Vocabulary2 Flashcards
(411 cards)
1
Q
SPI
A
SPI Security Parameter Index?Used to identify simplex IPsec security associations.
1
Q
SSL
A
SSL Secure Sockets Layer?Authenticates and provides confidentiality to network traffic such as Web traffic.
1
Q
WPA
A
WPA Wi-Fi Protected Access?A partial implementation of 802.11i.
3
Q
multitasking
A
Multitasking Allows multiple tasks (heavy weight processes) to run simultaneously on one CPU.
4
Q
POTS
A
POTS Plain Old Telephone Service?Analog phone service.
4
Q
virtual memory
A
Virtual memory Provides virtual address mapping between applications and hardware memory.
5
Q
phishing
A
Phishing Malicious attack that poses as a legitimate site such as a bank, attempting to steal account credentials.
6
Q
PVC
A
PVC Permanent Virtual Circuit?A circuit that is always connected.
7
Q
SLE
A
SLE Single Loss Expectancy?The cost of a single loss.
7
Q
striping
A
Striping Spreading data writes across multiple disks to achieve performance gains, used by some levels of RAID.
7
Q
thin client applications
A
Thin client applications Uses a Web browser as a universal client, providing access to robust applications that are downloaded from the thin client server and run in the client?s browser.
8
Q
reference monitor
A
Reference monitor Mediates all access between subjects and objects.
8
Q
SOAP
A
SOAP Originally stood for Simple Object Access Protocol, now simply ?SOAP??Used to implement Web services.
8
Q
T3
A
T3 28 Bundled T1s.
9
Q
RFC 1918
A
RFC 1918 addresses Private IPv4 addresses that may be used for internal traffic.
10
Q
social engineering
A
Social engineering Uses the human mind to bypass security controls.
10
Q
star
A
Star Physical network topology that connects each node to a central device such as a hub or a switch.
11
Q
Optimizing
A
Optimizing Phase 5 of CMM.
12
Q
strong tranquility propery
A
Strong tranquility property Bell?LaPadula property that states that security labels will not change while the system is operating.
12
Q
type 2 authentication
A
Type 2 authentication Something you have.
13
Q
permutation
A
Permutation Provides confusion by rearranging the characters of the plaintext, anagram-style; also called transposition.
13
Q
quantitative risk analysis
A
Quantitative risk analysis RA method that uses hard metrics such as dollars.
13
Q
remote wipe
A
Remote wipe The ability to remotely erase a mobile device.
14
Q
polymorphic virus
A
Polymorphic virus Virus that changes its signature upon infection of a new system, attempting to evade signature-based antivirus software.
14
server-side attack
Server-side attack Attack launched directly from an attacker to a listening service; also called service-side attack.
15
slack space
Slack space Space on a disk between the end-of-file marker and the end of the cluster.
15
thread
Thread A lightweight process (LWP).
16
savepoint
Savepoint A clean snapshot of the database tables.
16
USA PATRIOT Act
USA PATRIOT Act Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001.
16
VPN
VPN Virtual Private Network?A method to send private data over an insecure network, such as the Internet.
17
SHA-1
SHA-1 Secure Hash Algorithm 1?A hash function that creates a 160-bit message digest.
18
Ping of Death
Ping of death DoS that sends a malformed ICMP echo request (ping) that is larger than the maximum size of an IP packet.
18
scrum master
Scrum master Senior member of the organization who acts as a coach for the Scrum team.
19
security domain
Security domain The list of objects a subject is allowed to access.
19
total cost of ownership
Total Cost of Ownership The cost of a safeguard.
20
ticket
Ticket Data that authenticates the identity of a Kerberos principal.
21
throughput
Throughput The process of authenticating to a system (such as a biometric authentication system).
22
NIC
NIC Network Interface Card?A card that connects a system to a network.
23
RSN
RSN Robust Security Network?Part of 802.11i that allows changes to cryptographic ciphers as new vulnerabilities are discovered.
23
smart card
Smart card A physical access control device containing an integrated circuit; also known as an integrated circuit card (ICC).
24
PEAP
PEAP Protected EAP?Similar to EAP-TTLS, including not requiring client-side certificates.
24
S/MIME
S/MIME Secure/Multipurpose Internet Mail Extensions?Leverages PKI to encrypt and authenticate MIME-encoded email.
24
simplex
Simplex One-way communication, like a car radio tuned to a music station.
25
NAT
NAT Network Address Translation?Translates IP addresses.
25
passive RFID
Passive RFID Unpowered RFID tags.
27
object
Object A data file.
28
VoIP
VoIP Voice over Internet Protocol?Carries voice via data networks.
29
open system
Open system System using open hardware and standards, using standard components from a variety of vendors.
31
NDA
NDA Non-Disclosure Agreement?A contractual agreement that ensures that an individual or organization appreciates their legal responsibility to maintain the confidentiality of sensitive information.
31
Passphrase
Passphrase A long static password, comprised of words in a phrase or sentence.
32
unallocated space
Unallocated space Portions of a disk partition that do not contain active data.
34
Outsourcing
Outsourcing Use of a third party to provide information technology support services that were previously performed in-house.
34
TAP
TAP Test Access Port?Provides a way to tap into network traffic and see all unicast streams on a network.
35
OECD
OECD Privacy Guidelines Organization for Economic Cooperation and Development privacy guidelines, containing eight principles.
35
referential integrity
Referential integrity Requires that every foreign key in a secondary table matches a primary key in the parent table.
35
SIGABA
SIGABA Rotor machine used by the United States through World War II into the 1950s.
36
Standards
Standard Describes the specific use of technology, often applied to hardware and software; an administrative control.
37
religious law
Religious law Legal system that uses religious doctrine or interpretation as a source of legal understanding and statutes.
37
RST
RST Reset (tear down) a connection?TCP flag.
38
weak tranquility property
Weak tranquility property Bell-LaPadula property that states that security labels will not change in a way that violates security policy.
39
patent
Patent Intellectual property protection that grants a monopoly on the right to use, make, or sell an invention for a period of time.
39
registers
Registers Small storage locations used by the CPU to store instructions and data.
39
semantic integrity
Semantic integrity Requires that each value is consistent with the attribute data type.
39
SSO
SSO Single Sign-On?Allows a subject to authenticate once and then access multiple systems.
39
system unit
System unit Computer case, containing all of the internal electronic computer components, including motherboard, internal disk drives, power supply, etc.
40
return on investment
Return on Investment Money saved by deploying a safeguard.
41
spoofing
Spoofing Masquerading as another endpoint.
42
simple security property
Simple security property Bell?LaPadula property that states ?no read up? (NRU).
43
query language
Query language Language that searches and updates a database.
44
network model (databases)
Network model (databases) Type of hierarchical database that allows branches to have two parents.
45
SVC
SVC Switched Virtual Circuit?A circuit that is established on demand.
45
wassenaar arrangement
Wassenaar Arrangement Munitions law that followed COCOM, beginning in 1996.
46
non-repudiation
Non-repudiation Assurance that a specific user performed a specific transaction and assurance that the transaction did not change.
47
teardrop attack
Teardrop attack A malformed packet DoS attack that targets issues with system fragmentation reassembly.
47
warded lock
Warded lock Preventive device that requires a key to be turned through channels (called wards) to unlock.
47
SP
XP Extreme Programming?An Agile development method that uses pairs of programmers who work off a detailed specification.
48
RAID 2
RAID 2 RAID hamming code.
49
Real evidence
Real evidence Evidence consisting of tangible or physical objects.
50
pseudo guard
Pseudo guard An unarmed security guard.
50
security assessments
Security assessments A holistic approach to assessing the effectiveness of access control; may use other tests as a subset, including penetration tests and vulnerability scans.
51
smurf attack
Smurf attack Attack that uses an ICMP flood and directed broadcast addresses.
52
SaaS
SaaS Software as a Service?Completely configured cloud-based application, from the operating system on up.
53
promiscuous access
Promiscuous access The ability to sniff all traffic on a network.
53
RAID 6
RAID 6 RAID striped set with dual distributed parity.
53
vulnerability scanning
Vulnerability scanning A process to discover poor configurations and missing patches in an environment.
54
vulnerability
Vulnerability A weakness in a system.
55
SDSL
SDSL Symmetric Digital Subscriber Line?DSL with matching upload and download speeds.
55
SMDS
SMDS Switched Multimegabit Data Service?An older WAN technology that is similar to ATM.
57
OFB
OFB Output Feedback?A stream mode of DES that uses portions of the key for feedback.
57
product owner
Product owner Scrum role that serves as the voice of the business unit.
57
twofish
Twofish Encrypts 128-bit blocks using 128 through 256 bit keys; AES finalist.
58
tuple
Tuple A row in a relational database table.
59
RPO
RPO Recovery Point Objective?The amount of data loss or system inaccessibility (measured in time) that an organization can withstand.
59
WPA2
WPA2 Wi-Fi Protected Access 2?The full implementation of 802.11i.
60
SMTP
SMTP Simple Mail Transfer Protocol?A store-and-forward protocol used to exchange email between servers.
61
RIP
RIP Routing Information Protocol?A distance vector routing protocol that uses hop count as its metric.
62
parity
Parity A means to achieve data redundancy without incurring the same degree of cost as that of mirroring in terms of disk usage and write performance.
62
SLA
SLA Service Level Agreement?Contractual agreement that helps ensure availability.
62
SYN
SYN Synchronize a connection?TCP flag.
63
\* security property
\* Security property Bell?LaPadula property that states ?no write down.?
65
NIDS
NIDS Network-based Intrusion Detection System?A detective technical control.
66
prudent man rule
Prudent man rule Organizations should engage in business practices that a prudent, right-thinking person would consider to be appropriate.
67
problem domain
Problem domain A specific challenge that needs to be addressed.
69
POP
POP Post Office Protocol?An email client protocol.
69
wiping
Wiping Writes new data over each bit or block of file data; also called shredding.
70
PSH
PSH Push data to application layer?TCP flag.
70
subject
Subject An active entity on an information system that accesses or changes data.
71
multiprocessing
Multiprocessing Runs multiple processes on multiple CPUs.
73
panic bar
Panic bar Egress device that opens externally facing doors from the inside.
75
non-discretionary access control
Non-discretionary access control Access control based on subjects? roles or tasks.
77
packet
Packet Layer 3 PDU.
78
plaintext
Plaintext An unencrypted message.
78
RC6
RC6 Rivest Cipher 6; symmetric block cipher by RSA Laboratories and an AES finalist.
79
use limitation principle
Use limitation principle OECD privacy guideline principle that states that personal data should never be disclosed without either the consent of the individual or a legal requirement.
80
SSID
SSID Service Set Identifier?Acts as a wireless network name.
80
UDP
UDP User Datagram Protocol?A simpler and faster cousin to TCP.
81
simulation test
Simulation test Recovery from a pretend disaster; goes beyond talking about the process and actually has teams carry out the recovery process.
82
well-formed transactions
Well-formed transactions Clark?Wilson control to enforce control over applications.
83
TGS
TGS Ticket Granting Service?A Kerberos service that grants access to services.
85
OEP
OEP Occupant Emergency Plan?A facility-based plan focused on safety and evacuation.
85
spiral model
Spiral model Software development model designed to control risk.
85
T1
T1 A dedicated 1.544-megabit circuit that carries 24 64-bit DS0 channels.
86
rule-based access control
Rule-based access control Uses a series of defined rules, restrictions, and filters for accessing objects within a system.
86
TCSEC
TCSEC Trusted Computer System Evaluation Criteria (Orange Book)?Evaluation model developed by the U.S. Department of Defense.
88
procedural languages
Procedural languages Programming languages that use subroutines, procedures, and functions.
88
Salt
Salt Allows one password to hash multiple ways.
88
typosquatting
Typosquatting Registering Internet domain names comprised of likely misspellings or mistyping of legitimate domain trademarks.
89
regression testing
Regression Testing Testing software after updates, modifications, or patches.
90
Ping
Ping Sends an ICMP echo request to a node and listens for an ICMP echo reply.
90
relational database
Relational database Contains two-dimensional tables of related data.
91
provide diligent and competent service to principals
Provide diligent and competent service to principals. Third canon of the (ISC)2 Code of Ethics.
93
Plan maintenance
Plan maintenance Seventh step of the NIST SP 800?34 contingency planning process.
94
warm site
Warm site A backup site with all necessary hardware, connectivity, and configured computers without live data.
96
process isolation
Process isolation Logical control that attempts to prevent one process from interfering with another.
97
static password
Static password Reusable passwords that and may or may not expire.
98
PDA
PDA Personal Digital Assistant?A small networked computer that can fit in the palm of your hand.
99
password guessing
Password guessing An online technique that involves attempting to authenticate as a particular user to the system.
99
vigenere cipher
Vigenre cipher Polyalphabetic cipher that uses a Vigenre square, named after Blaise de Vigenre.
100
RC4
RC4 Rivest Cipher 4; used to provide confidentiality by WPA.
101
remanence
Remanence Data that might persist after removal attempts.
102
passive infrared sensor
Passive infrared sensor Passive motion detector that detects infrared energy created by body heat.
103
southbridge
Southbridge Connects input/output (I/O) devices, such as disk, keyboard, mouse, CD drive, USB ports, etc.
103
truth table
Truth table Table used to map all results of a mathematical operation, such as XOR.
104
rootkit
Rootkit Malware that replaces portions of the kernel and/or operating system.
105
packet filter
Packet filter A simple and fast firewall that has no concept of state.
105
SYN flood
SYN flood Resource exhaustion DoS attack that fills a system?s half-open connection table.
105
token ring
Token ring Legacy LAN technology that uses tokens.
106
RAM
RAM Random Access Memory?Memory that allows any address to be directly accessed.
107
photoelectric motion sensor
Photoelectric motion sensor Active motion detector that sends a beam of light across a monitored space to a photoelectric sensor.
108
retina scan
Retina scan Biometric laser scan of the capillaries that feed the retina.
109
TNI
TNI Trusted Network Interpretation (Red Book).
109
XSS
XSS Cross-Site Scripting?Third-party execution of Web scripting languages such as JavaScript within the security context of a trusted site.
111
RAID 3
RAID 3 RAID striped set with dedicated parity (byte level).
112
responsible disclosure
Responsible disclosure The practice of privately sharing vulnerability information with a vendor and withholding public release until a patch is available.
113
threat agents
Threat agents The actors causing the threats that might exploit a vulnerability.
114
SNMP
SNMP Simple Network Management Protocol?Used to monitor network devices.
114
take-Grant protection model
Take?Grant Protection Model Determines the safety of a given computer system that follows specific rules.
115
storage channel
Storage channel Covert channel that uses shared storage, such as a temporary directory, to allow two subjects to signal each other.
117
PDU
PDU Protocol Data Unit?A header and data at one layer of a network stack.
118
TCP/IP
TCP/IP model A network model with four layers: network access, Internet, transport, and application.
119
NIPS
NIPS Network Intrusion Prevention System?A preventive device designed to prevent malicious network traffic.
120
primary key
Primary key Unique attribute in a relational database table, used to join tables.
121
steganography
Steganography The science of hidden communication.
122
TCP
TCP Transmission Control Protocol?Uses a three-way handshake to create reliable connections across a network.
123
northbridge
Northbridge Connects the CPU to RAM and video memory; also called the Memory Controller Hub (MCH).
124
static route
Static route Fixed routing entries.
126
normalization
Normalization Seeks to make the data in a database table logically concise, organized, and consistent.
126
overt channel
Overt channel Authorized communication that complies with security policy.
127
strong authentication
Strong authentication Requires that the user present more than one authentication factor; also called dual-factor authentication.
129
operating system
Operating system Software that operates a computer.
130
SPAN port
SPAN port Switched Port Analyzer?Receives traffic forwarded from other switch ports.
131
public key
Public key One half of an asymmetric key pair; may be publicly posted.
132
router
Router Layer 3 device that routes traffic from one LAN to another, based on IP addresses.
133
RAID
RAID Redundant Array of Inexpensive Disks?A method of using multiple disk drives to achieve greater data reliability, greater speed, or both.
134
RAID 1+
RAID 1+0 RAID 0 combined with RAID 1; sometimes called RAID 10.
135
session layer
Session layer Layer 5 of the OSI model?Manages sessions that provide maintenance on connections.
135
STP
STP Shielded Twisted Pair?Network cabling that contains additional metallic shielding around each twisted pair of wires.
136
socket
Socket A combination of an IP address and a TCP or UDP port on one node.
136
telnet
Telnet Protocol that provides terminal emulation over a network using TCP port 23.
137
WAN
WAN Wide Area Network?Typically covering cities, states, or countries.
138
schema
Schema Describes the attributes and values of the database tables.
139
SAML
SAML Security Assertion Markup Language?An XML-based framework for exchanging security information, including authentication data.
140
vulnerability management
Vulnerability management Management of vulnerability information.
141
rollback
Rollback Restores a database after a failed commit.
142
threat vectors
Threat vectors Vectors that allow exploits to connect to vulnerabilities.
143
software escrow
Software escrow Source code held by a neutral third party.
143
TLS
TLS Transport Layer Security?Successor to SSL.
144
TKIP
TKIP Temporal Key Integrity Protocol?Used to provide integrity by WPA.
146
RBAC
RBAC Role-Based Access Controls?Subjects are grouped into roles and each defined role has access permissions based on the role, not the individual.
148
principal
Principal Kerberos client (user) or service.
149
static testing
Static testing Tests code passively; the code is not running.
150
split horizon
Split horizon Distance vector routing protocol safeguard that will not send a route update via an interface it learned the route from.
151
parallel processing
Parallel processing Recovery of critical processing components at an alternative computing facility, without impacting regular production systems.
152
shareware
Shareware Fully functional proprietary software that may be initially used free of charge. If the user continues to use the shareware for a specific period of time, the shareware license typically requires payment.
153
PII
PII Personally Identifiable Information?Data associated with a specific person, such as credit card data.
154
training
Training Security control designed to provide a skill set.
156
packet-switched network
Packet-switched network A form of networking where bandwidth is shared and data is carried in units called packets.
158
pairwise testing
Pairwise testing Form of combinatorial software testing that tests unique pairs of inputs.
159
type 1 authentication
Type 1 authentication Something you know.
160
trademark
Trademark Intellectual property protection that allows for the creation of a brand that distinguishes the source of products.
161
technical controls
Technical controls Implemented using software, hardware, or firmware that restricts logical access on an information technology system.
162
watchdog timer
Watchdog timer Recovers a system by rebooting after critical processes hang or crash.
163
shoulder surfing
Shoulder surfing Physical attack where an attacker observes credentials, such as a key combination.
165
network model (telecommuncations)
Network model (telecommunications) A description of how a network protocol suite operates.
165
purpose specification principle
Purpose specification principle OECD privacy guideline principle that states that the purpose for the data collection should be known, and the subsequent use of the data should be limited to the purposes outlined at the time of collection.
166
object encapsulation
Object encapsulation Treats a process as a ?black box.?
168
qualitative risk analysis
Qualitative risk analysis RA method that uses approximate values.
169
triple DES
Triple DES 56-bit DES applied three times per block.
171
remote meeting technology
Remote meeting technology Newer technology that allows users to conduct online meetings via the Internet, including desktop sharing functionality.
172
SRAM
SRAM Static Random Access Memory?Expensive and fast memory that uses small latches called ?flip-flops? to store bits.
172
WRT
WRT Work recovery time?The time required to configure a recovered system.
173
TGT
TGT Ticket Granting Ticket?Kerberos credentials encrypted with the TGS key.
174
WEP
WEP Wired Equivalent Privacy?A very weak 802.11 security protocol.
175
NS
NS Nonce Sum?The newest TCP flag, used for congestion notification.
176
SONET
SONET Synchronous Optical Networking?Carries multiple T-carrier circuits via fiber optic cable.
178
partial knowledge test
Partial knowledge test A penetration test where the tester is provided with partial inside information at the start of the test.
179
type 2 authentication
Type 3 authentication Something you are.
181
recovery controls
Recovery controls Controls that restore a damaged system or process.
182
side-channel attack
Side-channel attack Cryptographic attack that uses physical data to break a cryptosystem, such as monitoring CPU cycles or power consumption used while encrypting or decrypting.
182
VLAN
VLAN Virtual LAN?Can be thought of as a virtual switch.
184
RC5
RC5 Rivest Cipher 5; symmetric block cipher by RSA Laboratories.
185
WLAN
WLAN Wireless Local Area Network.
186
thin clients
Thin clients Simple computer systems that rely on centralized applications and data.
188
Reciprocal agreement
Reciprocal agreement A bidirectional agreement between two organizations in which one organization promises another organization it can move in and share space if it experiences a disaster; also known as a mutual aid agreement.
190
open source
Open source Software with publicly published source code, allowing anyone to inspect, modify, or compile the code.
190
transport layer (TCP/IP)
Transport layer (TCP/IP) TCP/IP model layer that connects the internet layer to the application layer.
192
openness principle
Openness principle OECD privacy guideline principle that states that the collection and use of personal data should be readily available.
193
traceroute
Traceroute Command that uses ICMP Time Exceeded messages to trace a network route.
194
trade secret
Trade secret Business-proprietary information that is important to an organization?s ability to compete.
195
OCSP
OCSP Online Certificate Status Protocol?A client?server method for looking up revoked certificates.
196
voice print
Voice print Biometric control that measures the subject?s tone of voice while stating a specific sentence or phrase.
198
PROM
PROM Programmable Read-Only Memory?Memory that can be written to once, typically at the factory.
199
RAID 5
RAID 5 RAID striped set with distributed parity.
199
white box software testing
White box software testing Gives the tester access to program source code, data structures, variables, etc.
200
spring-bolt lock
Spring-bolt lock A locking mechanism that ?springs? in and out of the door jamb.
201
purple
Purple Allied name for the stepping-switch encryption device used by Japanese Axis powers during World War II.
203
servicemark
Servicemark Intellectual property protection that allows for the creation of a brand that distinguishes the source of services.
205
shadow database
Shadow database Similar to a replicated database, with one key difference: A shadow database mirrors all changes made to a primary database, but clients do not access the shadow.
207
non-interference
Non-interference Model Ensures that data at different security domains remain separate from one another.
208
Thicknet
Thicknet Older type of coaxial cable, used for Ethernet bus networking.
209
one-time pad
One-time pad Theoretically unbreakable encryption using paired pads of random characters.
211
presentation layer
Presentation layer Layer 6 of the OSI model; presents data to the application in a comprehensible way.
212
traceability matrix
Traceability matrix Maps customers? requirements to the software testing plan; it traces the requirements and ensures that they are being met.
213
SA
SA Security Association?A simplex connection that may be used to negotiate ESP or AH parameters.
214
protect society, the commonwealth, and the infrastructure
Protect society, the commonwealth, and the infrastructure. First canon of the (ISC)2 Code of Ethics.
215
PGP
PGP Pretty Good Privacy?Software that integrates asymmetric, symmetric, and hash cryptography.
216
offshoring
Offshoring Outsourcing to another country.
217
swapping
Swapping Uses virtual memory to copy contents in primary memory (RAM) to or from secondary memory.
218
PRI
PRI Primary Rate Interface?Provides 23 64-K digital ISDN channels.
219
synchronous dynamic token
Synchronous Dynamic Token Use time or counters to synchronize a displayed token code with the code expected by the authentication server.
221
remote journaling
Remote journaling Saves database checkpoints and the database journal to a remote site. In the event of failure at the primary site, the database may be recovered.
222
vishing
Vishing Phishing via voice.
223
PaaS
PaaS Platform as a service?A preconfigured operating system is provided, and the customer configures the applications.
223
simple integrity axiom
Simple integrity axiom Biba property that states ?no read down.?
225
proxy firewall
Proxy firewall Firewalls that terminate connections and act as intermediary servers.
226
TFTP
TFTP Trivial File Transfer Protocol?A simple way to transfer files with no authentication or directory structure.
227
WAP
WAP Wireless Application Protocol?Designed to provide secure Web services to handheld wireless devices such as smart phones.
229
recovery phase
Recovery phase Incident response phase that restores a previously compromised system to operational status.
229
reporting phase
Reporting phase Incident response phase that provides a final report on the incident.
230
patch management
Patch management The process of managing software updates.
232
sniffing
Sniffing Confidentiality attack on network traffic.
233
secondary evidence
Secondary evidence Evidence consisting of copies of original documents and oral descriptions.
234
strike plate
Strike plate Plate in the door jamb with a slot for a deadbolt or spring-bolt lock.
236
SOCKS
SOCKS Popular circuit-level proxy.
237
REST
REST Representational State Transfer?Used to implement Web services.
238
stateful firewall
Stateful firewall Firewall with a state table that allows the firewall to compare current packets to previous.
239
ultrasonic motion detector
Ultrasonic motion detector Active motion detector that uses ultrasonic energy.
241
SDLC (telecommunications)
SDLC (telecommunications) Synchronous Data Link Control?A synchronous Layer 2 WAN protocol that uses polling to transmit data.
242
polyinstantiation
Polyinstantiation Allows two different objects to have the same name.
244
separation of duties
Separation of duties Dividing sensitive transactions among multiple subjects.
245
OCTAVE
OCTAVE? Operationally Critical Threat, Asset, and Vulnerability Evaluation?A risk management framework from Carnegie Mellon University.
246
process
Process An executable program and its associated data loaded and running in memory.
247
timing channel
Timing channel Covert channel that relies on the system clock to infer sensitive information.
248
RFID
RFID Radio Frequency Identification?A type of contactless card technology.
249
trojan
Trojan Malware that performs two functions: one benign (such as a game) and one malicious; also called Trojan horses.
250
parent class
Parent class OOP concept that allows objects to inherit capabilities from parents.
251
Rainbow table
Rainbow table Acts as database that contains the hashed output for most or all possible passwords.
252
running-key cipher
Running-key cipher Cryptographic method that uses whole words from a well-known text such as a dictionary, ?adding? letters to plaintext using modular math.
253
WSDL
WSDL Web Services Description Language?Provides details about how Web services are to be invoked.
254
tailgating
Tailgating Following an authorized person into a building without providing credentials; also known as piggybacking.
255
PAP
PAP Password Authentication Protocol?An insecure network authentication protocol that exposes passwords in cleartext.
256
TACACS
TACACS Terminal Access Controller Access Control System?A SSO method often used for network equipment.
257
POST
POST Power-On Self-Test?Performs basic computer hardware tests, including verifying the integrity of the BIOS, testing the memory, and identifying system devices, among other tasks.
258
thinnet
Thinnet Older type of coaxial cable, used for Ethernet bus networking.
260
rotation of duties
Rotation of duties Requires that critical functions or responsibilities are not continuously performed by the same person without interruption; also known as job rotation.
261
top-down programming
Top-down programming Starts with the broadest and highest level requirements (the concept of the final program) and works down toward the low-level technical implementation details.
262
TOCTOU
TOCTOU Time Of Check, Time Of Use?Altering a condition after it has been checked by the operating system but before it is used.
264
RADIUS
RADIUS Remote Authentication Dial-In User Service?A UDP-based third-party authentication system.
265
RAT
RAT Remote Access Trojans?Trojan horses that may be remotely controlled.
266
XOR
XOR Exclusive OR?Binary operation that is true if one of two inputs (but not both) are true.
267
zero-day exploit
Zero-day exploit An exploit for a vulnerability with no available vendor patch.
269
OFDM
OFDM Orthogonal Frequency-Division Multiplexing?A newer wireless multiplexing method that allows simultaneous transmission using multiple independent wireless frequencies that do not interfere with each other.
270
statutory damages
Statutory damages Damages prescribed by law.
272
password cracking
Password cracking An offline technique in which the attacker has gained access to the password hashes or database.
273
UTP
UTP Unshielded Twisted Pair?Network cabling that uses pairs of wire twisted together.
275
QoS
QoS Quality of Service?Gives specific traffic precedence over other traffic on packet-switched networks.
277
PPP
PPP Point-to-Point Protocol?Layer 2 protocol that has largely replaced SLIP, adding confidentiality, integrity, and authentication.
278
virus
Virus Malware that requires a carrier to propagate.
280
penetration test
Penetration test Security test designed to determine if an attacker can penetrate an organization.
281
Ring (physical)
Ring (physical) Physical network topology that connects nodes in a physical ring.
282
security audit
Security audit A test against a published standard.
284
SHA-2
SHA-2 Secure Hash Algorithm 2?A hash function that includes SHA-224, SHA-256, SHA-384, and SHA-512; named after the length of the message digest each creates.
286
network access layer
Network access layer TCP/IP model layer that combines Layers 1 and 2 of the OSI model; it describes Layer 1 issues such as energy, bits, and the medium used to carry them.
287
stealth virus
Stealth virus Virus that hides itself from the OS and other protective software, such as antivirus software.
288
SQL
SQL Structured Query Language?The most popular database query language.
289
network stack
Network stack A network protocol suite programmed in software or hardware.
290
privacy act of 1974
Privacy Act of 1974 Protects U.S. citizens? data that is being used by the federal government.
292
SSH
SSH Secure Shell?A secure replacement for Telnet, FTP and the UNIX ?R? commands.
293
unicast
Unicast One-to-one network traffic, such as a client surfing the Web.
294
TEMPEST
TEMPEST A standard for shielding electromagnetic emanations from computer equipment.
295
worm
Worm Malware that self propagates.
297
RAID 10
RAID 10 See RAID 1+0.
299
SIP
SIP Session Initiation Protocol?A VoIP signaling protocol.
301
risk
Risk A matched threat and vulnerability.
303
object-oriented database
Object-oriented database Database that combines data with functions (code) in an object-oriented framework.
304
RTO
RTO Recovery Time Objective?The maximum time allowed to recover business or IT systems.
305
OOD
OOD Object-Oriented Design?High-level object-oriented approach to designing software.
307
RAID 4
RAID 4 RAID striped set with dedicated parity (block level).
308
scrum
Scrum Agile development model that uses small teams; roles include scrum master and product owner.
309
virtualization
Virtualization Adds a software layer between an operating system and the underlying computer hardware.
311
one-time password
One-time password Password that may be used for a single authentication.
312
Rijndael
Rijndael Cipher that became AES; named after authors Vincent Rijmen and Joan Daemen.
313
RFI
RFI Remote File Inclusion?Altering Web URLs to include remote content.
314
RAD
RAD Rapid Application Development?Rapidly develops software via the use of prototypes, ?dummy? GUIs, back-end databases, and more.
315
XML
XML Extensible Markup Language?A markup language designed as a standard way to encode documents and data.
316
screened subnet architecture
Screened subnet architecture Two firewalls screening a DMZ.
317
URG
URG Packet contains urgent data?TCP flag.
319
Plan testing, training and exercises
Plan testing, training, and exercises Sixth step of the NIST SP 800?34 contingency planning process.
320
time multiplexing
Time multiplexing Shares (multiplexes) system resources between multiple processes, each with a dedicated slice of time.
321
punitive damages
Punitive damages Damages designed to punish an individual or organization.
322
mutation
Mutation Genetic algorithm concept that introduces random changes to algorithms.
323
zero knowledge test
Zero knowledge test A blind penetration test where the tester has no inside information at the start of the test.
324
SRTP
SRTP Secure Real-Time Transport Protocol?Used to provide secure VoIP.
325
OOP
OOP Object-Oriented Programming?Changes the older procedural programming methodology and treats a program as a series of connected objects that communicate via messages.
327
software piracy
Software piracy Unauthorized copying of copyrighted software.
328
PKI
PKI Public key infrastructure?Leverages symmetric, asymmetric, and hash-based cryptography to manage digital certificates.
329
vernam cipher
Vernam cipher One-time pad using a teletypewriter; invented by Gilbert Vernam.
331
physical layer
Physical layer Layer 1 of the OSI model; describes units of data like bits represented by energy and the media used to carry them.
333
ROM
ROM Read-Only Memory.
334
system call
System call Allow processes to communicate with the kernel and provide a window between CPU rings.
335
PIN
PIN Personal Identification Number?A number-based password.
336
NIST SP 800-34
NIST SP 800?34 NIST Special Publication 800?34, Contingency Planning Guide for Information Technology Systems.
337
ORBs
ORBs Object Request Brokers?Used to locate and communicate with objects.
338
sashimi model
Sashimi model Development model with highly overlapping steps; it can be thought of as a real-world successor to the waterfall model.
339
policy
Policy High-level management directives; an administrative control.
340
transport layer (OSI)
Transport layer (OSI) Layer 4 of the OSI model; handles packet sequencing, flow control, and error detection.
341
sanction
Sanction Action taken as a result of policy violation.
342
privacy
Privacy Protection of the confidentiality of personal information.
343
structured walkthrough
Structured walkthrough Thorough review of a DRP by individuals who are knowledgeable about the systems and services targeted for recovery; also known as tabletop exercise.
344
repeatable
Repeatable Phase 2 of CMM.
345
threat
Threat A potentially negative occurrence.
346
Need to know
Need to know Requirement that subjects need to know information before accessing it.
347
reserved ports
Reserved ports TCP/IP ports 1023 and lower.
349
repeater
Repeater Layer 1 device that receives bits on one port, and ?repeats? them out the other port.
350
rotation cipher
Rotation cipher Substitution cipher that shifts each character of ciphertext a fixed amount past each plaintext character.
351
source code
Source code Computer programming language instructions that are written in text that must be translated into machine code before execution by the CPU.
353
procedure
Procedure Step-by-step guide for accomplishing a task; an administrative control.
354
session hijacking
Session hijacking Compromise of an existing network sessions.
355
turnstile
Turnstile Device designed to prevent tailgating by enforcing a ?one person per authentication? rule.
356
PAN
PAN Personal Area Network?A very small network with a range of 100m or much less.
357
redundant site
Redundant site An exact production duplicate of a system that has the capability to seamlessly operate all necessary IT operations without loss of services to the end user.
358
switch
Switch Layer 2 device that carries traffic on one LAN.
359
NRM
NRM Normal Response Mode?SDLC/HDLC mode where secondary nodes can transmit when given permission by the primary.
360
Realm
Realm A logical Kerberos network.
361
work factor
Work factor The amount of time required to break a cryptosystem (decrypt a ciphertext without the key).
362
WORM
WORM Write once, read many?Memory that can be written to once and read many times.
363
principle of least privelege
Principle of least privilege Granting subjects the minimum amount of authorization required to do their jobs; also known as minimum necessary access.
364
OUI
OUI Organizationally Unique Identifier?The first 24 bits of a MAC address.
365
RTP
RTP Real-Time Transport Protocol?VoIP protocol designed to carry streaming audio and video.
366
security safeguards principle
Security safeguards principle OECD privacy guideline principle that states that personal data should be reasonably protected against unauthorized use, disclosure, or alteration.
367
segment
Segment Layer 4 PDU.
368
socket pair
Socket pair Describes a unique connection between two nodes: source port and source IP, destination port and destination IP.
369
script kiddies
Script kiddies Attackers who target computer systems with tools they have little or no understanding of.
370
spear phishing
Spear phishing Targeted phishing attack against a small number of high-value victims.
371
tree
Tree Physical network topology with a root node and branch nodes that are at least three levels deep.
372
War dialing
War dialing Uses a modem to dial a series of phone numbers, looking for an answering modem carrier tone.
373
white hat
White hat Ethical hacker or researcher.
374
ring model
Ring model Form of CPU hardware layering that separates and protects domains (such as kernel mode and user mode) from each other.
375
RISC
RISC Reduced Instruction Set Computer?CPU instructions that are short and simple.
376
polymorphism
Polymorphism OOP concept based on the Greek roots poly (?many?) and morphe (?form?); allows an object to overload an operator, for example.
377
search warrant
Search warrant Court order that allows a legal search.
378
object
Object A ?black box? that combines code and data and sends and receives messages.
379
RAID 0
RAID 0 RAID striped set.
380
pipelining
Pipelining CPU feature that combines multiple steps into one combined process, allowing simultaneous fetch, decode, execute, and write steps for different instructions.
381
symmetric encryption
Symmetric encryption Encryption that uses one key to encrypt and decrypt.
383
poison reverse
Poison reverse Distance vector routing protocol safeguard that sets a bad route to infinity.
384
substitution
Substitution Cryptographic method that replaces one character for another.
385
SOX
SOX Sarbanes?Oxley Act of 2002?Created regulatory compliance mandates for publicly traded companies.
387
network layer 3
Network layer Layer 3 of the OSI model; describes routing data from a system on one LAN to a system on another.
388
OLE
OLE Object Linking and Embedding?Part of DCOM that links documents to other documents.
389
preventative controls
Preventive controls Prevents actions from occurring.
390
OSI model
OSI model A network model with seven layers: physical, data link, network, transport, session, presentation, and application.
391
pysical controls
Physical controls Implemented with physical devices, such as locks, fences, or gates.
392
screened host architecture
Screened host architecture Older flat network design using one router to filter external traffic to and from a bastion host via an ACL.
393
risk analysis matrix
Risk analysis matrix A quadrant used to map the likelihood of a risk occurring against the consequences (or impact) that risk would have.
395
PCI-DSS
PCI-DSS Payment Card Industry Data Security Standard?A security standard created by the Payment Card Industry Security Standards Council (PCI SSC).
396
RAID 1
RAID 1 RAID mirrored set.
398
SLIP
SLIP Serial Line Internet Protocol?A Layer 2 protocol that provides IP connectivity via asynchronous connections such as serial lines and modems.
399
OOA
OOA Object-Oriented Analysis?High-level approach to understanding a problem domain that identifies all objects and their interactions.
400
VDSL
VDSL Very High Rate Digital Subscriber Line?DSL featuring much faster asymmetric speeds.
401
SDLC (applications)
SDLC (applications) Systems Development Life Cycle?A system development model that focuses on security in every phase.
402
x.25
X.25 Older packet-switched WAN protocol.
403
private key
Private key One half of an asymmetric key pair; it must be kept secure.
404
unit testing
Unit testing Low-level tests of software components, such as functions, procedures, or objects.
405
waterfall model
Waterfall model An application development model that uses rigid phases; when one phase ends, the next begins.
406
OSPF
OSPF Open Shortest Path First?An open link state routing protocol.
407
polyalphabetic cipher
Polyalphabetic cipher Substitution cipher using multiple alphabets.
408
PLD
PLD Programmable Logic Device?Field-programmable hardware.
409
walkthrough
Walkthrough drill See Simulation test.
410
zachman framework
Zachman Framework? Provides six frameworks for providing information security that ask what, how, where, who, when, and why; it maps those frameworks across rules that include planner, owner, designer, builder, programmer, and user.
411
table
Table A group of related data in a relational database.
