| Abstraction |
Involves the removal of characteristics from an entity in order to easily represent its essential properties. |
| Acoustic Sensors |
Device that uses passive listening devices |
| ActiveX Data Object (ADO) |
A Microsoft high-level interface for all kinds of data. |
| Administrative Controls |
Procedures implemented to define the roles, responsibilities, polices, and administrative functions needed to manage the control environment. |
| Administrator accounts |
Accounts that are assigned only to named individual that are require administrative access to the system to perform maintenance activities, and should be different and separate from user’s normal account. |
| Aggregation |
Combining non-sensitive data from separate sources to create sensitive information. |
| Algorithm |
A mathematical function that is used in the encryption and decryption processes. |
| Annualized Rate of Occurrence (ARO) |
An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year. |
| Arms Export Control Act of 1976 |
Authorizes the President to designate those item that shall be considered as defense articles and defense services and control their import and the export. |
| Availability |
The principle that ensures that information is available and accessible to users when needed. |
| Balanced Magnetic Switch (BMS) |
Device that use a magnetic field or mechanical contact to determine is an alarm signal is initiated. |
| Bastions hosts |
Server as a gateway between trusted and untrusted network that gives limited, authorized access to untrusted hosts. |
| Bell-La Padula Model |
Explores the rules that would have to be in place if a subject is granted a certain level of clearance and particular model of access. |
| Breach |
An incident that results in the disclosure or potential exposure of data. |
| Brewer-Nash (The Chinese Wall) Model |
This model focuses on preventing conflict of interest when a given subject has access to object with sensitive information associated with two competing parties. |
| Bridges |
Layer 2 device that filter traffic between segments based on Media Access Control (MAC) addresses. |
| Cable Plant Management |
The design, documentation, and management of the lowest layer of the OSI network model – the physical layer. |
| Capability Maturity Model for Software (CMM or SW-CMM) |
Maturity model focused on quality management processes and has five maturity levels that contain several key practice within each maturity level. |
| Categorization |
The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization. |
| Certificate Authority (CA) |
An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates. |
| Chain of custody |
The who, what, when, where, and how the evidence was handled from its identification through its entire life cycle, which ends with destruction, permanent archiving, or returning to owner. |
| Cipher Lock |
A lock controlled by touch screen, typically 5 to 10 digits that when pushed in the right combination the lock will release and allows entry. |
| Ciphertext or Cryptogram |
The altered form of plaintext message, so as to be unreadable for anyone except the intended recipients. |
| Clearing |
The removal of sensitive data from storage devices in such a way that there is assurance hat the data may not reconstructed using normal system functions or software file/data recovery utilities. |
| Cloud Computing |
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resource (eg, networks, server, storage, application, and services) that can be rapidly provisioned and released with minimal management. |
| Common application service element (CASE) |
Sublayer that providers service for the application layer and request service from the session layer. |
| Common Criteria |
Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area IT security. |
| Common Object Request Broker Architecture (COBRA) |
A set of standards that addresses the need for interoperability between hardware and software products. |
| Community Cloud Infrastructure |
Provisioned for exclusive use by specific community of consumer from organization that have shared concern. |
| Compensating Controls |
Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level. |
| Compliance |
Actions that ensure behavior that complies with established rules. |
| Computer Virus |
A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or use of the computer. |
| Computers can only generate pseudo random numbers and not pure random numbers. |
|
| Concentrators |
Multiplex connected devices into one signal to be transmitted on a network. |
| Confidentiality |
Supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis. |
| Configuration management (CM) |
A discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to constructs and maintain software systems. |
| Configuration Management (CM) |
Monitoring and managing changes to a program or documentation. |
| Confusion |
Provided by mixing (changing) the key values used during the repeated rounds of encryptions. When the key is modified for each round, it provide added complexity that attacker would encounter. |
| Copyright |
Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, and computer programs. |
| Corrective Controls |
Controls implemented to remedy circumstance, mitigate damage, or restore controls. |
| Covert Channel |
An information flow that is not controlled by a security control. |
| Covert Channels |
Communications Mechanisms hidden from the access control and stand monitoring system of an information system. |
| Cryptanalysis |
The study of techniques for attempting to defeat cryptographic technique and more generally, information security service. |
| Cryptology |
The science that deals with hidden, disguised, or encrypted communication. it embraces communication security and communication intelligenc. |
| Curie Temperature |
The critical point where a material’s intrinsic magnetic alignment changes direction. |
| Cyber-Physical Systems(CPS) |
Smart networked systems with embedded sensors, processors, and actuator that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications. |
| Data Classification |
Entails analyzing the data the organization retains, determining its importance and value, and they assigning it to a category. |
| Data Custodians |
Ensure important datasets are developed, maintained, and accessible within their defined specifications. |
| Data Disclosure |
A breach for which is was confirmed that data was actually disclosed (not just exposed) to an unauthorized party. |
| Data Hiding |
Maintains activites at different security levels to separate these levels from each other. |
| Data Leak Prevention(DLP) |
A suite of technologies aimed at stemming the loss of sensitive information that occurs in the enterprise. |
| Data Mining |
The practice of examining large databases in order to generate new information. |
| Data Modeling |
The methodology that identifies the path to meet user requirement. |
| Data Remanence |
The residual physical representation of data that has been in some way erased. |
| Data Standards |
Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations. |
| Data Warehouse |
A repository for information collected from a variety of data sources. |
| Database Management System (DBMS) |
A suite of application programs that typically manages large, structured sets of persistent data. |
| Database Model |
Describes the relationship between the data elements and provides a framework for organizing the data. |
| Data-Link Layer |
Layer 2 |
| Decoding |
The reverse process from encoding- converting the encoded message back into its plaintext format. |
| Decryption |
The process of transforming encrypted data back into its original form, so it can be understood. |
| Detective Controls |
Controls designed to signal a warning when a security control has been breached. |
| Deterrent Controls |
Controls designed to discourage people from violating security directives |
| DevOps |
An approach based on lean and agile principles in which business owners and he development, operations, and the development, operations, and quality assurance department collaborate. |
| Diffusion |
Provided by missing up the location of the plaintext throughout the ciphertext. |
| Digital Certificate |
An electronic documents that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuein the certificate, the certificate holder’s public key, a serial number, and the expiration date. |
| Digital Rights Management (DRM) |
A brad rang of technologies that grant control and protection to content providers over their own digital media. |
| Digital Signature – Hash value encrypted with sender’s private key Digital Certificate – Senders’ public key signed with Digital Signature. |
Hash value encrypted with sender’s private key Digital Certificate – Senders’ public key signed with Digital Signature. Provide authentication of sender and integrity of sender’s message. |
| Directive Controls |
Controls designed to specify acceptable rules of behavior within an organization. |
| Direct-Sequence Spread Spectrum (DSSS) |
A wireless technology that spreads a transmission over a much larger frequency band, and with corresponding smaller amplitude. |
| Due Care |
The care a “reasonable person” would exercise under given circumstances. |
| Egress filtering |
The practice of monitoring and potentially restricting the flow or information outbound from one network to another. |
| Embedded Systems |
Used to provide computing service in small form factor with limited processing power. |
| Encoding |
The actions of changing a message into another format through the use of code. |
| Encryption |
The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties. |
| Enterprise Risk Management |
A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives. |
| Enterprise Security Architecture(ESA) |
Focused on setting the long-term strategy for security service in the enterprise. |
| Export Administration Act of 1979 |
Authorized the President to regulate exports of civilian good and technologies that have military application. |
| Federal Information Processing Standards (FIPS) |
The official series of publication relating to standards and guidelines adopted. |
| Fiber Channel over Ethernet (FCoE) |
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer. |
| File Encryption Software |
Allows greater flexibility in applying encryption to specific file(s) |
| Firewalls |
Devices that enforce administrative security polices by filtering incoming trafficked base on a set of rules. |
| Firmware |
The storage programs or instruction in ROM. |
| Framework Core |
A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. |
| Framework Implementation Tiers |
Provide context on how an organization views cybersecurity risk and the processes in place to manage the risk. |
| Framework Profile |
Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. |
| Frequency-Hopping Spread Spectrum (FHSS) |
This wireless technology spreads its signal over rapidly changing frequencies. |
| Governance |
Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for action and responsibility for outcomes, and addresses how expected performance will be evaluated. |
| Graham-Denning |
Primarily concerned with how subjects and object are created, how subject are assigned right or privileges, and how ownership of object is manged. |
| Hash Function |
Accepts an input message of any length and generates, through a one-way operation, a fixed-length output. |
| Honeyfarm |
A centralized collection of honeypots and analysis tools. |
| Honeynet |
Two or more honeypots on a network. |
| Honeypot |
Decoy servers or systems setup to gather information regarding an attacker or intruder into your system. |
| Hybrid Cloud Infrastructure |
A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability. |
| Identity and Access Management Domain |
|
| Incident |
A security event that compromise the confidentiality, integrity, or availability of an information asset. |
| Indemnification |
The party to party litigation costs resulting from its breach of warranties. |
| Industrial Control Systems(ICS) |
Used to control industrial process such as manufacturing product handling, production, and distribution. |
| Inference |
The ability to deduce (infer) sensitive or restricted information from observing available information. |
| Information Security Officer |
Accountable for ensuring the protection of all of the business information assets for intentional and un-intentional loss, disclosure, alteration, destruction and unavailability. |
| Infrared Liner Beam Sensors |
A focused infrared (IR) light beam is projected from an emitter and bounced off of a reflector that is placed at the other side of the detection area. |
| Initialization Vector (IV) |
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introduction additional cryptographic equipment. |
| Instant Keys |
Provide a quick way to disable a key by permitting one turn of the master key to change a lock. |
| Integrated Product and Process Development (IPPD) |
A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes. |
| Integrity |
Comes in two forms; making sure that information is processed correctly and not modified by unauthorized persons, and protecting information as it transits a network. |
| Internet Control Message Protocol (ICMP) |
Provides a means to send error messages for non-transient error condition and provides a way to probe the network in order to determine general characteristics about the network. |
| Intrusion Detection System (IDS) |
A technology that alerts organizations to adverse or unwanted activity. |
| Intrusion Prevention System (IPS) |
A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detect unacceptable activity. |
| ISO/IEC 21827 |
2008, The Systems Security Engineering – Capability Maturity Model (SSE-CMM) |
| IT Asset Management (ITAM) |
ITAM is much broader discipline, adding several dimension of management and involving much broader base of stakeholders. |
| IT Infrastructure Library (ITIL) |
Defines the organization structure and skill requirement s of an IT organization as well as the set of operational procedures and practice that direct IT operation and infastructure, including information security operation. |
| Iterative Models |
Development models that allow for successive refinements of requirements, design, and coding. |
| Key |
is about how to use algorithm. Keys are also known as crypto variable. |
| Key Clustering |
When different encryptions keys generate the same cipertxt formt eh same plaintext message. |
| Key Length |
The size of a key, usually measure in the bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information. |
| Key Space |
The represent the total number of possible values of keys in a cryptographic algorithm or other security measure, such as password. |
| Kirchokhoff’s Law |
Make the Algorithm Public and Key secret. |
| Knowledge Discovery in Databases (KDD) |
A mathematical, statistical, and visualization method of identifying valid and useful patterns in data. |
| Least Privilege |
Granting users only the accesses that a required to perform their job functions. |
| Lightweight Directory Access Protocol (LDAP) |
A client/server-based directory query protocol loosely based upon X.500, commonly used for managing user information. |
| Live evidence |
Data that are dynamic and exist in running processes or other volatile locations (e.g., system/device RAM) that disappear in a relatively short time once the system is powered down. |
| Locard’s exchange principle |
States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange. |
| Log |
A record of the events occurring within an organization’s systems and networks. |
| Logical (Technical) Controls |
Electronic hardware and software solution implemented to control access to information and information networks. |
| Magnetic Stripe (mag stripe) cards |
Consist of a magnetically sensitive stripe fused onto the surface of a PVC material, like a credit card |
| Media Encryption Software |
Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB drives, or laptop hard drives. |
| Message Authentication Code (MAC) |
A small block of data that is generated using a secret key and then append to the message. |
| Message Digest |
A small representation of larger massage. Message digest are used to ensure the authentication and integrity of information, not the confidentiality. |
| Metadata |
Information about the data. |
| Middleware |
A connectivity software that enable multiple processes running one or more machines to interact. |
| Modems |
Allow users remote access to a network via analog phone lines. |
| Mortise Lock |
A lock or latch that is recessed into the edge of a door, rather than being mounted to its surface. |
| Multilevel Lattice Models |
A security model describe strict layers of subject and objects and defines clear rules that allow or disallow interaction between them based on the layers they are in. |
| Network Layer |
Layer 4 |
| NIST Computer Security Division (CSD) |
Focuses on providing measurements and standards to protect threats to the confidentiality of information, integrity of information and processes, and availability of information and service in order to build trust and confident. |
| Non-repudiation |
A service that ensures the sender cannot deny a message was send and the integrity of the message is intact. |
| OpenID Connect |
An interoperable authentication protocol base on the OAuth 2.0 family of specification. |
| OSI reference model |
Layering model structure into seven layers (Physical layer, data-link layer, network layer, transport layer, sesson layer, presentation layer, application layer) |
| OWASP |
A nonprofit organization focused on improving the security of software. |
| Paging |
Divides the memory address space into equal-sized blocks called pages. |
| Patent |
Protects novel, useful and nonobvious inventions. |
| Path Coverage |
This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once. |
| Payment Card Industry Data Security Standard (PCI-DSS) |
Provides the security architect with framework of specifications to ensure the safe processing, storing, and transmission of cardholder information. |
| Physical Controls |
Controls to protect the organization’s people and physical environment, such as locks, file management, gates, and guards; physical controls may be call “OPERATIONAL CONTROLS” in some contexts. |
| Physical Layer |
Layer 1 |
| Ping scanning |
A basic network mapping technique that helps narrow the scope of an attack. |
| Plaintext |
The message in tis natural format. |
| Positive Testing |
Determines that your application works as expected. |
| Power users |
Accounts granted greater privileges than normal user accounts when it is necessary for the user to have greater control over the system, but where administrative access is not required. |
| Preventive Controls |
Controls implemented to prevent a security incident or information breach. |
| Primary Storage |
Store data that has a high probability of being requested by the CPU. |
| Private Cloud |
In this model, the cloud infrastructure is provision for exclusive use by a single organization comprising multiple consumer. |
| Protocol Anomaly-Based IDS |
Identifies any unacceptable deviation from expected behavior based on known network protocols |
| Proximity Card (prox cards) |
Use embedded antenna wires connected to a chip within the card through RF. |
| Public-Key encryption |
Involves a pair of keys-a public key and private key-associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data. |
| Rapid Application Development (RAD) |
A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development. |
| Records and Information Management (RIM) |
Essential activities to protect business information and can be established in compliance with laws, regulations, or corporate governance |
| Recovery Controls |
Controls implemented to restore condition to normal after a security incident. |
| Recovery Point Objective (RPO) |
The point in time to which data must be restore in order to successfully resume processing. |
| Recovery Time Objective (RTO) |
How quickly you need to have that application’s information available after downtime has occurred. |
| Regression Analysis |
The determination of the impact of change based on review of the relevant documentation. |
| Remanence |
The measure of the existing magnetic filed on the media after degaussing. |
| Rim Lock |
All lock or latch typically mounted on the surface of a door, typically associated with a dead bolt type of lock. |
| Risk |
1. A combination of probability of an event and its consequence (ISO 27000) 2. An expectation of loss expresses as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (RFC 2828). |
| Risk Acceptance |
The practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way. |
| Risk Avoidance |
The practice of coming up with alternatives so that the risk question is not realized. |
| Risk Management |
A systematic process for identifying, analyzing, evaluating, remedying and monitoring risk. |
| Risk Mitigation |
The practice of the elimination of the significant decrease in the level of risk presented. |
| Risk Transfer |
The practice of passing on the risk in question to another entity such as an insurance company. |
| Sandboxing |
A form of software virtualization that lest programs and processes run in their own isolated virtual environment. |
| Security Information and Event Management (SIEM) |
A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation. |
| Security Log Management |
The process for generating, transmitting, storing, analyzing, and disposing of computer security log data. |
| Service accounts |
Accounts used to provide privileged access used by system service and core applications. |
| Single Loss Expectancy (SLE) |
Defined as the difference between the original value and the remaining value of an asset after a single exploit. |
| Single Point of Failure(SPOF) |
Any single input to a process that , if missing, would cause the processes to be unable to function. |
| Smart Cards |
Credential cards with one or more microchip processing that accepts or processes information and can be contact or contact less. |
| Software Assurance (SwA) |
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner. |
| Spread spectrum |
A method commonly used to modulate information into manageable bits that are sent over the air wirelessly. |
| Statement Coverage |
This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior. |
| Static Source Code Analysis (SAST) |
Analysis of the application source code for finding vulnerabilities without actually executing the application. |
| Statistical Anomaly-based IDS |
Analyzes event data by comparing it typical, known, or predicated traffic profiles in an effort to find potential security breaches. |
| Steganography |
The science of hiding information |
| Synthetic Performance Monitoring |
Involves having external agents run scripted transaction against a web application. |
| System Events |
Operational actions performed by OS components, such as shutting down the system or starting a service. |
| TCP/IP or Department of Defense(DoD) model |
Layering model structure into four layers (link layer, network layer, transport layer, application layer) |
| The National Checklist Program (NCP) |
The U.S. Government repository of publicly available security checklist (or benchmarks) that provide detailed low-level guidance on setting the security configuration of operating systems and application. |
| Threat Modeling |
A process by which developers can understand security threat to a system, determine risk from those trheat and establish appropriate mitigation. |
| Time domain Reflectometry (TDR) |
Send induced radio frequency (RF) signals down a cable that is attached to the fence fabric. |
| Time Multiplexing |
Allows the operating system to provide well-defined and structured access to processes that need to use resource according to a controlled and tightly managed schedule. |
| Time of Check/Time of Use (TOC/TOU) Attacks |
Takes advantage of the dependency on the timing of events that takes place in a multitasking operation system. |
| Traceroute |
A diagnostic tool that displays the path a packet traverse between a source and destination host |
| Trade Secret |
Proprietary business or technical information, processes, designs, practices, etc, that are confidential and crticatl to the business. |
| Trademark |
Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify good and distinguish them from those made or sold by others. |
| Traffic anomaly-based IDS |
Identifies any unacceptable deviation from expected behavior based on actual traffic structure. |
| Transmission Control Protocol (TCP) |
Provides connection-oriented data management and reliable data transfer. (TCP 3-Way Handshake (1) SYN (2) SYN-ACK (3) ACK |
| Trusted Computing Bases (TCB) |
The collection of all of the hardware, software, and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects. |
| Trusted Platform Modules (TPM) |
A local hardware encryption engine and security storage for encryption keys. |
| Use Cases |
Abstract episodes of interaction between a system and its environment. |
| User Datagram Protocol (UDP) |
Provide a lightweight service for connectionless data transfer without error detection and correction. |
| Validation |
The determination of the correctness, with respect to the user needs and requirement, of the final program or software produced form a development project. |
| Verification |
The authentication process by which the biometric system matches a captured biometric against the person’s stored template. |
| Virtual Private Network(VPN) |
An encrypted tunnel between two hosts that allows them to securely communicate over an untrusted network. |
| Voice over Internet Protocol (VoIP) |
A technology that allows you to make voice calls using a broadband internet connection instead of a regular (or analog) phone line. |
| Vulnerability Assessment |
Determines the potential impact fo disruptive event on the organization’s business process. |
| Vulnerability Management Software |
Log the patch installation history and vulnerability status of each host, which includes know vulnerabilities and missing software updates. |
| Waterfall Development Model |
A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins. |
| Web Proxies |
Intermediate hosts through which websites are accessed. |
| White-box Testing |
A design that allows one to peek inside the “BOX” and focuses specifically on using internal knowledge of the software to guide the selection of test data. |
| Wireless local area network (WLAN) |
Links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point for internet access. |
| Wireless mesh network |
A wireless network made up of radio nodes organized in a mesh topology |
| Wireless metropolitan area networks |
A type of wireless network that connects several wireless LANs. |
