Glossary - Terms of Concern Flashcards
Access Control
- The Process of Limiting access to the resources of a system only to authorized programs, processes or other systems (in a network). Synonymous with controlled access and limited access.
- It enables authorized use of a resource while preventing unauthorized use or use in an unauthorized manner.
Advanced Encryption Standard (AES)
AES specifies a US government-approved cryptographic algorithm that be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt and decrypt information. Encryption converts data to an un
Biometric
An image or template of a physiological attribute (i.e. fingerprint) that may be used to identify an individual. Biometrics may be usedn to unlock authentication tokens and prevent repudiation of registration.
Business Continuity Plan
The documentation of a predetermined set of instructions or procedures that describe how an organizations business functions will be sustained during and after a significant disruption.
Host
The term can refer to almost any kind of computer, from a centralized mainframe that is a host to its terminals, to a server that is a host to its clients, to a desktop personal computer that is a host to its peripherals. In network architectures, a client station (user’s machine) is also considered a host because it is a source of information to the network in contrast to a device such as router or switch that directs traffic.
Public [Asymmetric] Key Encryption
Public key encryption uses “key pairs,” a public key and a mathematically related private key. Given the public key, it is infeasible to find the private key. The private key is kept secret while the public key may be shared with others. A message encrypted with the public key can only be decrypted with the private key. A message can be digitally signed with the private key, and anyone can verify the signature with the public key.
Public Key Certificate
- An identifying digital certificate that typically includes the public key, information about the identity of the party holding the corresponding private key, and the operational period for the certificate, authenticated by the digital signature of the certification authority (CA) that issued the certificate. In addition, the certificate may contain other information about the signing party or information about the recommended uses for the public key. A subscriber is an individual or business entity that has contracted with a CA to receive a digital certificate verifying an identity for digitally signing electronic messages.
- A digital document issued and digitally signed by the private key of a certification authority that binds the name of a subscriber to a public key. The certificate indicates that the subscriber identified in the certificate has sole control and access to the private key.
Secure Sockets Layer (SSL)
Secure sockets layer (SSL) is a protocol developed by Netscape for transmitting private documents via the Internet. SSL is based on public key cryptography, used to generate a cryptographic session that is private to a web server and a client browser. SSL works by using a public key to encrypt data that is transferred over the SSL connection. Most web browsers support SSL, and many websites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with HTTPS instead of HTTP.
Transport Layer Security (TLS)
TLS is an Internet standard based on SSL version 3.0. There are only minor differences between SSL and TLS.
Security Controls
The management, operational, and technical controls (safeguards/countermeasures) prescribed for an information system to protect the confidentiality, integrity, and availability of the system and its information.
Variance
This measure is sometimes called the average squared deviation. It is computed by taking the difference between individual value and the mean, and squaring it. Then, add all the squared difference and divide by the number of items.
