Term 1

* (star) Integrity Axiom (* Axiom)

Definition 1

An axiom of the Biba model that states that a subject at a specific classification level cannot write data to a higher classification level. This is often shortened to “no write up.”

Term 2

* (star) Security Property (* Property)

Definition 2

A property of the Bell-LaPadula model that states that a subject at a specific classification level cannot write data to a lower classification level. This is often shortened to "no write down."

Term 3


Definition 3

A form of twisted-pair cable that supports 1000Mbps or 1Gbs throughput at 100 meter distances. Often called Gigabit Ethernet.

Term 4


Definition 4

Another form of twisted-pair cable similar to 100Base-T.

Term 5


Definition 5

A type of network cable that consists of four pairs of wires that are twisted around each other and then sheathed in a PVC insulator. Also called twisted-pair.

Term 6


Definition 6

A type of coaxial cable. Often used to connect systems to backbone trunks. 10Base2 has a maximum span of 185 meters with maximum throughput of 10Mpbs. Also called thinnet.

Term 7


Definition 7

A type of coaxial cable. Often used as a network's backbone. 10Base5 has a max- imum span of 500 meters with maximum throughput of 10Mpbs. Also called thicknet.

Term 8

802.11i (WPA-2)

Definition 8

An amendment to the 802.11 standard that defines a new authentication and encryption technique that is similar to IPSec. To date no real-world attack has compro- mised a properly configured WPA-2 wireless network.

Term 9


Definition 9

A form of wireless authentication protection that requires all wireless clients to pass a gauntlet of RADIUS or TACACS services before network access is granted.

Term 10

ACID model

Definition 10

The letters in ACID represent the four required characteristics of database transactions: atomicity, consistency, isolation, and durability.

Term 11


Definition 11

The operation (represented by the ^ symbol) that checks to see whether two values are both true.

Term 12


Definition 12

See automatic private IP addressing (APIPA).

Term 13


Definition 13

Microsoft's component object model (COM) technology used in web applications. ActiveX is implemented using any one of a variety of languages including Visual Basic, C, C++, and Java.

Term 14

Address Resolution Protocol (ARP)

Definition 14

A subprotocol of the TCP/IP protocol suite that operates at the Data Link layer (layer 2). ARP is used to discover the MAC address of a system by polling using its IP address.

Term 15

Advanced Encryption Standard (AES)

Definition 15

The encryption standard selected in October 2000 by the National Institute for Standards and Technology (NIST) that is based on the Rijndael cipher.

Term 16

Application layer

Definition 16

Layer 7 of the Open Systems Interconnection (OSI) model.

Term 17


Definition 17

The degree of confidence that security needs are satisfied Assurance must be continually maintained, updated, and reverified.

Term 18

Authentication Header (AH)

Definition 18

An IPSec protocol that provides authentication, integrity, and non-repudiation

Term 19

Authentication Service (AS)

Definition 19

An element of the Kerberos Key Distribution Center (KDC). The AS verifies or rejects the authenticity and timeliness of tickets.

Term 20

Base+Offset addressing

Definition 20

An addressing scheme that uses a value stored in one of the CPU's registers as the base location from which to begin counting. The CPU then adds the offset supplied with the instruction to that base address and retrieves the operand from the computed memory location.

Term 21

Basic Input/Output System (BIOS)

Definition 21

The operating system independent primitive instructions that a computer needs to start up and load the operating system from disk.

Term 22

Basic Rate Interface (BRI)

Definition 22

An ISDN service type that provides two B, or data,channels and one D, or management,channel. Each B channel offers 64Kbps,and the D channel offers 16Kbps.

Term 23

Bell-LaPadula model

Definition 23

A confidentiality-focused security model based on the state machine model and employing mandatory access controls and the lattice model.

Term 24

Biba model

Definition 24

An integrity-focused security model based on the state machine model and employing mandatory access controls and the lattice model.

Term 25


Definition 25

A block cipher that operates on 64-bit blocks of text and uses variable-length keys ranging from a relatively insecure 32 bits to an extremely strong 448 bits.

Term 26

Bluetooth (802.15)

Definition 26

A wireless standard commonly used to pair accessories to cell phones or computers.

Term 27

Business Continuity Planning (BCP)

Definition 27

The assessment of a variety of risks to organizational processes and the creation of policies,plans,and procedures to minimize the impact those risks might have on the organization if they were to occur.

Term 28

Business Impact Assessment (BIA)

Definition 28

An analysis that identifies the resources that are critical to an organizationÕs ongoing viability and the threats posed to those resources. It also assesses the likelihood that each threat will actually occur and the impact those occurrences will have on the business.

Term 29

CIA Triad

Definition 29

The three essential security principles of confidentiality,integrity,and availability. cipher,A system that hides the true meaning of a message. Ciphers use a variety of techniques

Term 30

Children's Online Privacy Protection Act (COPPA)

Definition 30

A law in the United States that places specific demands upon websites that cater to children or knowingly collect infor- mation from children.

Term 31

Cipher Block Chaining (CBC)

Definition 31

A process in which each block of unencrypted text is XORed with the block of cipher text immediately preceding it before it is encrypted using the DES algorithm.

Term 32

Cipher Feedback (CFB)

Definition 32

A mode in which the DES algorithm is used to encrypt the preceding block of cipher text. This block is then XORed with the next block of plain text to produce the next block of cipher text.

Term 33

Clark-Wilson model

Definition 33

A model that employs limited interfaces or programs to control and maintain object integrity.

Term 34

Committed Information Rate (CIR)

Definition 34

A contracted minimum guaranteed bandwidth allocation for a virtual circuit.

Term 35

Common Body of Knowledge (CBK)

Definition 35

The areas of information prescribed by (ISC)2 as the source of knowledge for the CISSP exam.

Term 36

Common Object Request Broker Architecture (CORBA)

Definition 36

An international standard for distributed computing. CORBA enables code operating on a computer to locate resources located elsewhere on the network.

Term 37

Component Object Model (COM)

Definition 37

Microsoft's standard for the use of components within a process or between processes running on the same system.

Term 38

Computer Fraud and Abuse Act

Definition 38

A U.S. law written to exclusively cover computer crimes that cross state boundaries to avoid infringing upon states' rights.

Term 39

Computer Security Act (CSA) of 1987

Definition 39

A U.S. law that mandates baseline security require- ments for all federal agencies.

Term 40


Definition 40

A government/military classification used for data of a confidential nature. Unauthorized disclosure of confidential data will have noticeable effects and cause damage to national security. This classification is used for all data between secret and sensitive but unclassified classifications.

Term 41

Control Objectives for Information and related Technology (CobiT)

Definition 41

A security concept infrastructure used to organize the complex security solution of companies.

Term 42

Copper Distributed Data Interface (CDDI)

Definition 42

Deployment of FDDI using twisted-pair (in other words,copper) wires. This reduces the maximum segment length to 100 meters and is susceptible to interference.

Term 43

DNS poisoning

Definition 43

The act of altering or falsifying the information of DNS to route or misdirect legitimate traffic.

Term 44

Data Definition Language (DDL)

Definition 44

The database programming language that allows for the creation and modification of the database's structure (known as the schema).

Term 45

Data Encryption Standard (DES)

Definition 45

A standard cryptosystem proposed in 1977 for all government communications. Many government entities continue to use DES for crypto- graphic applications today despite that it was superseded by Advanced Encryption Standard (AES) in December 2001.

Term 46

Data Link layer

Definition 46

The 2nd level in the OSI model protocol stack.

Term 47

Data Manipulation Language (DML)

Definition 47

The database programming language that allows users to interact with the data contained within the schema.

Term 48

Delphi technique

Definition 48

An anonymous feedback and response process used to arrive at a group consensus.

Term 49

Diffie-Hellman algorithm

Definition 49

A key exchange algorithm useful in situations in which two parties might need to communicate with each other but they have no physical means to exchange key material and there is no public key infrastructure in place to facilitate the exchange of secret keys.

Term 50

Digital Millennium Copyright Act

Definition 50

A law that establishes the prohibition of attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder and limits the liability of Internet service providers when their circuits are used by criminals violating the copyright law.

Term 51

Digital Signature Standard (DSS)

Definition 51

A standard that specifies that all federally approved digital signature algorithms must use a secure hashing function.

Term 52

Direct Memory Access (DMA)

Definition 52

A mechanism that allows devices to exchange data directly with real memory (RAM) without requiring assistance from the CPU.

Term 53

Direct Sequence Spread Spectrum (DSSS)

Definition 53

A wireless technology that employs all of the available frequencies simultaneously in parallel.

Term 54

Disaster Recovery Planning (DRP)

Definition 54

Term that describes the actions an organization takes to resume normal operations after a disaster interrupts normal activity.

Term 55

Discretionary Security Property

Definition 55

Property that states that the system uses an access control matrix to enforce discretionary access control.

Term 56

Distributed Component Object Model (DCOM)

Definition 56

An extension of COM to support distributed computing. This is Microsoft's answer to CORBA.

Term 57

Dynamic Host Configuration Protocol (DHCP)

Definition 57

A protocol used to assign TCP/IP configuration settings to systems upon bootup. DHCP uses port 67 for server point-to-point response and port 68 for client request broadcast. DHCP supports centralized control and management of network addressing.

Term 58

Economic Espionage Act of 1996

Definition 58

A law that states that anyone found guilty of stealing trade secrets from a U.S. corporation with the intention of benefiting a foreign government or agent may be fined up to $500,+000 and imprisoned for up to 15 years and that anyone found guilty of stealing trade secrets under other circumstances may be fined up to $250,+000 and imprisoned for up to 10 years.

Term 59

El Gamal

Definition 59

The explanation of how the mathematical principles behind the Diffie-Hellman key exchange algorithm could be extended to support an entire public key cryptosystem used for the encryption and decryption of messages.

Term 60

Electronic Codebook (ECB)

Definition 60

The simplest encryption mode to understand and the least secure. Each time the algorithm processes a 64-bit block,it simply encrypts the block using the chosen secret key. This means that if the algorithm encounters the same block multiple times,it produces the same encrypted block.

Term 61

Electronic Communications Privacy Act (ECPA)

Definition 61

The law that makes it a crime to invade an individualÕs electronic privacy. It protects against the monitoring of email and voice mail com- munications and prevents providers of those services from making unauthorized disclosures of their content.

Term 62

Encapsulating Security Payload (ESP)

Definition 62

An element of IPSec that provides encryption to protect the confidentiality of transmitted data but can also perform limited authentication.

Term 63

Escrowed Encryption Standard

Definition 63

A failed government attempt to create a back door to all encryption solutions. The solution employed the Clipper chip,which used the Skipjack algorithm.

Term 64


Definition 64

A common shared media LAN technology.

Term 65

Ethical Hackers

Definition 65

Those trained in responsible network security methodology,with a philosophy toward nondestructive and nonintrusive testing,ethical hackers attack security systems on behalf of their owners seeking to identify and document vulnerabilities so that they may be remediated before malicious hackers can exploit them. Ethical hackers use the same methods to test security that unethical ones do but report what they find rather than seeking to turn them to their advantage.

Term 66

Fair Cryptosystems

Definition 66

A failed government attempt to create a back door to all encryption solutions. This technology used a segmented key that was divided among several trustees.

Term 67

Family Educational Rights and Privacy Act (FERPA)

Definition 67

A specialized privacy bill that affects any educational institution that accepts any form of funding from the federal government (the vast majority of schools). It grants certain privacy rights to students older than the age of 18 and the parents of minor students.

Term 68

Federal Information Processing Standard 140 (FIPS-140)

Definition 68

FIPS-140 defines the hardware
and software requirements for cryptographic modules that the federal government uses.

Term 69

Federal Sentencing Guidelines

Definition 69

A 1991 law that provides punishment guidelines for breaking federal laws.

Term 70

Fiber Distributed Data Interface (FDDI)

Definition 70

A high-speed token-passing technology that employs two rings with traffic flowing in opposite directions. FDDI offers transmission rates of 100Mbps and is often used as a backbone to large enterprise networks.

Term 71

Fourth Amendment

Definition 71

An amendment to the U.S. Constitution that prohibits government agents from searching private property without a warrant and probable cause. The courts have expanded their interpretation of the Fourth Amendment to include protections against wiretapping and other invasions of privacy.

Term 72

Frame Relay

Definition 72

A shared connection medium that uses packet-switching technology to establish virtual circuits for customers.

Term 73

Frequency Hopping Spread Spectrum (FHSS)

Definition 73

An early implementation of the spread spectrum concept. This wireless access technology transmits data in a series while constantly changing the frequency in use.

Term 74

Gantt chart

Definition 74

A type of bar chart that shows the interrelationships over time between projects and schedules. It provides a graphical illustration of a schedule that helps to plan, coordinate, and track specific tasks in a project.

Term 75

Government Information Security Reform Act of 2000

Definition 75

Act that amends the United States Code to implement additional information security policies and procedures.

Term 76

Gramm-Leach-Bliley (GLBA) Act

Definition 76

A law passed in 1999 that eased the strict governmental barriers between financial institutions. Banks,insurance companies,and credit providers were severely limited in the services they could provide and the information they could share with each other. GLBA somewhat relaxed the regulations concerning the services each organization could provide.

Term 77


Definition 77

A fire-suppressant material that converts to toxic gases at 900 degrees Fahrenheit and depletes the ozone layer of the atmosphere and is therefore usually replaced by an alternative material.

Term 78

Hashed Message Authentication Code (HMAC)

Definition 78

An algorithm that implements a partial digital signatureÑit guarantees the integrity of a message during transmission,but it does not provide for nonrepudiation.

Term 79

Health Insurance Portability and Accountability Act (HIPAA)

Definition 79

A law passed in 1996 that made numerous changes to the laws governing health insurance and health maintenance orga- nizations (HMOs). Among the provisions of HIPAA are privacy regulations requiring strict security measures for hospitals,physicians,insurance companies,and other organizations that process or store private medical information about individuals.

Term 80

High-Level Data Link Control (HDLC)

Definition 80

A layer 2 protocol used to transmit data over syn- chronous communication lines. HDLC is an ISO standard based on IBM's SDLC. HDLC supports full-duplex communications, supports both point-to-point and multipoint connections, offers flow control, and includes error detection and correction.

Term 81

High-Speed Serial Interface (HSSI)

Definition 81

A layer 1 protocol used to connect routers and multi- plexers to ATM or Frame Relay connection devices.

Term 82

Hypertext Transfer Protocol

Definition 82

The protocol used to transmit web page elements from a web server to web browsers (over the well-known service TCP/UDP port address 80).

Term 83

Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)

Definition 83

A standard that uses port 443 to negotiate encrypted communications sessions between web servers and browser clients.

Term 84

IP Payload Compression (IPcomp) protocol

Definition 84

A protocol that allows IPSec users to achieve enhanced performance by compression packets prior to the encryption operation.

Term 85

IP Security (IPSec)

Definition 85

A standards-based mechanism for providing encryption for point-to-point TCP/IP traffic.

Term 86

IP header protocol field value

Definition 86

An element in an IP packet header that identifies the protocol used in the IP packet payload (usually this will be 6 for TCP,17 for UDP,or 1 for ICMP,or any of a number of other valid routing protocol numbers).

Term 87

IP probes

Definition 87

An attack technique that uses automated tools to ping each address in a range. Systems that respond to the ping request are logged for further analysis. Addresses that do not produce a response are assumed to be unused and are ignored.

Term 88

IP spoofing

Definition 88

The process by which a malicious individual reconfigures their system so that it has the IP address of a trusted system and then attempts to gain access to other external resources.

Term 89

Identity Theft and Assumption Deterrence Act

Definition 89

An act that makes identity theft a crime against the person whose identity was stolen and provides severe criminal penalties (up to a 15-year prison term and/or a $250,+000 fine) for anyone found guilty of violating it.

Term 90

Integrated Services Digital Network (ISDN)

Definition 90

A digital end-to-end communications mechanism. ISDN was developed by telephone companies to support high-speed digital communications over the same equipment and infrastructure that is used to carry voice communications.

Term 91

International Organization for Standardization (ISO)

Definition 91

An independent oversight organization that defines and maintains computer, networking, and technology standards, along with more than 13,+000 other international standards for business, government, and society.

Term 92

Internet Key Exchange (IKE)

Definition 92

A protocol that provides for the secure exchange of cryptographic keys between IPSec participants.

Term 93

Internet Mail Authentication Protocol (IMAP)

Definition 93

A protocol used to pull email messages from an inbox on an email server down to an email client. IMAP is more secure than POP3, uses port 143, and offers the ability to pull headers down from the email server as well as to store and manage messages on the email server without having to download to the local client first.

Term 94

Internet Message Access Protocol (IMAP)

Definition 94

A protocol used to transfer email messages from an email server to an email client.

Term 95

Internet Security Association and Key Management Protocol (ISAKMP)

Definition 95

A protocol that provides background security support services for IPSec.

Term 96


Definition 96

A platform-independent programming language developed by Sun Microsystems.

Term 97


Definition 97

A ticket-based authentication mechanism that employs a trusted third party to provide identification and authentication.

Term 98

Kerchoff's assumption

Definition 98

The idea that all algorithms should be public but all keys should remain private. Kerchoff's assumption is held by a large number of cryptologists,but not all of them.

Term 99


Definition 99

A ticket-based authentication mechanism similar to Kerberos but based on peer-to-peer authentication.

Term 100

LAN extender

Definition 100

A remote access,multilayer switch used to connect distant networks over WAN links. This is a strange beast of a device in that it creates WANs but marketers of this device steer clear of the term WAN and use only the terms LAN and extended LAN. The idea behind this device was to make the terminology easier to understand and thus make the device easier to sell than a more conventional WAN device grounded in complex concepts and terms.

Term 101

Layer 2 Forwarding (L2F)

Definition 101

A protocol developed by Cisco as a mutual authentication

Term 102

Layer 2 Tunneling Protocol (L2TP)

Definition 102

A point-to-point tunnel protocol developed by com- bining elements from PPTP and L2F. L2TP lacks a built-in encryption scheme but typically relies upon IPSec as its security mechanism.

Term 103

Low Water-Mark Mandatory Access Control (LOMAC)

Definition 103

A loadable kernel module for Linux designed to protect the integrity of processes and data. It is an OS security architecture extension or enhancement that provides flexible support for security policies.

Term 104

MD2 (Message Digest 2)

Definition 104

A hash algorithm developed by Ronald Rivest in 1989 to provide a secure hash function for 8-bit processors.

Term 105


Definition 105

An enhanced version of the MD2 algorithm,released in 1990. MD4 pads the message to ensure that the message length is 64 bits smaller than a multiple of 512 bits.

Term 106


Definition 106

The next version the MD algorithm,released in 1991,which processes 512-bit blocks of the message,but it uses four distinct rounds of computation to produce a digest of the same length as the MD2 and MD4 algorithms (128 bits).

Term 107

MIME Object Security Services (MOSS)

Definition 107

Standard that provides authenticity, confidentiality, integrity, and nonrepudiation for email messages.

Term 108


Definition 108

A type of electronic payment system and protocol designed to manage cash on smart cards.

Term 109

Media Access Control (MAC) address

Definition 109

A 6-byte address written in hexadecimal. The first three bytes of the address indicate the vendor or manufacturer of the physical network interface. The last three bytes make up a unique number assigned to that interface by the manufacturer. No two devices on the same network can have the same MAC address.

Term 110


Definition 110

An operation (represented by the ~ or ! symbol) that reverses the value of an input variable. This function operates on only one variable at a time.

Term 111

Network Address Translation (NAT)

Definition 111

A mechanism for converting the internal non-routable IP addresses found in packet headers into public IP addresses for transmission over the Internet.

Term 112

Network layer

Definition 112

Layer 3 of the OSI model.

Term 113


Definition 113

An operation (represented by the ⁄ symbol) that checks to see whether at least one of the input values is true.

Term 114

OSI model

Definition 114

See Open Systems Interconnection (OSI) model.

Term 115

Open Systems Interconnection (OSI) model

Definition 115

A standard model developed to establish a common communication structure or standard for all computer systems.

Term 116

Orthogonal Frequency-Division Multiplexing (OFDM)

Definition 116

A wireless technology that employs a digital multicarrier modulation scheme that allows for a more tightly compacted transmission.

Term 117

Output Feedback (OFB)

Definition 117

A mode in which DES XORs plain text with a seed value. For the first encrypted block, an initialization vector is used to create the seed value. Future seed values are derived by running the DES algorithm on the preceding seed value. The major advantage of OFB mode is that transmission errors do not propagate to affect the decryption of future blocks.

Term 118

Password Authentication Protocol (PAP)

Definition 118

A standardized authentication protocol for PPP. PAP transmits usernames and passwords in the clear. PAP offers no form of encryption; it simply provides a means to transport the logon credentials from the client to the authentication server.

Term 119

Point-to-Point Protocol (PPP)

Definition 119

A full-duplex protocol used for the transmission of TCP/IP packets over various non-LAN connections,such as modems, ISDN, VPNs, Frame Relay, and so on. PPP is widely supported and is the transport protocol of choice for dial-up Internet connections.

Term 120

Point-to-Point Tunneling Protocol (PPTP)

Definition 120

An enhancement of PPP that creates encrypted tunnels between communication endpoints. PPTP is used on VPNs but is often replaced by L2TP.

Term 121

Port Address Translation (PAT)

Definition 121

A mechanism for converting the internal nonroutable IP addresses found in packet headers into public IP addresses and port numbers for transmission over the Internet. PAT supports a many-to-one mapping of internal to external IP addresses by using ports.

Term 122

Post Office Protocol (POP)

Definition 122

A protocol used to transfer email messages from an email server to an email client.

Term 123

Presentation layer

Definition 123

Layer 6 of the OSI model.

Term 124

Pretty Good Privacy (PGP)

Definition 124

A public/private key system that uses the IDEA algorithm to encrypt files and email messages. PGP is not a standard but rather an independently developed product that has wide Internet grass roots support.

Term 125

Primary Rate Interface (PRI)

Definition 125

An ISDN service type that provides up to 23 B channels and one D channel. Thus,a full PRI ISDN connection offers 1.544 Mbps throughput,the same as a T1 line.

Term 126

Privacy Act of 1974

Definition 126

A law that mandates that government agencies maintain only records that are necessary for the conduct of their business and destroy those records when they are no longer needed for a legitimate function of government. It provides a formal procedure for individuals to gain access to records the government maintains about them and to request that incorrect records be amended. The Privacy Act also restricts the way the federal government can deal with private information about individual citizens.

Term 127

Privacy Enhanced Mail (PEM)

Definition 127

An email encryption mechanism that provides authentication ,integrity, confidentiality ,and nonrepudiation. PEM is a layer 7 protocol. PEM uses RSA, DES, and X.509.

Term 128

Program Evaluation Review Technique (PERT)

Definition 128

A project-scheduling tool. It is a method used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment. PERT relates the estimated lowest possible size,the most likely size,and the highest possible size of each component. PERT is used to direct improvements to project management and software coding in order to produce more efficient software. As the capabilities of programming and management improve, the actual produced size of software should be smaller.

Term 129


Definition 129

See Remote Authentication Dial-In User Service (RADIUS).

Term 130

RFC 1918

Definition 130

The public standard that defines public and private IP addresses.

Term 131


Definition 131

See Rivest, Shamir, and Adleman (RSA).

Term 132

Remote Authentication Dial-In User Service (RADIUS)

Definition 132

A service used to centralize the
authentication of remote dial-up connections.

Term 133

Reverse Address Resolution Protocol (RARP)

Definition 133

A subprotocol of the TCP/IP protocol suite that operates at the Data Link layer (layer 2). RARP is used to discover the IP address of a system by polling using its MAC address.

Term 134

Rijndael block cipher

Definition 134

A block cipher that was selected to replace DES. The Rijndael cipher allows the use of three key strengths: 128 bits,192 bits,and 256 bits.

Term 135

Rivest, Shamir, and Adleman (RSA)

Definition 135

A public key encryption algorithm named after Rivest, Shamir, and Adleman, its inventors.

Term 136


Definition 136

See Secure Multipurpose Internet Mail Extensions (S/MIME). sabotage,A criminal act committed against an organization by a knowledgeable employee.

Term 137


Definition 137

A ticket-based authentication mechanism similar to Kerberos.

Term 138

SYN flood attack

Definition 138

A type of DoS. A SYN flood attack is waged by not sending the final ACK packet,which breaks the standard three-way handshake used by TCP/IP to initiate communi- cation sessions.

Term 139


Definition 139

A government/military classification, used for data of a secret nature. Unauthorized disclosure of secret data could cause serious damage to national security.

Term 140

Secure Electronic Transaction (SET)

Definition 140

A security protocol for the transmission of transactions over the Internet. SET is based on RSA encryption and DES. SET has the support of major credit card companies, such as Visa and MasterCard.

Term 141

Secure HTTP (S-HTTP)

Definition 141

The second major protocol used to provide security on the World Wide Web.

Term 142

Secure Hash Algorithm (SHA)

Definition 142

A government standard hash function developed by the National Institute of Standards and Technology (NIST) and specified in an official government publication.

Term 143

Secure Multipurpose Internet Mail Extensions (S/MIME)

Definition 143

A protocol used to secure the transmission of email and attachments.

Term 144

Secure Remote Procedure Call (S-RPC)

Definition 144

An authentication service. S-RPC is simply a means to prevent unauthorized execution of code on remote systems.

Term 145

Secure Shell (SSH)

Definition 145

An end-to-end encryption technique. This suite of programs provides encrypted alternatives to common Internet applications such as FTP, Telnet, and rlogin. There are actually two versions of SSH. SSH1 supports the DES,3 DES, IDEA,and Blowfish algorithms. SSH2 drops support for DES and IDEA but adds support for several other algorithms.

Term 146

Secure Sockets Layer (SSL)

Definition 146

An encryption protocol developed by Netscape to protect the communications between a web server and a web browser.

Term 147

Sequenced Packet Exchange (SPX)

Definition 147

The Transport layer protocol of the IPX/SPX protocol suite from Novell.

Term 148

Serial Line Internet Protocol (SLIP)

Definition 148

An older technology developed to support TCP/IP com- munications over asynchronous serial connections,such as serial cables or modem dial-up.

Term 149

Session layer

Definition 149

Layer 5 of the OSI model.

Term 150

Simple Integrity Axiom (SI Axiom)

Definition 150

An axiom of the Biba model that states that a subject at a specific classification level cannot read data with a lower classification level. This is often shortened to Òno read down.Ó

Term 151

Simple Key Management for IP (SKIP)

Definition 151

An encryption tool used to protect sessionless datagram protocols.

Term 152

Simple Mail Transfer Protocol (SMTP)

Definition 152

The primary protocol used to move email messages from clients to servers and from server to server.

Term 153

Simple Security Property (SS property)

Definition 153

A property of the Bell-LaPadula model that states that a subject at a specific classification level cannot read data with a higher classification level. This is often shortened to Òno read up.Ó

Term 154


Definition 154

Associated with the Escrowed Encryption Standard, an algorithm that operates on 64-bit blocks of text. It uses an 80-bit key and supports the same four modes of operation supported by DES. Skipjack was proposed but never implemented by the U.S. government. It provides the cryptographic routines supporting the Clipper and Capstone high-speed encryption chips designed for mainstream commercial use.

Term 155

Switched Multimegabit Data Services (SMDS)

Definition 155

A connectionless network communication service. SMDS provides bandwidth on demand. SMDS is a preferred connection mechanism for linking remote LANs that communicate infrequently.

Term 156

Synchronous Data Link Control (SDLC)

Definition 156

A layer 2 protocol employed by networks with dedicated or leased lines. SDLC was developed by IBM for remote communications with SNA systems. SDLC is a bit-oriented synchronous protocol.

Term 157


Definition 157

See Terminal Access Controller Access Control System (TACACS).

Term 158

TCP wrapper

Definition 158

An application that can serve as a basic firewall by restricting access based on user IDs or systems IDs.

Term 159


Definition 159

The study and control of electronic signals produced by various types of electronic hardware,such as computers,televisions,phones,and so on. Its primary goal is to prevent EM and RF radiation from leaving a strictly defined area so as to eliminate the possibility of external radiation monitoring,eavesdropping,and signal sniffing.

Term 160

Take-Grant model

Definition 160

A model that employs a directed graph to dictate how rights can be passed from one subject to another or from a subject to an object. Simply put, a subject with the grant right can grant another subject or another object any other right they possess. Like-wise, a subject with the take right can take a right from another subject.

Term 161

Terminal Access Controller Access Control System (TACACS)

Definition 161

An alternative to RADIUS. TACACS is available in three versions: original TACACS, XTACACS (extended TACACS), and TACACS+. TACACS integrates the authentication and authorization processes. XTACACS keeps the authentication,authorization,and accounting processes separate. TACACS+ improves XTACACS by adding two-factor authentication.

Term 162

Top Secret

Definition 162

The highest level of government/military classification. Unauthorized disclosure of top-secret data will cause exceptionally grave damage to national security.

Term 163

Transmission Control Protocol (TCP)

Definition 163

A connection-oriented protocol located at layer 4 of the OSI model stack.

Term 164

Transport layer

Definition 164

Layer 4 of the OSI model.

Term 165

Trojan horse

Definition 165

A malicious code object that appears to be a benevolent program, such as a game or simple utility that performs the 'cover' functions as advertised but also carries an unknown payload,such as a virus.

Term 166

Type 1 authentication factor

Definition 166

Something you know,such as a password,personal identification number (PIN), combination lock, passphrase, mother's maiden name, or favorite color.

Term 167

Type 2 authentication factor

Definition 167

Something you have,such as a smart card,ATM card,token device,or memory card.

Term 168

Type 3 authentication factor

Definition 168

Something you are, such as fingerprints, voice print, retina pattern, iris pattern, face shape, palm topology, or hand geometry.

Term 169

USA Patriot Act of 2001

Definition 169

An act implemented after the September 11, 2001,terrorist attacks. It greatly broadened the powers of law enforcement organizations and intelligence agencies across a number of areas,including the monitoring of electronic communications.

Term 170

Uniform Computer Information Transactions Act (UCITA)

Definition 170

A federal law designed for adoption by each of the 50 states to provide a common framework for the conduct of computer-related business transactions.

Term 171

User Datagram Protocol (UDP)

Definition 171

A connectionless protocol located at layer 4 of the OSI model.

Term 172

Vernam cipher

Definition 172

A device that implements a 26-character modulo 26 substitution cipher.

Term 173

Vigenere cipher

Definition 173

A polyalphabetic substitution cipher.

Term 174

Voice over IP (VoIP)

Definition 174

A network service that provides voice communication services by transporting the voice traffic as network packets over an IP network.

Term 175

WiFi Protected Access (WPA)

Definition 175

An early alternative to WEP based on a secret passphrase and employing the LEAP and TKIP crypto systems. It is attackable through passphrase guessing.

Term 176

WiMax (802.16)

Definition 176

A wireless standard that defines citywide wireless access technologies. This standard has yet to be widely deployed.

Term 177

WinNuke attack

Definition 177

A type of DoS. A WinNuke attack is a specialized assault against Windows 95 systems. Out-of-band TCP data is sent to a victimÕs system,which causes the OS to freeze.

Term 178

Wired Equivalency Protocol (WEP)

Definition 178

A protocol that provides both 40- and 128-bit encryption options to protect communications within the wireless LAN.

Term 179

Wired Equivalent Privacy (WEP)

Definition 179

A form of encrypted authentication that employs RC4. WEP supports only one-way authentication from client to WAP. WEP is considered insufficient for security because of several deficiencies in its design and implementation.

Term 180

Wireless Application Protocol (WAP)

Definition 180

A functioning industry-driven protocol stack that allows users through their WAP-capable devices,such as cell phones,to communicate over a carrier's network with the Internet.

Term 181


Definition 181

An older WAN protocol that uses carrier switching to provide end-to-end connections

Term 182


Definition 182

A function that returns a true value when only one of the input values is true. If both values are false or both values are true,the output of the XOR function is false.

Term 183

Zero Knowledge Teams

Definition 183

These possess only primary information about an organization during a security assessment or penetration t

Term 184

abnormal activity

Definition 184

Any system activity that does not normally occur on your system. Also known as suspicious activity

Term 185


Definition 185

The collection of similar elements into groups classes or roles for the assignment of security controls restrictions or permissions as a collective.

Term 186

acceptance testing

Definition 186

A form of testing that attempts to verify that a system satisfies the stated criteria for functionality and possibly also for security capabilities of a product. It is used to determine whether end users or customers will accept the completed product.

Term 187

accepting risk

Definition 187

The valuation by management of the cost/benefit analysis of possible safeguards and the determination that the cost of the countermeasure greatly outweighs the possible cost of loss because of a risk.

Term 188


Definition 188

The transfer of information from an object to a subject.

Term 189

access control

Definition 189

The mechanism by which subjects are granted or restricted access to objects.

Term 190

access control list (ACL)

Definition 190

The column of an access control matrix that specifies what level of access has over an object.

Term 191

access control matrix

Definition 191

A table of subjects and objects that indicates the actions or functions that each subject can perform on each object. Each column of the matrix is an ACL. Each row of the matrix is a capability list.

Term 192

access tracking

Definition 192

Auditing logging and monitoring the attempted access or activities of a subject. Also referred to as activity tracking.

Term 193

account lockout

Definition 193

An element of the password policy's programmatic controls that disables a user account after a specified number of failed logon attempts. Account lockout is an effective countermeasure to brute-force and dictionary attacks against a system's logon prompt.

Term 194


Definition 194

The process of holding someone responsible (accountable) for something. In this context accountability is possible if a subject's identity and actions can be tracked and verified.

Term 195


Definition 195

The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.

Term 196

active content

Definition 196

Web programs that users download to their own computer for execution rather than consuming server-side resources.

Term 197


Definition 197

The means by which a processor refers to various locations in memory.

Term 198

administrative access controls

Definition 198

The policies and procedures defined by an organization's security policy to implement and enforce overall access control. Examples of administrative access controls include hiring practices background checks, data classification, security training, vacation history, reviews, work supervision, personnel controls, and testing.

Term 199

administrative law

Definition 199

Regulations that cover a range of topics from procedures to be used within a federal agency to immigration policies that will be used to enforce the laws passed by Congress. Administrative law is published in the Code of Federal Regulations (CFR).

Term 200

administrative physical security controls

Definition 200

Security controls that include facility construction, and selection site management, personnel controls, awareness training, and emergency response and procedures.

Term 201

admissible evidence

Definition 201

Evidence that is relevant to determining a fact. The fact that the evidence seeks to determine must be material (in other words, related) to the case. In addition the evidence must be competent,meaning that it must have been obtained legally. Evidence that results from an illegal search would be inadmissible because it is not competent.

Term 202

advisory policy

Definition 202

A policy that discusses behaviors and activities that are acceptable and defines consequences of violations. An advisory policy discusses the senior management's desires for security and compliance within an organization. Most policies are advisory.

Term 203


Definition 203

Intelligent code objects that perform actions on behalf of a user. They typically take initial instructions from the user and then carry on their activity, in an unattended manner, for a predetermined period of time,until certain conditions are met, or for an indefinite period.

Term 204

aggregate functions

Definition 204

SQL functions,such as COUNT(),MIN(),MAX(),SUM(),and AVG(),that can be run against a database to produce an information set.

Term 205


Definition 205

A number of functions that combine records from one or more tables to produce potentially useful information.

Term 206


Definition 206

A mechanism that is separate from a motion detector and triggers a deterrent, or triggers a repellant,and/or triggers a notification. Whenever a motion detector registers a significant or meaningful change in the environment, it triggers an alarm.

Term 207

alarm triggers

Definition 207

Notifications sent to administrators when a specific event occurs.

Term 208


Definition 208

See repeater.

Term 209

analytic attack

Definition 209

An algebraic manipulation that attempts to reduce the complexity of a cryptographic algorithm. This attack focuses on the logic of the algorithm itself.

Term 210

annualized loss expectancy (ALE)

Definition 210

The possible yearly cost of all instances of a specific realized threat against a specific asset. The ALE is calculated using the formula ALE = single loss expectancy (SLE) * annualized rate of occurrence (ARO).

Term 211

annualized rate of occurrence (ARO)

Definition 211

The expected frequency that a specific threat or risk will occur (in other words, become realized) within a single year.

Term 212

anomaly detection

Definition 212

See behavior-based detection.

Term 213


Definition 213

Code objects sent from a server to a client to perform some action. Applets are self-contained miniature programs that execute independently of the server that sent them.

Term 214

application-level gateway firewall

Definition 214

A firewall that filters traffic based on the Internet service (in other words, application) used to transmit or receive the data. Application-level gateways are known as second-generation firewalls.

Term 215

assembly language

Definition 215

A higher-level alternative to machine language code. Assembly languages use mnemonics to represent the basic instruction set of a CPU but still requires hardware-specific knowledge.

Term 216


Definition 216

Anything within an environment that should be protected. The loss or disclosure of an asset could result in an overall security compromise, loss of productivity, reduction in profits, additional expenditures, discontinuation of the organization, and numerous intangible consequences.

Term 217

asset valuation

Definition 217

A dollar value assigned to an asset based on actual cost and nonmonetary expenses,such as costs to develop, maintain, administer, advertise, support,repair,and replace; as well as other values,such as public confidence, industry support, productivity enhancement, knowledge equity, and ownership benefits.

Term 218

asset value (AV)

Definition 218

A dollar value assigned to an asset based on actual cost and nonmonetary expenses.

Term 219

assigning risk

Definition 219

See transferring risk.

Term 220


Definition 220

The degree of confidence that security needs are satisfied. Assurance must be continually maintained, updated, and reverified

Term 221

asymmetric key

Definition 221

Public key cryptosystems that use a pair of keys (public and private) for each participant. Messages encrypted with one key from the pair can only be decrypted with the other key from the same pair.

Term 222

asynchronous transfer mode (ATM)

Definition 222

A cell-switching technology rather than a packet- switching technology like Frame Relay. ATM uses virtual circuits much like Frame Relay,but because it uses fixed-size frames or cells,it can guarantee throughput. This makes ATM an excellent WAN technology for voice and video conferencing.

Term 223


Definition 223

One of the four required characteristics of all database transactions. A database trans- action must be an "all-or-nothing" affair. If any part of the transaction fails,the entire transaction must be rolled back, as if it never occurred.

Term 224


Definition 224

The exploitation of a vulnerability by a threat agent, attacker or any person who attempts to perform a malicious action against a system.

Term 225


Definition 225

The loss of signal strength and integrity on a cable because of the length of the cable.

Term 226


Definition 226

A column within a table of a relational database.

Term 227

audit trails

Definition 227

The records created by recording information about events and occurrences into a database or log file. Audit trails are used to reconstruct an event, to extract information about an incident, to prove or disprove culpability, and much more.

Term 228


Definition 228

A methodical examination or review of an environment to ensure compliance with regulations and to detect abnormalities, unauthorized occurrences, or outright crimes.

Term 229


Definition 229

The person or group responsible for testing and verifying that the security policy is properly implemented and the derived security solutions are adequate.

Term 230


Definition 230

The process of verifying or testing that the identity claimed by a subject is valid.

Term 231

authentication protocols

Definition 231

Protocol used to provide the transport mechanism for log-on credentials.

Term 232

authority before the lifetimes of the certificates have expired. certificates

Definition 232

Endorsed copies of an individualÕs public key that verifies their identity.

Term 233


Definition 233

A process that ensures that the requested activity or object access is possible given the rights and privileges assigned to the authenticated identity (in other words, subject).

Term 234

automatic private IP addressing (APIPA)

Definition 234

A feature of Windows that assigns an IP address to a system should DHCP address assignment fail.

Term 235

auxiliary alarm system

Definition 235

An additional function that can be added to either local or centralized alarm systems. The purpose of an auxiliary alarm system is to notify local police or fire services when an alarm is triggered.

Term 236


Definition 236

The assurance that authorized subjects are granted timely and uninterrupted access to objects.

Term 237


Definition 237

A form of security teaching that is a prerequisite to training. The goal of awareness is to bring security into the forefront and make it a recognized entity for students/users.

Term 238


Definition 238

Forms of physical identification and/or of electronic access control devices.

Term 239


Definition 239

A communication medium that supports only a single communication signal at a time.

Term 240


Definition 240

The minimum level of security that every system throughout the organization must meet.

Term 241

bastion host

Definition 241

a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers.

Term 242


Definition 242

In the context of object-oriented programming terminology and techniques, the results or output from an object after processing a message using a method.

Term 243

behavior-based detection

Definition 243

An intrusion discovery mechanism used by IDS. Behavior-based detection finds out about the normal activities and events on your system through watching and learning. Once it has accumulated enough data about normal activity, it can detect abnormal and possible malicious activities and events. Also known as statistical intrusion detection,anomaly detection,and heuristics-based detection.

Term 244

best evidence rule

Definition 244

A rule that states when a document is used as evidence in an court proceeding, the original document must be introduced. Copies will not be accepted as evidence unless certain exceptions to the rule apply.

Term 245

bind variable

Definition 245

A placeholder for SQL literal values,such as numbers or character strings.

Term 246


Definition 246

The use of human physiological or behavioral characteristics as authentication factors for logical access and identification for physical access.

Term 247

birthday attack

Definition 247

An attack in which the malicious individual seeks to substitute in a digitally signed communication with a different message that produces the same message digest, thereby maintaining the validity of the original digital signature. This is based on the statistical anomaly that in a room with 23 people, the probability of two of more people having the same birthday is greater than 50 percent.

Term 248

black-box testing

Definition 248

A form of program testing that examines the input and output of a program without focusing on its internal logical structures.

Term 249


Definition 249

A complete loss of power.

Term 250

block cipher

Definition 250

A cipher that applies the encryption algorithm to an entire message block at the at the same time. Transporation ciphers are examples of block ciphers.

Term 251


Definition 251

Highjacking a Bluetooth connection to eavesdrop or extract information from devices.

Term 252

boot sector

Definition 252

The portion of a storage device used to load the operating system and the types of viruses that attack that process.

Term 253


Definition 253

A network device used to connect networks with different speeds, cable types, or topologies that still use the same protocol. A bridge is a layer 2 device.

Term 254


Definition 254

A communication medium that supports multiple communication signals simultaneously.

Term 255


Definition 255

A communications transmission to multiple but unidentified recipients.

Term 256

broadcast address

Definition 256

A broadcast network address that is used during a smurf attack.

Term 257


Definition 257

A network device that first attempts to route and then defaults to bridging if routing fails.

Term 258


Definition 258

A period of prolonged low voltage.

Term 259

brute force

Definition 259

An attack pattern characterized by a mechanical series of sequential or combi- natorial inputs utilized in an automated attempt to identify security properties (usually pass- words) in a given system (see brute-force attack).

Term 260

brute-force attack

Definition 260

An attack made against a system to discover the password to a known identity (in other words,username). A brute-force attack uses a systematic trial of all possible character combinations to discover an accountÕs password.

Term 261

buffer overflow

Definition 261

A vulnerability that can cause a system to crash or allow the user to execute shell commands and gain access to the system. Buffer overflow vulnerabilities are especially prevalent in code developed rapidly for the Web using CGI or other languages that allow unskilled programmers to quickly create interactive web pages.

Term 262

business attack

Definition 262

An attack that focuses on illegally obtaining an organizationÕs confidential information.

Term 263

cache RAM

Definition 263

A process by that takes data from slower devices and temporarily stores it in

Term 264

campus area network (CAN)

Definition 264

A network that spans a college,university,or a multibuilding office complex.

Term 265

capability list

Definition 265

Each row of an access control matrix is a capability list. A capability list is tied to the subject; it lists valid actions that can be taken on each object.

Term 266


Definition 266

The number of rows in a relational database. cell suppression,The act of suppressing (or hiding) individual data items inside a database

Term 267

centralized access control

Definition 267

Method of control in which all authorization verification is performed by a single entity within a system.

Term 268

centralized alarm system

Definition 268

An alarm system that signals a remote or centralized monitoring station when the alarm is triggered.

Term 269

certificate authority

Definition 269

An agency that authenticates and distributes digital certificates. certificate revocation list (CRL),The list of certificates that have been revoked by a certificate

Term 270

certificate revocation list (CRL)

Definition 270

The list of certificates that have been revoked by a certificate before the lifetimes of the certificates have expired.

Term 271


Definition 271

The comprehensive evaluation,made in support of the accreditation process,of the technical and nontechnical security features of an IT system and other safeguards to estab- lish the extent to which a particular design and implementation meets a set of specified security requirements.

Term 272

chain of evidence

Definition 272

The process by which an object is uniquely identified in a court of law. Challenge Handshake Authentication Protocol (CHAP),One of the authentication protocols

Term 273

change management

Definition 273

The means by which changes to an environment are logged and moni- tored in order to ensure that any change does not lead to reduced or compromised security.

Term 274

checklist test

Definition 274

A process in which copies of the disaster recovery checklists are distributed to the members of the disaster recovery team for their review.

Term 275

chosen cipher-text attack

Definition 275

An attack in which the attacker has the ability to decrypt chosen portions of the cipher-text message.

Term 276

chosen plain-text attack

Definition 276

An attack in which the attacker has the ability to encrypt plain-text messages of their choosing and then analyze the cipher-text output of the encryption algorithm.

Term 277

cipher text

Definition 277

A message that has been encrypted for transmission.

Term 278

civil laws

Definition 278

Laws that form the bulk of the body of laws in the United States. They are designed to provide for an orderly society and govern matters that are not crimes but require an impartial arbiter to settle disputes between individuals and organizations.

Term 279


Definition 279

In the context of object-oriented programming terminology and techniques,a collection of common methods from a set of objects that defines the behavior of those objects.

Term 280


Definition 280

A label that is applied to a resource to indicate its sensitivity or value to an organization and therefore designate the level of security necessary to protect that resource.

Term 281

classification level

Definition 281

Another term for a security label. An assigned importance or value placed on objects and subjects.

Term 282

clean power

Definition 282

Nonfluctuating pure power. clearing,A method of sufficiently deleting media that will be reused in the same secured

Term 283


Definition 283

A method of sufficiently deleting media that will be reused in the same secured environment

Term 284

click-wrap license agreement

Definition 284

A software agreement in which the contract terms are either written on the software box or included in the software documentation. During the installation process,you are required to click a button indicating that you have read the terms of the agreement and agree to abide by them.

Term 285

clipping level

Definition 285

A threshold value used in violation analysis auditing. Crossing the clipping level triggers the recording of relevant event data to an audit log.

Term 286

closed head system

Definition 286

See wet pipe system.

Term 287

closed-circuit television (CCTV)

Definition 287

A security system using video cameras and video recording devices.

Term 288

clustering (or key clustering)

Definition 288

A weakness in cryptography where a plain-text message generates identical cipher-text messages using the same algorithm but using different keys.

Term 289

coaxial cable

Definition 289

A cable with a center core of copper wire surrounded by a layer of insulation and then by a conductive braided shielding and finally encased in an insulation sheath. Coaxial cable is fairly resistant to EMI,has a low cost,and is easy to install.

Term 290


Definition 290

See cipher.

Term 291

cognitive password

Definition 291

A variant of the password authentication factor that asks a series of questions about facts or predefined responses that only the subject should know.

Term 292

cohesive (or cohesiveness)

Definition 292

An object is highly cohesive if it can perform a task with little or no help from other objects. Highly cohesive objects are not as dependent upon other objects as objects with lower cohesion. Objects with higher cohesion are often better. Highly cohesive objects perform tasks alone and have low coupling.

Term 293

cold sites

Definition 293

Standby facilities large enough to handle the processing load of an organization and with appropriate electrical and environmental support systems.

Term 294

collision attack

Definition 294

See birthday attack.

Term 295


Definition 295

An agreement between multiple people to perform an unauthorized or illegal action.

Term 296

commercial business/private sector classification

Definition 296

The security labels commonly employed on secure systems used by corporations. Common corporate or commercial security labels are confidential, proprietary, private, sensitive, and public.

Term 297

common mode noise

Definition 297

Electromagnetic interference (EMI) noise generated by the difference in power between the hot and ground wires of a power source or operating electrical equipment.

Term 298

companion virus

Definition 298

A variation of the file infector virus. A companion virus is a self-contained executable file that escapes detection by using a filename similar to,but slightly different from,a legitimate operating system file.

Term 299

compartmented security mode

Definition 299

A security mode in which systems process two or more types of compartmented information. All system users must have an appropriate clearance to access all information processed by the system but do not necessarily need to know all the information in the system.

Term 300

compensation access control

Definition 300

A type of access control that provides various options to other existing controls to aid in the enforcement and support of a security policy.

Term 301


Definition 301

A distinction of evidence that means that the evidence must be obtained legally. Evidence that results from an illegal search would be inadmissible because it is not competent.

Term 302

compiled languages

Definition 302

A computer language that is converted into machine language before distribution or execution.

Term 303

compliance testing

Definition 303

Another common usage of auditing. Verification that a system complies with laws, regulations, baselines, guidelines, standards,and policies is an important part of maintaining security in any environment.

Term 304


Definition 304

If system security has been broken,the system is considered compromised.

Term 305

computer architecture

Definition 305

An engineering discipline concerned with the construction of computing systems from the logical level.

Term 306

computer crime

Definition 306

Any crime that is perpetrated against or with the use of a computer.

Term 307


Definition 307

See repeater.

Term 308

conclusive evidence

Definition 308

Incontrovertible evidence that overrides all other forms of evidence.

Term 309


Definition 309

A security mechanism that endeavors to make certain that the information stored in a database is always correct or at least has its integrity and availability protected. Concurrency uses a 'lock" feature to allow an authorized user to make changes and then "unlocks' data elements only after all changes are complete.

Term 310


Definition 310

The assurance that information is protected from unauthorized disclosure and the defined level of secrecy is maintained throughout all subject-object interactions.

Term 311

configuration management

Definition 311

The process of logging, auditing, and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change, whether objects, subjects, programs, communication pathways,or even the network itself.

Term 312

confinement (or confinement property)

Definition 312

The principle that allows a process to read from and write to certain memory locations and resources only. This is an alternate name for the * (star) Security Property of the Bell-LaPadula model.

Term 313


Definition 313

It occurs when the relationship between the plain text and the key is complicated enough that an attacker can't just alter the plain text and analyze the result in order to determine the key.

Term 314


Definition 314

One of the four required characteristics of all database transactions (the other three are atomicity, isolation, and durability). All transactions must begin operating in an environment that is consistent with all of the database's rules.

Term 315


Definition 315

The result of mixing of data with a different classification level and/or need- to-know requirement.

Term 316

content-dependent access control

Definition 316

A form of access control based on the contents or payload of an object.

Term 317


Definition 317

A goal an organization can accomplish by having plans and procedures to help mitigate the effects a disaster has on its continuing operations and to speed the return to normal operations.

Term 318

contractual license agreement

Definition 318

A written contract between the software vendor and the customer outlining the responsibilities of each.

Term 319


Definition 319

The use of access rules to limit a subject's access to an object.

Term 320

controls gap

Definition 320

The difference between total risk and residual risk.

Term 321


Definition 321

Law that guarantees the creators of
"original works of authorship"' protection against the unauthorized duplication of their work.

Term 322

corrective access control

Definition 322

An access control deployed to restore systems to normal after an unwanted or unauthorized activity has occurred. Examples of corrective access controls include alarms, mantraps, and security policies.

Term 323

corrective controls

Definition 323

Instructions,procedures,or guidelines used to reverse the effects of an unwanted activity,such as attacks or errors.

Term 324


Definition 324

Actions taken to patch a vulnerability or secure a system against an attack. Countermeasures can include altering access controls, reconfiguring security settings, installing new security devices or mechanisms, adding or removing services, and so on.

Term 325


Definition 325

The level of interaction between objects. Lower coupling means less interaction. Lower coupling delivers better software design because objects are more independent. Lower coupling is easier to troubleshoot and update. Objects with low cohesion require lots of assistance from other objects to perform tasks and have high coupling.

Term 326

covert channel

Definition 326

The means by which data can be communicated outside of normal,expected,or detectable methods.

Term 327

covert storage channel

Definition 327

A channel that conveys information by writing data to a common storage area where another process can read it.

Term 328

covert timing channel

Definition 328

A channel that conveys information by altering the performance of a system component or modifying a resource's timing in a predictable manner.

Term 329


Definition 329

Malicious users intent on waging an attack against a person or system. Crackers may be motivated by greed, power, or recognition. Their actions can result in stolen property (data, ideas, and so on), disabled systems, compromised security, negative public opinion, loss of market share, reduced profitability, and lost productivity.

Term 330

creeping privilege(s)

Definition 330

When a user account accumulates privileges over time as job roles and assigned tasks change.

Term 331

criminal law

Definition 331

Body of laws that the police and other law enforcement agencies enforce. Criminal law contains prohibitions against acts such as murder, assault, robbery, arson, theft, and similar offenses.

Term 332

critical path analysis

Definition 332

A systematic effort to identify relationships between mission-critical applications, processes, and operations and all of the necessary supporting elements.

Term 333

criticality prioritization

Definition 333

The prioritization of mission-critical assets and processes during the creation of BCP/DRP.

Term 334

crossover error rate (CER)

Definition 334

The point at which the false acceptance rate (FAR) equals the false rejection rate (FRR). This is the point from which performance is measured in order to compare the capabilities of different biometric devices.

Term 335


Definition 335

The study of methods to defeat codes and ciphers. cryptographic key, Cryptographic keys provide the 'secret' portion of a cryptographic

Term 336


Definition 336

Algorithms applied to data that are designed to ensure confidentiality, integrity, authentication, and/or nonrepudiation.

Term 337


Definition 337

System in which a shared secret key or pairs of public and private keys are used by communicating parties to facilitate secure communication.

Term 338


Definition 338

Another name for the key used to perform encryption and decryption activities.

Term 339


Definition 339

A subject that has been assigned or delegated the day-to-day responsibilities of classifying and labeling objects and properly storing and protecting objects. The custodian is typically the IT staff or the system security administrator.

Term 340

cyclic redundancy check (CRC)

Definition 340

Similar to a hash total,a value that indicates whether a message has been altered or damaged in transit.

Term 341

data circuit-terminating equipment (DCE)

Definition 341

A networking device that performs the actual transmission of data over the Frame Relay as well as establishing and maintaining the virtual circuit for the customer.

Term 342

data classification

Definition 342

Grouping data under labels for the purpose of applying security controls and access restrictions.

Term 343

data custodian

Definition 343

The user who is assigned the task of implementing the prescribed protection defined by the security policy and upper management. The data custodian performs any and all activities necessary to provide adequate protection for data and to fulfill the requirements and responsibilities delegated to him from upper management.

Term 344

data dictionary

Definition 344

Central repository of data elements and their relationships. Stores critical information about data usage, relationships, sources, and formats.

Term 345

data diddling

Definition 345

The act of changing data.

Term 346

data extraction

Definition 346

The process of extracting elements of data from a large body of data to construct a meaningful representation or summary of the whole.

Term 347

data hiding

Definition 347

The process of preventing data from being known by a subject.

Term 348

data mart

Definition 348

The storage facility used to secure metadata.

Term 349

data mining

Definition 349

A technique or tool that allows analysts to comb through data warehouses and look for potential correlated information amid the historical data.

Term 350

data steward

Definition 350

See data custodian

Term 351

data terminal equipment (DTE)

Definition 351

A networking device that acts like a router or a switch and
provides the customer’s network access to the Frame Relay network.

Term 352

data warehouse

Definition 352

Large databases used to store large amounts of information from a variety of databases for use in specialized analysis techniques.

Term 353


Definition 353

An electronic filing system for organizing collections of information. Most data- bases are organized by files, records, and fields.

Term 354

database management system (DBMS)

Definition 354

An application that enables the storage,modification,and extraction of information from a database.

Term 355

database partitioning

Definition 355

The act of dividing a database up into smaller sections or individual databases; often employed to segregate content with varying sensitivity labels.

Term 356


Definition 356

The process of stripping a layer's header and footer from a PDU as it travels up the OSI model layers.

Term 357

decentralized access control

Definition 357

System of access control in which authorization verification is performed by various entities located throughout a system.

Term 358

decision support system (DSS)

Definition 358

An application that analyzes business data and presents it so as to make business decisions easier for users. DSS is considered an informational application more so than an operational application. Often a DSS is employed by knowledge workers (such as help desk or customer support) and by sales services (such as phone operators).

Term 359


Definition 359

The process of moving a resource into a lower classification level once its value no longer justifies the security protections provided by a higher level of classification.

Term 360


Definition 360

The process of reversing a cryptographic algorithm that was used to encrypt a message.

Term 361

dedicated mode

Definition 361

See dedicated security mode.

Term 362

dedicated security mode

Definition 362

Mode in which the system is authorized to process only a specific classification level at a time. All system users must have clearance and a need to know that information.

Term 363


Definition 363

The act of using a magnet to return media to its original pristine unused state.

Term 364


Definition 364

The number of columns in a relational database.

Term 365


Definition 365

In the context of object-oriented programming,the forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message.

Term 366

delta rule

Definition 366

Also known as the learning rule. It is the feature of expert systems that allows them to learn from experience.

Term 367

deluge system

Definition 367

Another form of dry pipe (fire suppression) system that uses larger pipes and therefore a significantly larger volume of water. Deluge systems are inappropriate for environments that contain electronics and computers.

Term 368

denial of service (DoS)

Definition 368

A type of attack that prevents a system from processing or responding to legitimate traffic or requests for resources and objects.

Term 369

deny risk

Definition 369

See reject risk.

Term 370

detective access control

Definition 370

An access control deployed to discover unwanted or unauthorized activity. Examples of detective access controls include security guards, supervising users, incident investigations, and intrusion detection systems (IDSs).

Term 371

detective control

Definition 371

See detective access control.

Term 372

detective control

Definition 372

Any security mechanism used to verify the effectiveness of directive and preventive controls.

Term 373

deterrent access control

Definition 373

An access control that discourages violations of a security policy.

Term 374

dictionary attack

Definition 374

An attack against a system designed to discover the password to a known identity (in other words, a username). In a dictionary attack,a script of common passwords and dictionary words is used to attempt to discover an account's password.

Term 375

differential backup

Definition 375

A type of backup that stores all files that have been modified since the time of the most recent full backup.

Term 376


Definition 376

When a change in the plain-text results in multiple changes spread throughout the cipher text.

Term 377

digital signature

Definition 377

A method for ensuring a recipient that a message truly came from the claimed sender and that the message was not altered while in transit between the sender and recipient.

Term 378

direct addressing

Definition 378

A process by which the CPU is provided with the actual address of the memory location to be accessed.

Term 379

direct evidence

Definition 379

Evidence that proves or disproves a specific act through oral testimony based on information gathered through the witness's five senses.

Term 380

directive access control

Definition 380

An access control that directs,confines,or controls the actions of subjects to force or encourage compliance with security policy.

Term 381

directory service

Definition 381

A centralized database of resources available to the network, much like a telephone directory for network services and assets. Users, clients, and processes consult the directory service to learn where a desired system or resource resides.

Term 382


Definition 382

An event that brings great damage,loss,or destruction to a system or environment.

Term 383

disaster recovery plan

Definition 383

A document that guides the recovery efforts necessary to restore your business to normal operations as quickly as possible.

Term 384

discretionary access control

Definition 384

A mechanism used to control access to objects. The owner or creator of an object controls and defines the access other subjects have to it.

Term 385

distributed access control

Definition 385

A form of access control in which authorization verification is performed by various entities located throughout a system.

Term 386

distributed data model

Definition 386

In a distributed data model, data is stored in more than one database but remains logically connected. The user perceives the database as a single entity, even though it comprises numerous parts interconnected over a network. Each field may have numerous children as well as numerous parents. Thus, the data mapping relationship is many-to-many.

Term 387

distributed denial of service (DDoS)

Definition 387

A distributed denial of service occurs when the attacker compromises several systems to be used as launching platforms against one or more victims. The compromised systems used in the attack are often called slaves or zombies. A DDoS attack results in the victims being flooded with data from numerous sources.

Term 388

distributed reflective denial of service (DRDoS)

Definition 388

DRDoS attacks take advantage of the normal operation mechanisms of key Internet services,such as DNS and router update protocols. DRDoS attacks function by sending numerous update,session,or control packets to various Internet service servers or routers with a spoofed source address of the intended victim. A DRDoS attack can result in so much traffic that upstream systems are adversely affected by the sheer volume of data focused on the victim.

Term 389

documentary evidence

Definition 389

Any written items brought into court to prove a fact at hand. This type of evidence must also be authenticated.

Term 390


Definition 390

1) A realm of trust or a collection of subjects and objects that share a common security policy. Each domain's access control is maintained independently of other domains' access control. This results in decentralized access control when multiple domains are involved.

2) An area of study for the CISSP exam.

Term 391

dry pipe system

Definition 391

A fire suppression system that contains compressed air. Once suppression is triggered, the air escapes,which opens a water valve that in turn causes the pipes to fill and discharge water into the environment.

Term 392

due care

Definition 392

The steps taken to ensure that assets and employees of an organization have been secured and protected and that upper management has properly evaluated and assumed all unmitigated or transferred risks.

Term 393

due diligence

Definition 393

The extent to which a reasonable person will endeavor under specific circumstances to avoid harming other people or property.

Term 394

dumb cards

Definition 394

Human-readable-only card IDs that usually have a photo and written information about the authorized bearer. Dumb cards are for use in environments where automated controls are infeasible or unavailable but security guards are practical.

Term 395

dumpster diving

Definition 395

The act of digging through the refuse,remains,or leftovers from an organization or operation in order to discover or infer information about the organization.

Term 396


Definition 396

One of the four required characteristics of all database transactions (the other three are atomicity,consistency,and isolation). The concept that database transactions must be resilient. Once a transaction is committed to the database,it must be preserved. Databases ensure durability through the use of backup mechanisms,such as transaction logs.

Term 397

dwell time

Definition 397

The length of time a key on the keyboard is pressed. This is an element of the keystroke dynamics biometric factor.

Term 398

dynamic packet-filtering firewalls

Definition 398

A firewall that enables real-time modification of the filtering rules based on traffic content. Dynamic packet-filtering firewalls are known as fourth-generation firewalls.

Term 399

dynamic passwords

Definition 399

Passwords that do not remain static for an extended period of time. Dynamic passwords can change on each use or at a regular interval,such as every 30 days.

Term 400


Definition 400

Another term for sniffing. However,eavesdropping can include more than just capturing and recording network traffic. Eavesdropping also includes recording or listening to audio communications,faxes,radio signals,and so on.

Term 401


Definition 401

A detailed endeavor where students/users learn much more than they actually need to know to perform their work tasks. Education is most often associated with users pursuing certification or seeking job promotion.

Term 402

electromagnetic interference (EMI)

Definition 402

A type of electrical noise that can do more than just cause problems with how equipment functions; it can also interfere with the quality of com- munications,transmissions,and playback.

Term 403

electronic access control (EAC)

Definition 403

A type of smart lock that uses a credential reader,an electromagnet,and a door-closed sensor.

Term 404

electronic vaulting

Definition 404

A storage scenario in which database backups are transferred to a remote site in a bulk transfer fashion. The remote location may be a dedicated alternative recovery site (such as a hot site) or simply an offsite location managed within the company or by a contractor for the purpose of maintaining backup data.

Term 405

electronically erasable PROM (EEPROM)

Definition 405

A storage system that uses electric voltages delivered to the pins of the chip to force erasure. EEPROMs can be erased without removal from the com- puter,giving them much greater flexibility than standard PROM and EPROM chips.

Term 406

elliptic curve cryptography

Definition 406

A new branch of public key cryptography that offers similar security to established public key cryptosystems at reduced key sizes.

Term 407

elliptic curve group

Definition 407

Each elliptic curve has a corresponding elliptic curve group made up of the points on the elliptic curve along with the point O,located at infinity. Two points within the same elliptic curve group (P and Q) can be added together with an elliptic curve addition algorithm.

Term 408


Definition 408

Often referred to as the user when discussing IT issues. See also user.

Term 409

employment agreement

Definition 409

A document that outlines an organizationÕs rules and restrictions,security policy,and acceptable use and activities policies; details the job description; outlines vio- lations and consequences; and defines the length of time the position is to be filled by the employee.

Term 410


Definition 410

The process of adding a header and footer to a PDU as it travels down the OSI model layers.

Term 411


Definition 411

The process used to convert a message into cipher text. encryption,The art and science of hiding the meaning or intent of a communication from

Term 412

end user

Definition 412

See user.

Term 413

end-to-end encryption

Definition 413

An encryption algorithm that protects communications between two parties (in other words,a client and a server) and is performed independently of link encryption. An example of this would be the use of Privacy Enhanced Mail (PEM) to pass a message between a sender and a receiver. This protects against an intruder who might be mon- itoring traffic on the secure side of an encrypted link or traffic sent over an unencrypted link.

Term 414


Definition 414

The process of establishing a new user identity or authentication factor on a system. Secure enrollment requires physical proof of a personÕs identity or authentication factor. Generally,if the enrollment process takes longer than two minutes,the identification or authorization mechanism (typically a biometric device) is not approved.

Term 415


Definition 415

A subject or an object.

Term 416

erasable PROM (EPROM)

Definition 416

A PROM chip that has a small window through which the illu- mination of a special ultraviolet light causes the contents of the chip to be erased. After this process is complete,the end user can burn new information into the EPROM.

Term 417


Definition 417

A delete operation against a file,a selection of files,or the entire media. In most cases,the deletion or erasure process removes only the directory or catalog link to the data. The actual data remains on the drive.

Term 418


Definition 418

The malicious act of gathering proprietary,secret,private,sensitive,or confiden- tial information about an organization for the express purpose of disclosing and often selling that data to a competitor or other interested organization (such as a foreign government).

Term 419

ethical hacking

Definition 419

See penetration testing.

Term 420


Definition 420

The rules that govern personal conduct. Several organizations have recognized the need for standard ethics rules,or codes,and have devised guidelines for ethical behavior. These rules are not laws but are minimum standards for professional behavior. They should provide you with a basis for sound,professional,ethical judgment.

Term 421


Definition 421

In the context of computer crime,any hardware,software,or data that you can use to prove the identity and actions of an attacker in a court of law.

Term 422

exact actions necessary to implement a specific security mechanism

Definition 422

control,or solution.

Term 423

excessive privilege(s)

Definition 423

More access,privilege,or permission than a userÕs assigned work tasks dictate. If a user account is discovered to have excessive privilege,the additional and unnecessary benefits should be immediately curtailed.

Term 424

exit interview

Definition 424

An aspect of a termination policy. The terminated employee is reminded of their legal responsibilities to prevent the disclosure of confidential and sensitive information.

Term 425

expert opinion

Definition 425

A type of evidence consisting of the opinions and facts offered by an expert. An expert is someone educated in a field and who currently works in that field.

Term 426

expert system

Definition 426

A system that seeks to embody the accumulated knowledge of humankind on a particular subject and apply it in a consistent fashion to future decisions.

Term 427


Definition 427

The condition of being exposed to asset loss because of a threat. Exposure involves being susceptible to the exploitation of a vulnerability by a threat agent or event.

Term 428

exposure factor (EF)

Definition 428

The percentage of loss that an organization would experience if a specific asset were violated by a realized risk.

Term 429


Definition 429

A cross between the Internet and an intranet. An extranet is a section of an orga- nizationÕs network that has been sectioned off so that it acts as an intranet for the private net- work but also serves information to the public Internet. Extranets are often used in B2B applications,between customers and suppliers.

Term 430

face scan

Definition 430

An example of a biometric factor,which is a behavioral or physiological charac- teristic that is unique to a subject. A face scan is a process by which the shape and feature layout of a personÕs face is used to establish identity or provide authentication.

Term 431


Definition 431

The response of a system to a failure so that it defaults to an ÒallowÓ posture.

Term 432


Definition 432

The response of a system to a failure so that it defaults to a ÒdenyÓ posture.

Term 433


Definition 433

See fail-safe.

Term 434

false acceptance rate (FAR)

Definition 434

Error that occurs when a biometric device is not sensitive enough and an invalid subject is authenticated. Also referred to as a Type 2 error.

Term 435

false rejection rate (FRR)

Definition 435

Error that occurs when a biometric device is too sensitive and a valid subject is not authenticated. Also referred to as a Type 1 error.

Term 436


Definition 436

A momentary loss of power.

Term 437


Definition 437

A perimeter-defining device. Fences are used to clearly differentiate between areas that are under a specific level of security protection and those that are not. Fencing can include a wide range of components, materials, and construction methods.

Term 438


Definition 438

A cabling form that transmits light instead of electrical signals. Fiber-optic cable supports throughputs up to 2 Gbps and lengths of up to 2 kilometers.

Term 439

file infector

Definition 439

Virus that infects different types of executable files and triggers when the operating system attempts to execute them. For Windows-based systems,these files end with .exe and .com extensions.

Term 440

financial attack

Definition 440

A crime that is carried out to unlawfully obtain money or services.

Term 441


Definition 441

The patterns of ridges on the fingers of humans. Often used as a biometric authentication factor.

Term 442


Definition 442

A network device used to filter traffic. A firewall is typically deployed between a private network and a link to the Internet, but it can be deployed between departments within an organization. Firewalls filter traffic based on a defined set of rules.

Term 443


Definition 443

Software that is stored in a ROM chip.

Term 444

flight time

Definition 444

The length of time between key presses. This is an element of the keystroke dynamics form of biometrics.

Term 445


Definition 445

An attack that involves sending enough traffic to a victim to cause a DoS. Also referred to as a stream attack.

Term 446


Definition 446

A form of denial-of-service attack similar to smurf, but it uses UDP packets instead of ICMP.

Term 447


Definition 447

When a network receives a packet larger than its maximum allowable packet size, it breaks it up into two or more fragments. These fragments are each assigned a size (corresponding to the length of the fragment) and an offset (corresponding to the starting location of the fragment).

Term 448

fragmentation attacks

Definition 448

An attack that exploits vulnerabilities in the fragment reassembly functionality of the TCP/IP protocol stack.

Term 449

frequency analysis

Definition 449

A cryptographic analysis or attack that looks for repetition of letters in an encrypted message and compares that with the statistics of letter usage for a specific language,such as the frequency of the letters E, T, A, O, N, R, I,S, and H in the English language.

Term 450

full backup

Definition 450

A complete copy of data contained on the protected device on the backup media. This also refers to the process of making a complete copy of data, as in 'performing a full backup'.

Term 451

full-interruption tests

Definition 451

A disaster recovery test that involves actually shutting down operations at the primary site and shifting them to the recovery site.

Term 452

full-knowledge teams

Definition 452

These possess a full body of knowledge over the operation,configuration,and utilization of hardware and software inventory prior to a security assessment or penetration test.

Term 453


Definition 453

A controlled exit and entry point in a fence.

Term 454


Definition 454

A networking device that connects networks that are using different network protocols.

Term 455

government/military classification

Definition 455

The security labels commonly employed on secure systems used by the military. Military security labels range from highest sensitivity to lowest: top secret, secret, confidential, sensitive but unclassified, and unclassified (top secret, secret,and confidential are collectively known as classified).

Term 456

granular object control

Definition 456

A very specific and highly detailed level of control over the security settings of an object.

Term 457


Definition 457

The wire in an electrical circuit that is grounded (that is, connected with the earth).

Term 458


Definition 458

An access control management simplification mechanism similar to a role. Similar users are made members of a group. A group is assigned access to an object. Thus,all members of the group are granted the same access to an object. The use of groups greatly simplifies the administrative overhead of managing user access to objects.

Term 459

grudge attack

Definition 459

Attack usually motivated by a feeling of resentment and carried out to damage an organization or a person. The damage could be in the loss of information or harm to the organization or a person's reputation. Often the attacker is a current or former employee or someone who wishes ill will upon an organization.

Term 460


Definition 460

A document that offers recommendations on how standards and baselines are implemented. Guidelines outline methodologies, include suggested actions, and are not compulsory.

Term 461


Definition 461

A technology enthusiast who does not have malicious intent. Many authors and the
media often use the term when they are actually discussing issues relating to crackers.

Term 462

hand geometry

Definition 462

A type of biometric control that recognizes the physical dimensions of a hand. This includes width and length of the palm and fingers. It can be a mechanical or image- edge (in other words,visual silhouette) graphical solution.

Term 463


Definition 463

A three-way process utilized by the TCP/IP protocol stack to set up connections between two hosts.

Term 464


Definition 464

An actual physical device, such as a hard drive, LAN card, printer,and so on.

Term 465

hardware segmentation

Definition 465

A technique that implements process isolation at the hardware level by enforcing memory access constraints.

Term 466

hardware segmentation

Definition 466

A technique that implements process isolation at the hardware level by enforcing memory access constraints.

Term 467


Definition 467

See hash function.

Term 468

hash function

Definition 468

The process of taking a full message and generating a unique output value derived from the content of the message. This value is commonly referred to as the message digest.

Term 469

hash total

Definition 469

A checksum used to verify the integrity of a transmission. See also cyclic redundancy check (CRC).

Term 470

hash value

Definition 470

A number that is generated from a string of text and is substantially smaller than the text itself. A formula creates a hash value in a way that it is extremely unlikely that any other text will produce the same hash value.

Term 471

hearsay evidence

Definition 471

Evidence consisting of statements made to a witness by someone else out- side of court. Computer log files that are not authenticated by a system administrator can also be considered hearsay evidence.

Term 472

heart/pulse pattern

Definition 472

An example of a biometric factor,which is a behavioral or physiological characteristic that is unique to a subject. The heart/pulse pattern of a person is used to establish identity or provide authentication.

Term 473

heuristics-based detection

Definition 473

See behavior-based detection.

Term 474


Definition 474

A form of MAC environment. Hierarchical environments relate the various clas- sification labels in an ordered structure from low security to medium security to high security. Each level or classification label in the structure is related. Clearance in a level grants the subject access to objects in that level as well as to all objects in all lower levels but prohibits access to all objects in higher levels.

Term 475

hierarchical data model

Definition 475

A form of database that combines records and fields that are related in a logical tree structure. This is done so that each field can have one child or many or no children but each field can have only a single parent. Therefore,the data mapping relationship is one-to-many.

Term 476

high-level languages

Definition 476

Programming languages that are not machine languages or assembly languages. These languages are not hardware dependent and are more understandable by humans. Such languages must be converted to machine language before or during execution.

Term 477

hijack attack

Definition 477

An attack in which a malicious user is positioned between a client and server and then interrupts the session and takes it over. Often, the malicious user impersonates the client so they can extract data from the server. The server is unaware that any change in the communication partner has occurred.

Term 478

honey pot

Definition 478

Individual computers or entire networks created to serve as a snare for intruders. The honey pot looks and acts like a legitimate network, but it is 100 percent fake. Honey pots tempt intruders with unpatched and unprotected security vulnerabilities as well as hosting attractive, tantalizing,but faux data. Honey pots are designed to grab an intruder's attention and direct them into the restricted playground while keeping them away from the legitimate network and confidential resources.

Term 479

host-based IDS

Definition 479

An intrusion detection system (IDS) that is installed on a single computer and can monitor the activities on that computer. A host-based IDS is able to pinpoint the files and processes compromised or employed by a malicious user to perform unauthorized activity.

Term 480

hostile applet

Definition 480

Any piece of mobile code that attempts to perform unwanted or malicious activities.

Term 481

hot site

Definition 481

A configuration in which a backup facility is maintained in constant working order,with a full complement of servers, workstations, and communications links ready to assume primary operations responsibilities.

Term 482


Definition 482

A network device used to connect multiple systems together in a star topology. Hubs repeat inbound traffic over all outbound ports.

Term 483


Definition 483

A type of MAC environment. A hybrid environment combines the hierarchical and compartmentalized concepts so that each hierarchical level can contain numerous sub-compartments that are isolated from the rest of the security domain. A subject must have not only the correct clearance but also the need-to-know for the specific compartment in order to have access to the compartmentalized object.

Term 484


Definition 484

The process by which a subject professes an identity and accountability is initiated. The identification process can consist of a user providing a username, a logon ID, a PIN, a smart card or a process providing a process ID number.

Term 485

identification card

Definition 485

A form of physical identification; generally contains a picture of the subject and/or a magnetic strip with additional information about a subject.

Term 486

ignore risk

Definition 486

Denying that a risk exists and hoping that by ignoring a risk it will never be realized.

Term 487

immediate addressing

Definition 487

A way of referring to data that is supplied to the CPU as part of an instruction.

Term 488


Definition 488

The assumption of someone's identity or online account, usually through the mechanisms of spoofing and session replay. An impersonation attack is considered a more active attack than masquerading.

Term 489

implementation attack

Definition 489

This type of attack exploits weaknesses in the implementation of a cryptography system. It focuses on exploiting the software code, not just errors and flaws but methodology employed to program the encryption system.

Term 490

inappropriate activities

Definition 490

Actions that may take place on a computer or over the IT infrastructure and that may not be actual crimes but are often grounds for internal punishments or termination. Some types of inappropriate activities include viewing inappropriate content, sexual and racial harassment, waste,and abuse.

Term 491


Definition 491

The occurrence of a system intrusion.

Term 492

incremental backups

Definition 492

A backup that stores only those files that have been modified since the time of the most recent full or incremental backup. This is also used to mean the process of creating such a backup.

Term 493

indirect addressing

Definition 493

The memory address that is supplied to the CPU as part of the instruction and doesn't contain the actual value that the CPU is to use as an operand. Instead,the memory address contains another memory address (perhaps located on a different page). The CPU then retrieves the actual operand from that address.

Term 494

industrial espionage

Definition 494

The act of someone using illegal means to acquire competitive information.

Term 495


Definition 495

An attack that involves using a combination of several pieces of nonsensitive information to gain access to information that should be classified at a higher level.

Term 496

inference engine

Definition 496

The second major component of an expert system that analyzes information in the knowledge base to arrive at the appropriate decision.

Term 497

information flow model

Definition 497

A model that focuses on the flow of information to ensure that security is maintained and enforced no matter how information flows. Information flow models are based on a state machine model.

Term 498

information hiding

Definition 498

Placing data and a subject at different security domains for the purpose of hiding the data from that subject.

Term 499

informative policy

Definition 499

A policy that is designed to provide information or knowledge about a specific subject, such as company goals, mission statements, or how the organization interacts with partners and customers. An informative policy is nonenforceable.

Term 500

inherit (or inheritance)

Definition 500

In object-oriented programming,inheritance refers to a class having one or more of the same methods from another class. So when a method has one or more of the same methods from another class, it is said to have 'inherited' them.

Term 501

initialization vector (IV)

Definition 501

A 'nonce' used by numerous cryptography solutions to increase the strength of encrypted data by increasing the randomness of the input.

Term 502


Definition 502

An initial surge of power usually associated with connecting to a power source, whether primary or alternate/secondary.

Term 503


Definition 503

In object-oriented programming,an instance can be an object, example, or representation of a class.

Term 504


Definition 504

A state characterized by the assurance that modifications are not made by unauthorized users and authorized users do not make unauthorized modifications.

Term 505

intellectual property

Definition 505

Intangible assets,such as secret recipes or production techniques.

Term 506

interpreted languages

Definition 506

Programming languages that are converted to machine language one command at a time at the time of execution.

Term 507

interrupt (IRQ)

Definition 507

A mechanism used by devices and components in a computer to get the attention of the CPU.

Term 508


Definition 508

A private network that is designed to host the same information services found on the Internet.

Term 509


Definition 509

The condition in which a threat agent has gained access to an organization's infrastructure through the circumvention of security controls and is able to directly imperil assets. Also referred to as penetration.

Term 510

intrusion detection

Definition 510

A specific form of monitoring both recorded information and real-time events to detect unwanted system access.

Term 511

intrusion detection system (IDS)

Definition 511

A product that automates the inspection of audit logs and real-time system events. IDSs are generally used to detect intrusion attempts, but they can also be employed to detect system failures or rate overall performance.

Term 512

iris scans

Definition 512

An example of a biometric factor, which is a behavioral or physiological characteristic that is unique to a subject. The colored portion of the eye that surrounds the pupil is used to establish identity or provide authentication.

Term 513


Definition 513

A concept that ensures that any behavior will affect only the memory and resources associated with the process.

Term 514

job description

Definition 514

A detailed document outlining a specific position needed by an organization. A job description includes information about security classification, work tasks, and so on.

Term 515

job responsibilities

Definition 515

The specific work tasks an employee is required to perform on a regular basis.

Term 516

job rotation

Definition 516

A means by which an organization improves its overall security by rotating employees among numerous job positions. Job rotation serves two functions.

First, it provides a type of knowledge redundancy.

Second, moving personnel around reduces the risk of fraud, data modification, theft, sabotage, and misuse of information.

Term 517


Definition 517

The part of an operating system that always remains resident in memory (so that it can run on demand at any time).

Term 518

kernel proxy firewalls

Definition 518

A firewall that is integrated into an operating system's core to provide multiple levels of session and packet evaluation. Kernel proxy firewalls are known as fifth-generation firewalls.

Term 519


Definition 519

A secret value used to encrypt or decrypt messages.

Term 520

key distribution center (KDC)

Definition 520

An element of the Kerberos authentication system. The KDC maintains all the secret keys of enrolled subjects and objects. A KDC is also a COMSEC facility that distributes symmetric crypto keys, especially for government entities.

Term 521

key escrow system

Definition 521

A cryptographic recovery mechanism by which keys are stored in a database and can be recovered only by authorized key escrow agents in the event of key loss or damage.

Term 522

keystroke dynamics

Definition 522

A biometric factor that measures how a subject uses a keyboard by analyzing flight time and dwell time.

Term 523

keystroke monitoring

Definition 523

The act of recording the keystrokes a user performs on a physical keyboard. The act of recording can be visual (such as with a video recorder) or logical/technical (such as with a capturing hardware device or a software program).

Term 524

keystroke patterns

Definition 524

An example of a biometric factor, which is a behavioral or physiological characteristic that is unique to a subject. The pattern and speed of a person typing a passphrase is used to establish identity or provide authentication.

Term 525

knowledge base

Definition 525

A component of an expert system, the knowledge base contains the rules known by an expert system and seeks to codify the knowledge of human experts in a series of 'if/then' statements.

Term 526

knowledge-based detection

Definition 526

An intrusion discovery mechanism used by IDS and based on a database of known attack signatures. The primary drawback to a knowledge-based IDS is that it is effective only against known attack methods.

Term 527

known plain-text attack

Definition 527

An attack in which the attacker has a copy of the encrypted message along with the plain-text message used to generate the cipher text (the copy). This greatly assists the attacker in breaking weaker codes.

Term 528

land attack

Definition 528

A type of DoS. A land attack occurs when the attacker sends numerous SYN packets to a victim and the SYN packets have been spoofed to use the same source and destination IP address and port number as the victim's. This causes the victim to think it sent a TCP/IP session opening packet to itself, which causes a system failure, usually resulting in a freeze, crash, or reboot.

Term 529

lattice-based access control

Definition 529

A variation of nondiscretionary access controls. Lattice-based access controls define upper and lower bounds of access for every relationship between a subject and object. These boundaries can be arbitrary, but they usually follow the military or corporate security label levels.

Term 530


Definition 530

The use of multiple security controls in series to provide for maximum effectiveness of security deployment.

Term 531

learning rule

Definition 531

See delta rule.

Term 532


Definition 532

A contract that states how a product is to be used.

Term 533


Definition 533

One of the most commonly used forms of perimeter security control. The primary purpose of lighting is to discourage casual intruders,trespassers,prowlers,and would-be thieves who would rather perform their malicious activities in the dark.

Term 534

link encryption

Definition 534

An encryption technique that protects entire communications circuits by creating a secure tunnel between two points. This is done by using either a hardware or software solution that encrypts all traffic entering one end of the tunnel and decrypts all traffic exiting the other end of the tunnel.

Term 535

local alarm systems

Definition 535

Alarm systems that broadcast an audible signal that can be easily heard up to 400 feet away. Additionally,local alarm systems must be protected from tampering and dis- ablement,usually by security guards. In order for a local alarm system to be effective,there must be a security team or guards positioned nearby who can respond when the alarm is triggered.

Term 536

local area network (LAN)

Definition 536

A network that is geographically limited,such as within a single office,building,or city block.

Term 537

log analysis

Definition 537

A detailed and systematic form of monitoring. The logged information is analyzed in detail to look for trends and patterns as well as abnormal, unauthorized, illegal, and policy-violating activities.

Term 538


Definition 538

The activity of recording information about events or occurrences to a log file or database.

Term 539

logic bomb

Definition 539

Malicious code objects that infect a system and lie dormant until they are triggered by the occurrence of one or more conditions.

Term 540

logical access control

Definition 540

A hardware or software mechanism used to manage access to resources and systems and provide protection for them. They are the same as technical access controls. Examples of logical or technical access controls include encryption, smart cards, passwords,biometrics, constrained interfaces, access control lists, protocols, firewalls, routers, intrusion detection systems, and clipping levels.

Term 541

logon credentials

Definition 541

The identity and the authentication factors offered by a subject to establish access.

Term 542

logon script

Definition 542

A script that runs at the moment of user logon. A logon script is often used to map local drive letters to network shares,to launch programs, or to open links to often accessed systems.

Term 543

loopback address

Definition 543

The IP address used to create a software interface that connects to itself via the TCP/IP protocol. The loopback address is handled by software alone. It permits testing of the TCP/IP protocol stack even if network interfaces or their device drivers are missing or damaged.

Term 544

machine language

Definition 544

A programming language that can be directly executed by a computer.

Term 545

macro viruses

Definition 545

A virus that utilizes crude technologies to infect documents created in the Microsoft Word environment.

Term 546


Definition 546

An attack in which sufficient numbers of messages are directed to a single user's inbox or through a specific STMP server to cause a denial of service.

Term 547


Definition 547

The variety of tasks that are necessary to ensure continued operation in the face of changing operational,data processing,storage,and environmental requirements.

Term 548

maintenance hooks

Definition 548

Entry points into a system that only the developer of the system knows; also called back doors.

Term 549

malicious code

Definition 549

Code objects that include a broad range of programmed computer security threats that exploit various network, operating system, software, and physical security vulnerabilities to spread malicious payloads to computer systems.

Term 550

man-in-the-middle attack

Definition 550

A type of attack that occurs when malicious users are able to position themselves between the two endpoints of a communication's link. The client and server are unaware that there is a third party intercepting and facilitating their communication session.

Term 551

man-made disasters

Definition 551

Disasters cause by humans, including explosions, electrical fires, terrorist acts, power outages, utility failures, hardware/software failures, labor difficulties, theft, and vandalism.

Term 552

mandatory access control

Definition 552

An access control mechanism that uses security labels to regulate subject access to objects.

Term 553

mandatory vacations

Definition 553

A security policy that requires all employees to take vacations annually so their work tasks and privileges can be audited and verified. This often results in easy detection of abuse,fraud,or negligence.

Term 554


Definition 554

A double set of doors that is often protected by a guard. The purpose of a mantrap is to contain a subject until their identity and authentication is verified.

Term 555


Definition 555

Using someone else's security ID to gain entry into a facility or system.

Term 556

massively parallel processing (MPP)

Definition 556

Technology used to create systems that house hundreds or even thousands of processors,each of which has its own operating system and memory/bus resources.

Term 557

master boot record (MBR)

Definition 557

The portion of a hard drive or floppy disk that the computer uses to load the operating system during the boot process.

Term 558

master boot record (MBR) virus

Definition 558

Virus that attacks the MBR. When the system reads the infected MBR, the virus instructs it to read and execute the code stored in an alternate location,thereby loading the entire virus into memory and potentially triggering the delivery of the virus's payload.

Term 559

maximum tolerable downtime (MTD)

Definition 559

The maximum length of time a business function can be inoperable without causing irreparable harm to the business.

Term 560

mean time to failure (MTTF)

Definition 560

The length of time or number of uses a hardware or media component can endure before its reliability is questionable and it should be replaced.

Term 561

meet-in-the-middle attack

Definition 561

An attack in which the attacker uses a known plain-text message. The plain text is then encrypted using every possible key (k1),while the equivalent cipher text is decrypted using all possible keys (k2).

Term 562


Definition 562

The main memory resources directly available to a system's CPU. Primary memory normally consists of volatile random access memory (RAM) and is usually the most high- performance storage resource available to a system.

Term 563

memory card

Definition 563

A device that can store data but cannot process it; often built around some form of flash memory.

Term 564

memory page

Definition 564

A single chunk of memory that can be moved to and from RAM and the paging file on a hard drive as part of a virtual memory system.

Term 565

memory-mapped I/O

Definition 565

A technique used to manage input/output between system components and the CPU.

Term 566


Definition 566

The communications to or input for an object (in the context of object-oriented programming terminology and concepts).

Term 567

message digest (MD)

Definition 567

A summary of a message's content (not unlike a file checksum) produced by a hashing algorithm.

Term 568


Definition 568

The results of a data mining operation on a data warehouse.

Term 569


Definition 569

A model of models. Because the spiral model encapsulates a number of iterations
of another model (the waterfall model), it is known as a metamodel.

Term 570


Definition 570

The actions or functions performed on input (messages) to produce output (behaviors) by objects in an object-oriented programming environment.

Term 571


Definition 571

A term used to describe software that is stored in a ROM chip. Also called firmware.

Term 572

middle management

Definition 572

See security professional.

Term 573

military and intelligence attacks

Definition 573

Attacks that are launched primarily to obtain secret and restricted information from law enforcement or military and technological research sources.

Term 574

mitigate risk

Definition 574

See reducing risk.

Term 575


Definition 575

The process by which a risk is removed.

Term 576

mobile sites

Definition 576

Non-mainstream alternatives to traditional recovery sites that typically consist of self-contained trailers or other easily relocated units.

Term 577

module testing

Definition 577

When each independent or self-contained segment of code for which there exists a distinct and separate specification is tested independently of all other modules. This can also be called component testing. This can be seen as a parent or superclass of unit testing.

Term 578


Definition 578

The remainder value left over after a division operation is performed.

Term 579


Definition 579

The activity of manually or programmatically reviewing logged information looking for specific information.

Term 580

motion detector

Definition 580

A device that senses the occurrence of motion in a specific area.

Term 581

motion sensor

Definition 581

See motion detector.

Term 582


Definition 582

A communications transmission to multiple identified recipients.

Term 583

multilevel mode

Definition 583

See multilevel security mode.

Term 584

multilevel security mode

Definition 584

A system that is authorized to process information at more than one level of security even when all system users do not have appropriate clearances or a need to know for all information processed by the system.

Term 585

multipartite virus

Definition 585

A virus that uses more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.

Term 586


Definition 586

A technology that makes it possible for a computing system to harness the power of more than one processor to complete the execution of a single application.

Term 587


Definition 587

The pseudo-simultaneous execution of two tasks on a single processor coordinated by the operating system for the purpose of increasing operational efficiency. Multiprogramming is considered a relatively obsolete technology and is rarely found in use today except in legacy systems.

Term 588


Definition 588

Term used to describe a system that is certified to handle multiple security levels simultaneously by using specialized security mechanisms that are designed to prevent information from crossing between security levels.

Term 589


Definition 589