Term
|
Definition
| Ensures that resources are only granted to those users who are entitled to them |
|
|
Term
|
Definition
| The process of collecting all the legitimate account names on a system. |
|
|
Term
| Advanced Encryption Standard (AES) |
|
Definition
| An encryption standard being developed by NIST. Intended to specify an unclassified, publicly-disclosed, symmetric encryption algorithm. |
|
|
Term
|
Definition
| A finite set of step by step instructions for a probem solving or computation procedure especially one that can be implemented by a computer |
|
|
Term
|
Definition
| Public key cryptography; a modern branch of cryptography in which the algorithms employ a pair of keys and use a different component of the pair for different steps in the algorithm |
|
|
Term
|
Definition
| process of confirming the correctness of the claimed identity |
|
|
Term
|
Definition
| validity and conformance of the original information |
|
|
Term
|
Definition
| approval permission or empowerment for someone or something to do something |
|
|
Term
|
Definition
| need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it |
|
|
Term
|
Definition
| simplest web based authentication scheme that works by sending the username and password |
|
|
Term
|
Definition
| hardened in anticipation of vulnerabilities that havent been discovered |
|
|
Term
|
Definition
| algorithm that encrypts one block of data at a time |
|
|
Term
|
Definition
| process which tries to store more data in a temp data storage area than it was intended to hold |
|
|
Term
| business continuity plan BCP |
|
Definition
| the plan for emergency response, backup operations, post disaster recovery steps that will ensure the availability of critical resources |
|
|
Term
|
Definition
| mathematical and functional analysis of a cryptographic system in order break or circumvent encryption |
|
|
Term
|
Definition
| perimeter network is a network area (subnetwork) that sits between an organizations internal network and an external network, usually the internet |
|
|
Term
|
Definition
| filtering outbound traffic |
|
|
Term
|
Definition
| algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object |
|
|
Term
|
Definition
|
|
Term
|
Definition
| ticket system that depends on passwords and symmetric cryptography (des) for identity authentication |
|
|
Term
|
Definition
| allowing users or applications the least amount of permisions necessary to perform intended function |
|
|
Term
|
Definition
| function which is easy to computer the output based on a given input yet given only the output value it is nearly impossible to figure out what the value is |
|
|
Term
|
Definition
| process of testing the external perimeter security of a network or facility |
|
|
Term
|
Definition
| product of the level of threat with the level of vulnerability a way to rate the likelihood of a successful attack |
|
|
Term
|
Definition
| process of detecting and defeating the use of steganography |
|
|
Term
|
Definition
| methods of hiding the existence of a message or other data |
|
|
Term
|
Definition
| encryption process that works single bit byte or computer word at a time |
|
|
Term
|
Definition
| cryptographic key that is used in both the encryption and decryption of a message |
|
|
Term
|
Definition
| method a threat uses to get to the target |
|
|
Term
|
Definition
| block cipher that transforms each 64 bit plaintext block by applying data encryption algorithm three successive times |
|
|
Term
|
Definition
| security protocal for wireless local area networks WEP |
|
|
Term
|
Definition
| anything that has value to an organization |
|
|
Term
|
Definition
| are management, operational and technical processes and procedures that act to reduce the exposure of the organization to some risks |
|
|
Term
|
Definition
| a potential cause of an unwanted incident that may result in harm to a system or organization |
|
|
Term
|
Definition
| potential that a given threat will exploit vulnerabliities of an asset or group of assets to cause loss or damage to the assets |
|
|
Term
|
Definition
| weakness in an asset or group of assets that can be exploited by a threat |
|
|
Term
|
Definition
| indicates the impact on the organization should some particular threat actually eventuate and is typically described qualitatively |
|
|
Term
|
Definition
| the probability that an identified threat could occur and cause harm to some asset and is also typically described qualitatively |
|
|
