CISM (Certified Information Security manager) – Vocabulary – Flashcards
Unlock all answers in this set
Unlock answersquestion
Acceptable interruption window
answer
Max time a system can be unavailable before compromising business objectives.
question
Acceptable use policy
answer
Policy agreement between users and the organization. Defines approved range of use for access to a network or the Internet
question
Access controls
answer
The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises
question
Access path
answer
Logical route an end user takes to access computerized information. Typically includes a route through the OS, telecommunications software, applications, and access controls.
question
Access rights
answer
Permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy
question
Accountability
answer
The ability to map a given activity or event back to the responsible party
question
Action plan
answer
A plan of the steps necessary to achieve objectives
question
Ad hoc
answer
Arbitrary approach, no formal plan or process
question
Administrative controls
answer
Rules, procedures and practices that deal with operational effectiveness, efficiency and adherence to regulations and management policies.
question
Adware
answer
Any software package that automatically plays, displays or downloads advertising material to a computer after the software is installed on it or while the application is being used. In most cases, this is done without any notification to the user or without the user's consent. This software may or maynot contain spyware.
question
Advance Encryption Standard (AES)
answer
The international encryption standard that replaced 3DES.
question
Algorithm
answer
A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.
question
Anomaly-Based Detection
answer
The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations. This approach is used on some intrusion detection systems.
question
Annual Loss Expectation (ALE)
answer
The total expected loss divided by the number of years in the forecast period yielding the average annual loss
question
Alert situation
answer
The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The organization entering into an alert situation initiates a series of escalation steps.
question
Alternate facilities
answer
Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed. This includes other buildings, offices or data processing centers.
question
Alternate process
answer
Automatic or manual processes designed and established to continue critical business processes from point-of-failure to return-to-normal
question
Anonymous File Transfer Protocol (AFTP)*
answer
A method of downloading public files using the File Transfer Protocol (FTP). AFTP does not require users to identify themselves before accessing files from a particular server. In general, users enter the word "anonymous" when the host prompts for a username. Anything can be entered for the password, such as the user's e-mail address or simply the word "guest."
question
Antivirus software
answer
An application software deployed at multiple points in an IT architecture. It is designed to detect and potentially eliminate virus code before damage is done, and repair or quarantine files that have already been infected
question
Application Programming Interface (API)
answer
An application programming interface (API) is a source code-based specification intended to be used as an interface by software components to communicate with each other.
question
Application controls
answer
The policies, procedures and activities designed to provide reasonable assurance that objectives relevant to a given automated solution (application) are achieved
question
Application layers
answer
In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; it is a service layer that provides these services.
question
Application service provider (ASP)
answer
Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility. The applications are delivered over networks on a subscription basis.
question
Architecture
answer
Description of the fundamental underlying design of the components of the business system, or of one element of the business system (e.g., technology), the relationships among them, and the manner in which they support the organization's objectives
question
Address Resolution Protocol (ARP)
answer
ARP defines the exchanges between network interfaces connected to an Ethernet media segment in order to map an IP address to a link layer address on demand.
question
Assurance
answer
The grounds for confidence that the set of intended security controls in an information system are effective in their application.
question
Assurance Process Integration
answer
Integration of organizational assurance processes to achieve greater efficiencies and counter typical silo effects.
question
Assymetric encryption
answer
A cryptographic key that may be widely published and is used to enable the operation of an asymmetric cryptography scheme. This key is mathematically linked with a corresponding private key. Typically, a public key can be used to encrypt, but not decrypt, or to validate a signature, but not to sign.
question
Attack Signature
answer
A specific sequence of events indicative of an unauthorized access attempt. Typically a characteristic byte pattern used in malicious code or an indicator, or set of indicators that allows the identification of malicious network activities.
question
Attributes
answer
The fundamental characteristics of something
question
Audit
answer
Independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures
question
Audit Review
answer
The assessment of an information system to evaluate the adequacy of implemented security controls, assure that they are functioning properly, identify vulnerabilities, and assist in implementation of new security controls where required. This assessment is conducted annually or whenever significant change has occurred and may lead to recertification of the information system.
question
Audit trail
answer
A series of records either in hard copy or in electronic format that provide a chronological record of user activity and other events that show the details of user and system activity. Audit trails can be used to document when users log in, how long they are engaged in various activities, what they were doing, and whether any actual or attempted security violations occurred.
question
Authentication
answer
The act of verifying the identity of an entity (e.g., a user, a system, a network node)
question
Authorization
answer
Access privileges granted to a user, program, or process or the act of granting those privileges
question
Automated Clearing House (ACH)
answer
ACH is an electronic network for financial transactions in the United States. ACH processes large volumes of credit and debit transactions in batches. Credit transfers include direct deposit payroll and vendor payments and ACH direct debit transfers include consumer payments on insurance premiums, mortgage loans, and other kinds of bills
question
Availability
answer
Information that is accessible when required by the business process now and in the future
question
Awareness (Information Security)
answer
Activities which seek to focus an individual's attention on an (information security) issue or set of issues.
question
Backup center
answer
An alternate facility to continue IT/IS operations when the primary DP center is unavailable
question
Biometrics
answer
To recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics.
question
Business intelligence (BI)*
answer
Refers to computer-based techniques used in identifying, extracting, and analyzing business data, such as sales revenue by products and/or departments, or by associated costs and incomes. BI technologies provide historical, current and predictive views of business operations. Common functions of business intelligence technologies are reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining and predictive analytics.
question
Business impact assessment (BIA)
answer
An analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.
question
Baseline Security
answer
The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection.
question
Bastion Host
answer
A special-purpose computer on a network specifically designed and configured to withstand attacks.
question
Business continuity management (BCM)
answer
Planning focused on assuring continuous business processes and is a major factor in an organization's survival during and after a disruption. This is a key component of Comprehensive Emergency Management.
question
Business continuity planning (BCP)
answer
The documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business functions will be sustained during and after a significant disruption.
question
Benchmarking
answer
A systematic approach to comparing an organization's performance against peers and competitors in an effort to learn the best ways of conducting business. Examples include benchmarking of quality, logistical efficiency and various other metrics.
question
Business Impact Assessment (BIA)
answer
An analysis of an information system's requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.
question
Biometric
answer
A measurable physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and iris scan samples are all examples.
question
Bit-stream image
answer
Also referred to as mirror image backups, involve the backup of all areas of a computer hard disk drive or other type of storage media. Such backups exactly replicate all sectors on a given storage device including all files and ambient data storage areas.
question
Bit copy
answer
Provides an exact image of the original and is a requirement for legally justifiable forensics
question
Bit
answer
The smallest unit of information storage; a contraction of the term "binary digit;" one of two symbols "0" (zero) and "1" (one) - that are used to represent binary numbers.
question
Blacklisting
answer
The process of the system invalidating a user ID based on the user's inappropriate actions. A user ID on this list cannot be used to log on to the system, even with the correct credentials. This is a positive security-relevant event. Also applies to blocks placed against IP addresses to prevent inappropriate or unauthorized use of Internet resources.
question
Botnet
answer
A large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.
question
Boundary
answer
Physical or logical perimeter of a system
question
Brute force attack
answer
Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found
question
Business case
answer
Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle
question
Business dependency assessment
answer
A process of identifying resources critical to the operation of a business process
question
Business impact analysis/assessment (BIA)
answer
Evaluating the criticality and sensitivity of information assets. An exercise that determines the impact of losing the support of any resource to an organization, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and supporting system. This process also includes addressing: income loss, unexpected expense, legal issues (regulatory compliance or contractual), interdependent processes, and loss of public reputation or public confidence.
question
Business Model for Information Security (BMIS)
answer
A business-oriented model for managing information security utilizing systems thinking to clarify complex relationships within an enterprise. The four elements and six dynamic interconnections form the basis of a three dimensional model that establish the boundaries of an information security program and models how the program functions and reacts to internal and external change. It also provides the context for frameworks such as COBIT.
question
Byte
answer
A fundamental unit of computer storage; the smallest addressable unit in a computer's architecture. Usually holds one character of information and usually means eight bits.
question
Capability Maturity Model (CMM)
answer
A qualitative approach typically using a 0 to 5 scale with each value assigned a set of attributes or characteristics to determine a relative level of competency and proficiency.
question
Certificate
answer
A digitally signed representation of information that 1) identifies the authority issuing it, 2) identifies the subscriber, 3) identifies its valid operational period (date issued / expiration date). In the information assurance (IA) community, certificate usually implies public key certificate and can have the following types: Cross certificate, Encryption certificate and Key management.
question
Cross certificate
answer
A certificate issued from a CA that signs the public key of another CA not within its trust hierarchy that establishes a trust relationship between the two CAs.
question
Encryption certificate
answer
A certificate containing a public key that can encrypt or decrypt electronic messages, files, documents, or data transmissions, or establish or exchange a session key for these same purposes.
question
Identity certificate
answer
A certificate that provides authentication of the identity claimed. Within the National Security Systems (NSS) PKI, identity certificates may be used only for authentication or may be used for both authentication and digital signatures.
question
Key management
answer
Refers to the process of storing, protecting, and escrowing the private component of the key pair associated with the encryption certificate.
question
Certificate (Certification) Authority (CA)
answer
In cryptography, a CA is a trusted third party that issues digital certificates. A CA attests, as the trusted provider of the public/private key pairs, to the authenticity of the owner (entity or individual) to whom a public/private key pair has been given. The process involves a CA who makes a decision to issue a certificate based on evidence or knowledge obtained in verifying the identity of the recipient. Upon verifying the identity of the recipient, the CA signs the certificate with its private key for distribution to the user, where, upon receipt, the user will decrypt the certificate with the CA's public key (e.g., commercial CAs, such as VeriSign, provide public keys on web browsers). The ideal CA is authoritative (someone the user trusts) for the name or key space it represents. CAs are characteristic of many public key infrastructure (PKI) schemes. Many commercial CAs charge for their services. Institutions and governments may have their own CAs, and there are free CAs.
question
Certificate policy (CP)
answer
A specialized form of administrative policy tuned to electronic transactions performed during certificate management. A Certificate Policy addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a certificate policy can also govern the transactions conducted using a communications system protected by a certificate-based security system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provision of the security services required by particular applications.
question
Certification Practice Statement
answer
A statement of the practices that a Certification Authority employs in issuing, suspending, revoking, and renewing certificates and providing access to them, in accordance with specific requirements (i.e., requirements specified in this Certificate Policy, or requirements specified in a contract for services).
question
Certificate revocation list (CRL)
answer
A list of revoked public key certificates created and digitally signed by a Certification Authority.
question
Chain of custody
answer
The chain of custody is a legal principle regarding the validity and integrity of evidence. It requires accountability for anything that will be used as evidence in a legal proceeding, to ensure that it can be accounted for from the time it was collected until the time it is presented in a court of law. This includes documentation as to who had access to the evidence and when, as well as the ability to identify evidence as being the exact item that was recovered or tested. Lack of control over evidence can lead to it being discredited. Chain of custody depends on the ability to verify that evidence could not have been tampered with. This is accomplished by sealing off the evidence, so it cannot be changed, and providing a documentary record of custody to prove that the evidence was, at all times, under strict control and not subject to tampering.
question
Chain of Evidence
answer
A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence. The "sequencing" of the chain of evidence follows this order: collection and identification; analysis; storage; preservation; presentation in court; return to owner.
question
Challenge and Reply Authentication
answer
Prearranged procedure in which a subject requests authentication of another and the latter establishes validity with a correct reply.
question
Challenge-Response Protocol
answer
An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a shared secret (often by hashing the challenge and secret together) to generate a response that is sent to the verifier. The verifier knows the shared secret and can independently compute the response and compare it with the response generated by the claimant. If the two are the same, the claimant is considered to have successfully authenticated himself. When the shared secret is a cryptographic key, such protocols are generally secure against eavesdroppers. When the shared secret is a password, an eavesdropper does not directly intercept the password itself, but the eavesdropper may be able to find the password with an off-line password guessing attack.
question
Change management
answer
A controlled approach to managing the transition from a current to a desired organizational state while ensuring that critical success factors and potential risks are determined and addressed.
question
Checksum
answer
A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.
question
Cipher
answer
A cryptographic algorithm for encryption and decryption.
question
Cipher-text
answer
Cipher-text is the encrypted form of the message being sent.
question
Chief executive officer (CEO)
answer
The highest ranking individual in an organization
question
Chief financial officer (CFO)
answer
The CFO is a fiduciary responsible for an organizations finance and accounting as well as compliance with various financial regulatory requirements.
question
Chief information officer (CIO)
answer
The most senior official of the enterprise who is accountable for IT advocacy, aligning IT and business strategies, and planning, resourcing and managing the delivery of IT services, information and the deployment of associated human resources. In some cases, the CIO role has been expanded to become the chief knowledge officer (CKO) who deals in knowledge, not just information. Also see chief technology officer.
question
Chief information security officer (CISO)
answer
The CISO is responsible for managing information risk, the information security program, and ensuring appropriate confidentiality, integrity and availability of information assets.
question
Chief Operating Officer (COO)
answer
The COO is typically responsible for oversight and management of operations at the direction of the Chief Executive.
question
Chief security officer (CSO)
answer
The CSO is typically responsible for physical security in the organization although increasingly the CISO and CSO roles are merged.
question
Chief technology officer (CTO)
answer
The individual (typically a corporate officer) who focuses on technology issues in an organization.
question
Classification
answer
The system or process that segregates information resources according to their sensitivity and criticality.
question
Chief Risk Office (CRO)
answer
The individual, usually a corporate officer, charged with identifying and managing organizational risk.
question
Cipher
answer
Series of transformations that converts plaintext to ciphertext using the Cipher Key
question
Clear Text
answer
Information that is not encrypted
question
Client-Client server
answer
Individual or process acting on behalf of an individual who makes requests of a dedicated server. The client's requests to the dedicated server can involve data transfer to, from, or through dedicated server.
question
Cloud computing
answer
An approach using external services for convenient on-demand IT operations using a shared pool of configurable computing capability. Typical capabilities include infrastructure as a service (IaaS), platform as a service (PaaS) and software as a service (SaaS). (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.
question
Cloud model
answer
The cloud model is composed of five essential characteristics (on-demand selfservice, ubiquitous network access, location independent resource pooling, rapid elasticity, and measured service). It allows users to access technology-based services from the network cloud without knowledge of, expertise with, or control over the technology infrastructure that supports them and provides and four models for enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid cloud)
question
COBIT
answer
The international IT management framework and set of IT control objectives published by ISACA, 2007, 2005, 2000, 1998, 1996
question
Cold Site
answer
Backup site that can be up and operational in a relatively short time span, such as a day or two. Provision of services, such as telephone lines and power, is taken care of, and the basic office furniture might be in place, but there is unlikely to be any computer equipment, even though the building might well have a network infrastructure and a room ready to act as a server room. In most cases, cold sites provide the physical location and basic services.
question
Common Carrier
answer
In a telecommunications context, a telecommunications company that holds itself out to the public for hire to provide communications transmission services. Note: In the United States, such companies are usually subject to regulation by federal and state regulatory commissions.
question
Community of Interest (COI)
answer
A collaborative group of users who exchange information in pursuit of their shared goals, interests, missions, or business processes, and who therefore must have a shared vocabulary for the information they exchange. The group exchanges information within and between systems to include security domains.
question
Compartmentalization
answer
A nonhierarchical grouping of sensitive information used to control access to data more finely than with hierarchical security classification alone.
question
Compensating Security Control
answer
A management, operational, and/or technical control (i.e., safeguard or countermeasure) employed by an organization in lieu of a recommended security control in the low, moderate, or high baselines that provides equivalent or comparable protection for an information system.
question
Competitive Intelligence
answer
Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.
question
Compromise
answer
Disclosure of information to unauthorized persons, or a violation of the security policy of a system in which unauthorized intentional or unintentional disclosure, modification, destruction, or loss of an object may have occurred.
question
Computer emergency response team (CERT)
answer
A group of people integrated at the organization with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems.
question
Computer Incident Response Team (CIRT)
answer
Group of individuals usually consisting of Security Analysts organized to develop, recommend, and coordinate immediate mitigation actions for containment, eradication, and recovery resulting from computer security incidents. Also called a Computer Security Incident Response Team (CSIRT) or a CIRC (Computer Incident Response Center, Computer Incident Response Capability, or Cyber Incident Response Team)
question
Confidentiality
answer
The protection of sensitive or private information from unauthorized disclosure
question
Control center
answer
Hosts the recovery meetings where disaster recovery operations are managed
question
Controls
answer
Any regulatory document, process, structure or technology
question
Configuration Management
answer
Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modification prior to, during, and after system implementation
question
Controls policy
answer
A policy defining control operational and failure modes e.g. fail secure, fail open, allowed unless specifically denied, denied unless specifically permitted.
question
Content Filtering
answer
The process of monitoring communications such as email and Web pages, analyzing them for suspicious content, and preventing the delivery of suspicious content to users.
question
Contingency Plan
answer
Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability. The Contingency Plan is the first plan used by the enterprise risk managers to determine what happened, why, and what to do. It may point to the Continuity of Operations Plan (COOP) or Disaster Recovery Plan for major disruptions
question
Convergence
answer
The trend of combining physical and information security under one manager to increase efficiency and effectiveness
question
Continuity of operations plan (COOP)
answer
A predetermined set of instructions or procedures that describe how an organization's mission-essential functions will be sustained within 12 hours and for up to 30 days as a result of a disaster event before returning to normal operations.
question
Continuous Monitoring
answer
The process implemented to maintain a current security status for one or more information systems or for the entire suite of information systems on which the operational mission of the enterprise depends. The process includes the development of a strategy to regularly evaluate selected IA controls/metrics, Recording and evaluating IA relevant events and the effectiveness of the enterprise in dealing with those events, Recording changes to IA controls, or changes that affect IA risks, and Publishing the current security status to enable information-sharing decisions involving the enterprise.
question
Corporate governance
answer
The system by which organizations are directed and controlled. Boards of directors are responsible for the governance of their organizations.
question
COSO
answer
Refers to the report "Internal Control—An Integrated Framework," sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.
question
Countermeasures
answer
Any process that directly reduces a threat or vulnerability
question
Credential
answer
An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person.
question
Critical Infrastructure
answer
System and assets, whether physical or virtual, so vital to a country that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.
question
Critical success factor(s) (CSF)
answer
The issues that must be resolved or the specific steps that must be completed that are essential to the achievement of an objective
question
Criticality
answer
A measure of the impact that the failure of a system to function as required will have on the organization.
question
Criticality analysis
answer
An analysis to evaluate resources or business functions to identify their importance to the organization, and the impact if a function cannot be completed or a resource is not available
question
Common vulnerabilities and exposures (CVE)
answer
The Common Vulnerabilities and Exposures or CVE system provides a reference-method for publicly known information-securityvulnerabilities and exposures. MITRE Corporation maintains the system, with funding from the National Cyber Security Division of the United States Department of Homeland Security.
question
Cost Benefit Analysis
answer
Cost-benefit analysis (CBA), sometimes called benefit-cost analysis (BCA), is a systematic process for calculating and comparing benefits and costs of a project, decision
question
Cross-Certificate
answer
A certificate used to establish a trust relationship between two Certification Authorities.
question
Critical path
answer
Critical Path Analysis (CPA) or the Critical Path Method (CPM) defines all essential tasks that must be completed in sequence as part of a project in the least possible time.
question
Culture
answer
The set of shared attitudes, values, goals, and practices that characterizes an institution or organization
question
Cryptographic Algorithm
answer
A well-defined computational procedure that takes variable inputs, including a cryptographic key, and produces an output
question
Cryptographic Strength
answer
A measure of the expected number of operations required to defeat a cryptographic mechanism.
question
Cryptography
answer
The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification.
question
Cybercops
answer
An investigator of computer-crime-related activities
question
Cyclical Redundancy Check (CRC)
answer
A method to ensure data has not been altered after being sent through a communication channel
question
Discretionary Access Control (DAC)
answer
In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria[1] "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls arediscretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject
question
Damage evaluation
answer
The determination of the extent of damage that is necessary to provide for an estimation of the recovery time frame and the potential loss to the organization
question
Data classification
answer
The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification. Levels of sensitivity of data are assigned according to predefined categories as data are created, amended, enhanced, stored or transmitted. The classification level is an indication of the value or importance of the data to the organization.
question
Data Custodian
answer
A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data.
question
Data Integrity
answer
The property that data has not been altered in an unauthorized manner. Data integrity covers data in storage, during processing, and while in transit.
question
Data Mining
answer
Data Mining is a technique used to analyze existing information, usually with the intention of pursuing new avenues to pursue business.
question
Data Owner
answer
A Data Owner is the entity having responsibility and authority for the data.
question
Data Warehousing
answer
Data Warehousing is the consolidation of several previously independent databases into one location.
question
Data Encryption Standard (DES)
answer
An algorithm for encoding binary data. It is a secret key cryptosystem published by the National Bureau of Standards (NBS), the predecessor of the US National Institute of Standards and Technology (NIST). DES and its variants has been replaced by the Advanced Encryption Standard (AES)
question
Decrypt
answer
Generic term encompassing decode and decipher
question
Data leakage
answer
Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
question
Data leak protection (DLP)
answer
A suite of technologies and associated processes that locate, monitor and protect sensitive information from unauthorized disclosure
question
Data normalization
answer
A structured process for organizing data into tables in a common form in such a way that it preserves the relationships among the data
question
Data warehouse
answer
A generic term for a system that stores, retrieves and manages large volumes of data. Data warehouse software often includes sophisticated comparison and hashing techniques for fast searches, as well as advanced filtering.
question
Decentralization
answer
The process of distributing computer processing to different locations within an organization
question
Decryption
answer
Decryption is the process of transforming an encrypted message into its original plaintext.
question
Decryption key
answer
A digital piece of information used to recover plaintext from the corresponding ciphertext by decryption
question
Defense in depth
answer
The practice of layering defenses to provide added protection. Defense in depth increases security by raising the effort needed in an attack. This strategy places multiple barriers between an attacker and an organization's computing and information resources.
question
Degauss
answer
The application of variable levels of alternating current for the purpose of demagnetizing magnetic recording media. The process involves increasing the alternating current field gradually from zero to some maximum value and back to zero, leaving a very low residue of magnetic induction on the media. Degauss loosely means: to erase.
question
Demilitarized zone (DMZ)
answer
A screened (firewalled) network segment that acts as a buffer zone between a trusted and untrusted network. A DMZ is typically used to house systems such as web servers that must be accessible from both internal networks and the Internet.
question
Denial of service (DOS)
answer
A denial-of-service attack (DoS attack) is an attempt to make a computer or network resource unavailable to its intended users by overloading the system with requests causing it to fail.
question
Disruption
answer
An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).
question
Digital certificate
answer
An electronic credential issued by a certificate authority (CA). A digital certificate binds a user's identity to a public key. It contains a user identifier, a unique serial number, valid to-from dates, usage information, a copy of the certificate holder's public key, and a thumbprint (hash) to verify integrity. The certificate is signed by the digital signature of the certificate-issuing authority so that a recipient can verify the validity of the certificate.
question
Digital code signing
answer
The process of digitally signing computer code to ensure its integrity
question
Disaster declaration
answer
The communication to appropriate internal and external parties that the disaster recovery plan is being put into operation
question
Disaster notification fee
answer
The fee the recovery site vendor charges when the customer notifies them that a disaster has occurred and the recovery site is required. The fee is implemented to discourage false disaster notifications.
question
Disaster recovery plan (DRP)
answer
A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or disaster
question
Disaster recovery plan desk checking
answer
Typically a read-through of a disaster recovery plan without any real actions taking place. It generally involves a reading of the plan, discussion of the action items and definition of any gaps that might be identified.
question
Disaster recovery plan walk-through
answer
Generally a robust test of the recovery plan requiring that some recovery activities take place and are tested. A disaster scenario is often given and the recovery teams talk through the steps they would need to take to recover. As many aspects of the plan should be tested as possible.
question
Discretionary access control (DAC)
answer
A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject.
question
Disk mirroring
answer
The practice of duplicating data in separate volumes on two hard disks to make storage more fault tolerant. Mirroring provides data protection in the case of disk failure because data are constantly updated to both disks.
question
Disk Imaging
answer
Generating a bit-for-bit copy of the original media, including free space and slack space.
question
Distributed denial of service (DDOS)
answer
A denial-of-service attack (DoS attack) is an attempt to make a computer or network resource unavailable to its intended users by overloading the system with requests from multiple sources (such as a botnet) causing it to fail.
question
Domain
answer
A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. In the Internet's domain name system, a domain is a name with which name server records are associated that describe sub-domains or host. In Windows NT and Windows 2000, a domain is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network.
question
Domain name system (DNS)
answer
A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
question
Dual control
answer
A procedure that uses two or more entities (usually persons) operating in concert to protect a system resource such that no single entity acting alone can access that resource
question
Due care
answer
The level of care expected from a reasonable person of similar competency under similar conditions
question
Due diligence
answer
The performance of those actions that are generally regarded as prudent, responsible and necessary to conduct a thorough and objective investigation, review and/or analysis
question
Dynamic host configuration protocol (DHCP)
answer
Dynamic Host Configuration Protocol is a protocol for assigning dynamic IP addresses to devices on a network. With dynamic addressing, a device can have a different IP address every time it connects to the network. In some systems, the device's IP address can even change while it is still connected. DHCP also supports a mix of static and dynamic IP addresses.
question
Electronic data exchange (EDI)
answer
Electronic data interchange (EDI) is the structured transmission of data between organizations by electronic means. It is used to transfer electronic documents or business data from one computer system to another computer system, i.e. from one trading partner to another trading partner without human intervention.
question
Electronic funds transfer (EFT)
answer
Electronic funds transfer (EFT) is the electronic exchange or transfer of money from one account to another, either within a single financial institution or across multiple institutions, through computer-based systems
question
Encryption
answer
Cryptographic transformation of data (called "plaintext") into a form (called "cipher text") that conceals the data's original meaning to prevent it from being known or used.
question
Encipher
answer
Convert plain text to cipher text by means of a cryptographic system
question
End-to-End Encryption
answer
Communications encryption in which data is encrypted when being passed through a network, but routing information remains visible.
question
End-to-End Security
answer
Safeguarding information in an information system from point of origin to point of destination.
question
Enterprise governance
answer
A set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly.
question
Enterprise Architecture (EA)
answer
The description of an enterprise's entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise's boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise's overall security posture.
question
Enterprise Risk Management
answer
The methods and processes used by an enterprise to manage risks to its mission and to establish the trust necessary for the enterprise to support shared missions. It involves the identification of mission dependencies on enterprise capabilities, the identification and prioritization of risks due to defined threats, the implementation of countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and it assesses enterprise performance against threats and adjusts countermeasures as necessary.
question
Entitlements
answer
Entitlements is the process business users manage the data that controls how policies are evaluated at runtime. They can add and delete users for applications and put those users into groups or assign them to roles. They manage sets of actions (permissions) that can be logically grouped for a particular business function. They assign those sets of actions to users or to roles defined for the application.
question
Ethernet
answer
The most widely-installed LAN technology. Specified in a standard, IEEE 802.3, an Ethernet LAN typically uses coaxial cable or special grades of twisted pair wires. Devices are connected to the cable and compete for access.
question
Event
answer
An event is an observable occurrence in a system or network.
question
Exposure
answer
The extent of the area exposed to a viable threat creating a risk. i.e Both a viable threat and a susceptible vulnerability may exist but the risk is a function of the degree of exposure.
question
External storage
answer
The location that contains the backup copies to be used in case recovery or restoration is required in the event of a disaster
question
Extranet
answer
A private network that uses Web technology, permitting the sharing of portions of an enterprise's information or operations with suppliers, vendors, partners, customers, or other enterprises.
question
Fail Safe
answer
Automatic protection of programs and/or processing systems when hardware or software failure is detected.
question
Failover
answer
The capability to switch over automatically (typically without human intervention or warning) to a redundant or standby information system upon the failure or abnormal termination of the previously active system.
question
Fall-through logic
answer
An optimized code based on a branch prediction that predicts which way a program will branch when an application is presented
question
False Positive
answer
An alert that incorrectly indicates that malicious activity is occurring
question
False Negative
answer
A lack of or incorrect alert indicating that no malicious activity is occurring
question
Federal energy regulatory commission (FERC) USA
answer
The Federal Energy Regulatory Commission (FERC) is the United States federal agency with jurisdiction over interstate electricity sales, wholesale electric rates, hydroelectric licensing,natural gas pricing, and oil pipeline rates. FERC also reviews and authorizes liquefied natural gas (LNG) terminals, interstate natural gas pipelines and non-federal hydropower projects
question
Federal financial institutions examination council (FFIEC) USA
answer
The Federal Financial Institutions Examination Council, or FFIEC, is a formal interagency body of the United States government empowered to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions by the Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), MAIC Mergers & Acquisitions International Clearing and the Consumer Financial Protection Bureau(CFPB) and to make recommendations to promote uniformity in the supervision of financial institutions.
question
File Encryption
answer
The process of encrypting individual files on a storage medium and permitting access to the encrypted data only after proper authentication is provided.
question
File Transfer Protocol (FTP)
answer
A TCP/IP protocol specifying the transfer of text or binary files across the network.
question
Financial security authority (FSA) UK
answer
The Financial Services Authority is the regulator of the financial services industry in the UK.
question
Firewall
answer
A system or combination of systems that enforces a boundary between two or more networks typically forming a barrier between a secure and an open environment such as the Internet
question
Firmware
answer
Computer programs and data stored in hardware - typically in read-only memory (ROM) or programmable read-only memory (PROM) - such that the programs and data cannot be dynamically written or modified during execution of the programs.
question
Flooding
answer
An attack that attempts to cause a failure in a system by providing more input than the system can process properly.
question
Foreign corrupt practices act (FPCA)
answer
In 1998 the United States Congress and 33 other countries acted against the bribery of foreign officials, essentially government officials in an attempt to reduce corruption and money laundering through the global financial system.
question
Forensic Copy
answer
An accurate bit-for-bit reproduction of the information contained on an electronic device or associated media, whose validity and integrity has been verified using an accepted algorithm.
question
Forensic examination
answer
The process of collecting, assessing, classifying and documenting digital evidence to assist in the identification of an offender and the method of compromise
question
Forensic Specialist
answer
A professional who locates, identifies, collects, analyzes, and examines data while preserving the integrity and maintaining a strict chain of custody of information discovered.
question
Forensics
answer
The practice of gathering, retaining, and analyzing computer-related data for investigative purposes in a manner that maintains the integrity of the data.
question
Full Disk Encryption (FDE)
answer
The process of encrypting all the data on the hard disk drive used to boot a computer, including the computer's operating system, and permitting access to the data only after successful authentication with the full disk encryption product
question
Generally accepted information security principles (GAISP)
answer
GAISP describes eight pervasive principles and fourteen practices for information security. Each of the principles applies to each of the practices.
question
Gap analysis
answer
A process used to determine the difference between and what is required to move from an existing state and the desired state.
question
Guideline
answer
A description of a particular way of accomplishing something that is less prescriptive than a procedure
question
Hardening
answer
Configuring a host's operating systems and applications to reduce the host's security weaknesses.
question
Hash Function
answer
An algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object.
question
Help desk
answer
A service offered via telephone/Internet by an organization to its clients or employees, which provides information, assistance and troubleshooting advice regarding software, hardware or networks. A help desk is staffed by people that can either resolve the problem on their own or escalate the problem to specialized personnel. A help desk is often equipped with dedicated customer relationship management (CRM) software that logs the problems and tracks them until they are solved.
question
High Availability
answer
A failover feature to ensure availability during device or component interruptions.
question
Host based Intrusion Detection System (HIDS)
answer
A host-based IDS monitors all or parts of the dynamic behavior and the state of a computer system.
question
Honeypot
answer
A specially configured server, also known as a decoy server, designed to attract and monitor intruders in a manner such that their actions do not affect production systems
question
Hot site
answer
A fully operational offsite data processing facility equipped with hardware and system software to be used in the event of a disaster
question
Hypertext Markup Language (HTML)
answer
The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.
question
Hypertext Transfer Protocol (HTTP)
answer
A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML, XML or other pages to the client browsers.
question
HTTPS
answer
A secure form of HTTP using encryption
question
Heating, ventilation and air conditioning (HVAC)
answer
The main purposes of a Heating, Ventilation, and Air-Conditioning (HVAC) system are to help maintain good indoor air quality through adequate ventilation with filtration and provide thermal protection for IT equipment
question
IA Architecture
answer
A description of the structure and behavior for an enterprise's security processes, information security systems, personnel and organizational sub-units, showing their alignment with the enterprise's mission and strategic plans.
question
IA Infrastructure
answer
The underlying security framework that lies beyond an enterprise's defined boundary, but supports its IA and IA-enabled products, its security posture and its risk management plan.
question
ICT
answer
ICT is an acronym that stands for Information Communications Technology and is largely synonymous with IT
question
Identification
answer
The process of verifying the identity of a user, process, or device, usually as a prerequisite for granting access to resources in an IT system
question
Identity
answer
A unique name of an individual person or device. Since the legal names of persons are not necessarily unique, the identity of a person must include sufficient additional information to make the complete name unique
question
Impact
answer
The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.
question
Impact analysis
answer
An impact analysis is a study to prioritize the criticality of information resources for the organization based on costs (or consequences) of adverse events. In an impact analysis, threats to assets are identified and potential business losses determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery strategy.
question
Incident
answer
An adverse event in an information system or network or the threat of the occurrence of such an event
question
Incident Handling
answer
An action plan for dealing with intrusions, cyber-theft, denial of service, fire, floods, and other security-related events. It is comprised of a six step process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned
question
Incident Management Team - IMT
answer
A team of highly trained, experienced, and credentialed people that can come together and remedy unanticipated disruptive security events
question
Incident Response Team -IRT
answer
The first responders to unanticipated disruptive events with the objective of containing damage, restoring services and investigating causes.
question
Incident Response Plan - IRP
answer
A part of business continuity planning that addresses the nature, scope, constituency and charter of the IMT and IRT as well as notification and escalation procedures. It also defines severity and declaration criteria, triage procedures, training and deployment requirements and other significant aspects of incident response.
question
Incremental Backups
answer
The backup of files that have been modified since the last backup. If dump levels are used, these backup's only backup files changed since last backup of a lower dump level.
question
Information Assurance - IA
answer
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. Synonymous with information security
question
Information Security Governance
answer
The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly
question
Information Security Program
answer
The overall combination of technical, operational and procedural measures, and management structures implemented to provide for the confidentiality, integrity and availability of information based on business requirements and risk analysis
question
Information Security
answer
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. Synonymous with Information Assurance - IA
question
Information Security Architect
answer
Individual, group, or organization responsible for ensuring that the information security requirements necessary to protect the organization's core missions and business processes are adequately addressed in all aspects of enterprise architecture including reference models, segment and solution architectures, and the resulting information systems supporting those missions and business processes.
question
Integrity
answer
The accuracy, completeness and validity of information
question
Intellectual Property
answer
Useful artistic, technical, and/or industrial information, knowledge or ideas that convey ownership and control of tangible or virtual usage and/or representation. Also known as the intangible property of value.
question
Internal controls
answer
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected
question
Internal Rate of Return (IRR)
answer
The return on an investment or project is the "annualized effective compounded return rate" or "rate of return" that makes the net present value of all cash flows (both positive and negative) from a particular investment equal to zero. Commonly used to evaluate the desirability of investments or projects.
question
Internet
answer
A term to describe connecting multiple separate networks together.
question
Internet Control Message Protocol - ICMP
answer
An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.
question
Internet Message Access Protocol (IMAP)
answer
A protocol that defines how a client should fetch mail from and return mail to a mail server. IMAP is intended as a replacement for or extension to the Post Office Protocol (POP). It is defined in RFC 1203 (v3) and RFC 2060 (v4).
question
Internet service provider (ISP)
answer
A third party that provides individuals and organizations access to the Internet and a variety of other Internet-related services
question
Interruption window
answer
The time the company can wait from the point of failure to the restoration of the minimum and critical services or applications. After this time, the progressive losses caused by the interruption are excessive for the organization.
question
Intranet
answer
A computer network, especially one based on Internet technology that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders.
question
Intrusion detection
answer
The process of monitoring the events occurring in a computer system or network to detect signs of unauthorized access or attack
question
Intrusion detection system (IDS)
answer
An IDS inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack
question
Intrusion prevention system (IPS)
answer
An IPS inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack and then blocks it at the firewall to prevent damage to information resources.
question
IP Security (IPSec)
answer
A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets
question
ISO/IEC 17799
answer
Originally released as part of the British Standard for Information Security in 1999 and then as the Code of Practice for Information Security Management in October 2000, it was elevated by the International Organization for Standardization (ISO) to an international code of practice for information security management. This standard defines information's confidentiality, integrity and availability controls in a comprehensive information security management system. The latest version is ISO/IEC 17799:2005.
question
ISO/IEC 2700
answer
An international standard, released in 2005 and revised in 2006, that defines a set of requirements for an information security management system. Prior its adoption by the ISO, this standard was known as BS 17799 Part 2, which was originally published in 1999.
question
ISO/IEC 27002
answer
A code of practice that contains a structured list of suggested information security controls for organizations implementing an information security management system. Prior to its adoption by ISO/IEC, this standard existed as BS 77799.
question
ISO/IEC 31000
answer
The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognized paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions
question
ISO/IEC 15504
answer
ISO/IEC 15504 Information technology — Process assessment, also known as SPICE (Software Process Improvement and Capability Determination), is a set of technical standards documents for the computer software development process and related business management functions
question
IT governance
answer
The responsibility of executives and the board of directors. Consists of the leadership, organizational structures and processes that ensure that the enterprise's IT sustains and extends the organization's strategies and objectives.
question
IT steering committee
answer
An executive management-level committee that assists the executive in the delivery of the IT strategy, oversees day?to?day management of IT service delivery and IT projects and focuses on implementation aspects
question
IT strategic plan
answer
A long?term plan, i.e., three? to five?year horizon, in which business and IT management cooperatively describe how IT resources will contribute to the enterprise's strategic objectives (goals)
question
IT strategy committee
answer
A committee at the level of the board of directors to ensure that the board is involved in major IT matters and decisions. The committee is primarily accountable for managing the portfolios of IT?enabled investments, IT services and other IT resources. The committee is the owner of the portfolio.
question
Kerberos
answer
A widely used authentication protocol developed at the Massachusetts Institute of Technology (MIT). In "classic" Kerberos, users share a secret password with a Key Distribution Center (KDC). The user, Alice, who wishes to communicate with another user, Bob, authenticates to the KDC and is furnished a "ticket" by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-toKDC exchange.
question
Key goal indicator (KGI)
answer
A measure that tells management, after the fact, whether an IT process has achieved its business requirements; usually expressed in terms of information criteria
question
Key Logger
answer
A program designed to record which keys are pressed on a computer keyboard used to obtain passwords or encryption keys and thus bypass other security measures.
question
Key performance indicator (KPI)
answer
A measure that determines how well the process is performing in enabling the goal to be reached. A KPI is a lead indicator of whether a goal will likely be reached, and a good indicator of capability, practices and skills. It measures an activity goal, which is an action that the process owner must take to achieve effective process performance.
question
Key risk indicator (KRI)
answer
A subset of risk indicators that are highly relevant and possess a high probability of predicting or indicating important risk
question
Keystroke Monitoring
answer
The process used to view or record both the keystrokes entered by a computer user and the computer's response during an interactive session. Keystroke monitoring is usually considered a special case of audit trails.
question
Least Privilege
answer
Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.
question
Likelihood of Occurrence
answer
In Information Assurance risk analysis, a weighted factor based on a subjective analysis of the probability that a given threat is capable of exploiting a given vulnerability.
question
Lightweight Directory Access Protocol (LDAP)
answer
A software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the public Internet or on a corporate Intranet.
question
Link Encryption
answer
Link encryption encrypts all of the data along a communications path (e.g., a satellite link, telephone circuit, or T1 line). Since link encryption also encrypts routing data, communications nodes need to decrypt the data to continue routing.
question
Local area network
answer
A local area network (LAN) is a computer network that interconnects computers in a limited area such as a home, school, computer laboratory, or office building using network media.[1] The defining characteristics of LANs, in contrast to wide area networks (WANs), include their usually higher data-transfer rates, smaller geographic area, and lack of a need for leased telecommunication lines
question
Local Registration Authority (LRA)
answer
A Registration Authority with responsibility for a local community in a PKI-enabled environment.
question
Logic Bomb
answer
A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
question
Media Access Control (MAC) Address
answer
A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.
question
Mail relay server
answer
An e-mail server that relays messages so that neither the sender nor the recipient is a local user
question
Malicious Code
answer
Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.
question
Malware
answer
A generic term for a number of different types of malicious code.
question
Mandatory access control (MAC)
answer
A means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf.
question
Man-in-the-middle Attack (MitM)
answer
An attack on the authentication protocol run in which the attacker positions himself in between the claimant and verifier so that he can intercept and alter data traveling between them.
question
Masqueraders
answer
Attackers that penetrate systems by using the identity of legitimate users and their login credentials
question
Maximum tolerable outages (MTO)
answer
Maximum time the organization can support processing in alternate mode
question
Message Authentication Code
answer
An ANSI standard checksum that is computed using the Data Encryption Standard (DES)
question
Message Digest
answer
A cryptographic checksum, typically generated for a file that can be used to detect changes to the file; Secure Hash Algorithm-1 (SHA-1) is an example of a message digest algorithm.
question
Metric
answer
A measure from one or more points of reference
question
Maximum tolerable outage (MTO)
answer
The maximum time that the organization can support processing in the alternate mode
question
Mirrored site
answer
An alternate site that contains the same information as the original. Mirror sites are set up for backup and disaster recovery as well as to balance the traffic load for numerous download requests. Such download mirrors are often placed in different locations throughout the Internet.
question
Mobile site
answer
The use of a mobile/temporary facility to serve as a business resumption location. They can usually be delivered to any site and can house information technology and staff.
question
Monitoring policy
answer
Rules outlining or delineating the way in which information about the use of computers, networks, applications and information is captured and interpreted.
question
Multipurpose internet mail extension (MIME)
answer
A specification for formatting non-ASCII messages so that they can be sent over the Internet. Many e-mail clients now support MIME, which enables them to send and receive graphics, audio, and video files via the Internet mail system. In addition, MIME supports messages in character sets other than ASCII.
question
Naming Authority
answer
An organizational entity responsible for assigning distinguished names (DNs) and for assuring that each DN is meaningful and unique within its domain.
question
Need-To-Know
answer
A method of isolating information resources based on a user's need to have access to that resource in order to perform their job but no more. The terms 'need-to know" and "least privilege" express the same idea. Need-to-know is generally applied to people, while least privilege is generally applied to processes.
question
Net present value (NPV)
answer
The discounted value of an investment's cash inflows minus the discounted value of its cash outflows. To be adequately profitable, an investment should have a net present value greater than zero
question
Network address translation (NAT)
answer
Basic NATs are used when there is a requirement to interconnect two IP networks with incompatible addressing. However it is common to hide an entire IP address space, usually consisting of private IP addresses, behind a single IP address (or in some cases a small group of IP addresses) in another (usually public) address space. To avoid ambiguity in the handling of returned packets, a one-to-many NAT must alter higher level information such as TCP/UDP ports in outgoing communications and must maintain a translation table so that return packets can be correctly translated back
question
Network based intrusion detection (NIDs)
answer
Network based intrusion detection provides broader coverage than host based approaches but functions in the same manner detecting attacks using either an anomaly based or signature based approach or both.
question
Nonce
answer
A value used in security protocols that is never repeated with the same key. For example, challenges used in challenge-response authentication protocols generally must not be repeated until authentication keys are changed, or there is a possibility of a replay attack. Using a nonce as a challenge is a different requirement than a random challenge, because a nonce is not necessarily unpredictable.
question
Nonintrusive monitoring
answer
The use of transported probes or traces to assemble information, track traffic and identify vulnerabilities
question
Nonrepudiation
answer
The assurance that a party cannot later deny originating data; that is, it is the provision of proof of the integrity and origin of the data and can be verified by a third party. A digital signature can provide nonrepudiation.
question
Organization for Economic Cooperation and Development (OECD)
answer
The Organization for Economic Co-operation and Development (OECD, French:Organisation de coopération et de développement économiques, OCDE) is an international economic organisation of 34 countries founded in 1961 to stimulate economic progress and world trade. It is a forum of countries committed to democracy and the market economy, providing a platform to compare policy experiences, seek answers to common problems, identify good practices, and co-ordinate domestic and international policies of its members
question
Offline files
answer
Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
question
Open Shortest Path First (OSPF)
answer
A routing protocol developed for IP networks. It is based on the shortest path first or link state algorithm.
question
Open Source Security Testing Methodology
answer
An open and freely available methodology and manual for security testing
question
Open systems interconnection* (OSI)
answer
The main idea of the OSI model is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. OSI divides telecommunication into seven layers. The layers are in two groups. The upper four layers are used whenever a message passes from or to a user. The lower three layers (up to the network layer) are used when any message passes through the host computer or router. Each communicating user or program is at a computer equipped with these seven layers of function. The actual programming and hardware that furnishes these seven layers of function is usually a combination of the computer operating system, applications (such as your Web browser), TCP/IP or alternative transport and network protocols, and the software and hardware that enable you to put a signal on one of the lines attached to your computer.
question
OSI Layer 1
answer
The physical layer...This layer conveys the bit stream through the network at the electrical and mechanical level. It provides the hardware means of sending and receiving data on a carrier.
question
OSI Layer 2
answer
The data-link layer...This layer provides synchronization for the physical level and does bit-stuffing for strings of 1's in excess of 5. It furnishes transmission protocol knowledge and management.
question
OSI Layer 3
answer
The network layer...This layer handles the routing of the data (sending it in the right direction to the right destination on outgoing transmissions and receiving incoming transmissions at the packet level). The network layer does routing and forwarding.
question
OSI Layer 4
answer
The transport layer...This layer manages the end-to-end control (for example, determining whether all packets have arrived) and error-checking. It ensures complete data transfer.
question
OSI Layer 5
answer
The session layer...This layer sets up, coordinates, and terminates conversations, exchanges, and dialogs between the applications at each end. It deals with session and connection coordination.
question
OSI Layer 6
answer
The presentation layer...This is a layer, usually part of an operating system, that converts incoming and outgoing data from one presentation format to another (for example, from a text stream into a popup window with the newly arrived text). Sometimes called the syntax layer.
question
OSI Layer 7
answer
The application layer...This is the layer at which communication partners are identified, quality of service is identified, user authentication and privacy are considered, and any constraints on data syntax are identified. (This layer is not the application itself, although some applications may perform application layer functions.)
question
Operations Security (OPSEC)
answer
Systematic and proven process by which potential adversaries can be denied information about capabilities and intentions by identifying, controlling, and protecting generally unclassified evidence of the planning and execution of sensitive activities. The process involves five steps: identification of critical information, analysis of threats, analysis of vulnerabilities, assessment of risk, remediation.
question
Outcome measure
answer
Represents the consequences of actions previously taken and is often referred to as a lag indicator. An outcome measure frequently focuses on results at the end of a time period and characterizes historical performance. Also referred to as a key goal indicator (KGI) and used to indicate whether goals have been met. Can be measured only after the fact and, therefore, is called a lag indicator.
question
Packet
answer
A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.
question
Packet filtering
answer
Controlling access to a network by analyzing the attributes of the incoming and outgoing packets, and either letting them pass or denying them based on a list of rules
question
Packet Sniffer
answer
Software that observes and records network traffic.
question
Packet Switched Network
answer
A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.
question
Partitions
answer
Major divisions of the total physical hard disk space.
question
Password Authentication Protocol (PAP)
answer
Password Authentication Protocol is a simple, weak authentication mechanism where a user enters the password and it is then sent across the network, usually in the clear.
question
Password Cracking
answer
Password cracking is the process of attempting to guess passwords, given the password file information.
question
Password Sniffing
answer
Passive wiretapping, usually on a local area network, to gain knowledge of passwords.
question
Patch
answer
A patch is a small update released by a software manufacturer to fix bugs in existing programs.
question
Patching
answer
Patching is the process of updating software to a different version.
question
Patch Management
answer
The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions. These revisions are known as patches, hot fixes, and service packs.
question
Passive response
answer
A response option in intrusion detection in which the system simply reports and records the problem detected, relying on the user to take subsequent action
question
Password cracker
answer
A tool that tests the strength of user passwords searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries and often also by generating thousands (and, in some cases, even millions) of permutations of characters, numbers and symbols
question
Payment card industry (PCI)
answer
The term is specifically used to refer to the Payment Card Industry Security Standards Council, a council originally formed by American Express, Discover Financial Services, JCB, MasterCard Worldwide and Visa International on Sept. 7, 2006, with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard. The council itself claims to be independent of the various card vendors that make up the council.
question
Payment card industry data security standard (PCI-DSS)
answer
The PCI Council formed a body of security standards known as the PCI Data Security Standards, (PCI DSS), and these standards consist of 12 significant requirements including multiple sub-requirements which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines
question
Penetration testing
answer
A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
question
Personally Identifiable Information (PII)
answer
Information which can be used to distinguish or trace an individual's identity, such as their name, social security number, biometric records, etc., alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother's maiden name, etc.
question
Pharming
answer
This is a more sophisticated form of MITM attack. A user's session is redirected to a masquerading website. This can be achieved by corrupting a DNS server on the Internet and pointing a URL to the masquerading website's IP. Almost all users use a URL like www.worldbank.com instead of the real IP (192.86.99.140) of the website. Changing the pointers on a DNS server, the URL can be redirected to send traffic to the IP of the pseudo website. At the pseudo website, transactions can be mimicked and information like login credentials can be gathered. With this the attacker can access the real www.worldbank.com site and conduct transactions using the credentials of a valid user on that website.
question
Phishing
answer
The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. Typically the e-mail and the web site looks like they are part of a bank the user is doing business with.
question
Port Scanning
answer
Using a program to remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).
question
Plan-do-check-act (PDCA)
answer
PDCA (plan-do-check-act or plan-do-check-adjust) is an iterative four-step management method used in business for the control and continuous improvement of processes and products. It is also known as the Deming circle/cycle/wheel, Shewhart cycle, control circle/cycle, or plan-do-study-act (PDSA).
question
Policies
answer
High-level statements of management intent and direction
question
Port
answer
A hardware interface between a CPU and a peripheral device. Can also refer to a software (virtual) convention that allows remote services to connect to a host operating system in a structured manner
question
Port Scan
answer
A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses. Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness.
question
Post Office Protocol, Version 3 (POP3)
answer
An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client
question
Protocol
answer
A formal specification for communicating; an IP address the special set of rules that end points in a telecommunication connection use when they communicate. Protocols exist at several levels in a telecommunication connection.
question
Privacy
answer
Freedom from unauthorized intrusion or disclosure of information about individuals
question
Private Key
answer
The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data in a PKI.
question
Privileged Accounts
answer
Individuals who have access to set "access rights" for users on a given system. Sometimes referred to as system or network administrative accounts.
question
Procedures
answer
A detailed description of the steps necessary to perform specific operations in conformance with applicable standards
question
Proxy
answer
A proxy is an application that "breaks" the connection between client and server. The proxy accepts certain types of traffic entering or leaving a network and processes it and forwards it. This effectively closes the straight path between the internal and external networks making it more difficult for an attacker to obtain internal addresses and other details of the organization's internal network. Proxy servers are available for common Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used for email.
question
Proxy server
answer
A server that acts on behalf of a user. Typically proxies accept a connection from a user, make a decision as to whether or not the user or client IP address is permitted to use the proxy, perhaps perform additional authentication, and then complete a connection to a remote destination on behalf of the user.
question
Proximity factors
answer
The distance from potential hazards, which can include flooding risk from nearby waterways, hazardous material manufacturing or storage, or other situations that may pose a risk to the operation of a recovery
question
Public Key
answer
The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data in a PKI
question
Public key infrastructure (PKI)
answer
The framework and services that provide for the generation, production, distribution, control, accounting, and destruction of public key certificates. Components include the personnel, policies, processes, server platforms, software, and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, recover, and revoke public key certificates.
question
Quality assurance (QA)
answer
A process for testing to ensure specifications are met
question
Red Team
answer
A group of people authorized and organized to emulate a potential adversary's attack or exploitation capabilities against an enterprise's security posture. The Red Team's objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment.
question
Relying Party
answer
An entity that relies upon the subscriber's credentials, typically to process a transaction or grant access to information or a system typically in a PKI.
question
Remediation
answer
The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application.
question
Reciprocal agreement
answer
Emergency processing agreements among two or more organizations with similar equipment or applications. Typically, participants promise to provide processing time to each other when an emergency arises.
question
Recovery action
answer
Execution of a response or task according to a written procedure
question
Recovery point objective (RPO)
answer
Determined based on the acceptable data loss in case of a disruption of operations. Indicates the earliest point in time to which it is acceptable to recover data. Effectively quantifies the permissible amount of data loss in case of interruption i.e. the last point of known good data
question
Recovery time objective (RTO)
answer
The amount of time allowed for the recovery of a business function or resource after a disaster occurs
question
Redundant Array of Inexpensive Disks (RAID)
answer
A technology that provides performance improvements and fault-tolerant capabilities, via hardware or software solutions, by writing to a series of multiple disks to improve performance and save large files simultaneously
question
Redundant site
answer
A recovery strategy involving the duplication of key information technology components, including data or other key business processes, whereby fast recovery can take place
question
Registration Authority
answer
A trusted entity that establishes and vouches for the identity of a subscriber to a CSP i.e binds physical identity to a logical identity such as a certificate. The RA may be an integral part of a CSP, or it may be independent of a CSP, but it has a relationship to the CSP(s)
question
Request for proposal (RFP)
answer
A request for proposal (RFP) is issued at an early stage in a procurement process, where an invitation is presented for suppliers, often through a bidding process, to submit a proposal on a specific commodity or service. The RFP process brings structure to the procurement decision and is meant to allow the risks and benefits to be identified clearly up front. The RFP may dictate to varying degrees the exact structure and format of the supplier's response. Effective RFPs typically reflect the strategy and short/long-term business objectives, providing detailed insight upon which suppliers will be able to offer a matching perspective
question
Replay Attacks
answer
An attack that involves the capture of transmitted authentication or access control information and its subsequent retransmission with the intent of producing an unauthorized effect or gaining unauthorized access.
question
Residual risk
answer
The remaining risk after management has implemented risk response
question
Resilience
answer
The ability of a system or network to resist failure or to recover quickly from any disruption, usually with minimal recognizable effect
question
Return on investment (ROI)
answer
A measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered
question
Return on security investment (ROSI)
answer
An estimate of return on security investment based on how much will be saved by reduced losses divided by the investment.
question
Risk
answer
The combination of the probability of an event and its consequence. (ISO/IEC 73). Risk has traditionally been expressed as Threats X Vulnerabilities = Risk.
question
Risk assessment
answer
A process used to identify and evaluate risk and potential effects. Risk assessment includes assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event.
question
Risk avoidance
answer
The process for systematically avoiding risk, constituting one approach to managing risk
question
Risk mitigation
answer
The management and reduction of risk through the use of countermeasures and controls
question
Risk Tolerance
answer
The acceptable level of deviation from acceptable risk
question
Risk transfer
answer
The process of assigning risk to another organization, usually through the purchase of an insurance policy or outsourcing the service
question
Robustness
answer
The extent of the ability of systems to withstand attack; system strength. The ability of an Information Assurance entity to operate correctly and reliably across a wide range of operational conditions, and to fail gracefully outside of that operational range.
question
Role Based Access Control
answer
Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.
question
Root
answer
Root is the name of the administrator account in Unix systems.
question
Router
answer
Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.
question
Root cause analysis
answer
Process of diagnosis to establish origins of events, which can be used for learning from consequences, typically of errors and problems
question
Rootkit
answer
A rootkit is a set of software tools intended to conceal running processes, files or system data from the operating system. Rootkits have their origin in benign applications, but have been used increasingly by malware to help intruders maintain access to systems while avoiding detection. Rootkits exist for a variety of operating systems such as Microsoft Windows, Linux and Solaris. Rootkits often modify parts of the operating system or install themselves as drivers or kernel modules.
question
Secret key
answer
A cryptographic key that is used with a secret key (symmetric) cryptographic algorithm, that is uniquely associated with one or more entities and is not made public. The same key is used to both encrypt and decrypt data. The use of the term "secret" in this context does not imply a classification level, but rather implies the need to protect the key from disclosure.
question
Secure Hash Algorithm (SHA)
answer
A hash algorithm with the property that is computationally infeasible 1) to find a message that corresponds to a given message digest, or 2) to find two different messages that produce the same message digest.
question
Security Attribute
answer
A security-related quality of an object. Security attributes may be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes.
question
Security metrics
answer
A standard of measurement from one or more reference points used in management of security-related activities
question
Security information and event management (SIEM)
answer
Security Information and Event Management (SIEM) solutions are a combination of the formerly disparate product categories of SIM (security information management) and SEM (security event management). SIEM technology provides real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances or managed services, and are also used to log security data and generate reports for compliance purposes.
question
SIEM Data Aggregation
answer
SIEM/LM (log management) solutions aggregate data from many sources, including network, security, servers, databases, applications, providing the ability to consolidate monitored data to help avoid missing crucial events.
question
SIEM Correlation
answer
The analysis of events for common attributes to link events together into meaningful bundles. This technology provides the ability to perform a variety of correlation techniques to integrate different sources, in order to turn data into useful information.
question
SIEM Alerting
answer
The automated analysis of correlated events and production of alerts, to notify recipients of immediate issues.
question
SIEM Dashboards
answer
SIEM/LM tools take event data and turn it into informational charts to assist in seeing patterns, or identifying activity that is not forming a standard pattern.
question
SIEM Compliance
answer
SIEM applications can be employed to automate the gathering of compliance data, producing reports that adapt to existing security, governance and auditing processes.
question
SIEM Retention
answer
SIEM/SIM solutions employ long-term storage of historical data to facilitate correlation of data over time, and to provide the retention necessary for compliance requirements.
question
Security Posture
answer
The security status of an enterprise's networks, information, and systems based on IA resources (e.g., people, hardware, software, policies) and capabilities in place to manage the defense of the enterprise and to react as the situation changes.
question
Sensitivity
answer
A measure of the impact that improper disclosure of information may have on an organization
question
Separation of Duties
answer
Separation of duties is the principle of splitting privileges among multiple individuals or systems to reduce risk of fraud or other malfeasance
question
Session Key
answer
In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.
question
Service delivery objective (SDO)
answer
Directly related to business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.
question
Service level agreement (SLA)
answer
An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured
question
Shell programming
answer
A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution and printing text. Usually, shell script refers to scripts written for a Unix shell, while COMMAND.COM (DOS) and cmd.exe (Windows) command line scripts are usually called batch files. Many shell script interpreters double as command line interface such as the various Unix shells, Windows PowerShell or the MS-DOS COMMAND.COM. Others, such as AppleScript, add scripting capability to computing environments lacking a command line interface. Other examples of programming languages primarily intended for shell scripting include digital command language (DCL) and job control language (JCL).
question
Secure multipurpose internet mail extension (S/MIME)
answer
(Secure/Multipurpose Internet Mail Extensions is a standard for public key encryption and signing of MIME data.
question
Skimming
answer
The unauthorized use of a reader to read tags without the authorization or knowledge of the tag's owner or the individual in possession of the tag.
question
Smart Card
answer
A credit card-sized card with embedded integrated circuits that can store, process, and communicate information.
question
Sniffing
answer
The process by which data traversing a network are captured or monitored
question
Social engineering
answer
An attack based on deceiving users or administrators at the target site into revealing confidential or sensitive information
question
Specification
answer
An assessment object that includes document-based artifacts (e.g., policies, procedures, plans, system security requirements, functional specifications, and architectural designs) associated with an information system.
question
Split knowledge /split key
answer
A security technique in which two or more entities separately hold data items that individually convey no knowledge of the information that results from combining the items; a condition under which two or more entities separately have key components that individually convey no knowledge of the plaintext key that will be produced when the key components are combined in the cryptographic module.
question
Spoofing
answer
Faking the sending address of a transmission in order to gain illegal entry into a secure system
question
Secure shell (SSH)
answer
Secure Shell (SSH) is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network.
question
Security steering group (SSG)
answer
The SSG is generally charged with incident management and response organization and oversight.
question
Single sign-on (SSO)
answer
SSO is a process to allow access to numerous systems using one set of authentication credentials.
question
Spyware
answer
Software that is secretly or surreptitiously installed into an information system to gather information on individuals or organizations without their knowledge; a type of malicious code.
question
Structured query language (SQL)
answer
Structured Query Language) is a programming language designed for managing data in relational database management systems
question
Standard
answer
An internal mandatory requirement defining allowable boundaries of people, processes and technologies or a specification approved by a recognized external standards organization, such as ISO
question
Standard operation procedure (SOP)
answer
An SOP is a written document or instruction detailing all steps and activities of a process or procedure. ISO 9001 essentially requires the documentation of all procedures used in any manufacturing process that could affect the quality of the product or service.
question
Steganography
answer
The art and science of communicating in a way that hides the existence of the communication. For example, a secret documentcan be hidden inside another graphic image file, audio file, or other file format.
question
Supervisory control and data acquisition (SCADA)
answer
A generic name for a computerized system that is capable of gathering and processing data and applying operational controls over long distances. Typical uses include power transmission and distribution and pipeline systems. SCADA was designed for the unique communication challenges (delays, data integrity, etc.) posed by the various media that must be used, such as phone lines, microwave, and satellite. Usually shared rather than dedicated.
question
Supply Chain
answer
A system of organizations, people, activities, information, and resources, possibly international in scope, that provides products or services to consumers
question
System development life cycle (SDLC)
answer
The scope of activities associated with a system, encompassing the system's initiation, development and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation.
question
Symmetric Cryptography
answer
A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). Symmetric cryptography is sometimes called "secret-key cryptography" (versus public-key cryptography) because the entities that share the key.
question
Symmetric Key
answer
A cryptographic key that is used in a symmetric cryptographic algorithm. Also called a secret key based on the notion of a shared secret.
question
System Owner
answer
Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.
question
Technical Controls
answer
The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system.
question
Threat
answer
Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm. A potential cause of an unwanted incident. (ISO/IEC 13335)
question
Threat agent
answer
Methods and things used to exploit a vulnerability. Examples include determination, capability, motive and resources.
question
Threat analysis
answer
An evaluation of the type, scope and nature of events or actions that can result in adverse consequences; identification of the threats that exist against information assets and information technology. The threat analysis usually also defines the level of threat and the likelihood of it materializing.
question
Threat event
answer
Any event where a threat element/actor acts against an asset in a manner that has the potential to directly result in harm
question
Threat Assessment
answer
A threat assessment is the identification of types of threats that an organization might be exposed to.
question
Threat Model
answer
A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.
question
Threat Vector
answer
The method a threat uses to get to the target.
question
Transport Layer Security (TLS)
answer
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.
question
Token
answer
Something that the claimant possesses and controls (typically a key or password) used to authenticate the claimant's identity.
question
Token-Based Access Control
answer
Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)
question
Token-Based Devices
answer
A token-based device is triggered by the time of day, so every minute the password changes, requiring the user to have the token with them when they log in.
question
Topology
answer
The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. Note 1: Two networks have the same topology if the connection configuration is the same, although the networks may differ in physical interconnections, distances between nodes, transmission rates, and/or signal types.
question
Total cost of ownership (TCO)
answer
The computation of all costs related to acquisition, deployment, training, testing, maintenance, and end of life costs.
question
Transmission control protocol (TCP)
answer
The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol (IP), and therefore the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. TCP is the protocol that major Internet applications such as the World Wide Web, email, remote administration and file transfer rely on
question
Transmission control protocol/ internet protocol (TCP/IP)
answer
IP is one of the core protocols of the Internet protocol suite and combined with TCP is referred to as TCP/IP
question
Transport Layer Security (TLS) and Secure sockets layer (SSL)
answer
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet.[1] TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity.
question
Trojan horse
answer
A Trojan horse, or Trojan, is a standalone malicious program which may give full control of infected PC to another PC[1]. It may also perform typical computer virus activities. Trojan horses may make copies of themselves, steal information, or harm their host computer systems.
question
Two-factor authentication
answer
The use of two independent mechanisms for authentication, for example, requiring a smart card and a password. Typically the combination of something you know, are or have.
question
Trusted Computer System
answer
A system that employs sufficient hardware and software assurance measures to allow its use for processing simultaneously a range of sensitive or classified information.
question
Trusted Computing Base (TCB)
answer
Totality of protection mechanisms within a computer system, including hardware, firmware, and software,
question
Tunneling
answer
Technology enabling one network to send its data via another network's connections. Tunneling works by encapsulating a network protocol within packets carried by the second network.
question
Unauthorized Access
answer
A person gains logical or physical access without permission to a network, system, application, data, or other IT resource. Any access that violates the stated security policy.
question
Unauthorized Disclosure
answer
An event involving the exposure of information to entities not authorized access to the information.
question
Uniform Resource Locator (URL)
answer
The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. For example, http://www.pcwebopedia.com/index.html.
question
Unix
answer
A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. Created by just a handful of programmers, Unix was designed to be a small, flexible system used exclusively by programmers.
question
User datagram protocol (UDP)
answer
The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths.
question
Uninterruptable power supply (UPS)
answer
UPS is typically battery power converted to standard AC operating current using an inverter. It is designed to automatically supply power in the event the primary source fails.
question
Validation
answer
The process of demonstrating that the system under consideration meets in all respects the specification of that system.
question
Value at risk (VAR)
answer
VAR computes the probability of the maximum loss at a 95 or 99% certainty over a defined period based on historical information and exercising all the variables using Monte Carlo simulations. While primarily used in financial analysis, it has been shown to have significant potential value in generally managing risk.
question
Virtual Machine (VM)
answer
Software that allows a single host to run one or more guest operating systems.
question
Virtual private network (VPN)
answer
A secure private network that uses the public telecommunications infrastructure to transmit data. In contrast to a much more expensive system of owned or leased lines that can only be used by one company, VPNs are used by enterprises for both extranets and wide areas of intranets. Using encryption and authentication, a VPN encrypts all data that pass between two Internet points, maintaining privacy and security.
question
Virus signature files
answer
The file of virus patterns that are compared with existing files to determine if they are infected with a virus or worm
question
Voice over IP (VOIP)
answer
Voice over IP (VoIP) commonly refers to the communication protocols, technologies, methodologies, and transmission techniques involved in the delivery of voice communications and multimedia sessions over Internet Protocol (IP) networks, such as the Internet
question
Vulnerability
answer
A weakness in the design, implementation, operation or internal controls in a process that could be exploited to violate system security
question
Vulnerability analysis
answer
Process of identifying and classifying vulnerabilities
question
Warm site
answer
A warm site is similar to a hot site; however, a warm site is not fully equipped with all necessary hardware needed for recovery.
question
Web hosting
answer
The business of providing the equipment and services required to host and maintain files for one or more web sites, and provide fast Internet connections to those sites. Most hosting is "shared," which means that web sites of multiple companies are on the same server to share/reduce costs.
question
Web server
answer
Using the client-server model and the World Wide Web's Hypertext Transfer Protocol (HTTP), Web server is a software program that serves web pages to users.
question
Wide area network (WAN)
answer
A Wide Area Network (WAN) is a telecommunication network that covers a broad area (i.e., any network that links across metropolitan, regional, or national boundaries).
question
Wiki
answer
Web applications or similar tools that allow identifiable users to add content (as in an Internet forum) and allow anyone to edit that content collectively.
question
Wired Equivalent Privacy (WEP)
answer
A security protocol, specified in the IEEE 802.11 standard, that is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. WEP is no longer considered a viable encryption mechanism due to known weaknesses.
question
Wireless Access Point (WAP)
answer
A device that acts as a conduit to connect wireless communication devices together to allow them to communicate and create a wireless network.
question
Worm
answer
A programmed network attack in which a self-replicating program does not attach itself to programs, but rather spreads independently of users' actions
question
Wi-Fi Protected Access 2 (WPA2)
answer
The follow on security method to WPA for wireless networks that provides stronger data protection and network access control. It provides enterprise and consumer Wi-Fi users with a high level of assurance that only authorized users can access their wireless networks. Based on the ratified IEEE 802.11i standard, WPA2 provides government grade security by implementing the National Institute of Standards and Technology (NIST) FIPS 140-2 compliant AES encryption algorithm and 802.1X-based authentication
question
Cryptographic Hash Function
answer
A function that maps a bit string of arbitrary length to a fixed length bit string. Approved hash functions satisfy the following properties: 1. (One-way) It is computationally infeasible to find any input which maps to any pre-specified output, and 2. (Collision resistant) It is computationally infeasible to find any two distinct inputs that map to the same output.
question
Governance
answer
Process that ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved. Process also monitors performance and compliance to objectives.