CISSP (Glossary) Flashcards
access
A subject’s ability to view, modify, or communicate with an object. Access
enables the flow of information between the subject and the object.
access control
Mechanisms, controls, and methods of limiting access to resources
to authorized subjects only.
access control list (ACL)
A list of subjects that are authorized to access a particular
object. Typically, the types of access are read, write, execute, append, modify,
delete, and create.
access control mechanism
Administrative, physical, or technical control that is
designed to detect and prevent unauthorized access to a resource or environment.
accountability
A security principle indicating that individuals must be identifiable
and must be held responsible for their actions.
accredited
A computer system or network that has received official authorization
and approval to process sensitive data in a specific operational environment. There
must be a security evaluation of the system’s hardware, software, configurations, and
controls by technical personnel.
add-on security
Security protection mechanisms that are hardware or software
retrofitted to a system to increase that system’s protection level.
administrative controls
Security mechanisms that are management’s responsibility
and referred to as “soft” controls. These controls include the development and publication
of policies, standards, procedures, and guidelines; the screening of personnel; security-
awareness training; the monitoring of system activity; and change control procedures.
AIC triad
The three security principles: availability, integrity, and confidentiality
annualized loss expectancy (ALE)
A dollar amount that estimates the loss
potential from a risk in a span of a year.
single loss expectancy (SLE) × annualized rate of occurrence (ARO) = ALE
annualized rate of occurrence (ARO)
The value that represents the estimated
possibility of a specific threat taking place within a one-year timeframe.
assurance
A measurement of confidence in the level of protection that a specific
security control delivers and the degree to which it enforces the security policy.
attack
An attempt to bypass security controls in a system with the mission of using
that system or compromising it. An attack is usually accomplished by exploiting a current
vulnerability.
audit trail
A chronological set of logs and records used to provide evidence of a
system’s performance or activity that took place on the system. These logs and records
can be used to attempt to reconstruct past events and track the activities that took place,
and possibly detect and identify intruders.
authenticate
To verify the identity of a subject requesting the use of a system and/
or access to network resources. The steps to giving a subject access to an object should
be identification, authentication, and authorization.