vocabularyA Flashcards
2DES
The process of performing the DES algorithm two times at every block.
3DES
Triple DES is a more secure implementation of DES which includes three equally secure versions. Each of the versions changes the way that the iterations are applied.
Abstraction
A protection mechanism technique which is the primary feature of object-oriented programming. Objects look like black boxes in which contents of the black box are not known, but the points of entry and exit are.
Accountability
A security control architecture that includes monitoring and log file analysis.
ACL
An access control list is a list that specifies which subjects can access which objects.
ActiveX
A program or control written by Microsoft that runs in distributed mode on the client.
Administrative Control
A design-based control that dictates policies and procedures and informs of the correct way to operate in a safe, secure manner.
Administrative Detective Control
Policy or rule that detects when something has occurred by using auditing or performance reviews to see the actions that subjects have taken.
Administrative/Regulatory Law
Any regulation that governs specific personal or organization practices.
AES
Advanced Encryption Standard is a symmetric cryptographic algorithm standard which is the officially accepted replacement standard for DES and 3DES. AES allows three key strengths that are dependent upon the key lengths, and three different transformation layers.
Agent
A program or some other process that performs a special service on behalf of another process or principal. An agent works in a different environment from the principal.
Aggregation
The process of obtaining information of high sensitivity by combining information from lower levels of sensitivity.
ALE
Annual Loss Expectancy is the Single Loss Expectancy times the Annual Rate of Occurrence.
Algorithm
A sequence of steps that is used to encrypt plaintext.
ALU
The arithmetic logic unit is the area inside of the CPU which performs arithmetic and logical functions.
AND
A binary math operator used in cryptography that has an input value of either a zero or one. The input values are combined to give the results seen in the table.
ANSI
The American National Standards Institute is a voluntary organization that works to establish standards with relationship-to-character sets and programming languages.
Applet
A similar program to an agent, with the exception that it is platform-independent.
Application Layer
The highest layer of the ISO/OSI reference model that provides services for high-level programs and program-to-program transfer of information.
Architecture
A design which provides outlines and exact mechanisms of both hardware and software. It can be divided into five different components: input/output, storage, communication, control, and processing.
ARCnet
Attached Resource Computer Network is one of the earliest LAN technologies that uses a token passing method within a bus topology.
ARO
Annual Rate of Occurrence is the calculated, annual probability of loss. It is an estimate of the probability a stated threat will be realized.
ARP
Address Resolution Protocol is a TCP/IP protocol that finds and determines the address of a system on a LAN when only the IP address is known.
Asymmetric Algorithm
An algorithm containing a public key that is generated and may be given to anyone. The receiver then uses their own private key to decrypt the message.
Asynchronized Device
A token device which uses a challenge-response approach to generate a password.
Authentication
A system for validating that the subject or object is really who or what they say or appear to be.
Authentication Service
The part of the KDC that actually authenticates the subjects and objects.
Authorization Creep
Accidentially giving a subject access to objects that are not intended for them to have access to.
Availability
Part of the security triad that ensures the system is available when needed by means such as fault tolerance or performance tuning.