Term
| Acceptable Use Policy (AUP) |
|
Definition
| A policy that defines the actions users may perform while accessing systems and networking equipment |
|
|
Term
|
Definition
| Cryptography in which a pair of keys is used to encrypt and decrypt a message so that it arrives securely |
|
|
Term
|
Definition
| A public key is used to encrypt a message but only the person that has the private key may be able to decrypt the message |
|
|
Term
|
Definition
| Being the person you claim to be |
|
|
Term
|
Definition
| Security actions that ensure that data is accessible to authorized users |
|
|
Term
|
Definition
| A trust model with one CA that acts as a facilitator to interconnect all other CAs |
|
|
Term
| Certificate authority (CA) |
|
Definition
| A trusted third-party agency that is responsible for issuing digital certificates |
|
|
Term
|
Definition
| A process of documentation that shows that evidence was under strict control at all times and no unauthorized individuals were given the opportunity to corrupt the evidence |
|
|
Term
|
Definition
|
|
Term
|
Definition
| A remote site that provides office space; the customer must provide and install all the equipment needed to continue operations |
|
|
Term
|
Definition
| Using technology to search computer evidence of crime |
|
|
Term
|
Definition
| Security actions that ensure only authorized parties can view information |
|
|
Term
|
Definition
| The science of transforming information into a secure form while it is being transmitted or stored so that unauthorized persons cannot access it |
|
|
Term
|
Definition
| The process of changing ciphertext into plaintext |
|
|
Term
|
Definition
| A technology used to associate a user's identity to a public key, in which the user's public key is "digitally signed" by a trusted third party |
|
|
Term
|
Definition
| A mathematical scheme for demonstrating the authenticity of a digital message or document |
|
|
Term
|
Definition
| The procedures and processes for recovering an organization's IT operations fallowing a disaster |
|
|
Term
|
Definition
| A trust model that has multiple CAs that sign a digital certificate |
|
|
Term
| Encrypted File System (EFS) |
|
Definition
| A Windows feature that allows files to be transparently encrypted to protect confidential data from attackers with physical access to the computer |
|
|
Term
|
Definition
| The process of changing plaintext into ciphertext |
|
|
Term
|
Definition
| A metallic enclosure that prevents the entry or escape of an electromagnetic field |
|
|
Term
|
Definition
| The process for creating a unique digital fingerprint signature for a set of data |
|
|
Term
|
Definition
| A trust model that has a single hierarchy with one master CA |
|
|
Term
|
Definition
| A duplicate of the production site that has all the equipment needed for an organization to continue running, including office space and furniture, telephone jacks, computer equipment, and a live telecommunications link |
|
|
Term
|
Definition
| Security actions that ensure that the information is correct and no unauthorized person or malicious person or software have altered the data |
|
|
Term
|
Definition
| A set of protocols developed to support the secure exchange of packets |
|
|
Term
|
Definition
| A highly trusted person responsible for recovering lost or damaged digital certificates |
|
|
Term
|
Definition
| The process of proving a user performed an action |
|
|
Term
|
Definition
| A test by an outsider to actually to exploit any weaknesses in systems that are vulnerable |
|
|
Term
|
Definition
| A number greater than 1 that has no positive divisors other than 1 and itself |
|
|
Term
|
Definition
| a policy that outlines how the organization uses personal information it collects |
|
|
Term
|
Definition
| An asymmetric encryption key that does have to be protected |
|
|
Term
|
Definition
| An asymmetric encryption key that does not have to be protected |
|
|
Term
| Public Key Infrastructure (PKI) |
|
Definition
| A framework for all the entries involved in digital certificates for digital certificate management |
|
|
Term
| Registration Authority (RA) |
|
Definition
| A subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users |
|
|
Term
|
Definition
| The likelihood that a threat agent will exploit the vulnerability |
|
|
Term
|
Definition
| The assessment of exploits from vulnerabilities |
|
|
Term
|
Definition
| A document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure |
|
|
Term
|
Definition
| A means of gathering information for an attack relying on the weakness of individuals |
|
|
Term
|
Definition
| Grouping individuals and organizations into clusters or groups based on a like affiliation |
|
|
Term
|
Definition
| A UNIX-based command interface and protocol for securely accessing a computer |
|
|
Term
|
Definition
| Hiding the existence of data within a text, audio, image, or video file |
|
|
Term
|
Definition
| Determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees |
|
|
Term
|
Definition
| Encryption that uses a single key to encrypt and decrypt a message |
|
|
Term
|
Definition
| They key used to both encrypt and decrypt a message |
|
|
Term
|
Definition
| A trust model in which two individuals trust each other because each individually trusts a third-party |
|
|
Term
|
Definition
| A type of action that has the potential to cause harm |
|
|
Term
| Trusted Platform Module (TPM) |
|
Definition
| A chip on a motherboard of the computer that provides cryptographic services |
|
|
Term
| Uninterruptible Power Supply |
|
Definition
| An electrical apparatus that provides emergency power to a load when the input power source fails |
|
|
Term
|
Definition
| The process of eavesdropping on the contents of a CRT or LCD display by detecting its electromagnetic emissions |
|
|
Term
|
Definition
| A flaw or weakness that allows a threat agent to bypass security |
|
|
Term
|
Definition
| A remote site that contains computer equipment but does not have active Internet or telecommunication facilities, and does not have backups of data |
|
|
