A-D Flashcards
Acceptable Interruption Window
The maximum period of time that a system can be unavailable before compromising the achievement of the enterprise’s business objective.
Acceptable use policy
A policy that establishes an agreement between users and the enterprise and defines for all parties’ the ranges of use that are approved before gaining access to a network or Internet
Access control list (ACL)
An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals. (aka access control tables)
Access path
logical route that an end user takes to access computerized information. Typically includes a route through the operating system, telecommunications software, selected application software and the access control system.
Accountability
the ability to map a given activity or event back to the responsible party.
Advanced Encryption Standard (AES)
A public algorithm that support keys from 128 bits to 256 bits in size
Advanced persistent threat (APT)
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives using multiple attack vectors
- Pursues its objectives repeatedly over an extended period of time
- adapts to defenders’ efforts to resist it
- is determined to maintain the level of interaction needed to execute its objectives.
Adversary
A threat agent
Adware
A software package that automatically plays, displays or downloads advertising materials to a computer after the software is installed on its or while the application is being used. In most cases, this is done without any notification to the user or without the user’s consent. The term adware may also refer to software that displays advertisements whether or not it does so with the user’s consent such programs display advertisements as an alternative to shareware registration fees. These are classified as adware in the sense of advertising supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and it provides the user with a specific service.
Alert situation
The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps.
Alternate facilities
locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed; includes other buildings, offices or data processing centers.
Alternate process
automatic or manual process designed and established to continue critical business processes from point-of failure to return to normal
Analog
transmission signal that varies continuously in amplitude and time and is generated in wave formation; used in telecommunication.
Anti-malware
technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, trojans, keyloggers, malicious browser plug-ins, adware and spyware
application layer
In the Open systems interconnection (OSI) communications model, the application layer provides services for an application program to ensure the effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; a service layer that provides these services.
Asset
Something of either tangible or intangible value that is worth protecting, including people, information, infrastructure, finances, and reputation.
Asymmetric key (public key)
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message.
Attack
An actual occurrence of an adverse event.
Attack mechanism
method used to deliver the exploit. Unless he attacker is personally performing the attack, an attack mechanism may a payload, or container, that delivers the exploit to the target.
Attenuation
Reduction of signal strength during transmission.
Audit trail
a visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.
Authentication
The act of verifying the identity of a user’s eligibility to access computerized information. Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.
Availability
ensuring timely and reliable access to and use of information.
Back door
A means of regaining access to a compromised system by installing software or configuration existing software to enable remote access under attacker-defined conditions
Bandwidth
range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or hertz.
Bastion
System heavily fortified against attacks
Block cipher
A public algorithm that operates on a plaintext in blocks (strings or groups) of bits
Botnet
“robot network”; a large automated an distributed network of previously compromised computers that can be simultaneously controlled to launch large-scale attacks such as a denial-of-service attack on selected victims