Term
| acceptable use policy (AUP) |
|
Definition
| A policy that defines the actions users may perform while accessing systems and networking equipment |
|
|
Term
|
Definition
| uses two mathematically related keys |
|
|
Term
|
Definition
one of a pair of keys used with an asymmetric cryptographic algorithm
a public key and a private key
|
|
|
Term
|
Definition
|
|
Term
|
Definition
is known to everyone and can be freely distributed
used to encrypt,
an asymmetric encryption key that does not have to be protected |
|
|
Term
|
Definition
is known only to the individual
used to decrypt,
an asymmetric encryption that does have to be protected |
|
|
Term
|
Definition
| security actions that ensure that data is accessible to authorized users |
|
|
Term
|
Definition
| a model with one CA that acts as a facilitator to interconnect all other CAs |
|
|
Term
| Certificate Authority (CA) |
|
Definition
| a trusted third-party agency that is responsible for issuing digital certificates |
|
|
Term
|
Definition
| A process of documentation that shows that evidence was under strict control at all times, no unauthorized individuals were able to corrupt the evidence |
|
|
Term
|
Definition
|
|
Term
|
Definition
a remote site that provides office space;
the customer must provide and install all the equipment needed to continue operations |
|
|
Term
|
Definition
| using technology to search for computer evidence of a crime |
|
|
Term
|
Definition
| security action that ensure only authorized parties can view information |
|
|
Term
|
Definition
| the science of transforming information into secure form while it is being transmitted or stored so that unauthorized persons cannot access it |
|
|
Term
|
Definition
| the process of changing ciphertext into plaintext |
|
|
Term
|
Definition
| a technology used to associate a users identity to a public key, in which the user's public key is "digitally signed" by a trusted third party |
|
|
Term
digital signature
(part 1) |
|
Definition
is a mathematical scheme for demonstrating the authenticity of a digital message or document
|
|
|
Term
digital signature
(part 2) |
|
Definition
| gives a recipient reason to believe that the message was created by a known sender, such that the sender cannot deny having sent the message, and that the message was not altered in transit |
|
|
Term
|
Definition
| the procedures and processes for restoring an organizations IT operations following disaster |
|
|
Term
|
Definition
| a model that has multiple CAs that sign digital certificates |
|
|
Term
| EFS (Encrypting File System) |
|
Definition
| enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer |
|
|
Term
|
Definition
| the process of changing plaintext to ciphertext |
|
|
Term
|
Definition
| A metallic enclosure that prevents the entry or escape of an electromagnetic field |
|
|
Term
|
Definition
| the process for creating a unique digital fingerprint signature for a set of data |
|
|
Term
|
Definition
| a model that has a single hierarchy with one master CA |
|
|
Term
|
Definition
| a duplicate of the production site that has all the equipment needed for an organization to continue running |
|
|
Term
|
Definition
| security actions that ensure that the information is correct and no unauthorized person or malicious software has altered the data |
|
|
Term
|
Definition
| a set of protocols developed to support the secure exchange of packets |
|
|
Term
|
Definition
| a highly trusted person responsible for recovering lost or damaged digital certificates |
|
|
Term
|
Definition
| the process of proving that a user performed an action |
|
|
Term
|
Definition
| a test by an outsider to actually exploit any weaknesses in systems that are vulnerable |
|
|
Term
|
Definition
| essential to most of the algorithms used in public key cryptography |
|
|
Term
|
Definition
| a policy that outlines how the organization uses personal information it collects |
|
|
Term
| public key infrastructure (PKI) |
|
Definition
| a framework for all of the entities involved in digital certificates for digital certificate management |
|
|
Term
|
Definition
| a subordinate entity designated to handle specific CA tasks such as processing certificate requests and authenticating users |
|
|
Term
|
Definition
| the likelihood that a threat agent will exploit the vulnerability |
|
|
Term
|
Definition
| is the identification, assessment,and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability/impact of unfortunate events |
|
|
Term
|
Definition
| a document or series of documents that clearly defines the defense mechanisms an organizations will employ to keep information secure |
|
|
Term
|
Definition
| a means of gathering information for an attack by relying on the weakness of individuals |
|
|
Term
|
Definition
| a UNIX based command interface and protocol for securely accessing a remote computer |
|
|
Term
|
Definition
| hiding the existence of data within a text, audio, image, or video file |
|
|
Term
|
Definition
| determining in advance who will be authorized to take over in the event of the incapacitation or death of key employees |
|
|
Term
|
Definition
| uses a single key to encrypt and decrypt a message |
|
|
Term
|
Definition
| is single and used with the operations of a symmetric encryption scheme |
|
|
Term
|
Definition
| a model in which two individuals trust each other because each individually trusts a third party |
|
|
Term
|
Definition
| a type of action that has the potential to cause harm |
|
|
Term
| Trusted Platform module (TPM) |
|
Definition
| a chip on the motherboard of the computer that provides cryptographic services |
|
|
Term
| Uninterruptible power supplies(UPS) |
|
Definition
| a device that maintains power to equipment in the event of an interruption in the primary electrical power source |
|
|
Term
|
Definition
| the use of sophisticated tools to pick up electromagnetic fields and read the data that is producing them to eavesdrop on telecommunication signals or data within a computer device |
|
|
Term
|
Definition
| a flaw or weakness that allows a threat agent to bypass security |
|
|
Term
|
Definition
| a remote site that contains computer equipment but does not have active Internet or telecommunication facilities and does not have backups of data |
|
|
