Glossary Q-R

Question 1

QA (quality assurance)

Answer 1

Policies, procedures, and tools designed to ensure defect-free development and delivery.

Question 2

QoS (quality of service)

Answer 2

Systems that differentiate data passing over the network that can reserve bandwidth for particular applications. A system that cannot guarantee a level of available bandwidth is often described as Class of Service (CoS). Also known as CoS.

Question 3

qualitative analysis

Answer 3

A risk analysis method that uses opinions and reasoning to measure the likelihood and impact of risk.

Question 4

quantitative analysis

Answer 4

A risk analysis method that is based on assigning concrete values to factors.

Question 5

quantum cryptography

Answer 5

Using quantum computing for cryptographic tasks, such as distributing keys or cracking (traditional) cryptographic systems. Quantum computing works on the principle that its units (qubits) have more properties than the bits used in “classical” computers, notably (and very crudely) that a qubit can have a probability of being 1 or 0 and that inspecting the value of one qubit can instantly determine that of others (entanglement).

Question 6

RA (recovery agent)

Answer 6

In PKI, an account or combination of accounts that can copy a cryptographic key from backup or escrow and restore it to a subject host or user.

Question 7

RA (registration authority)

Answer 7

In PKI, an authority that accepts requests for digital certificates and authenticates the entities making those requests.

Question 8

race condition

Answer 8

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer.

Question 9

RADIUS (Remote Authentication Dial-in User Service)

Answer 9

A standard protocol used to manage remote and wireless authentication infrastructures.

Question 10

RAID (redundant array of independent/ inexpensive disks)

Answer 10

Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems. rainbow table Tool for speeding up attacks against Windows passwords by precomputing possible hashes.

Question 11

ransomware

Answer 11

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim’s files and demanding payment

Question 12

Raspberry Pi

Answer 12

Open-source platform producing programmable circuit boards for education and industrial prototyping.

Question 13

RAT (remote access Trojan)

Answer 13

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Question 14

RBAC (role-based access control)

Answer 14

An access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions.

Question 15

RCS (rich communication services)

Answer 15

Platform-independent advanced messaging functionality designed to replace SMS and MMS.

Question 16

red team

Answer 16

The “hostile” or attacking team in a penetration test or incident response exercise. regex (regular expression) A group of characters that describe how to execute a specific search pattern on a given text.

Question 17

replay attack

Answer 17

An attack where the attacker intercepts some authentication data and reuses it to try to re-establish a session.

Question 18

replication

Answer 18

Automatically copying data between two processing systems either simultaneously on both systems (synchronous) or from a primary to a secondary location (asynchronous).

Question 19

residual risk

Answer 19

Risk that remains even after controls are put into place.

Question 20

retention policy

Answer 20

Dictates for how long information needs to be kept available on backup and archive systems. This may be subject to legislative requirements.

Question 21

reverse proxy

Answer 21

A type of proxy server that protects servers from direct contact with client requests.

Question 22

reverse shell

Answer 22

A maliciously spawned remote command shell where the victim host opens the connection to the attacking host.

Question 23

risk acceptance

Answer 23

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

Question 24

risk avoidance

Answer 24

In risk mitigation, the practice of ceasing activity that presents risk.

Question 25

risk deterrence

Answer 25

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario. Also known as risk reduction.

Question 26

risk matrix/heat map

Answer 26

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department for reference by stakeholders.

Question 27

risk mitigation

Answer 27

The response of reducing risk to fit within an organization’s risk appetite.

Question 28

risk register

Answer 28

A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Question 29

risk transference

Answer 29

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Question 30

risk-based framework

Answer 30

In ESA, a framework that uses risk assessment to prioritize security control selection and investment.

Question 31

robot sentry

Answer 31

A remote-controlled or autonomous robot capable of patrolling site premises or monitoring gateways.

Question 32

root CA (root certificate authority)

Answer 32

In PKI, a CA that issues certificates to intermediate CAs in a hierarchical structure.

Question 33

rootkit

Answer 33

A class of malware that modifies system files, often at the kernel level, to conceal its presence.

Question 34

router firewall

Answer 34

A hardware device that has the primary function of a router, but also has firewall functionality embedded into the router firmware.

Question 35

routing protocols

Answer 35

Rules that govern how routers communicate and forward traffic between networks.

Question 36

RPO (recovery point objective)

Answer 36

The longest period of time that an organization can tolerate lost data being unrecoverable.

Question 37

RSA (Rivest Shamir Adelman)

Answer 37

Named for its designers, Ronald Rivest, Adi Shamir, and Len Adelman, the first successful algorithm for public key encryption with a variable key length and block size.

Question 38

RTBH (remote triggered black hole)

Answer 38

Using a trigger device to send a BGP route update that instructs routers to drop traffic that is suspected of attempting DDoS.

Question 39

RTO (recovery time objective)

Answer 39

The length of time it takes after an event to resume normal business operations and activities.

Question 40

RTOS (real-time operating system)

Answer 40

A type of OS that prioritizes deterministic execution of operations to ensure consistent response for time-critical tasks.

Question 41

RTP (Real-time Transport Protocol)

Answer 41

Opens a data stream for video and voice applications over UDP. The data is packetized and tagged with control information (sequence numbering and time-stamping).

Question 42

rule-based access control

Answer 42

A non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy.

Question 43

runbook

Answer 43

An automated version of a playbook that leaves clearly defined interaction points for human analysis.