Glossary Q-R Flashcards
QA (quality assurance)
Policies, procedures, and tools designed to ensure defect-free development and delivery.
QoS (quality of service)
Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS). Also known as CoS.
qualitative analysis
A risk analysis method that uses opinions and reasoning to measure the likelihood and impact of risk.
quantitative analysis
A risk analysis method that is based on assigning concrete values to factors.
quantum cryptography
Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in “classical” computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).
RA (recovery agent)
In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.
RA (registration authority)
In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.
race condition
A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.
RADIUS (Remote Authentication Dial-in User Service)
A standard protocol used to manage remote and wireless authentication infrastructures.
RAID (redundant array of independent/ inexpensive disks)
Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems. rainbow table Tool for speeding up attacks against Windows passwords by precomputing possible hashes.
ransomware
Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment
Raspberry Pi
Open-source platform producing programmable circuit boards for education and industrial prototyping.
RAT (remote access Trojan)
Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.
RBAC (role-based access control)
An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.
RCS (rich communication services)
Platform-independent advanced messaging functionality designed to replace SMS and MMS.
red team
The “hostile” or attacking team in a penetration test or incident response exercise. regex (regular expression) A group of characters that describe how to execute a specific search pattern on a given text.
replay attack
An attack where the attacker intercepts some authentication data and reuses it to try to re-establish a session.
replication
Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).
residual risk
Risk that remains even after controls are put into place.
retention policy
Dictates for how long information needs to be kept available on backup and archive systems. This may be subject to legislative requirements.
reverse proxy
A type of proxy server that protects servers from direct contact with client requests.
reverse shell
A maliciously spawned remote command shell where the victim host opens the connection to the attacking host.
risk acceptance
The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.
risk avoidance
In risk mitigation, the practice of ceasing activity that presents risk.
risk deterrence
In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. Also known as risk reduction.
risk matrix/heat map
A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department for reference by stakeholders.
risk mitigation
The response of reducing risk to fit within an organization’s risk appetite.
risk register
A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.
risk transference
In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.
risk-based framework
In ESA, a framework that uses risk assessment to prioritize security control selection and investment.
robot sentry
A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.
root CA (root certificate authority)
In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.
rootkit
A class of malware that modifies system files, often at the kernel level, to conceal its presence.
router firewall
A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.
routing protocols
Rules that govern how routers communicate and forward traffic between networks.
RPO (recovery point objective)
The longest period of time that an organization can tolerate lost data being unrecoverable.
RSA (Rivest Shamir Adelman)
Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.
RTBH (remote triggered black hole)
Using a trigger device to send a BGP route update that instructs routers to drop traffic that is suspected of attempting DDoS.
RTO (recovery time objective)
The length of time it takes after an event to resume normal business operations and activities.
RTOS (real-time operating system)
A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.
RTP (Real-time Transport Protocol)
Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).
rule-based access control
A non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.
runbook
An automated version of a playbook that leaves clearly defined interaction points for human analysis.
