D Flashcards
data at rest
Data that resides in external or auxiliary storage devices such as hard disk drives, solid-state drives, or DVDs.
data classification
Assignments to data that indicate the level of availability, integrity, and confidentiality that is required for each type of information.
data custodian
An individual who is responsible for the maintenance and protection of the data. This role is usually filled by the IT department (usually the network administrator). The duties include performing regular backups of the data; implementing security mechanisms; periodically validating the integrity of the data; restoring data from backup media; and fulfilling the requirements specified in the company’s security policy, standards, and guidelines that pertain to information security and data protection.
Data Encryption Standard (DES)
Symmetric key encryption algorithm that was adopted by the government as a federal standard for protecting sensitive unclassified information. DES was later replaced with Advanced Encryption Standard (AES).
data in transit (or data in motion)
Data that is moving between computing nodes over a data network such as the Internet.
data in use
Data that temporarily resides in primary storage such as registers, caches, or RAM while the CPU is using it.
data leak prevention (DLP)
The actions that organizations take to prevent unauthorized external parties from gaining access to sensitive data.
data mining
The analysis of the data held in data warehouses in order to produce new and useful information.
data remanence
A measure of the magnetic flux density remaining after removal of the applied magnetic force, which is used to erase data. Refers to any data remaining on magnetic storage media.
data warehousing
The process of combining data from multiple databases or data sources into a large data store for the purpose of providing more extensive information retrieval and data analysis.
database shadowing
A mirroring technology used in databases, in which information is written to at least two hard drives for the purpose of redundancy.
declassification
An administrative decision or procedure to remove or reduce the security classification information.
dedicated security mode
The mode in which a system operates if all users have the clearance or authorization to access, and the need to know about, all data processed within the system. All users have been given formal access approval for all information on the system and have signed nondisclosure agreements pertaining to this information.
degauss
Process that demagnetizes magnetic media so that a very low residue of magnetic induction is left on the media. Used to effectively erase data from media.
Delphi technique
A group decision method used to ensure that each member of a group gives an honest and anonymous opinion pertaining to the company’s risks.
denial of service (DoS)
Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.
DevOps
The practice of incorporating developers and members of operations and quality assurance (QA) staff into software development projects to align their incentives and enable frequent, efficient, and reliable releases of software products.
dial-up
The service whereby a computer terminal can use telephone lines, usually via a modem, to initiate and continue communication with another computer system.
dictionary attack
A form of attack in which an attacker uses a large set of likely combinations to guess a secret, usually a password.
digital signature
An electronic signature based upon cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
disaster recovery plan
A plan developed to help a company recover from a disaster. It provides procedures for emergency response, extended backup operations, and post-disaster recovery when an organization suffers a loss of computer processing capability or resources and physical facilities.
discretionary access control (DAC)
An access control model and policy that restricts access to objects based on the identity of the subjects and the groups to which those subjects belong. The data owner has the discretion of allowing or denying others access to the resources it owns.
Distributed Network Protocol 3 (DNP3)
A communications protocol designed for use in SCADA systems, particularly those within the power sector, that does not include routing functionality.
domain
The set of objects that a subject is allowed to access. Within this domain, all subjects and objects share a common security policy, procedures, and rules, and they are managed by the same management system.
due care
Steps taken to show that a company has taken responsibility for the activities that occur within the corporation and has taken the necessary steps to help protect the company, its resources, and employees.
due diligence
The process of systematically evaluating information to identify vulnerabilities, threats, and issues relating to an organization’s overall risk.
