Vocab Flashcards
Learn CSSLP related vocab
*-property
An aspect of the Bell-Lapadula security model that is commonly referred to as the “no-write-down” rule because it doesn’t allow a user to write to a file with a lower security classification thus preserving confidentiality.
3DES
Triple DES encryption. Three rounds of DES encryption used to improve security.
802.11
A family of standards that describe network protocols for wireless devices.
802.1X
An IEEE standard for performing authentication over networks.
Abuse Case
A use case built around a work process designed to abuse a normal work process.
Acceptance Testing
The formal analysis that is done to determine whether a system or software product satisfies its acceptance criteria.
AUP, Acceptable Use Policy
Acceptable Use Policy. A policy that communicates to users what specific uses of computer resources are permitted.
Access
A subjects ability to perform specific operations on an object, such as a file. Typical access levels include read, write, execute, and delete.
Access Control
Mechanisms or methods used to determine what access permissions subjects (such as a users) have for specific objects (such as files).
Access Control List (ACL)
A list associated with an object (such as a file) that identifies what level of access each subject (such as a user) has - what they can do to the object (such as read, write, or execute).
Active Directive
The directory service portion of the Windows operating system that stores information about network - based entities (such as applications, files, printers, and people) and provides a structured, consistent way to name, describe, locate, access, and manage these resources.
ActiveX
A Microsoft technology that facilitates rich internet applications and, therefore, extend and enhances the functionality of Microsoft internet explorer. Like Java, ActiveX enables the development of interactive content. When an ActiveX - aware browser encounters a webpage that includes an unsupported feature, it can automatically install the appropriate application so the feature can be used.
Address Resolution Protocol (ARP)
A protocol in the TCP/IP suite specification used to map an IP address to a Media Access Control (MAC) address.
Adware
Advertising - supported software that automatically plays, displays or downloads advertisements after the software is installed or while the application is being used.
Algorithm
A step - by - step procedure – typically an established computation for solving a problem with a set number of steps.
Alpha Testing
A form of end - to - end testing done prior to product delivery to determine operational and functional issues.
Annualized Loss Expectancy (ALE)
How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE=single loss expectancy * annualized rate of occurrence.
Annualized Rate of Occurence (ARO)
The frequency with which an event is elected to occur in an annualized basis.
Anomaly
Something that does not fit into an expected pattern.
Application
A program or group of programs designed to provide specific user functions, such as a word processor or web server.
Asset
Resources and information an organization needs to conduct it’s business.
Asymmetric Encryption
Also called public key cryptography, this is a system for encrypting data that uses two mathematically derived keys to encrypt and decrypt a message -a public key, available to everyone, and a private key, available only to the owner of the key.
Attack
An action taken against a vulnerability to exploit a system.
Attack Surface Analyzer
A product from Microsoft designed to enumerate the elements of a system that are subject to attack.
Attack Surface Evaluation
An examination of the elements of a system that are subject to attack and mitigations that can be applied.
