R Flashcards
RADIUS (Remote Authentication Dial-in User Service)
A security service that authenticates and authorizes dial-up users and is a centralized access control mechanism.
read
An operation that results in the flow of information from an object to a subject and does not give the subject the ability to modify the object or the data within the object.
recovery planning
The advance planning and preparations that are necessary to minimize loss and to ensure the availability of the critical information systems of an organization after a disruption in service or a disaster.
recovery point objective
The acceptable amount of data loss measured in time.
recovery time objective
The maximum time period within which a business process must be restored to a designated service level after a disaster to avoid unacceptable consequences.
reference monitor concept
An access control concept that refers to an abstract machine that mediates all accesses to objects by subjects. The security kernel enforces the reference monitor concept.
reliability
The assurance of a given system, or individual component, performing its mission adequately for a specified period of time under the expected operating conditions.
remote journaling
A method of transmitting changes to data to an offsite facility. This takes place as parallel processing of transactions, meaning that changes to the data are saved locally and to an off-site facility. These activities take place in real time and provide redundancy and fault tolerance.
repudiation
When the sender of a message denies sending the message. The countermeasure to this is to implement digital signatures.
residual risk
The remaining risk after the security controls have been applied. The conceptual formulas that explain the difference between total and residual risk are
threats × vulnerability × asset value = total risk
(threats × vulnerability × asset value) × controls gap = residual risk
risk
The likelihood of a threat agent taking advantage of a vulnerability and the resulting business impact. A risk is the loss potential, or probability, that a threat will exploit a vulnerability.
risk analysis
A method of identifying risks and assessing the possible damage that could be caused in order to justify security safeguards.
risk management
The process of identifying, assessing, and reducing the risk to an acceptable level and implementing the right mechanisms to maintain that level of risk.
role-based access control (RBAC)
Type of model that provides access to resources based on the role the user holds within the company or the tasks that the user has been assigned.
