Bookmark and Share

Front Back
The assurance that information is protected from unauthorized disclosure and the defined level of secrecy is maintained throughout all subject-object interactions.
configuration management
The process of logging. auditing. and monitoring activities related to security controls and security mechanisms over time. This data is then used to identify agents of change. whether objects. subjects. programs. communication pathways. or even the network itself.
confinement (or confinement property)
The principle that allows a process to read from and write to certain memory locations and resources only. This is an alternate name for the * (star) Security Property of the Bell-LaPadula model.
It occurs when the relationship between the plain text and the key is complicated enough that an attacker can�t just alter the plain text and analyze the result in order to determine the key.
One of the four required characteristics of all database transactions (the other three are atomicity. isolation. and durability). All transactions must begin operating in an environment that is consistent with all of the database�s rules.
The result of mixing of data with a different classification level and/or need-to-know requirement.
A goal an organization can accomplish by having plans and procedures to help mitigate the effects a disaster has on its continuing operations and to speed the return to normal operations.
contractual license agreement
A written contract between the software vendor and the customer outlining the responsibilities of each.
Control Objectives for Information and related Technology (CobiT)
A security concept infrastructure used to organize the complex security solution of companies.
controls gap
The difference between total risk and residual risk.
Copper Distributed Data Interface (CDDI)
Deployment of FDDI using twisted-pair (in other words. copper) wires. This reduces the maximum segment length to 100 meters and is susceptible to interference.
corrective access control
An access control deployed to restore systems to normal after an unwanted or unauthorized activity has occurred. Examples of corrective access controls include alarms. mantraps. and security policies.
corrective controls
Instructions. procedures. or guidelines used to reverse the effects of an unwanted activity. such as attacks or errors.
Actions taken to patch a vulnerability or secure a system against an attack. Countermeasures can include altering access controls. reconfiguring security settings. installing new security devices or mechanisms. adding or removing services. and so on.
covert channel
The means by which data can be communicated outside of normal. expected. or detectable methods.
Malicious users intent on waging an attack against a person or system. Crackers may be motivated by greed. power. or recognition. Their actions can result in stolen property (data. ideas. and so on). disabled systems. compromised security. negative public opinion. loss of market share. reduced profitability. and lost productivity.
criminal law
Body of laws that the police and other law enforcement agencies enforce. Criminal law contains prohibitions against acts such as murder. assault. robbery. arson. theft. and similar offenses.
criticality prioritization
The prioritization of mission-critical assets and processes during the creation of BCP/DRP.
crossover error rate (CER)
The point at which the false acceptance rate (FAR) equals the false rejection rate (FRR). This is the point from which performance is measured in order to compare the capabilities of different biometric devices.
The study of methods to defeat codes and ciphers.
cryptographic key
Cryptographic keys provide the �secret� portion of a cryptographic algorithm used to encrypt and decrypt data.
Algorithms applied to data that are designed to ensure confidentiality. integrity. authentication. and/or nonrepudiation.
System in which a shared secret key or pairs of public and private keys are used by communicating parties to facilitate secure communication.
Another name for the key used to perform encryption and decryption activities.
cyclic redundancy check (CRC)
Similar to a hash total. a value that indicates whether a message has been altered or damaged in transit.
data circuit-terminating equipment (DCE)
A networking device that performs the actual transmission of data over the Frame Relay as well as establishing and maintaining the virtual circuit for the customer.
data custodian
The user who is assigned the task of implementing the prescribed protection defined by the security policy and upper management. The data custodian performs any and all activities necessary to provide adequate protection for data and to fulfill the requirements and responsibilities delegated to him from upper management.
Data Definition Language (DDL)
The database programming language that allows for the creation and modification of the database�s structure (known as the schema).
data dictionary
Central repository of data elements and their relationships. Stores critical information about data usage. relationships. sources. and formats.
Data Encryption Standard (DES)
A standard cryptosystem proposed in 1977 for all government communications. Many government entities continue to use DES for cryptographic applications today despite that it was superseded by Advanced Encryption Standard (AES) in December 2001.
Data Link layer
Layer 2 of the OSI model.
Data Manipulation Language (DML)
The database programming language that allows users to interact with the data contained within the schema.
data mart
The storage facility used to secure metadata.
data owner
The person responsible for classifying information for placement and protection within the security solution.
data terminal equipment (DTE)
A networking device that acts like a router or a switch and provides the customer�s network access to the Frame Relay network.
database partitioning
The act of dividing a database up into smaller sections or individual databases; often employed to segregate content with varying sensitivity labels.
decision support system (DSS)
An application that analyzes business data and presents it so as to make business decisions easier for users. DSS is considered an informational application more so than an operational application. Often a DSS is employed by knowledge workers (such as help desk or customer support) and by sales services (such as phone operators).
dedicated security mode
Mode in which the system is authorized to process only a specific classification level at a time. All system users must have clearance and a need to know that information.
The process of stripping a layer�s header and footer from a PDU as it travels up the OSI model layers.
The number of columns in a relational database.
delta rule
Also known as the learning rule. It is the feature of expert systems that allows them to learn from experience.
deluge system
Another form of dry pipe (fire suppression) system that uses larger pipes and therefore a significantly larger volume of water. Deluge systems are inappropriate for environments that contain electronics and computers.
deterrent access control
An access control that discourages violations of a security policy.
dictionary attack
An attack against a system designed to discover the password to a known identity (in other words. a username). In a dictionary attack. a script of common passwords and dictionary words is used to attempt to discover an account�s password.
differential backup
A type of backup that stores all files that have been modified since the time of the most recent full backup.
Diffie-Hellman algorithm
A key exchange algorithm useful in situations in which two parties might need to communicate with each other but they have no physical means to exchange key material and there is no public key infrastructure in place to facilitate the exchange of secret keys.
When a change in the plain-text results in multiple changes spread throughout the cipher text.
Digital Millennium Copyright Act
A law that establishes the prohibition of attempts to circumvent copyright protection mechanisms placed on a protected work by the copyright holder and limits the liability of Internet service providers when their circuits are used by criminals violating the copyright law.
digital signature
A method for ensuring a recipient that a message truly came from the claimed sender and that the message was not altered while in transit between the sender and recipient.
Digital Signature Standard (DSS)
A standard that specifies that all federally approved digital signature algorithms must use a secure hashing function.
|< < Previous x of y cards Next > >> >|