmission or sharing of data between computers via an electronic medium.


Data custodian

Role delegated by the data owner that has the responsibility of maintaining and protecting the organization's data.


Data dictionary

A catalog of all data held in a database, or a list of items giving data names and structures.


Data encryption standard (DES)

A symmetric encryption standard based on a 64-bit block. DES processes 64 bits of plain text at a time to output 64-bit blocks of cipher text. DES uses a 56-bit key and has four modes of operation. Because DES has been broken, 3DES is more commonly used.


Data leakage

Any type of computer information loss. This can involve removal of information by CD, floppy, or USB thumb drive, or any other method that allows the removal or leakage of information by stealing computer reports, data, or tapes.


Data owner

Usually a member of senior management of an organization who is ultimately responsible for ensuring the protection and use of the organization's data.


Data security

The science and study of methods of protecting data in computer and communications systems against unauthorized disclosure, transfer, modification, or destruction, whether accidental or intentional.


Data structure

A logical relationship among data elements that is designed to support specific data-manipulation functions.



A collection of data that is organized and stored on a computer and can be searched and retrieved by a computer program.


Database administrator (DBA)

A person (or group of people) responsible for the maintenance activities of a database, including backup and recovery, performance, and design.


Database-management system (DBMS)

An integrated set of computer programs that provide the capabilities needed to establish, modify, make available, and maintain the integrity of a database.


Deadman door

Two sets of doors: It allows one person to enter the first door, then, after it is closed, the second door is allowed to open. Deadman doors are used to control access and are also known as a mantrap.


Decentralized computing

The act of distributing computing activities and computer processing to different locations.


Decision support system (DSS)

A now-superseded term for a software application that analyzes business data and presents it so that users can make business decisions more easily.



The process of converting encrypted content into its original form, often the process of converting cipher text to plain text. Decryption is the opposite of encryption.


Defense in depth

The process of multilayered security. The layers may be administrative, technical, or logical.


Demilitarized zone (DMZ)

The middle ground between a trusted internal network and an untrusted, external network. Services that internal and external users must use are typically placed there such as HTTP.


Denial of service (DoS)

Occurs when an attacker consumes the resources on your computer for things it was not intended to be doing, thus preventing normal use of your network resources to legitimate purposes.



Destroying data, information, or information so that it is deprived from the legitimate user.


Detective controls

Controls that identify and correct undesirable events that have occurred.


Device lock

Lock used to secure laptops and other devices from theft.


Dial back

Can be used for personal identification. A procedure established for positively identifying a terminal that is dialing into a computer system. It works by disconnecting the calling terminal and reestablishing the connection by the computer system dialing the telephone number of the calling terminal.


Dictionary attack

A type of cryptographic attack in which the attacker uses a word list or dictionary list to try to crack an encrypted password. A newer technique is to use a time/memory trade-off such as in rainbow tables.


Digital certificate

Usually issued by trusted third parties that contains the name of a user or server, a digital signature, a public key, and other elements used in authentication and encryption. X.509 is the most common type.


Digital signature

An electronic signature that can be used to authenticate the identity of the sender of a message. A digital signature is usually created by encrypting the user's private key and is decrypted with the corresponding public key.


Digital watermark

A technique that adds hidden copyright information to a document, picture or sound file.


Direct-sequence spread spectrum (DSSS)

A technique used to scramble the signal of wireless devices.



A natural or man-made event that can include fire, flood, storm, and equipment failure that negatively affects an industry or facility.


Disaster tolerance

The amount of time that an organization can accept the unavailability of IT facilities and services.


Discretionary access control (DAC)

An access policy that allows the resource owner to determine access.


Diskless workstation

A thin client that has no hard drive or local operating system. The system boots from a centralized server and stores files on a network file server.


Distributed denial of service (DDoS)

Similar to DoS, except the attack is launched from multiple, distributed agent IP devices.


Domain name system (DNS)

A hierarchy of Internet servers that translate alphanumeric domain names into IP addresses and vice versa. Because domain names are alphanumeric, it's easier to remember these names than IP addresses.



Transferring information from one computer to another computer and storing it there.


Downtime report

A record that tracks the amount of time that a computer or device is not operating because of a hardware or software failure.



A Trojan horse or program designed to drop a virus to the infected computer and then execute it.


Due care

The standard of conduct taken by a reasonable and prudent person. When you see the term due care, think of the first letter of each word and remember "do correct" because due care is about the actions that you take to reduce risk and keep it at that level.


Due diligence

The execution of due care over time. When you see the term due diligence, think of the first letter of each word and remember "do detect" because due diligence is about finding the threats an organization faces. This is accomplished by using standards, best practices, and checklists.


Dumb terminal

A computer workstation or terminal that consists of a keyboard and screen, but with no processor of its own. It sends and receives its data to and from a large central computer or server.


Dumpster diving

The practice of rummaging through the trash of a potential target or victim to gain useful information.


Dynamic host configuration protocol (DHCP)

The process of dynamically assigning an IP address to a host device.



The unauthorized capture and reading of network traffic.


Echo reply

The second part of an ICMP ping message, officially a Type 0.


Echo request

The first part of an ICMP ping message, officially a Type 8.


Edit controls

Manual or automated process to check for and allow the correction of data errors before processing. Edit controls detect errors in the input portion of information.



To review for possible errors and make final changes, if necessary, to information in a database.


Electronic code book (ECB)

A symmetric block cipher that is a form of DES. ECB is considered the weakest from of DES. When used, the same plain-text input results in the same encrypted text output.


Electronic serial number (ESN)

Used to identify a specific cell phone when it is turned on a request to join a cell network.


Email bomb

A hacker technique that floods the email account of the victim with useless emails.


Email/interpersonal messaging

Instant messages, usually text, sent from one person to another, or to a group of people, via computer.


Encapsulation (objects)

As used by layered protocols, a technique that applies to a layer adding header information to the protocol data unit (PDU) from the layer above. Basically, this refers to the capability to cover and seal an object.



The science of turning plain text into cipher text.


Encryption key

A sequence of characters used by an encryption algorithm to encrypt plain text into cipher text.


End-user computing

The use or development of information systems by the principal users of the systems' outputs or by their staffs.


End user licensing agreement (EULA)

This is the software license that software vendors create to protect and limit their liability as well as hold the purchaser liable for illegal pirating of the software application. The EULA typically has language in it that protects the software manufacturer from software bugs and flaws and limits the liability of the vendor.


Enterprise architecture

A blueprint that defines the business structure and operation of the organization.


Enterprise resource planning (ERP)

ERP systems are software systems used for operational planning and administration, and for optimizing internal business processes. The best-known supplier of these systems is SAP.


Enterprise vulnerability management

The overall responsibility and management of vulnerabilities within an organization and how that management of vulnerabilities will be achieved through dissemination of duties throughout the IT organization.


Entity relationship diagram (ERD)

Helps map the requirements and define the relationship between elements.



A network protocol defining a specific implementation of the physical and data link layers in the OSI model (IEEE 802.3). Ethernet is a local area network that uses a bus topology and provides reliable highspeed communications (maximum of 100 million bps) in a limited geographic area (such as an office complex or university complex).


Ethical hack

A term used to describe a type of hack done to help a company or individual identify potential threats on the organizations IT infrastructure or network. Ethical hackers must obey rules or engagement, do no harm, and stay within legal boundaries.


Ethical hacker

A security professional who legally attempts to break into a computer system or network to find its vulnerabilities.



The act of performing activities to avoid detection.



Gathered by an auditor during the course of an audit. The information gathered stands as proof that can support conclusions of an audit report.


Exception report

A report that uses data selection based on a very specific set of circumstances to identify process exceptions. Reports that identify items with negative on-hand quantities or locations with more than one item stored in them are examples of exception reports.


Exclusive-OR (XOR)

Exclusive disjunction (usual symbol XOR) is a logical operator that results in true if one, but not both, of the operands is true.


Expert system

An expert system is a class of computer programs developed by researchers in artificial intelligence during the 1970s and applied commercially throughout the 1980s. In essence, they are programs made up of a set of rules that analyze information (usually supplied by the user of the system) about a specific class of problems, as well as provide analysis of the Expert system problem(s), and, depending on their design, a recommended course of user action to implement corrections.



A vulnerability in software or hardware that can be exploited by a hacker to gain access to a system or service.


Exposure factor

A value calculated by determining the percentage of loss to a specific asset due to a specific threat.


Extended binary coded decimal interchange code (EBCDIC)

An IBM-developed 8-bit binary code that can represent 256 characters. It allows control codes and graphics to be represented in a logical format. EBCDIC was created to represent data in particular types of data processing and communications terminal devices.


Extensible authentication protocol (EAP)

A method of authentication that can support multiple authentication methods such as tokens, smart cards, certificates, and one-time passwords.


Extensible markup language (XML)

An emerging standard or system for defining, validating, or sharing document formats and data distributed on the Web. XML enables authors to create customized tags that can help them efficiently achieve their goals.



A private network that uses Internet protocols and the public telecommunication system to securely share part of a business's information or operations with suppliers, vendors, partners, customers, or other businesses. An extranet can be viewed as part of a company's intranet extended to users outside the company. An extranet requires security and privacy.


Fail safe

In the logical sense, fail safe means the process of discovering a system error, terminating the process, and preventing the system from being compromised. The system enters a state in which no access is allowed. In physical systems, a fail safe refers to items such as controlled-access doors. When there is a power failure, the door "fails safe," which means that the door unlocks and people can leave the facility; they are not locked in.


False acceptance rate (FAR)

This is a type II biometric device error. It is a biometric system measurement that indicates the percentage of individuals who are incorrectly granted access. This is the worst type of error that can occur because it means that unauthorized individuals have been allowed access.


False rejection rate (FRR)

This is a biometric device error that is considered a type error. It is a biometric system measurement that indicates the percentage of authorized individuals who are incorrectly denied access.


Fast infection

A type of virus infection that occurs quickly.


Feasibility study

A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution for a user's need.


Fiber-optic cable

A medium for transmission comprised of many glass fibers. Light-emitting diodes or lasers send light through the fiber to a detector that converts the light back to an electrical signal for interpretation. Advantages include huge bandwidth, immunity to electromagnetic interference, and the capability to traverse long distances with minimal signal degradation.



In a database, the part of a record reserved for a particular type of data; for example, in a library catalog, author, title, ISBN, and subject headings would all be fields.



Data stored as a named unit on a data storage medium. Examples include a program, a document, and a database.


File allocation table (FAT)

A table or list maintained by an operating system to keep track of the status of various segments of disk used for file storage.


File infector

A type of virus in which the copies itself into executable programs.


File server

A high-capacity disk storage device or a computer that each computer on a network can use or access and retrieve files that can be shared among attached computers. Such computer programs can be set up to accept (or not accept) different programs running on other computers, to access the files of that computer.


File type

Search for non-HTML file formats including PDF, DOC, PPT, and others.



On some UNIX systems, finger identifies who is logged on and active and sometimes provides personal information about that individual.



Security system in hardware or software form used to manage and control both network connectivity and network services. Firewalls act as chokepoints for traffic entering and leaving the network and prevent unrestricted access. Firewalls can be stateful or stateless.



A computer program or software stored permanently in PROM or ROM, or semipermanently in EPROM. Software is "burned in" on the memory device so that it is nonvolatile (will not be lost when power is shut off)


First in First out (FIFO)

A method of data and information storage in which the data stored for the longest time will be retrieved first.



The process of overloading the network with traffic so that no legitimate traffic or activity can occur.


Fourth-generation language (4GL)

Programming languages that are easier to use than lower-level languages such as BASIC, Assembly, or FORTRAN. 4GL languages such as SQL and Python are also known as nonprocedural, natural, or very high-level languages.



Relay A type of packetswitching technology that transmits data faster than the X.25 standard. Frame Relay does not perform error correction at each computer in the network. Instead, it simply discards any messages with errors. It is up to the application software at the source and destination to perform error correction and to control for loss of messages.


Frequency-hopping spread spectrum (FHSS)

One of the basic modulation techniques used in spread-spectrum signal transmission. FHSS is another technique used to make wireless communication harder to intercept and more resistant to interference.


Function point analysis (FPA)

An ISO-approved method as a standard to estimate the complexity of software.


Gap analysis

The analysis of the differences between two different states, often for the purpose of determining how to get from point A to point B. Thus the aim is to look at ways to bridge the gap.



A device that allows for the translation and management of communication between networks that use different protocols or designs. Can also be deployed in a security context to control sensitive traffic.


Gold standard

Generally regarded as practices and procedures that are the best of the best.



The planning, influencing, and conducting of the policy and affairs of an organization.


Gray box testing

Testing that occurs with only partial knowledge of the network or is performed to see what internal users have access to.



Much like standards, these are recommendations; they are not hard-and-fast rules.



The physical equipment of a computer system, including the central processing unit, data storage devices, terminals, and printers.


Hardware keystroke logger

A form of key logger that is a hardware device. When placed in the system it is hard to detect without a physical inspection. It may be plugged into the keyboard connector or can be built into the keyboard.



A cryptographic sum considered a one-way value. A hash is considerably shorter than the original text and can be used to uniquely identify it. You might have seen a hash value next to applications available for download on the Internet. By comparing the hash of the application with the one on the application vendor's website, you can make sure that the file has not been changed or altered. MD5 and SHA-1 are examples of hashing algorithms.


Hashing algorithm

Hashing is used to verify the integrity of data and messages. A well-designed hashing algorithm will examines every bit of the data while it is being condensed, and even a slight change to the data will result in a large change in the message hash. It is considered a one-way process.



Evidence based on what a witness heard someone else say, not what the witness personally observed.


Help desk

A support system designed to assist end users with technical and functional questions and problems. Also serves as technical support for hardware and software. Help desks are staffed by people who can either solve the problem directly or forward the problem to someone else. Help desk software provides the means to log problems and track them until solved. It also gives management information regarding support activities.


Heuristic filter

An IDS/IPS and antispam filter technology that uses criteria based on a centralized rule database.


Heuristic scanning

A from of virus scanning that looks at irregular activity by programs. As an example a heuristic scanner would flag a word processing program that attempted to format the hard drive as that is not normal activity.


Hierarchical database

A database organized in a tree structure, in which each record has one owner. Navigation to individual records takes place through predetermined access paths.



An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break in to a system.


Hot site

A fully prepared and configured site that is ready for use.



A device used for physical connectivity in networks. It provides connectivity, amplification, and signal regeneration.


Hypertext Markup Language (HTML)

A coding technique used to create documents and web pages for the World Wide Web.



A primary governing body for Internet networking. IANA oversees three key aspects of the Internet: top-level domains (TLDs), IP address allocation, and port number assignments. IANA is tasked with preserving the central coordinating functions of the Internet for the public.


Identify theft

An attack in which an individual's personal, confidential, banking, and financial identify is stolen and compromised by another individual or individuals. Use of your Social Security number without your consent or permission could result in identify theft.



An attempt to identify the extent of the consequences should a given event occur.


Impact assessment

A study of the potential future effects of a development project on current projects and resources. The resulting document should list the pros and cons of pursuing a specific course of action.



The state or quality of being free from subjection or the influence, control, or guidance of individuals, things, or situations. Auditors and examining officials and their respective organizations must maintain neutrality and exercise objectivity so that opinions, judgments, conclusions, and recommendations on examined allegations are impartial and are viewed as impartial by disinterested third parties.


Indexed sequential access method (ISAM)

A combination or compromise between indexed blocks of data arranged sequentially within each block; used for storing data for fast retrieval.



The ability to deduce information about data or activities to which the subject does not have access.


Inference attack

This form of attack relies on the attacker's ability to make logical connections between seemingly unrelated pieces of information.


Information-processing facility (IPF)

The areas where information is processed, usually the computer room and support areas.


Information technology security evaluation criteria (ITSEC)

A European standard that was developed in the 1980s to evaluate confidentiality, integrity, and availability of an entire system.


Infrastructure mode

A form of wireless networking in which wireless stations communicate with each other by first going through an access point.


Inherent risk

The susceptibility of an audit area to error, which could be material, individual, or in combination with other errors, assuming that there are no related internal controls.


Initial sequence number

A number defined during a TCP startup session.


Input controls

Computer controls designed to provide reasonable assurance that transactions are properly authorized before processed by the computer; that transactions are accurately converted to machine readable form and recorded in the computer; that data files and transactions are not lost, added, duplicated or improperly changed; and that incorrect transactions are rejected, corrected, and, if necessary, resubmitted on a timely basis.


Insecure computing habits

The bad habits that employees, contractors, and third-party users have accumulated over the years can be attributed to the organization's lack of security awareness training, lack of security controls, and lack of any security policies or acceptable use policies (AUPs)


Integrated services digital network (ISDN)

A system that provides simultaneous voice and high-speed data transmission through a single channel to the user's premises. ISDN is an international standard for end-to-end digital transmission of voice, data, and signaling.



One of the three items considered part of the security triad; the others are confidentiality and availability. It is used to verify the accuracy and completeness of an item.



An interconnected system of networks that connects computers around the world via the TCP/IP protocol.


Internet assigned numbers authority (IANA)

An organization dedicated to preserving the central coordinating functions of the global Internet for the public good. Used by hackers and security specialists to track down domain owners and their contact details.


Internet control message protocol (ICMP)

Part of TCP/IP that supports diagnostics and error control. Ping is a type of ICMP message.


Internet engineering task force (IETF)

A large open, international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. It is open to any interested individual. The IETF is the protocol-engineering and development arm of the Internet.


Internet packet spoofing (IP spoofing)

A technique used to gain unauthorized access to computers or in denial or service attacks. Newer routers and firewall arrangements can offer protection against IP spoofing.


Internet Protocol (IP)

One of the key protocols of TCP/IP. The IP protocol is found at Layer 3 (network layer) of the OSI model.


Intrusion detection

A key component of security that includes prevention, detection, and response. It is used to detect anomalies or known patterns of attack.


Intrusion detection system (IDS)

A network-monitoring device typically installed at Internet ingress/egress points used to inspect inbound and outbound network activity and identify suspicious patterns that might indicate a network or system attack from someone attempting to break into or compromise a system.



An IETF standard used to secure TCP/IP traffic. It can be implemented to provide integrity and confidentiality.



Intentional violations of established management policy, or deliberate misstatements, or omissions of information concerning the area under audit or the organization as a whole.


IT asset

Information technology asset such as hardware, software, or data.


IT asset valuation

The act of putting a monetary value to an IT asset.


IT infrastructure

A general term to encompass all information technology assets (hardware, software, data), components, systems, applications, and resources.


IT security architecture and framework

A document that defines the policies, standards, procedures, and guidelines for information security.


Just a bunch of disks (JBOD)

A technique that is somewhat like RAID in that two or more hard drives are combined into one storage array. However, JBOD offers none of the fault tolerance advantages of RAID.


Key exchange protocol

A protocol used to exchange secret keys for the facilitation of encrypted communication. Diffie-Hellman is an example of a key exchange protocol.


Kilo lines of code (KLOC)

A technique used to determine the cost of software development based solely on the length of code.


Last in first out (LIFO)

A dataprocessing method that applies to buffers. The last item in the buffer is the first to be removed.



The delay that it takes one packet to travel from one node to another.


Lattice-based access control (LBAC)

A lattice-based access-control model was developed to deal with confidentiality and integrity. It places an upper and lower boundary on subjects and objects.



The individual in the corporation responsible for storing, safeguarding, and maintaining data, programs, and computer information.


Limit check

Test of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used, the test can be called a range check. MD5 23


Local area network (LAN)

A group of wired or wireless computers and associated devices that share a common communications line and typically share the resources of a single processor or server within a small geographic area (for example, within an office building).



In computing, the log is equivalent to the history log of ships. The log is an automatic system that records significant events. The files that contain these records are called log files. Generally, the log is a file; what is written on it is a record.


Logic bomb

One of the most dangerous types of malware in that it waits for a predetermined event or an amount of time to execute its payload. Typical used by disgruntled employees for an insider attack.


Log on

The process of identifying yourself to your computer or an online service; the initial identification procedure to gain access to a system as a legitimate user. The usual requirements are a valid username (or user ID) and password.


MAC filtering

A method of controlling access on a wired or wireless network by denying access to an device that their MAC address does not match one that is on a pre-approved list.


Macro infector

A type of computer virus that infects macro files. I Love You and Melissa are both examples of macro viruses.


Man-in-the-middle attack

A type of attack in which the attacker can read, insert, and change information being passed between two parties without either party knowing that the information has been compromised.


Mandatory access control (MAC)

A means of restricting access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (such as clearance) of subjects to access information of such sensitivity.


Man-made threats

Threats caused by humans such as hacker attacks, terrorism, or destruction of property.



A turnstile or other gated apparatus used to detain an individual between a trusted state and an untrusted state for authentication.


Massive array of inactive disks (MAID)

A large array of hard drives that are kept inactive until needed.


Master boot record infector

A virus that infects a master boot record.



An expression of the relative significance or importance of a particular matter in the context of the organization as a whole.


Media access control (MAC)

The hard-coded address of the physical layer device that is attached to the network. All network interface controllers must have a hard-coded and unique MAC address. The MAC address is 48 bits long.


Message switching

A strategy that enables communication channels to be used simultaneously by more than one node. At each transfer point in the connection, incoming data is stored in its entirety and then forwarded to the next point. This process continues until the data reaches its destination.



A set of documented procedures used for performing activities in a consistent, accountable, and repeatable manner.



Software that "glues together" two or more types of software (for example, two applications, their operating systems, and the network on which everything works) by translating information between them and exchanging this information over a network without both interacting applications being aware of the middleware.


Minimum acceptable level of risk

The stake that an organization defines for the seven areas of information security responsibility. Depending on the goals and objectives for maintaining confidentiality, integrity, and availability of the IT infrastructure and its assets, the minimum level of acceptable risk will dictate the amount of information security.


Mobile site

Portable dataprocessing facility transported by trailers to be quickly moved to a business location. Typically used by insurance companies and the military, these facilities provide a ready-conditioned information processing facility that can contain servers, desktop computers, communications equipment, and even microwave and satellite data links.



device used to connect a computer to an analog phone line. Modems use the process of modulation.



Used by modems to convert a digital computer signal into an analog telecommunications signal.


Moore's law

The belief that processing power of computers will double about every 18 months due to the rise in the number of transistors doubling per square inch.



The process of sending a computer packet to a group of recipients.


Multipartite virus

A virus that attempts to attack both the boot sector and executable files.


Natural threats

Threat posed by nature; for example, fire, floods, and storms.


Network address translation (NAT)

A method of connecting multiple computers to the Internet using one IP address so that many private addresses are being converted to a single public address.


Network administrator

The individual responsible for the installation, management, and control of a network. When problems with the network arise, this is the person to call.


Network operations center (NOC)

An organization's help desk or interface to its end users where trouble calls, questions, and trouble tickets are generated.



Any unwanted signal, such as static, that interferes with the clarity of data being transmitted, thus creating the possibility that the receiver will receive a misconstrued message.



The act of not providing a reference to a source of information.



A system or method put in place to ensure that an individual cannot deny his own actions.


Off-site storage

A storage facility that is not located at the organization's primary facility. The idea behind off-site storage is to protect information and damage that might occur at the primary facility. Off-site storage facilities are used to store computer media, backup data, and files.


One-time pad

An encryption mechanism that can be used only once and that is, theoretically, unbreakable. One-time pads function by combining plain text with a random pad that is the same length as the plain text.


Open shortest path first (OSPF)

A routing protocol that determines the best path for routing IP traffic over a TCP/IP network. It uses less router-to-router update traffic than the RIP protocol that it has been designed to replace.


Open source

Based on the GNU General Public License. Software that is open source is released under an open source license or to the public domain. The source code can be seen and can be modified.


Operation system (OS) identification

The practice of identifying the operating system of a networked device through either passive or active techniques.


Operational control

Day-to-day controls that are used for normal daily operation of the organization. Operational controls ensure that normal operational objectives are achieved.



A contract arrangement between a third party and the organization for services such as web hosting, application development, or data processing.


Packet or packet data unit (PDU)

A block of data sent over the network that transmits the identities of the sending and receiving stations, for error control.


Packet filter

A form of stateless inspection performed by some firewalls and routers.


Packet switching

A data transmission method that divides messages into standard-sized packets for greater efficiency in routing and transporting them through a network.


Paper shredder

A hardware device used for destroying paper and documents by shredding to prevent dumpster diving.


Paper test

A type of disaster recovery test that reviews the steps of the test without actually performing the steps. This type of disaster recovery test is normally used to help team members review the proposed plan and become familiar with the test and its objectives.


Parallel testing

A mode of testing in which a stream of data is fed into two systems to allow processing by both so that the results can be compared.


Passive (OS) fingerprint

A passive method of identifying the OS of a targeted computer or device. No traffic or packets are injected into the network attackers simply listen to and analyze existing traffic.


Password authentication protocol (PAP)

A form of authentication in which clear text usernames and passwords are passed.



Exclusive rights granted by the federal government to an inventor to exclude others from making, using, or selling his or her invention.


Pattern matching

A method used by IDS systems to identify malicious traffic. It is also called signature matching and works by matching traffic against signatures stored in a database.


Penetration test

A method of evaluating the security of a network or computer system by simulating an attack by a malicious hacker but without doing harm and with the owner's consent.


Personal area network (PAN)

Used when discussing Bluetooth devices; refers to the connection that can be made with Bluetooth between these various devices.


Personal digital assistant (PDA)

A handheld device that combines computing, telephone/fax, and networking features. A typical PDA can function as a cellular phone, fax sender, and personal organizer. Many PDAs incorporate handwriting and/ or voice-recognition features. PDAs also are called palmtops, handheld computers, and pocket computers.



The act of misleading or conning an individual into releasing and providing personal and confidential information to an attacker masquerading as a legitimate individual or business.



An Individual who hacks phone systems or phone-related equipment. Phreakers predate computer hackers.



A method of gaining unauthorized access into a facility by following an authorized employee through a controlled access point or door.


Ping sweep

The process of sending ping requests to a series of devices or to the entire range of networked devices.



A high-level document that dictates management intentions toward security.



Prevents inference violations by allowing different versions of information items to exist at different classification levels. For example, an unclassified Navy officer might want information about a ship and might discover that it has left port and is bound for Europe. A Navy officer with classified access then might access the same database and discover that the ship has left port, but is really bound for Iraq.


Polymorphic virus

A virus that is capable of change and self-mutation.



Ports are used by protocols and applications. Port numbers are divided into three ranges including: Well-Known Ports, Registered Ports, and Dynamic and/or Private Ports. Well-Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151, and Dynamic and/or Private Ports are those from 49152 through 65535.


Post office protocol (POP)

A commonly implemented method of delivering email from the mail server to the client machine. Other methods include IMAP and Microsoft Exchange.



A virus type that adds the virus code to the beginning of existing executables.



Collecting information about a person under false pretenses.


Preventative controls

Controls that reduce risk and are used to prevent undesirable events from happening.


Principle of deny all

A process of securing logical or physical assets by first denying all access and then allowing access only on a case-by case basis.


Privacy impact analysis

The process of reviewing the information held by the corporation and assessing the damage that would result if sensitive or personal information were lost, stolen, or divulged.



The likelihood of an event happening.



A detailed, in-depth, step-by-step document that lays out exactly what is to be done and how it is to be accomplished.


Program evaluation and review technique (PERT)

A planning and control tool representing, in diagram form, the network of tasks required to complete a project, establishing sequential dependencies and relationships among the tasks.



A set of formalized rules that describe how data is transmitted over a network. Low-level protocols define the electrical and physical standard, whereas high-level protocols deal with formatting of data. TCP and IP are examples of high-level LAN protocols.



The process of quickly putting together a working model (a prototype) to test various aspects of the design, illustrate ideas or features, and gather early user feedback. Prototyping is often treated as an integral part of the development process, where it is believed to reduce project risk and cost.


Proxy server

Proxy servers stand in place of and are a type of firewall. They are used to improve performance and for added security. A proxy server intercepts all requests to the real server to see whether it can fulfill the requests itself. If not, it forwards the request to the real server.


Public key encryption

An encryption scheme that uses two keys. In an email transaction, the public key encrypts the data and a corresponding private key decrypts the data. Because the private key is never transmitted or publicized, the encryption scheme is extremely secure. For digital signatures, the process is reversed: The sender uses the private key to create the digital signature, which anyone who has access to the corresponding public key can read.


Public key infrastructure (PKI)

Infrastructure used to facilitate e-commerce and build trust. PKI consists of hardware, software, people, policies, and procedures; it is used to create, manage, store, distribute, and revoke public key certificates. PKI is based on publickey cryptography.


Qualitative analysis

A weighted factor or nonmonetary evaluation and analysis based on a weighting or criticality factor valuation as part of the evaluation or analysis.


Quantitative analysis

A numerical evaluation and analysis based on monetary or dollar valuation as part of the evaluation or analysis.


Qualitative assessment

An analysis of risk that places the probability results into terms such as none, low, medium, and high.


Qualitative risk assessment

A scenario-based assessment in which one scenario is examined and assessed for each critical or major threat to an IT asset.


Quantitative risk assessment

A methodical, step-by-step calculation of asset valuation, exposure to threats, and the financial impact or loss in the event of the threat being realized.



Any group of items, such as computer jobs or messages, waiting for service.


Radio frequency identification (RFID)

A set of components that include a reader and a small device referred to as a tag. The tag can be used to hold information for inventory, management, tracking, or other purposes. RFID provides a method to transmit and receive data over a short range from one point to another.



A collection of data items or fields treated as one unit.


Recovery point objective (RPO)

The point in time to which data must be restored to resume processing transactions. RPO is the basis on which a data protection strategy is developed.


Recovery testing

Testing aimed at verifying the system's capability to recover from varying degrees of failure.


Recovery time objective (RTO)

During the execution of disaster recovery or business continuity plans, the time goal for the reestablishment and recovery of a business function or resource.


Red team

A group of ethical hackers who help organizations to explore network and system vulnerabilities by means of penetration testing.


Redundant Array of Independent Disks (RAID)

A type of fault tolerance and performance improvement for disk drives that employ two or more drives in combination.


Registration authority (RA)

An entity responsible for the identification and authentication of the PKI certificate. The RA is not responsible for signing or issuing certificates. The most common for of certificate is the X.509 standard.


Remote Authentication Dial-In User Service (RADIUS)

A client/server protocol and software that allows remote-access servers to communicate. Used in wireless systems such as 802.1x.



A network device used to regenerate or replicate a signal. Repeaters are used in transmission systems to regenerate analog or digital signals distorted by transmission loss.



A central place where data is stored and maintained. A repository can be a place where multiple databases or files are located for distribution over a network, or it can be a location that is directly accessible to the user without having to travel across a network.


Required vacations

A security control used to uncover misuse or illegal activity by requiring employees to use their vacation.


Reverse engineering

The process of taking a software program apart and analyzing its workings in detail, usually to construct a new device or program that does the same thing without actually copying anything from the original.



A symmetric encryption algorithm chosen to be the Advanced Encryption Standard (AES).


Ring topology

A topology used by token ring and FDDI networks in which all devices are connected in a ring. Data packets in a ring topology are sent in a deterministic fashion from sender and receiver to the next device in the ring.



The subjective measure of the potential for harm that can result from the action of a person or thing.


Risk acceptance

An informed decision to suffer the consequences of likely events.


Risk assessment

A process for evaluating the exposure or potential loss or damage to the IT and data assets for an organization.


Risk avoidance

A decision to take action to avoid a risk.


Risk management

The overall responsibility and management of risk within an organization. Risk management is the responsibility and dissemination of roles, responsibilities, and accountabilities for risk in an organization.


Risk transference

Shifting the responsibility or burden to another party or individual.


Rogue access point

An 802.11 access point that has been set up by an attacker for the purpose of diverting legitimate users so that their traffic can be sniffed or manipulated.


Role-based access control (RBAC)

A type of discretionary access control in which users are placed into groups to facilitate management. This type of access control is widely used by banks and casinos.


Rotation of assignment

A security mechanism that moves employees from one job to another so that one person does not stay in one position forever. This makes it harder for an employee to hide malicious activity.


Rounding down

A method of computer fraud that involves rounding down dollar amounts so that small amounts of money are stolen. As an example, the value $1,199.50 might be rounded down to $1,199.00.



A device that determines the next network point to which a data packet should be forwarded enroute toward its destination. The router is connected to at least two networks and determines which way to send each data packet based on its current understanding of the state of the networks it is connected to. Routers create or maintain a table of the available routes and use this information to determine the best route for a given data packet. Routing occurs at Layer 3 (network layer) of the OSI seven-layer model.


Routing information protocol (RIP)

A widely used distance-vector protocol that determines the best route by hop count.


Rule-based access control (RBAC)

A type of mandatory access control that matches objects to subjects. It dynamically assigns roles to subjects based on their attributes and a set of rules defined by a security policy.


Scope creep

This is the uncontrolled change in the projects scope. It causes the assessment to drift away form its original scope and result in budget and schedule overruns.


Script kiddie

The lowest form of cracker that looks for easy targets or well-worn vulnerabilities.


Secure Sockets Layer (SSL)

Developed by Netscape for transmitting private documents via the Internet. It works by using a private key to encrypt data that is transferred over the SSL connection. It is widely used and accepted by Netscape and Internet Explorer. Very similar to transport layer security (TLS).


Security breach or security incident

The result of a threat or vulnerability being exploited by an attacker.


Security bulletin

A memorandum or message from a software vendor or manufacturer documenting a known security defect in the software or application itself. Security bulletins are typically accompanied with instructions for loading a software patch to mitigate the security defect or software vulnerability.


Security by obscurity

The controversial use of secrecy to ensure security.


Security controls

Policies, standards, procedures, and guideline definitions for various security control areas or topics.


Security countermeasure

A security hardware or software technology solution that is deployed to ensure the confidentiality, integrity, and availability of IT assets that need protection.


Security kernel

A combination of software, hardware, and firmware that makes up the Trusted Computer Base (TCB). The TCB mediates all access, must be verifiable as correct, and is protected from modification.


Security testing

Techniques used to confirm the design and/or operational effectiveness of security controls implemented within a system. Examples include attack and penetration studies to determine whether adequate controls have been implemented to prevent breach-of-system controls and processes, and password strength testing by using tools such as password crackers.


Separation of duties

Given the seven areas of information security responsibility, separation of duties defines the roles, tasks, responsibilities, and accountabilities for information security uniquely for the different duties of the IT staff and IT security staff.


Service level agreement (SLA)

A contractual agreement between an organization and its service provider. SLAs define and protect the organization in regard to holding the service provider accountable for the requirements as defined in the agreement.


Service Set ID (SSID)

The SSID is a sequence of up to 32 letters or numbers that is the ID, or name, of a wireless local area network and is used to differentiate networks.



A hashing algorithm that produces a 160-bit output.


Shoulder surfing

The act of looking over someone's shoulder to steal their password


Signature scanning

One of the most basic ways of scanning for computer viruses, it works by comparing suspect files and programs to signatures of known viruses stored in a database.


Simple network management protocol (SNMP)

An application layer protocol that facilitates the exchange of management information between network devices. Version one uses well-known community strings of public and private.


Single loss expectancy (SLE)

A dollar value figure that represents an organization's loss from a single loss or loss of this particular IT asset.


Site survey

The process of determining the optimum placement of wireless access points. The objective of the site survey is to create an accurate wireless system design/ layout and budgetary quote.


Smurf attack

A DDoS attack where an attacker transmits large amounts of ICMP echo request (ping) packets to a targeted IP destination device using the targeted destination's IP source address. This is called spoofing the IP source address. IP routers and other IP devices that respond to broadcasts will respond back to the targeted IP device with ICMP echo replies, thus multiplying the amount of bogus traffic.



A hardware or software device that can be used to intercept and decode network traffic.


Social engineering

The practice of tricking employees into revealing sensitive data about their computer system or infrastructure. This type of attack targets people and is the art of human manipulation. Even when systems are physically well protected, social engineering attacks are possible.


Software bug or software flaw

An error in software coding or its design that can result in software vulnerability.


Software vulnerability standard

A standard that accompanies an organization's vulnerability assessment and management policy. This standard typically defines the organization's vulnerability window definition and how the organization is to provide software vulnerability management and software patch management throughout the enterprise.


Source code

A nonexecutable program written in a high-level language. A compiler or assembler must translate the source code into an object code (machine language) that the computer can understand.


Site survey

The process of determining the optimum placement of wireless access points. The objective of the site survey is to create an accurate wireless system design/ layout and budgetary quote.


Smurf attack

A DDoS attack where an attacker transmits large amounts of ICMP echo request (ping) packets to a targeted IP destination device using the targeted destination's IP source address. This is called spoofing the IP source address. IP routers and other IP devices that respond to broadcasts will respond back to the targeted IP device with ICMP echo replies, thus multiplying the amount of bogus traffic.



A hardware or software device that can be used to intercept and decode network traffic.


Social engineering

The practice of tricking employees into revealing sensitive data about their computer system or infrastructure. This type of attack targets people and is the art of human manipulation. Even when systems are physically well protected, social engineering attacks are possible.


Software bug or software flaw

An error in software coding or its design that can result in software vulnerability.


Software vulnerability standard

A standard that accompanies an organization's vulnerability assessment and management policy. This standard typically defines the organization's vulnerability window definition and how the organization is to provide software vulnerability management and software patch management throughout the enterprise.


Source code

A nonexecutable program written in a high-level language. A compiler or assembler must translate the source code into an object code (machine language) that the computer can understand.



Also known as spamming. The use of any electronic communication's medium to send unsolicited messages in bulk. Spamming is a major irritation of the Internet era.



The act of masking your identity and pretending to be someone else or another device. Common spoofing methods include ARP, DNS, and IP. Is also implemented by email in what is described as phishing schemes.



Any software application that covertly gathers information about a user's Internet usage and activity and then exploits this information by sending adware and pop-up ads similar in nature to the user's Internet usage history.


Stateful inspection

An advanced firewall architecture that works at the network layer and can keep track of packet activity. Unlike static packet filtering, which examines a packet based on the information in its header, stateful inspection tracks each connection traversing all interfaces of the firewall and makes sure they are valid. One example is a DNS reply that has just been received actually in response to a DNS request.


Statistical sampling

The selection of sample units from a population, and the measurement and/or recording of information on these units, to obtain estimates of population characteristics.



A cryptographic method of hiding the existence of a message. A commonly used form places information in pictures.


Storage area network (SAN)

A high-speed subnetwork that interconnects different data-storage devices with associated data servers for a large network. SANs support disk mirroring, backup and restore, archival and retrieval of archived data, data migration from one storage device to another, and the sharing of data among different servers in a network.


Stream cipher

Encrypts data typically one byte at a time.


Structured query language (SQL)

The standardized relational database language for querying, manipulating, and updating information in a relational database.


Supply chain management (SCM)

Intercompany planning control and monitoring of central functions such as procurement, production, and sales to increase their efficiency.



Operates at Layer 2 of the OSI model. A device that links several separate LANs and provides packet filtering among them. A LAN switch is a device with multiple ports, each of which can support an entire Ethernet or token ring LAN.


Symmetric algorithm

Both parties use the same cryptographic key.


Symmetric encryption

An encryption standard that requires all parties to have a copy of a shared key. A single key is used for both encryption and decryption.


SYN flood attack

A DDoS attack where the attacker sends a succession of SYN packets with a spoof address to a targeted destination IP device, but does not send the last ACK packet to acknowledge and confirm receipt. This leaves half-open connections between the client and the server until all resources are absorbed, rendering the server or targeted IP destination device unavailable because of resource allocation to this attack.


Synchronize sequence number

Initially passed to the other party at the start of the three-step startup, it is used to track the movement of data between parties. Every byte of data sent over a TCP connection has a sequence number.


Synchronous transmission

A method of communication in which data is sent in blocks, without the need for start and stop bits between each byte. Synchronization is achieved by sending a clock signal along with the data and by sending special bit patterns to denote the start of each block.


System software

The software that controls the operations of a computer system. It is a group of programs instead of one program. The operating system controls the hardware in the computer and peripherals, manages memory and files and multitasking functions, and is the interface between applications programs and the computer.


System testing

Bringing together all the programs that a system comprises, for testing purposes. Programs are typically integrated in a top-down, incremental fashion.


System development life cycle (SDLC)

A method for developing information systems. It has five main stages: analysis, design, development, implementation, and evaluation. Each stage has several components; for example, the development stage includes programming Transmission Control Protocol/Internet Protocol (TCP/IP) (coding, including internal documentation, debugging, testing, and documenting) and acquiring equipment (selection, acquisition [purchase or lease], and testing).


Terminal Access Controller Access Control System (TACACS)

A UDPbased access control protocol that provides authentication, authorization, and accountability.


Target of engagement (TOE)

The TOE is the assessment or pen test target.


TCP handshake

A three-step process computers go through when negotiating a connection with one another. The process is a target of attackers and others with malicious intent.



Systems that transport information over a distance, sending and receiving audio, video, and data signals through electronic means.


Test data

Data that is run through a computer program to test the software. Test data can be used to test compliance with controls in the software.



Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset.



The amount of data transferred from one place to another or processed in a specified amount of time. Data transfer rates for disk drives and networks are measured in terms of throughput. Typically, throughputs are measured in kilobits per second, megabits per second, and gigabits per second.


Time-to-live (TTL)

A counter used within an IP packet that specifies the maximum number of hops that a packet can traverse. When a TTL is decremented to zero, a packet expires.



A way of tracing hops or computers between the source and target computer you are trying to reach. Gives the path the packets are taking.



Legal protection for a logo, name, or characteristic that can be identified as exclusive.


Transmission Control Protocol (TCP)

One of the main protocols of IP. It is used for reliability and guaranteed delivery of data.


Transmission Control Protocol/Internet Protocol (TCP/IP)

A collection of protocols used to provide the basis for Internet and World Wide Web services.


Trapdoor function

One-way function that describes how asymmetric algorithms function



A Trojan is a program that does something undocumented that the programmer or designer intended, but that the end user would not approve of if he knew about it.


Trusted computer base (TCB)

All the protection mechanisms within a computer system. This includes hardware, firmware, and software that are responsible for enforcing a security policy.


Trusted computer system evaluation criteria (TCSEC)

The United States Department of Defense Trusted Computer System Evaluation Criteria, also called theOrange Book. TCSEC is a system designed to evaluate standalone systems that places systems into one of four levels: A, B, C, or D. Its basis of measurement is confidentiality.


Trusted network interpretation (TNI)

Also known as the Red Book. A document that is part of the Rainbow Series.



The process of rolling through various electronic serial numbers on a cell phone to attempt to find a valid set to use.



A technology that enables one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsoft's PPTP technology enables organizations to use the Internet to transmit data across a VPN. It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet. Tunneling is also called encapsulation. Can also be used covertly, as with STUNNEL and other programs.



A one-way gate or access control mechanism used to limit traffic and control the flow of people.


Uniform resource locator (URL)

A URL is the global address on the Internet and World Wide Web where domain names are used to resolve IP addresses.


Uninterruptible power supply (UPS)

A device designed to provide a backup power supply during a power failure. Basically, a UPS is a battery backup system with an ultra-fast sensing device.


Universal serial bus (USB)

A specification standard for connecting peripherals to a computer. It can connect up to 127 devices to a computer and transfers data at a slower rate, a maximum of 12Mbps.


User datagram protocol (UDP)

A connectionless protocol that provides very few error recovery services, but offers a quick and direct way to send and receive datagrams.


Utility programs

A standard set of routines that assist in the operation of a computer system by performing some frequently required process, such as copying, sorting, or merging.



The willful of the destruction of property.



The process of confirming that data is correct and accurate before it is processed or entered.


Virtual private network (VPN)

A private network that uses a public network to connect remote sites and users.



A computer program with the capability to generate copies of itself and thereby spread. Viruses usually require the interaction of an individual and can have rather benign results, such as flashing a message to the screen, or rather malicious results that destroy data, systems, integrity, or availability.


Virus hoax

A chain letter designed to trick you into forwarding to many other people warning of a virus that does not exist. The Good Times virus is an example.


Voice over IP (VolP)

The capability to convert voice or fax calls into data packets for transmission over the Internet or other IP-based networks.



The absence or weakness of a safeguard in an asset.


Vulnerability assessment

A methodical evaluation of an organization's IT weaknesses of infrastructure components and assets and how those weaknesses can be mitigated through proper security controls and recommendations to remediate exposure to risks, threats, and vulnerabilities.


Vulnerability management

The overall responsibility and management of vulnerabilities within an organization and how that management of vulnerabilities will be achieved through dissemination of duties throughout the IT organization.


War chalking

The act of marking on the wall or sidewalk near a building to indicate it has wireless access.


War dialing

The process of using a software program to automatically call thousands of telephone numbers to look for any that have a modem attached.


War driving

The process of driving around a neighborhood or area to identify wireless access points.


Warm site

An alternative computer facility that is partially configured and can be made ready in a few days.


White box testing

A security assessment of penetration test in which all aspects of the network are known.


Wide area network (WAN)

Network that spans the distance between buildings, cities, and even countries. WANs are LANs connected using wide area network services from telecommunications carriers; they typically use technologies such as standard phone lines-called plain old telephone service (POTS) or public switched telephone network (PSTN)-Integrated Services Digital Network (ISDN), Frame Relay, Asynchronous Transfer Mode (ATM), or other high-speed services.


Wi-Fi protected access (WPA)

A security standard for wireless networks designed to be more secure than WEP. Developed from the draft 802.11i standard.


Wired equivalent privacy (WEP)

WEP is based on the RC4 encryption scheme. It was designed to provide the same level of security as that of a wired LAN. Because of 40-bit encryption and problems with the initialization vector, it was found to be insecure.


Work breakdown structure (WBS)

Process orientated; shows what activities need to be completed in a hierarchical manner.



A self-replicating program that spreads by inserting copies of itself into other executable codes, programs, or documents. Worms typically flood a network with traffic and result in a denial of service.



A type of program used to bind a Trojan program to a legitimate program. The objective is to trick the user into running the wrapped program and installing the Trojan.


Written authorization

One of the most important parts of the ethical hack. It gives you permission to perform the tests agreed to by the client.


Zone transfer

The mechanism used by DNS servers to update each other by transferring Resource Record. IT should be a controlled process between to DNS servers but is something that hackers will attempt to perform to steal the organization's DNS information. It can be used to map the network devices.