Flash Cards
Administrative Controls
Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO)
An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976
Authorizes the President to designate those items that shall be considered as defense articles and defense services and control their import and the export.
Availability
The principle that ensures that information is available and accessible to users when needed.
Breach
An incident that results in the disclosure or potential exposure of data.
Compensating Controls
Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.
Compliance
Actions that ensure behavior that complies with established rules.
Confidentiality
Supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to- know basis.
Copyright
Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, and computer programs.
Corrective: Controls
Controls implemented to remedy circumstance, mitigate damage, or restore controls.
Data Disclosure
A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party.
Detective Controls
Controls designed to signal a warning when a security control has been breached.
Deterrent Controls
Controls designed to discourage people from violating security directives.
Directive Controls
Controls designed to specify acceptable rules of behavior within an organization.
Due Care
The care a “reasonable person” would exercise under given circumstances.
Due Diligence
Is similar to due care with the exception that it is a pre-emptive measure made to avoid harm to other persons or their property.
Enterprise Risk Management
A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives.
Export Administration Act of 1979
Authorized the President to regulate exports of civilian goods and technologies that have military applications.
Governance
Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated.
Incident
A security event that compromises the confidentiality, integrity, or availability of an information asset.
Integrity
Comes in two forms; making sure that information is processed correctly and not modified by unauthorized persons, and protecting information as it transits a network.
Information Security Officer
Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction, and unavailability.
Least Privilege
Granting users only the accesses that are required to perform their job functions.
Logical (Technical) Controls
Electronic hardware and software solutions implemented to control access to information and information networks.
Patent
Protects novel, useful, and nonobvious inventions.
Physical Controls
Controls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called “operational controls” in some contexts.
Preventive Controls
Controls implemented to prevent a security incident or information breach.
Recovery Controls
Controls implemented to restore conditions to normal after a security incident.
Recovery Time Objective (RTO)
How quickly you need to have that application’s information available after downtime has occurred.
Recovery Point Objective (RPO)
The point in time to which data must be restored in order to successfully resume processing.
Risk
- A combination of the probability of an event and its consequence (ISO 27000)
- An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with
a particular harmful result.(RFC 2828)
Risk Acceptance
The practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.
Risk Avoidance
The practice of coming up with alternatives so that the risk in question is not realized.
Risk Mitigation
The practice of the elimination of or the significant decrease in the level of risk presented.
Risk Transfer
The practice of passing on the risk in question to another entity, such as an insurance company.
Risk Management
A systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.
Single Loss Expectancy (SLE)
Defined as the difference between the original value and the remaining value of an asset after a single exploit.
Single Points of Failure (SPOF)
Any single input to a process that, if missing, would cause the process or several processes to be unable to function.
Trademark
Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others.
Trade Secret
Proprietary business or technical information, processes, designs, practices, etc., that are confidential and critical to the business.
Vulnerability Assessment
Determines the potential impact of disruptive events on the organization’s business processes.
Wassenaar Arrangement
Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.
Categorization
The process of determining the impact of the loss of confidentiality, integrity, or availability of the information to an organization.
Clearing
The removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities.
Curie Temperature
The critical point where a material’s intrinsic magnetic alignment changes direction.
Data Classification
Entails analyzing the data that the organization retains, determining its importance and value, and then assigning it to a category.
Data Custodians
Ensure important datasets are developed, maintained, and accessible within their defined specifications.
Data Modeling
The methodology that identifies the path to meet user requirements.
Data Remanence
The residual physical representation of data that has been in some way erased.
Data Standards
Objects, features, or items that are collected, automated, or affected by activities or the functions of organizations.
Federal Information Processing Standards (FIPS)
The official series of publications relating to standards and guidelines adopted.
File Encryption Software
Allows greater flexibility in applying encryption to specific file(s).
Framework Core
A set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.
Framework Implementation Tiers
Provide context on how an organization views cybersecurity risk and the processes in place to manage that risk.
Framework Profile
Represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories.
IT Asset Management (ITAM)
ITAM is a much broader discipline, adding several dimensions of management and involving a much broader base of stakeholders.
Media Encryption Software
Software that is used to encrypt otherwise unprotected storage media such as CDs, DVDs, USB drives, or laptop hard drives.
The National Checklist Program (NCP)
The U.S. Government repository of publicly available security checklists (or benchmarks) that provide detailed low- level guidance on setting the security configuration of operating systems and applications.
NIST Computer Security Division (CSD)
Focuses on providing measurements and standards to protect information systems against threats to the confidentiality of information, integrity of information and processes, and availability of information and services in order to build trust and confidence
Purging
The removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique.
Quality Assurance (QA)
An assessment of quality based on standards external to the process and involves reviewing of the activities and quality control processes to ensure final products meet predetermined standards of quality.
Quality Control (QC)
An assessment of quality based on internal standards, processes, and procedures established to control and monitor quality.
Self-Encrypting USB Drives
Portable USB drives that embed encryption algorithms within the hard drive, thus eliminating the need to install any encryption software.
Abstraction
Involves the removal of characteristics from an entity in order to easily represent its essential properties.
Access Control Matrix
A two-dimensional table that allows for individual subjects and objects to be related to each other.
Asymmetric Algorithms
One-way functions, that is, a process that is much simpler to go in one direction (forward) than to go in the other direction (backward or reverse engineering).
Address Space Layout Randomization (ASLR)
Involves randomly arranging the positions of key data areas of a program, including the base of the executable and the positions of the stack, heap, and libraries in a process’s memory address space.
Aggregation
Combining non-sensitive data from separate sources to create sensitive information.
Algorithm
A mathematical function that is used in the encryption and decryption processes.
Bell–La Padula Model
Explores the rules that would have to be in place if a subject is granted a certain level of clearance and a particular mode of access.
Brewer-Nash (The Chinese Wall) Model
This model focuses on preventing conflict of interest when a given subject has access to objects with sensitive information associated with two competing parties.
Cable Plant Management
The design, documentation, and management of the lowest layer of the OSI network model – the physical layer.
Certificate Authority (CA)
An entity trusted by one or more users as an authority in a network that issues, revokes, and manages digital certificates.
Ciphertext or Cryptogram
The altered form of a plaintext message, so as to be unreadable for anyone except the intended recipients.
Cloud Computing
A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management
Common Criteria
Provides a structured methodology for documenting security requirements, documenting and validating security capabilities, and promoting international cooperation in the area of IT security.
Community Cloud Infrastructure
Provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns.
Confusion
Provided by mixing (changing) the key values used during the repeated rounds of encryption. When the key is modified for each round, it provides added complexity that the attacker would encounter.
Control Objects for Information and Related Technology (COBIT)
Provides a set of generally accepted processes to assist in maximizing the benefits derived using information technology (IT) and developing appropriate IT governance.
Covert Channels
Communications mechanisms hidden from the access control and standard monitoring systems of an information system.
Cryptanalysis
The study of techniques for attempting to defeat cryptographic techniques and, more generally, information security services.
Cryptology
The science that deals with hidden, disguised, or encrypted communications. It embraces communications security and communications intelligence.
Cyber-Physical Systems (CPS)
Smart networked systems with embedded sensors, processors, and actuators that are designed to sense and interact with the physical world and support real-time, guaranteed performance in safety-critical applications.
Data Hiding
Maintains activities at different security levels to separate these levels from each other.
Data Warehouse
A repository for information collected from a variety of data sources.
Decoding
The reverse process from encoding – converting the encoded message back into its plaintext format.
Diffusion
Provided by mixing up the location of the plaintext throughout the ciphertext.
Digital Certificate
An electronic document that contains the name of an organization or individual, the business address, the digital signature of the certificate authority issuing the certificate, the certificate holder’s public key, a serial number, and the expiration date
Digital Rights Management (DRM)
A broad range of technologies that grant control and protection to content providers over their own digital media.
Digital Signatures
Provide authentication of a sender and integrity of a sender’s message.
Enterprise Security Architecture (ESA)
Focused on setting the long-term strategy for security services in the enterprise.
Firmware
The storage of programs or instructions in ROM.
“Generally Accepted Principles and Practices for Securing Information Technology Systems” (NIST SP 800-14)
Provides a foundation upon which organizations can establish and review information technology security programs.
Graham-Denning
Primarily concerned with how subjects and objects are created, how subjects are assigned rights or privileges, and how ownership of objects is managed.
Inference
The ability to deduce (infer) sensitive or restricted information from observing available information.
ISO/IEC 21827:2008, The Systems Security Engineering – Capability Maturity Model (SSE-CMM)
Describes the essential characteristics of an organization’s security engineering process that must exist to ensure good security engineering.
Hash Function
Accepts an input message of any length and generates, through a one-way operation, a fixed-length output
Industrial Control Systems (ICS)
Used to control industrial processes such as manufacturing, product handling, production, and distribution.
IT Infrastructure Library (ITIL)
Defines the organizational structure and skill requirements of an IT organization as well as the set of operational procedures and practices that direct IT operations and infrastructure, including information security operations.
Embedded Systems
Used to provide computing services in a small form factor with limited processing power.
Encoding
The action of changing a message into another format through the use of a code.
Hybrid Cloud Infrastructure
A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities but are bound together by standardized or proprietary technology that enables data and application portability.
Initialization Vector (IV)
A non-secret binary vector used as the initializing input algorithm for the encryption of a plaintext block sequence to increase security by introducing additional cryptographic variance and to synchronize cryptographic equipment.
Key Clustering
When different encryption keys generate the same ciphertext from the same plaintext message.
Key Length
The size of a key, usually measured in bits or bytes, which a cryptographic algorithm used in ciphering or deciphering protected information.
Key Space
This represents the total number of possible values of keys in a cryptographic algorithm or other security measure, such as a password.
Message Authentication Code (MAC)
A small block of data that is generated using a secret key and then appended to the message.
Message Digest
A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.
Middleware
A connectivity software that enables multiple processes running on one or more machines to interact.
Multilevel Lattice Models
A security model describes strict layers of subjects and objects and defines clear rules that allow or disallow interactions between them based on the layers they are in.
Non-repudiation
A service that ensures the sender cannot deny a message was sent and the integrity of the message is intact.
OpenID Connect
An interoperable authentication protocol based on the OAuth 2.0 family of specifications.
OWASP
A nonprofit organization focused on improving the security of software.
Paging
Divides the memory address space into equal-sized blocks called pages
Payment Card Industry Data Security Standard (PCI-DSS)
Provides the security architect with a framework of specifications to ensure the safe processing, storing, and transmission of cardholder information.
Plaintext
The message in its natural format.
Primary Storage
Stores data that has a high probability of being requested by the CPU.
Private Cloud
In this model, the cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers.
Protection Keying
Divides physical memory up into blocks of a particular size, each of which has an associated numerical value called a protection key.
Public Cloud Infrastructure
Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
Registration Authority (RA)
This performs certificate registration services on behalf of a CA.
Secondary Storage
Holds data not currently being used by the CPU and is used when data must be stored for an extended period of time using high-capacity, nonvolatile storage.
Security Assertion Markup Language (SAML)
An XML-based standard used to exchange authentication and authorization information.
Security Zone of Control
An area or grouping within which a defined set of security policies and measures are applied to achieve a specific level of security.
Segmentation
Dividing a computer’s memory into segments.
Sherwood Applied Business Security Architecture (SABSA) Framework
Holistic life cycle for developing security architecture that begins with assessing business requirements and subsequently creating a “chain of traceability” through the phases of strategy, concept, design, implementation, and metrics.
State Attacks
Attempt to take advantage of how a system handles multiple requests.
State Machine Model
Describes the behavior of a system as it moves between one state and another, from one moment to another.
Stream-based Ciphers
When a cryptosystem performs its encryption on a bit-by-bit basis.
Symmetric Algorithms
Operate with a single cryptographic key that is used for both encryption and decryption of the message.
Substitution
The process of exchanging one letter or byte for another.
System Kernel
The core of an OS, and one of its main functions is to provide access to system resources, which includes the system’s hardware and processes.
The Open Group Architecture Framework (TOGAF)
An architecture content framework (ACF) to describe standard building blocks and components as well as numerous reference models.
Transposition
The process of reordering the plaintext to hide the message.
Work Factor
This represents the time and effort required to break a protective measure.
Zachman Framework
A logical structure for identifying and organizing the descriptive representations (models) that are important in the management of enterprises and to the development of the systems, both automated and manual, that comprise them.
Bastion hosts
Serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts.
Bridges
Layer 2 devices that filter traffic between segments based on Media Access Control (MAC) addresses.
Common application service element (CASE)
Sublayer that provides services for the application layer and request services from the session layer
Concentrators
Multiplex connected devices into one signal to be transmitted on a network
Direct-Sequence Spread Spectrum (DSSS)
A wireless technology that spreads a transmission over a much larger frequency band, and with corresponding smaller amplitude
Decryption
The process of transforming encrypted data back into its original form, so it can be understood.
Fibre Channel over Ethernet (FCoE)
A lightweight encapsulation protocol and lacks the reliable data transport of the TCP layer
File Transfer Protocol (FTP)
A stateful protocol that requires two communication channels
Firewalls
Devices that enforce administrative security policies by filtering incoming traffic based on a set of rules
Frequency-Hopping Spread Spectrum (FHSS)
This wireless technology spreads its signal over rapidly changing frequencies
Internet Control Message Protocol (ICMP)
Provides a means to send error messages for non-transient error conditions and provides a way to probe the network in order to determine general characteristics about the network.
Layer 1
Physical Layer
Layer 2
Data-Link Layer
Layer 3
Network Layer
Layer 4
Transport Layer
Layer 5
Session Layer
Layer 6
Presentation Layer
Layer 7
Application Layer
Lightweight Directory Access Protocol (LDAP)
A client/server-based directory query protocol loosely based upon X.500, commonly used for managing user information
Modems
Allow users remote access to a network via analog phone lines
OSI reference model
Layering model structured into seven layers (physical layer, data-link layer, network layer, transport layer, session layer, presentation layer, application layer)
Ping scanning
A basic network mapping technique that helps narrow the scope of an attack
Public-key encryption
Involves a pair of keys-a public key and a private key-associated with an entity that needs to authenticate its identity electronically or to sign or encrypt data
Remote Authentication Dial-in User Service (RADIUS)
An authentication protocol used mainly in networked environments, such as ISPs, or for similar services requiring single sign-on for layer 3 network access, for scalable authentication combined with an acceptable degree of security.
Remote Procedure Calls (RPC)
Represent the ability to allow for the executing of objects across hosts
Screen Scraper
A program which can extract data from output on a display intended for a human
Security perimeter
The first line of protection between trusted and untrusted networks
Specific application service element (SASE)
Sublayer that provides application specific services (protocols)
Spread spectrum
A method commonly used to modulate information into manageable bits that are sent over the air wirelessly
TCP/IP or Department of Defense (DoD) model
Layering model structured into four layers (link layer, network layer, transport layer, application layer)
Traceroute
A diagnostic tool that displays the path a packet traverses between a source and destination host
Transmission Control Protocol (TCP)
Provides connection-oriented data management and reliable data transfer
User Datagram Protocol (UDP)
Provides a lightweight service for connectionless data transfer without error detection and correction
Virtual Private Network (VPN)
An encrypted tunnel between two hosts that allows them to securely communicate over an untrusted network
Voice over Internet Protocol (VoIP)
A technology that allows you to make voice calls using a broadband Internet connection instead of a regular (or analog) phone line
Wireless local area network (WLAN)
Links two or more devices over a short distance using a wireless distribution method, usually providing a connection through an access point for Internet access
Wireless mesh network
A wireless network made up of radio nodes organized in a mesh topology
Wireless metropolitan area networks
A type of wireless network that connects several wireless LANs
Wireless personal area networks (WPANs)
Interconnect devices within a relatively small area that is generally within a person’s reach
Access badges
Used to enter secured areas of a facility and are used in conjunction with a badge reader to read information stored on the badge
Access Control Systems
Physical or electronic systems designed to control who, or what, has access to a network
Account management systems
Systems that attempt to streamline the administration of user identity across multiple systems
Authentication
The process of verifying the identity of the user
Authorization
The process of defining the specific resources a user needs and determining the type of access to those resources the user may have
Cryptographic Device
A hardware device that contains non- programmable logic and non-volatile storage dedicated to all cryptographic operations and protection of private keys.
Electronic authentication (e- authentication)
The process of establishing confidence in user identities electronically presented to an information system
Facility access control
Protects enterprise assets and provides a history of who gained access and when the access was granted
Identity as a Service (IDaaS)
Cloud-based services that broker identity and access management functions to target systems on customers’ premises and/or in the cloud
Identity proofing
The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be, and establishing a reliable relationship
Kerberos
Developing standard for authenticating network users. Kerberos offers two key benefits: it functions in a multi-vendor network, and it does not transmit passwords over the network.
Logical access controls
Protection mechanisms that limit users’ access to information and restrict their forms of access on the system to only what is appropriate for them
MAC address
A 48-bit number (typically represented in hexadecimal format) that is supposed to be globally unique
Mandatory Access Controls (MACs)
Access control that requires the system itself to manage access controls in accordance with the organization’s security policies
Multi-factor Authentication
Ensures that a user is who they claim to be. The more factors used to determine a person’s identity, the greater the trust of authenticity.
Password Management System
A system that manages passwords consistently across the enterprise
Physical Access Control Systems (PACS)
Allows authorized security personnel to simultaneously manage and monitor multiple entry points from a single, centralized location
Radio Frequency Identification (RFID)
A non-contact, automatic identification technology that uses radio signals to identify, track, sort and detect a variety of objects including people, vehicles, goods and assets without the need for direct contact
Role-Based Access Control (RBAC)
An access control model that bases the access control authorizations on the roles (or functions) that the user is assigned within an organization
Rule-Based Access Control
An access control model that based on a list of predefined rules that determine what accesses should be granted
Security Assertion Markup Language 2.0 (SAML 2.0)
A version of the SAML OASIS standard for exchanging authentication and authorization data between security domains
Single factor authentication
Involves the use of simply one of the three available factors solely in order to carry out the authentication process being requested
Single Sign-On (SSO)
A unified login experience (from the viewpoint of the end user) when accessing one or more systems
Trusted Platform Modules (TPM)
A local hardware encryption engine and secured storage for encryption keys
User ID
Provides the system with a way of uniquely identifying a particular user amongst all the users of that system
2011 CWE/SANS Top 25 Most Dangerous Software Errors
A list of the most widespread and critical errors that can lead to serious vulnerabilities in software.
Audit Records
Contain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges.
Architecture Security Reviews
A manual review of the product architecture to ensure that it fulfills the necessary security requirements.
Automated Vulnerability Scanners
Tests an application for the use of system components or configurations that are known to be insecure.
Condition Coverage
This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Data Flow Coverage
This criteria requires sufficient test cases for each feasible data flow to be executed at least once.
Decision (Branch) Coverage
Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications.
Information Security Continuous Monitoring (ISCM)
Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
Intrusion Detection Systems (IDS)
Real-time monitoring of events as they happen in a computer system or network, using audit trail records and network traffic and analyzing events to detect potential intrusion attempts.
Intrusion Prevention Systems (IPS)
Any hardware or software mechanism that has the ability to detect and stop attacks in progress.
Loop Coverage
This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.
Misuse Case
A Use Case from the point of view of an Actor hostile to the system under design.
Multi-Condition Coverage
This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.
Negative Testing
Ensures the application can gracefully handle invalid input or unexpected user behavior.
Path Coverage
This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.
Positive Testing
Determines that your application works as expected.
Real User Monitoring (RUM)
An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.
Regression Analysis
The determination of the impact of a change based on review of the relevant documentation.
Security Log Management
The process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
Statement Coverage
This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.
Static Source Code Analysis (SAST)
Analysis of the application source code for finding vulnerabilities without actually executing the application.
Synthetic Performance Monitoring
Involves having external agents run scripted transactions against a web application.
System Events
Operational actions performed by OS components, such as shutting down the system or starting a service.
Threat Modeling
A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Use Cases
Abstract episodes of interaction between a system and its environment.
Validation
The determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project.
Verification
The authentication process by which the biometric system matches a captured biometric against the person’s stored template.
Vulnerability Management Software
Log the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.
Web Proxies
Intermediate hosts through which websites are accessed.
White-box Testing
A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.
Acoustic Sensors
Device that uses passive listening devices
Administrator accounts
Accounts that are assigned only to named individuals that require administrative access to the system to perform maintenance activities, and should be different and separate from a user’s normal account.
Balanced Magnetic Switch (BMS)
Devices that use a magnetic field or mechanical contact to determine if an alarm signal is initiated
Chain of custody
The who, what, when, where, and how the evidence was handled—from its identification through its entire life cycle, which ends with destruction, permanent archiving, or returning to owner.
Cipher Lock
A lock controlled by touch screen, typically 5 to 10 digits that when pushed in the right combination the lock will releases and allows entry
Configuration management (CM)
A discipline for evaluating, coordinating, approving or disapproving, and implementing changes in artifacts that are used to construct and maintain software systems
Data Leak Prevention (DLP)
A suite of technologies aimed at stemming the loss of sensitive information that occurs in the enterprise.
Egress filtering
The practice of monitoring and potentially restricting the flow of information outbound from one network to another
Infrared Linear Beam Sensors
A focused infrared (IR) light beam is projected from an emitter and bounced off of a reflector that is placed at the other side of the detection area
Instant Keys
Provide a quick way to disable a key by permitting one turn of the master key to change a lock
Intrusion Detection System (IDS)
A technology that alerts organizations to adverse or unwanted activity
Indemnification
The party to party litigation costs resulting from its breach of warranties
Intrusion Prevention System (IPS)
A technology that monitors activity like an IDS but will automatically take proactive preventative action if it detects unacceptable activity.
Honeypot
Decoy servers or systems setup to gather information regarding an attacker or intruder into your system
Honeyfarm
A centralized collection of honeypots and analysis tools
Honeynet
Two or more honeypots on a network
Live evidence
Data that are dynamic and exist in running processes or other volatile locations (e.g., system/device RAM) that disappear in a relatively short time once the system is powered down
Locard’s exchange principle
States that when a crime is committed, the perpetrators leave something behind and take something with them, hence the exchange
Magnetic Stripe (mag stripe) cards
Consist of a magnetically sensitive strip fused onto the surface of a PVC material, like a credit card
Mortise Lock
A lock or latch that is recessed into the edge of a door, rather than being mounted to its surface.
Power users
Accounts granted greater privileges than normal user accounts when it is necessary for the user to have greater control over the system, but where administrative access is not required
Protocol Anomaly-Based IDS
Identifies any unacceptable deviation from expected behavior based on known network protocols
Proximity Card (prox cards)
Use embedded antenna wires connected to a chip within the card through RF.
Records and Information Management (RIM)
Essential activities to protect business information and can be established in compliance with laws, regulations, or corporate governance
Remanence
The measure of the existing magnetic field on the media after degaussing
Rim Lock
A lock or latch typically mounted on the surface of a door, typically associated with a dead bolt type of lock
Sandboxing
A form of software virtualization that lets programs and processes run in their own isolated virtual environment
Security Information and Event Management (SIEM)
A group of technologies which aggregate information about access controls and selected system activity to store for analysis and correlation
Service accounts
Accounts used to provide privileged access used by system services and core applications
Smart Cards
Credential cards with one or more microchip processing that accepts or processes information and can be contact or contact less.
Statistical Anomaly-based IDS
Analyzes event data by comparing it to typical, known, or predicted traffic profiles in an effort to find potential security breaches
Steganography
The science of hiding information
Traffic anomaly-based IDS
Identifies any unacceptable deviation from expected behavior based on actual traffic structure
Time domain Reflectometry (TDR)
Send induced radio frequency (RF) signals down a cable that is attached to the fence fabric
ActiveX Data Objects (ADO)
A Microsoft high-level interface for all kinds of data.
Capability Maturity Model for Software (CMM or SW-CMM
Maturity model focused on quality management processes and has five maturity levels that contain several key practices within each maturity level.
Common Object Request Broker Architecture (CORBA)
A set of standards that addresses the need for interoperability between hardware and software products.
Computer Virus
A program written with functions and intent to copy and disperse itself without the knowledge and cooperation of the owner or user of the computer.
Configuration Management (CM)
Monitoring and managing changes to a program or documentation.
Covert Channel
An information flow that is not controlled by a security control.
Encryption
The conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.
Data Mining
The practice of examining large databases in order to generate new information.
Database Management System (DBMS)
A suite of application programs that typically manages large, structured sets of persistent data.
Database Model
Describes the relationship between the data elements and provides a framework for organizing the data.
DevOps
An approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate.
Log
A record of the events occurring within an organization’s systems and networks.
Integrated Product and Process Development (IPPD)
A management technique that simultaneously integrates all essential acquisition activities through the use of multidisciplinary teams to optimize the design, manufacturing, and supportability processes.
Iterative Models
Development models that allow for successive refinements of requirements, design, and coding.
Knowledge Discovery in Databases (KDD)
A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.
Metadata
Information about the data.
Rapid Application Development (RAD)
A form of rapid prototyping that requires strict time limits on each phase and relies on tools that enable quick development.
Software Assurance (SwA)
The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that it functions in the intended manner.
Time Multiplexing
Allows the operating system to provide well-defined and structured access to processes that need to use resources according to a controlled and tightly managed schedule.
Time of Check/Time of Use (TOC/TOU) Attacks
Takes advantage of the dependency on the timing of events that takes place in a multitasking operating system.
Trusted Computing Bases (TCB)
The collection of all of the hardware, software, and firmware within a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.
Waterfall Development Model
A development model in which each phase contains a list of activities that must be performed and documented before the next phase begins.
