Click here to tell your browser to print these cards.
These are designed to be printed in landscape mode on 4x6 index cards.
To save paper, we recommend using your computer's print preview until you get your printer settings correct.
| * (star) Integrity Axiom (* Axiom) |
| * (star) Security Property (* Property) |
| 1000Base-T |
| 100Base-TX |
| 10Base-T |
| 10Base2 |
| 10Base5 |
| 802.11i (WPA-2) |
| 802.1x |
| ACID model |
| AND |
| APIPA |
| ActiveX |
| Address Resolution Protocol (ARP) |
| Advanced Encryption Standard (AES) |
| Application layer |
| Assurance |
| Authentication Header (AH) |
| Authentication Service (AS) |
| Base+Offset addressing |
| Basic Input/Output System (BIOS) |
| Basic Rate Interface (BRI) |
| Bell-LaPadula model |
| Biba model |
| Blowfish |
| Bluetooth (802.15) |
| Business Continuity Planning (BCP) |
| Business Impact Assessment (BIA) |
| CIA Triad |
| Children's Online Privacy Protection Act (COPPA) |
| Cipher Block Chaining (CBC) |
| Cipher Feedback (CFB) |
| Clark-Wilson model |
| Committed Information Rate (CIR) |
| Common Body of Knowledge (CBK) |
| Common Object Request Broker Architecture (CORBA) |
| Component Object Model (COM) |
| Computer Fraud and Abuse Act |
| Computer Security Act (CSA) of 1987 |
| Confidential |
| Control Objectives for Information and related Technology (CobiT) |
| Copper Distributed Data Interface (CDDI) |
| DNS poisoning |
| Data Definition Language (DDL) |
| Data Encryption Standard (DES) |
| Data Link layer |
| Data Manipulation Language (DML) |
| Delphi technique |
| Diffie-Hellman algorithm |
| Digital Millennium Copyright Act |
| Digital Signature Standard (DSS) |
| Direct Memory Access (DMA) |
| Direct Sequence Spread Spectrum (DSSS) |
| Disaster Recovery Planning (DRP) |
| Discretionary Security Property |
| Distributed Component Object Model (DCOM) |
| Dynamic Host Configuration Protocol (DHCP) |
| Economic Espionage Act of 1996 |
| El Gamal |
| Electronic Codebook (ECB) |
| Electronic Communications Privacy Act (ECPA) |
| Encapsulating Security Payload (ESP) |
| Escrowed Encryption Standard |
| Ethernet |
| Ethical Hackers |
| Fair Cryptosystems |
| Family Educational Rights and Privacy Act (FERPA) |
| Federal Information Processing Standard 140 (FIPS-140) |
| Federal Sentencing Guidelines |
| Fiber Distributed Data Interface (FDDI) |
| Fourth Amendment |
| Frame Relay |
| Frequency Hopping Spread Spectrum (FHSS) |
| Gantt chart |
| Government Information Security Reform Act of 2000 |
| Gramm-Leach-Bliley (GLBA) Act |
| Halon |
| Hashed Message Authentication Code (HMAC) |
| Health Insurance Portability and Accountability Act (HIPAA) |
| High-Level Data Link Control (HDLC) |
| High-Speed Serial Interface (HSSI) |
| Hypertext Transfer Protocol |
| Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) |
| IP Payload Compression (IPcomp) protocol |
| IP Security (IPSec) |
| IP header protocol field value |
| IP probes |
| IP spoofing |
| Identity Theft and Assumption Deterrence Act |
| Integrated Services Digital Network (ISDN) |
| International Organization for Standardization (ISO) |
| Internet Key Exchange (IKE) |
| Internet Mail Authentication Protocol (IMAP) |
| Internet Message Access Protocol (IMAP) |
| Internet Security Association and Key Management Protocol (ISAKMP) |
| Java |
| Kerberos |
| Kerchoff's assumption |
| KryptoKnight |
| LAN extender |
| Layer 2 Forwarding (L2F) |
| Layer 2 Tunneling Protocol (L2TP) |
| Low Water-Mark Mandatory Access Control (LOMAC) |
| MD2 (Message Digest 2) |
| MD4 |
| MD5 |
| MIME Object Security Services (MOSS) |
| MONDEX |
| Media Access Control (MAC) address |
| NOT |
| Network Address Translation (NAT) |
| Network layer |
| OR |
| OSI model |
| Open Systems Interconnection (OSI) model |
| Orthogonal Frequency-Division Multiplexing (OFDM) |
| Output Feedback (OFB) |
| Password Authentication Protocol (PAP) |
| Point-to-Point Protocol (PPP) |
| Point-to-Point Tunneling Protocol (PPTP) |
| Port Address Translation (PAT) |
| Post Office Protocol (POP) |
| Presentation layer |
| Pretty Good Privacy (PGP) |
| Primary Rate Interface (PRI) |
| Privacy Act of 1974 |
| Privacy Enhanced Mail (PEM) |
| Program Evaluation Review Technique (PERT) |
| RADIUS |
| RFC 1918 |
| RSA |
| Remote Authentication Dial-In User Service (RADIUS) |
| Reverse Address Resolution Protocol (RARP) |
| Rijndael block cipher |
| Rivest, Shamir, and Adleman (RSA) |
| S/MIME |
| SESAME |
| SYN flood attack |
| Secret |
| Secure Electronic Transaction (SET) |
| Secure HTTP (S-HTTP) |
| Secure Hash Algorithm (SHA) |
| Secure Multipurpose Internet Mail Extensions (S/MIME) |
| Secure Remote Procedure Call (S-RPC) |
| Secure Shell (SSH) |
| Secure Sockets Layer (SSL) |
| Sequenced Packet Exchange (SPX) |
| Serial Line Internet Protocol (SLIP) |
| Session layer |
| Simple Integrity Axiom (SI Axiom) |
| Simple Key Management for IP (SKIP) |
| Simple Mail Transfer Protocol (SMTP) |
| Simple Security Property (SS property) |
| Skipjack |
| Switched Multimegabit Data Services (SMDS) |
| Synchronous Data Link Control (SDLC) |
| TACACS |
| TCP wrapper |
| TEMPEST |
| Take-Grant model |
| Terminal Access Controller Access Control System (TACACS) |
| Top Secret |
| Transmission Control Protocol (TCP) |
| Transport layer |
| Trojan horse |
| Type 1 authentication factor |
| Type 2 authentication factor |
| Type 3 authentication factor |
| USA Patriot Act of 2001 |
| Uniform Computer Information Transactions Act (UCITA) |
| User Datagram Protocol (UDP) |
| Vernam cipher |
| Vigenere cipher |
| Voice over IP (VoIP) |
| WiFi Protected Access (WPA) |
| WiMax (802.16) |
| WinNuke attack |
| Wired Equivalency Protocol (WEP) |
| Wired Equivalent Privacy (WEP) |
| Wireless Application Protocol (WAP) |
| X.25 |
| XOR |
| Zero Knowledge Teams |
| abnormal activity |
| abstraction |
| acceptance testing |
| accepting risk |
| access |
| access control |
| access control list (ACL) |
| access control matrix |
| access tracking |
| account lockout |
| accountability |
| accreditation |
| active content |
| addressing |
| administrative access controls |
| administrative law |
| administrative physical security controls |
| admissible evidence |
| advisory policy |
| agent |
| aggregate functions |
| aggregation |
| alarm |
| alarm triggers |
| amplifier |
| analytic attack |
| annualized loss expectancy (ALE) |
| annualized rate of occurrence (ARO) |
| anomaly detection |
| applet |
| application-level gateway firewall |
| assembly language |
| asset |
| asset valuation |
| asset value (AV) |
| assigning risk |
| assurance |
| asymmetric key |
| asynchronous transfer mode (ATM) |
| atomicity |
| attack |
| attenuation |
| attribute |
| audit trails |
| auditing |
| auditor |
| authentication |
| authentication protocols |
| authority before the lifetimes of the certificates have expired. certificates |
| authorization |
| automatic private IP addressing (APIPA) |
| auxiliary alarm system |
| availability |
| awareness |
| badges |
| baseband |
| baseline |
| bastion host |
| behavior |
| behavior-based detection |
| best evidence rule |
| bind variable |
| biometrics |
| birthday attack |
| black-box testing |
| blackout |
| block cipher |
| bluejacking |
| boot sector |
| bridge |
| broadband |
| broadcast |
| broadcast address |
| brouter |
| brownout |
| brute force |
| brute-force attack |
| buffer overflow |
| business attack |
| cache RAM |
| campus area network (CAN) |
| capability list |
| cardinality |
| centralized access control |
| centralized alarm system |
| certificate authority |
| certificate revocation list (CRL) |
| certification |
| chain of evidence |
| change management |
| checklist test |
| chosen cipher-text attack |
| chosen plain-text attack |
| cipher text |
| civil laws |
| class |
| classification |
| classification level |
| clean power |
| clearing |
| click-wrap license agreement |
| clipping level |
| closed head system |
| closed-circuit television (CCTV) |
| clustering (or key clustering) |
| coaxial cable |
| code |
| cognitive password |
| cohesive (or cohesiveness) |
| cold sites |
| collision attack |
| collusion |
| commercial business/private sector classification |
| common mode noise |
| companion virus |
| compartmented security mode |
| compensation access control |
| competent |
| compiled languages |
| compliance testing |
| compromise |
| computer architecture |
| computer crime |
| concentrator |
| conclusive evidence |
| concurrency |
| confidentiality |
| configuration management |
| confinement (or confinement property) |
| confusion |
| consistency |
| contamination |
| content-dependent access control |
| continuity |
| contractual license agreement |
| control |
| controls gap |
| copyright |
| corrective access control |
| corrective controls |
| countermeasures |
| coupling |
| covert channel |
| covert storage channel |
| covert timing channel |
| cracker |
| creeping privilege(s) |
| criminal law |
| critical path analysis |
| criticality prioritization |
| crossover error rate (CER) |
| cryptanalysis |
| cryptography |
| cryptosystem |
| cryptovariable |
| custodian |
| cyclic redundancy check (CRC) |
| data circuit-terminating equipment (DCE) |
| data classification |
| data custodian |
| data dictionary |
| data diddling |
| data extraction |
| data hiding |
| data mart |
| data mining |
| data steward |
| data terminal equipment (DTE) |
| data warehouse |
| database |
| database management system (DBMS) |
| database partitioning |
| de-encapsulation |
| decentralized access control |
| decision support system (DSS) |
| declassification |
| decrypt |
| dedicated mode |
| dedicated security mode |
| degaussing |
| degree |
| delegation |
| delta rule |
| deluge system |
| denial of service (DoS) |
| deny risk |
| detective access control |
| detective control |
| detective control |
| deterrent access control |
| dictionary attack |
| differential backup |
| diffusion |
| digital signature |
| direct addressing |
| direct evidence |
| directive access control |
| directory service |
| disaster |
| disaster recovery plan |
| discretionary access control |
| distributed access control |
| distributed data model |
| distributed denial of service (DDoS) |
| distributed reflective denial of service (DRDoS) |
| documentary evidence |
| domain |
| dry pipe system |
| due care |
| due diligence |
| dumb cards |
| dumpster diving |
| durability |
| dwell time |
| dynamic packet-filtering firewalls |
| dynamic passwords |
| eavesdropping |
| education |
| electromagnetic interference (EMI) |
| electronic access control (EAC) |
| electronic vaulting |
| electronically erasable PROM (EEPROM) |
| elliptic curve cryptography |
| elliptic curve group |
| employee |
| employment agreement |
| encapsulation |
| encrypt |
| end user |
| end-to-end encryption |
| enrollment |
| entity |
| erasable PROM (EPROM) |
| erasing |
| espionage |
| ethical hacking |
| ethics |
| evidence |
| exact actions necessary to implement a specific security mechanism |
| excessive privilege(s) |
| exit interview |
| expert opinion |
| expert system |
| exposure |
| exposure factor (EF) |
| extranet |
| face scan |
| fail-open |
| fail-safe |
| fail-secure |
| false acceptance rate (FAR) |
| false rejection rate (FRR) |
| fault |
| fence |
| fiber-optic |
| file infector |
| financial attack |
| fingerprints |
| firewall |
| firmware |
| flight time |
| flooding |
| fraggle |
| fragment |
| fragmentation attacks |
| frequency analysis |
| full backup |
| full-interruption tests |
| full-knowledge teams |
| gate |
| gateway |
| government/military classification |
| granular object control |
| ground |
| group |
| grudge attack |
| guideline |
| hacker |
| hand geometry |
| handshaking |
| hardware |
| hardware segmentation |
| hardware segmentation |
| hash |
| hash function |
| hash total |
| hash value |
| hearsay evidence |
| heart/pulse pattern |
| heuristics-based detection |
| hierarchical |
| hierarchical data model |
| high-level languages |
| hijack attack |
| honey pot |
| host-based IDS |
| hostile applet |
| hot site |
| hub |
| hybrid |
| identification |
| identification card |
| ignore risk |
| immediate addressing |
| impersonation |
| implementation attack |
| inappropriate activities |
| incident |
| incremental backups |
| indirect addressing |
| industrial espionage |
| inference |
| inference engine |
| information flow model |
| information hiding |
| informative policy |
| inherit (or inheritance) |
| initialization vector (IV) |
| inrush |
| instance |
| integrity |
| intellectual property |
| interpreted languages |
| interrupt (IRQ) |
| intranet |
| intrusion |
| intrusion detection |
| intrusion detection system (IDS) |
| iris scans |
| isolation |
| job description |
| job responsibilities |
| job rotation |
| kernel |
| kernel proxy firewalls |
| key |
| key distribution center (KDC) |
| key escrow system |
| keystroke dynamics |
| keystroke monitoring |
| keystroke patterns |
| knowledge base |
| knowledge-based detection |
| known plain-text attack |
| land attack |
| lattice-based access control |
| layering |
| learning rule |
| licensing |
| lighting |
| link encryption |
| local alarm systems |
| local area network (LAN) |
| log analysis |
| logging |
| logic bomb |
| logical access control |
| logon credentials |
| logon script |
| loopback address |
| machine language |
| macro viruses |
| mail-bombing |
| maintenance |
| maintenance hooks |
| malicious code |
| man-in-the-middle attack |
| man-made disasters |
| mandatory access control |
| mandatory vacations |
| mantrap |
| masquerading |
| massively parallel processing (MPP) |
| master boot record (MBR) |
| master boot record (MBR) virus |
| maximum tolerable downtime (MTD) |
| mean time to failure (MTTF) |
| meet-in-the-middle attack |
| memory |
| memory card |
| memory page |
| memory-mapped I/O |
| message |
| message digest (MD) |
| metadata |
| metamodel |
| methods |
| microcode |
| middle management |
| military and intelligence attacks |
| mitigate risk |
| mitigated |
| mobile sites |
| module testing |
| modulo |
| monitoring |
| motion detector |
| motion sensor |
| multicast |
| multilevel mode |
| multilevel security mode |
| multipartite virus |
| multiprocessing |
| multiprogramming |
| multistate |
| multitasking |
| multithreading |
| mutual assistance agreement (MAA) |
| natural disaster |
| need-to-know |
| negligence |
| network-based IDS |
| neural network |
| noise |
| non-disclosure agreement (NDA) |
| non-discretionary access control |
| nonce |
| noninterference model |
| nonrepudiation |
| nonvolatile |
| nonvolatile storage, |
| normalization |
| object |
| object linking and embedding (OLE) |
| object-oriented programming (OOP) |
| object-relational database |
| one-time pad |
| one-time password |
| one-upped constructed password |
| one-way encryption |
| one-way function |
| open system authentication (OSA) |
| operational plans |
| operations security triple |
| organizational owner |
| overt channel |
| overwriting |
| owner |
| package |
| packet |
| padded cell |
| palm geography |
| palm scan |
| palm topography |
| parallel run |
| parallel tests |
| parole evidence rule |
| partial-knowledge teams |
| passphrase |
| password |
| password policy |
| password restrictions |
| patent |
| pattern-matching detection |
| penetration |
| penetration testing |
| permanent virtual circuit (PVC) |
| personal identification number (PIN) |
| personnel management |
| phone phreaking |
| physical access control |
| physical controls for physical security |
| piggybacking |
| ping |
| ping-of-death attack |
| plain old telephone service (POTS) |
| plaintext |
| playback attack |
| policy |
| polyalphabetic substitution |
| polyinstantiation |
| polymorphic virus |
| polymorphism |
| port |
| port scan |
| postmortem review |
| preaction system |
| preventive access control |
| preventive control |
| primary memory |
| primary storage |
| principle of least privilege |
| privacy |
| private |
| private branch exchange (PBX) |
| private key |
| privileged entity controls |
| privileged mode |
| privileged operations functions |
| problem state |
| procedure |
| process isolation |
| processor |
| programmable read-only memory (PROM) |
| proprietary |
| protection profile |
| protocol |
| proximity reader |
| proximity reader |
| proxy |
| prudent man rule |
| pseudo-flaws |
| public |
| public IP addresses |
| public key |
| public key infrastructure (PKI) |
| purging |
| qualitative decision making |
| qualitative risk analysis |
| quality assurance check |
| quantitative decision making |
| quantitative risk analysis |
| radiation monitoring |
| radio frequency identification (RFID) |
| radio frequency interference (RFI) |
| random access memory (RAM) |
| random access storage |
| read-only memory (ROM) |
| ready state |
| real evidence |
| real memory |
| realized risk |
| record |
| record retention |
| record sequence checking |
| recovery access control |
| recovery strategies |
| recovery time objective (RTO) |
| reference monitor |
| reference profile |
| reference template |
| referential integrity |
| register |
| register address |
| registration authority (RA) |
| regulatory policy |
| reject risk |
| relational database |
| relevant |
| remote journaling |
| remote mirroring |
| repeater |
| replay attack |
| residual risk |
| restricted interface model |
| retina scan |
| returns to a secure state after an error |
| reverse engineering |
| reverse hash matching |
| revocation |
| risk |
| risk analysis |
| risk management |
| risk tolerance |
| role-based access control |
| root |
| rootkit |
| router |
| rule-based access control |
| running key cipher |
| running state |
| sabotage |
| safeguard |
| sag |
| salami attack |
| salt |
| sampling |
| sandbox |
| sanitization |
| scanning |
| scavenging |
| schema |
| scripted access |
| search warrant |
| second-tier attack |
| secondary evidence |
| secondary memory |
| secondary storage |
| secure communication protocol |
| security ID |
| security association (SA) |
| security kernel |
| security label |
| security management planning |
| security perimeter |
| security policy |
| security professional |
| security role |
| security target |
| semantic integrity mechanisms |
| senior management |
| sensitive |
| sensitive but unclassified |
| sensitivity |
| separation of duties and responsibilities |
| separation of privilege |
| sequential storage |
| service bureaus |
| service-level agreement (SLA) |
| session hijacking |
| shared key authentication (SKA) |
| shielded twisted-pair (STP) |
| shoulder surfing |
| shrink-wrap license agreement |
| signature dynamics |
| signature-based detection |
| simulation tests |
| single loss expectancy (SLE) |
| single sign-on (SSO) |
| single state |
| single-use passwords |
| smart card |
| smurf attack |
| sniffer attack |
| sniffing |
| snooping attack |
| social engineering |
| socket |
| software IP encryption (SWIPE) |
| spam |
| spamming attacks |
| spike |
| split knowledge |
| spoofing |
| spoofing attack |
| standards |
| state |
| state machine model |
| stateful inspection firewall |
| static packet-filtering firewall |
| static password |
| static token |
| station set identifier (SSID) |
| statistical attack |
| statistical intrusion detection |
| steganography |
| stop error |
| stopped state |
| strategic plan |
| stream attack |
| stream ciphers |
| strong password |
| structured walk-through |
| subject |
| subpoena |
| substitution cipher |
| supervisor state (or supervisory state) |
| supervisory mode |
| switch |
| switch |
| switched virtual circuit (SVC) |
| symmetric key |
| symmetric multiprocessing (SMP) |
| synchronous dynamic password token |
| system call |
| system high mode |
| system-high security mode |
| table |
| tactical plan |
| task-based |
| teardrop attack |
| technical access control |
| technical physical security controls |
| terrorist attacks |
| test data method |
| testimonial evidence |
| thicknet |
| thin client |
| thinnet |
| threat |
| threat agents |
| threat events |
| throughput rate |
| ticket |
| ticket-granting service (TGS) |
| time slice |
| time-of-use (TOU) |
| token |
| token device |
| token ring |
| topology |
| total risk |
| trade secret |
| trademark |
| traffic analysis |
| training |
| transferring risk |
| transient |
| transmission error correction |
| transmission logging |
| transparency |
| transport mode |
| transposition cipher |
| trap door |
| traverse mode noise |
| trend analysis |
| triple DES (3DES) |
| trust |
| trusted computing base (TCB) |
| trusted path |
| trusted recovery process |
| trusted system |
| tunnel mode |
| tunneling |
| turnstile |
| twisted-pair |
| two-factor authentication |
| unclassified |
| unicast |
| uninterruptible power supply (UPS) |
| unit testing |
| unshielded twisted-pair (UTP) |
| upper management |
| user |
| user mode |
| view |
| violation analysis |
| virtual machine |
| virtual memory |
| virtual private network (VPN) |
| virtual private network (VPN) protocol |
| virus |
| voice pattern |
| volatile |
| volatile storage |
| voluntarily surrender |
| vulnerability |
| vulnerability scan |
| vulnerability scanner |
| wait stat |
| war dialing |
| warm site |
| warning banners |
| well-known ports |
| wet pipe system |
| white box testing |
| wide area network (WAN) |
| wireless networking (802.11) |
| work function or work factor |
| worm |
| zero knowledge proof |