glossary:start
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| glossary:start [2023/07/17 14:31] – peter | glossary:start [2023/07/17 15:57] (current) – peter | ||
|---|---|---|---|
| Line 5: | Line 5: | ||
| |3DES|Triple Digital Encryption Standard.| | |3DES|Triple Digital Encryption Standard.| | ||
| |:::|In cryptography, | |:::|In cryptography, | ||
| - | |3G|3G refers to the third generation of cellular data standards. | + | |3G|3G refers to the third generation of cellular data standards.| |
| + | |:::|Cell phone companies often market mobile phones as "3G devices," | ||
| |3-Way Handshake|Machine A sends a packet with a SYN flag set to Machine B. B acknowledges A's SYN with a SYN/ACK. A acknowledges B's SYN/ACK with an ACK.| | |3-Way Handshake|Machine A sends a packet with a SYN flag set to Machine B. B acknowledges A's SYN with a SYN/ACK. A acknowledges B's SYN/ACK with an ACK.| | ||
| |4G|4G is the fourth generation of cellular data standards. | |4G|4G is the fourth generation of cellular data standards. | ||
| Line 15: | Line 16: | ||
| |ABC|Anti-Bribary and Corruption.| | |ABC|Anti-Bribary and Corruption.| | ||
| |ACA|Application Criticality Assessment.| | |ACA|Application Criticality Assessment.| | ||
| - | |ACKPIGGYBACKING | The practice of sending an ACK inside another packet going to the same destination.| | + | |ACKPIGGYBACKING|The practice of sending an ACK inside another packet going to the same destination.| |
| |ACL|Access Control List. A list of permissions attached to an object.| | |ACL|Access Control List. A list of permissions attached to an object.| | ||
| |Access Control|Access Control ensures that resources are only granted to those users who are entitled to them.| | |Access Control|Access Control ensures that resources are only granted to those users who are entitled to them.| | ||
| - | |Access Control List|ACL. A list of permissions attached to an object.| | + | |Access Control List|ACL.| |
| + | |:::|A list of permissions attached to an object.| | ||
| |Access Control Service|A security service that provides protection of system resources against unauthorized access. | |Access Control Service|A security service that provides protection of system resources against unauthorized access. | ||
| |Access Matrix|An Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.| | |Access Matrix|An Access Matrix uses rows to represent subjects and columns to represent objects with privileges listed in each cell.| | ||
| |Account Harvesting|The process of collecting all the legitimate account names on a system.| | |Account Harvesting|The process of collecting all the legitimate account names on a system.| | ||
| |Active Content|Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS).| | |Active Content|Program code embedded in the contents of a web page. When the page is accessed by a web browser, the embedded code is automatically downloaded and executed on the user's workstation. Ex. Java, ActiveX (MS).| | ||
| - | |Active Directory|AD. | + | |Active Directory|AD.| |
| + | |:::|A directory service implemented by Microsoft for Windows domain networks. | | ||
| |Activity Monitors|Aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.| | |Activity Monitors|Aim to prevent virus infection by monitoring for malicious activity on a system, and blocking that activity when possible.| | ||
| |AD|Active Directory. | |AD|Active Directory. | ||
| |ADAL| Authoritive Data Access Layer.| | |ADAL| Authoritive Data Access Layer.| | ||
| - | |Address Resolution Protocol|ARP. | + | |Address Resolution Protocol|ARP.| |
| - | |ADS| Authoritive Data Source.| | + | |:::|A protocol for mapping an Internet Protocol address to a physical machine address that is recognized in the local network. |
| + | |ADS|Authoritive Data Source.| | ||
| |ADSL|Asymmetric Digital Subscriber Line (ADSL) is a technology for transmitting digital information at high bandwidth on existing phone lines to homes and businesses. | |ADSL|Asymmetric Digital Subscriber Line (ADSL) is a technology for transmitting digital information at high bandwidth on existing phone lines to homes and businesses. | ||
| - | |Advanced Encryption Standard|AES. | + | |Advanced Encryption Standard|AES.| |
| - | |AEOD | After End-of-Day.| | + | |:::|An encryption standard being developed by NIST. Intended to specify an unclassified, |
| + | |AEOD|After End-of-Day.| | ||
| |AES|Advanced Encryption Standard. | |AES|Advanced Encryption Standard. | ||
| - | |AIRB| Advanced Internal Rating Based Approach.| | + | |AIRB|Advanced Internal Rating Based Approach.| |
| - | |A&L| Assets and Liabilities | | + | |A& |
| - | |Algorithm| A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.| | + | |Algorithm|A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer.| |
| |AML|Anti money laundering (AML) is a term mainly used in the financial and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent or report money laundering activities.| | |AML|Anti money laundering (AML) is a term mainly used in the financial and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent or report money laundering activities.| | ||
| |AMSC|Application Management Service Centre.| | |AMSC|Application Management Service Centre.| | ||
| Line 43: | Line 48: | ||
| |ARM|Approved Reporting Mechanism.| | |ARM|Approved Reporting Mechanism.| | ||
| |ARP|Address Resolution Protocol. | |ARP|Address Resolution Protocol. | ||
| - | | ARPANET | Advanced Research Projects Agency Network. | + | |ARPANET|Advanced Research Projects Agency Network. |
| - | | ASCII | American Standard Code for Information Interchange.| | + | |ASCII|American Standard Code for Information Interchange.| |
| - | | ASN (Autonomous System Number) | A globally unique number assigned by a registrar for the purposes of Internet routing, | | + | |ASN|Autonomous System Number.| |
| - | | Asymmetric Cryptography | Public-key cryptography. | + | |:::|A globally unique number assigned by a registrar for the purposes of Internet routing, | |
| - | | Asymmetric Warfare | Asymmetric warfare is the application of dissimilar strategies, tactics, capabilities and approaches used to circumvent or negate an opponent' | + | |Asymmetric Cryptography|Public-key cryptography. |
| - | | Auditing | The information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.| | + | |Asymmetric Warfare|Asymmetric warfare is the application of dissimilar strategies, tactics, capabilities and approaches used to circumvent or negate an opponent' |
| - | | Asymmetric Digital Subscriber Line (ADSL) | Asymmetric Digital Subscriber Line (ADSL) is a technology for transmitting digital information at high bandwidth on existing phone lines to homes and businesses. | + | |Auditing|The information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities.| |
| - | | Asynchronous Transfer Mode (ATM) | Asynchronous Transfer Mode (ATM) is a broadband technology that permits large volumes of voice, image, text, or video data to be transmitted simultaneously. | + | |Asymmetric Digital Subscriber Line|ADSL.| |
| - | | ATM (Asynchronous Transfer Mode) | Asynchronous Transfer Mode (ATM) is a broadband technology that permits large volumes of voice, image, text, or video data to be transmitted simultaneously. | + | |:::|Asymmetric Digital Subscriber Line (ADSL) is a technology for transmitting digital information at high bandwidth on existing phone lines to homes and businesses. |
| - | | ATP | Accelerated Training Program.| | + | |Asynchronous Transfer Mode|Asynchronous Transfer Mode (ATM) is a broadband technology that permits large volumes of voice, image, text, or video data to be transmitted simultaneously. |
| - | | AUA | Assets Under Administration.| | + | |ATM|Asynchronous Transfer Mode (ATM) is a broadband technology that permits large volumes of voice, image, text, or video data to be transmitted simultaneously. |
| - | | AUM | Assets Under Management.| | + | |ATP|Accelerated Training Program.| |
| - | | Authentication | The process of confirming the correctness of the claimed identity.| | + | |AUA|Assets Under Administration.| |
| - | | Authorization | The approval, permission, or empowerment for someone or something to do something.| | + | |AUM|Assets Under Management.| |
| - | | Autonomous System | One network or series of networks that are all under one administrative control. | + | |Authentication|The process of confirming the correctness of the claimed identity.| |
| - | | Autonomous System Number | + | |Authorization|The approval, permission, or empowerment for someone or something to do something.| |
| - | | Availability | The need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.| | + | |Autonomous System|One network or series of networks that are all under one administrative control. |
| - | | Backdoor | A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.| | + | |Autonomous System Number|ASN.| |
| - | | Bandwidth | Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second.| | + | |:::|A globally unique number assigned by a registrar for the purposes of Internet routing.| |
| - | | Banner | A banner is the information that is displayed to a remote user trying to connect to a service. | + | |Availability|The need to ensure that the business purpose of the system can be met and that it is accessible to those who need to use it.| |
| - | | BAP | Business and Personal.| | + | |Backdoor|A backdoor is a tool installed after a compromise to give an attacker easier access to the compromised system around any security mechanisms that are in place.| |
| - | | Basic Authentication | Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.| | + | |Bandwidth|Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second.| |
| - | | Bastion Host | A bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet.| | + | |Banner|A banner is the information that is displayed to a remote user trying to connect to a service. |
| - | | BAU | Business as Usual.| | + | |BAP|Business and Personal.| |
| - | | BBS (Bulletin Board System) | A Bulletin Board System (BBS) is a computerized meeting and announcement system that allows people to carry on discussions, | + | |Basic Authentication|Basic Authentication is the simplest web-based authentication scheme that works by sending the username and password with each request.| |
| - | | BCM (Business Continuity Management) | The management of a Business Continuity Plan (BCP).| | + | |Bastion Host|A bastion host has been hardened in anticipation of vulnerabilities that have not been discovered yet.| |
| - | | BCP (Business Continuity Plan) | A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.| | + | |BAU|Business as Usual.| |
| - | | BDC | Business Delivery and Control.| | + | |BBS|Bulletin Board System.| |
| - | | BEOD | Before End-of-Day.| | + | |:::|A Bulletin Board System (BBS) is a computerized meeting and announcement system that allows people to carry on discussions, |
| - | | Berkeley Internet Name Domain | + | |BCM|Business Continuity Management. The management of a Business Continuity Plan (BCP).| |
| - | | BIOS | Basic Input Output System. | + | |BCP|Business Continuity Plan. A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.| |
| - | | BGP (Border Gateway Protocol) | An inter-autonomous system routing protocol. | + | |BDC|Business Delivery and Control.| |
| - | | BIA (Business Impact Analysis) | A Business Impact Analysis determines what levels of impact to a system are tolerable.| | + | |BEOD|Before End-of-Day.| |
| - | | BIND (Berkeley Internet Name Domain) | BIND is an implementation of DNS. DNS is used for domain name to IP address resolution. | + | |Berkeley Internet Name Domain|BIND is an implementation of DNS. DNS is used for domain name to IP address resolution. |
| - | | Biometrics | Biometrics use physical characteristics of the users to identify the user.| | + | |BIOS|Basic Input Output System. |
| - | | Bit | The smallest unit of information storage; a contraction of the term " | + | |BGP|Border Gateway Protocol. An inter-autonomous system routing protocol. |
| - | | Block Cipher | A block cipher encrypts one block of data at a time.| | + | |BIA|Business Impact Analysis.| |
| - | | Blog | Blog is a direct means for an individual to share ideas, thoughts, opinions, and information concerning a particular topic with an audience, using the Web as the medium. | + | |:::|A Business Impact Analysis determines what levels of impact to a system are tolerable.| |
| - | | BLoR | Business List of Records. | + | |BIND|Berkeley Internet Name Domain.| |
| - | | BOM | Business Only Membership.| | + | |:::|BIND is an implementation of DNS. DNS is used for domain name to IP address resolution. |
| - | | Border Gateway Protocol | + | |Biometrics|Biometrics use physical characteristics of the users to identify the user.| |
| - | | Boot Record Infector | A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.| | + | |Bit|The smallest unit of information storage; a contraction of the term " |
| - | | Bot | Also called ‘Internet bots’; refers to computers that perform tasks without human input. | + | |Block Cipher|A block cipher encrypts one block of data at a time.| |
| - | | Botnet | A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.| | + | |Blog|Blog is a direct means for an individual to share ideas, thoughts, opinions, and information concerning a particular topic with an audience, using the Web as the medium. |
| - | | B&R | Books and Records.| | + | |BLoR|Business List of Records. |
| - | | BRD | Business Requirements Document. | + | |BOM|Business Only Membership.| |
| - | | Break Glass | Temporary limited access to a production environment. | + | |Border Gateway Protocol|BGP.| |
| - | | Bridge | A mechanism (software or hardware) which connect two communication segments. Bridges generally operate at OSI Layer 2 or 3, but may operate from the physical layer up to the application layer. | + | |:::|An inter-autonomous system routing protocol. |
| - | | BRM | Business Risk Managers.| | + | |Boot Record Infector|A boot record infector is a piece of malware that inserts malicious code into the boot sector of a disk.| |
| - | | Broadcast | To send the same message to an unknown number of destinations without addressing. Examples: ARP, Radio. See also multicast.| | + | |Bot|Also called ‘Internet bots’; refers to computers that perform tasks without human input. |
| - | | Broadcast Address | An address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol.| | + | |Botnet|A botnet is a large number of compromised computers that are used to create and send spam or viruses or flood a network with messages as a denial of service attack.| |
| - | | Browser | A client computer program that can retrieve and display information from servers on the World Wide Web.| | + | |B& |
| - | | Brute Force | A crypto-analysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, | + | |BRD|Business Requirements Document. |
| - | | BSM | Balance Sheet Management.| | + | |Break Glass|Temporary limited access to a production environment. |
| - | | BSS 7799 | British Standard 7799. A standard code of practice and provides guidance on how to secure an information system. | + | |Bridge|A mechanism (software or hardware) which connect two communication segments. Bridges generally operate at OSI Layer 2 or 3, but may operate from the physical layer up to the application layer. |
| - | | BST | British Summer Time.| | + | |BRM|Business Risk Managers.| |
| - | | Buffer Overflow | A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.| | + | |Broadcast|To send the same message to an unknown number of destinations without addressing. Examples: ARP, Radio. See also multicast.| |
| - | | Bullet-proof hosting | Bullet-proof hosting is a service provided by some domain hosting or web hosting firms that allow their customer considerable leniency in the kinds of material they may upload and distribute. | + | |Broadcast Address|An address used to broadcast a datagram to all hosts on a given network using UDP or ICMP protocol.| |
| - | | Bulletin Board System | + | |Browser|A client computer program that can retrieve and display information from servers on the World Wide Web.| |
| - | | Business Continuity Management | + | |Brute Force|A crypto-analysis technique or other kind of attack method involving an exhaustive procedure that tries all possibilities, |
| - | | Business Continuity Plan (BCP) | A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.| | + | |BSM|Balance Sheet Management.| |
| - | | Business Impact Analysis | + | |BSS 7799|British Standard 7799.| |
| - | | Business Intelligence | Business intelligence is now widely accepted as being concerned with information technology solutions for transforming the output from large data collections into Intelligence; | + | |:::|A standard code of practice and provides guidance on how to secure an information system. |
| - | | BYOD | Bring Your Own Device.| | + | |BST|British Summer Time.| |
| - | | Byte | A fundamental unit of computer storage; the smallest addressable unit in a computer' | + | |Buffer Overflow|A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information - which has to go somewhere - can overflow into adjacent buffers, corrupting or overwriting the valid data held in them.| |
| - | | CA | Certificate Authority.| | + | |Bullet-proof hosting|Bullet-proof hosting is a service provided by some domain hosting or web hosting firms that allow their customer considerable leniency in the kinds of material they may upload and distribute. |
| - | | CAB | Change Advisory Board.| | + | |Bulletin Board System|BBS| |
| - | | CAC (Call Admission Control) | The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies.| | + | |:::|A Bulletin Board System (BBS) is a computerized meeting and announcement system that allows people to carry on discussions, |
| - | | Cache | Pronounced cash, a special high-speed storage mechanism. | + | |Business Continuity Management|BCM.| |
| - | | Cache Cramming | Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.| | + | |:::|The management of a Business Continuity Plan (BCP).| |
| - | | Cache Poisoning | Malicious or misleading data from a remote name server is saved [cached] by another name server. | + | |Business Continuity Plan|BCP.| |
| - | | Call Admission Control | + | |:::|A Business Continuity Plan is the plan for emergency response, backup operations, and post-disaster recovery steps that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation.| |
| - | | CAMS | Cash Management System.| | + | |Business Impact Analysis|BIA.| |
| - | | Carding | Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. | + | |:::|A Business Impact Analysis determines what levels of impact to a system are tolerable.| |
| - | | Cash-out | The aspect of a cybercrime operation where stolen electronic funds are finally withdrawn from the finance system in the form of hard cash, often perpetrated by the use of ‘money mules’.| | + | |Business Intelligence|Business intelligence is now widely accepted as being concerned with information technology solutions for transforming the output from large data collections into Intelligence; |
| - | | CCO | Chief Controls Office. | + | |BYOD|Bring Your Own Device.| |
| - | | CDC | Client Data Controls.| | + | |Byte|A fundamental unit of computer storage; the smallest addressable unit in a computer' |
| - | | CDI | Client Data Interface.| | + | |CA|Certificate Authority.| |
| - | | Cell | A cell is a unit of data transmitted over an ATM network. A cell is also a single physical memory location within flash memory.| | + | |CAB|Change Advisory Board.| |
| - | | CERT (Computer Emergency Response Team) | An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.| | + | |CAC|Call Admission Control.| |
| - | | Certificate-based Authentication | Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.| | + | |:::|The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies.| |
| - | | CFF | Common File Format.| | + | |Cache|Pronounced cash, a special high-speed storage mechanism. |
| - | | CGI (Common Gateway Interface) | This mechanism is used by HTTP servers (web servers) to pass parameters to executable scripts in order to generate responses dynamically.| | + | |Cache Cramming|Cache Cramming is the technique of tricking a browser to run cached Java code from the local disk, instead of the internet zone, so it runs with less restrictive permissions.| |
| - | | Chain of Custody | Chain of Custody is the important application of the Federal rules of evidence and its handling.| | + | |Cache Poisoning|Malicious or misleading data from a remote name server is saved [cached] by another name server. |
| - | | Challenge Handshake Authentication Protocol | + | |Call Admission Control|CAC.| |
| - | | CHAP (Challenge Handshake Authentication Protocol) | The Challenge-Handshake Authentication Protocol uses a challenge/ | + | |:::|The inspection and control all inbound and outbound voice network activity by a voice firewall based on user-defined policies.| |
| - | | Chatroom | The name for a discussion group or chat room.| | + | |CAMS|Cash Management System.| |
| - | | Checksum | A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.| | + | |Carding|Carding is a term used for a process to verify the validity of stolen card data. The thief presents the card information on a website that has real-time transaction processing. |
| - | | CI | Configuration Item.| | + | |Cash-out|The aspect of a cybercrime operation where stolen electronic funds are finally withdrawn from the finance system in the form of hard cash, often perpetrated by the use of ‘money mules’.| |
| - | | CIP | Customer Identification Program.| | + | |CCO|Chief Controls Office.| |
| - | | Cipher | A cryptographic algorithm for encryption and decryption.| | + | |:::|The Chief Controls Office centralizes and increases the focus on maintaining and enhancing an effective control framework.| |
| - | | Ciphertext | Ciphertext is the encrypted form of the message being sent.| | + | |CDC|Client Data Controls.| |
| - | | Circuit Switched Network | A circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up.| | + | |CDI|Client Data Interface.| |
| - | | CIS | Customer Identification System.| | + | |Cell|A cell is a unit of data transmitted over an ATM network. A cell is also a single physical memory location within flash memory.| |
| - | | CIS | Customer Information System.| | + | |CERT|Computer Emergency Response Team. |
| - | | CIT | Component Integration Testing.| | + | |Certificate-based Authentication | Certificate-Based Authentication is the use of SSL and certificates to authenticate and encrypt HTTP traffic.| |
| - | | CL | Control Language.| | + | |CFF|Common File Format.| |
| - | | Client | A system entity that requests and uses a service provided by another system entity, called a " | + | |CGI|Common Gateway Interface. |
| - | | CMDB | Configuration Management Database.| | + | |Chain of Custody|Chain of Custody is the important application of the Federal rules of evidence and its handling.| |
| - | | CMOD | Central Management On Demand.| | + | |Challenge Handshake Authentication Protocol|CHAP. |
| - | | CMR | Customer Master Record.| | + | |CHAP|Challenge Handshake Authentication Protocol.| |
| - | | CMS | Change Management Standard.| | + | |:::|The Challenge-Handshake Authentication Protocol uses a challenge/ |
| - | | COA | Change of Address.| | + | |Chatroom|The name for a discussion group or chat room.| |
| - | | CoB | Close of Business.| | + | |Checksum|A value that is computed by a function that is dependent on the contents of a data object and is stored or transmitted together with the object, for the purpose of detecting changes in the data.| |
| - | | Cold Disaster Recovery Site | Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, | + | |CI|Configuration Item.| |
| - | | Collision | A collision occurs when multiple systems transmit simultaneously on the same wire.| | + | |CIP|Customer Identification Program.| |
| - | | Common Gateway Interface | + | |Cipher|A cryptographic algorithm for encryption and decryption.| |
| - | | Competitive Intelligence | Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.| | + | |Ciphertext|Ciphertext is the encrypted form of the message being sent.| |
| - | | Competitor Intelligence | Competitor Intelligence is a subdivision of Business intelligence that concerns the current and proposed business activities of competitors.| | + | |Circuit Switched Network|A circuit switched network is where a single continuous physical circuit connected two endpoints where the route was immutable once set up.| |
| - | | Compromise | Also called a security breach, a security compromise is a term used to describe an intentional or unintentional event that has exposed confidential data to unauthorized persons. | + | |CIS|Customer Identification System.| |
| - | | Computer Emergency Response Team (CERT) | An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.| | + | |CIS|Customer Information System.| |
| - | | Computer Network | A collection of host computers together with the sub-network or inter-network through which they can exchange data.| | + | |CIT|Component Integration Testing.| |
| - | | CON | Change of Name.| | + | |CL|Control Language.| |
| - | | Confidentiality | Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.| | + | |Client|A system entity that requests and uses a service provided by another system entity, called a " |
| - | | Configuration Management | Establish a known baseline condition and manage it.| | + | |CMDB|Configuration Management Database.| |
| - | | COO | Chief Operating Office.| | + | |CMOD|Central Management On Demand.| |
| - | | Cookie | Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. | + | |CMR|Customer Master Record.| |
| - | | Corruption | A threat action that undesirably alters system operation by adversely modifying system functions or data.| | + | |CMS|Change Management Standard.| |
| - | | Cost Benefit Analysis | A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk.| | + | |COA|Change of Address.| |
| - | | Countermeasure | Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. | + | |CoB|Close of Business.| |
| - | | Covert Channels | Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information.| | + | |Cold Disaster Recovery Site|Hardware is ordered, shipped and installed, and software is loaded. Basic telecommunications, |
| - | | CP | Consultation Paper.| | + | |Collision|A collision occurs when multiple systems transmit simultaneously on the same wire.| |
| - | | CR | Change Record.| | + | |Common Gateway Interface|CGI. |
| - | | CR | Change Request.| | + | |Competitive Intelligence|Competitive Intelligence is espionage using legal, or at least not obviously illegal, means.| |
| - | | CRAID | Changes, Risks, Assumptions, | + | |Competitor Intelligence|Competitor Intelligence is a subdivision of Business intelligence that concerns the current and proposed business activities of competitors.| |
| - | | Crawler | A crawler uses existing Internet search engines to carry out automatic search and retrieval of selected Information on behalf of a user. It may also be known as Web crawler.| | + | |Compromise|Also called a security breach, a security compromise is a term used to describe an intentional or unintentional event that has exposed confidential data to unauthorized persons. |
| - | | CRC (Cyclic Redundancy Check) | Sometimes called " | + | |Computer Emergency Response Team (CERT) | An organization that studies computer and network INFOSEC in order to provide incident response services to victims of attacks, publish alerts concerning vulnerabilities and threats, and offer other information to help improve computer and network security.| |
| - | | Criminal Forum | A forum, usually web based, devoted to the black market trading of stolen credit card details, stolen identity details and tools to commit computer offences.| | + | |Computer Network|A collection of host computers together with the sub-network or inter-network through which they can exchange data.| |
| - | | CRON | Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day.| | + | |CON|Change of Name.| |
| - | | Crossover cable | A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.| | + | |Confidentiality|Confidentiality is the need to ensure that information is disclosed only to those who are authorized to view it.| |
| - | | Cryptanalysis | The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plain-text without knowing the key.| | + | |Configuration Management|Establish a known baseline condition and manage it.| |
| - | | Cryptographic Algorithm | Hash. An algorithm that employs the science of cryptography, | + | |COO|Chief Operating Office.| |
| - | | CSI | Continual Service Improvements.| | + | |Cookie|Data exchanged between an HTTP server and a browser (a client of the server) to store state information on the client side and retrieve it later for server use. An HTTP server, when sending data to a client, may send along a cookie, which the client retains after the HTTP connection closes. |
| - | | CSP | Content Security Policy.| | + | |Corruption|A threat action that undesirably alters system operation by adversely modifying system functions or data.| |
| - | | CTRP | Countries, Towns, Regions and Ports.| | + | |Cost Benefit Analysis|A cost benefit analysis compares the cost of implementing countermeasures with the value of the reduced risk.| |
| - | | Cut-through | Cut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination.| | + | |Countermeasure|Reactive methods used to prevent an exploit from successfully occurring once a threat has been detected. |
| - | | Cyberspace | Cyberspace is the notional environment in which communication over computer networks occurs. | + | |Covert Channels|Covert Channels are the means by which information can be communicated between two parties in a covert fashion using normal system operations. For example by changing the amount of hard drive space that is available on a file server can be used to communicate information.| |
| - | | Cyclic Redundancy Check (CRC) | Sometimes called " | + | |CP|Consultation Paper.| |
| - | | Daemon | A program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. | + | |CR|Change Record.| |
| - | | Data Aggregation | Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once.| | + | |CR|Change Request.| |
| - | | Data Custodian | A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data.| | + | |CRAID|Changes, |
| - | | Data Encryption Standard | + | |Crawler|A crawler uses existing Internet search engines to carry out automatic search and retrieval of selected Information on behalf of a user. It may also be known as Web crawler.| |
| - | | Data Encryption Standard (DES) | A widely-used method of data encryption using a private (secret) key. There are 72, | + | |CRC|Cyclic Redundancy Check.| |
| - | | Data Mining | Data Mining is a technique used to analyze existing information, | + | |:::|Sometimes called " |
| - | | Data Owner | A Data Owner is the entity having responsibility and authority for the data.| | + | |Criminal Forum|A forum, usually web based, devoted to the black market trading of stolen credit card details, stolen identity details and tools to commit computer offences.| |
| - | | Data Warehouse | A central repository for all or significant parts of the data that an enterprise’s various business systems collect. | + | |CRON|Cron is a Unix application that runs jobs for users and administrators at scheduled times of the day.| |
| - | | Data Warehousing | Data Warehousing is the consolidation of several previously independent databases into one location.| | + | |Crossover cable | A crossover cable reverses the pairs of cables at the other end and can be used to connect devices directly together.| |
| - | | Datagram | Request for Comment 1594 says, "a self-contained, | + | |Cryptanalysis|The mathematical science that deals with analysis of a cryptographic system in order to gain knowledge needed to break or circumvent the protection that the system is designed to provide. In other words, convert the cipher text to plain-text without knowing the key.| |
| - | | Day Zero | The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. | + | |Cryptographic Algorithm|Hash. |
| - | + | |CSI|Continual Service Improvements.| | |
| - | | DB | Database.| | + | |CSP|Content Security Policy.| |
| - | | DBC | Detailed Business Case.| | + | |CTRP|Countries, |
| - | | DCF | Data Control Framework.| | + | |Cut-through|Cut-Through is a method of switching where only the header of a packet is read before it is forwarded to its destination.| |
| - | | DCO | Device Configuration Overlay. | + | |Cyberspace|Cyberspace is the notional environment in which communication over computer networks occurs. |
| - | | DCP | Demand Change Process.| | + | |Cyclic Redundancy Check|CRC. |
| - | | Ddos (Distributed Denial of Service) | Distributed Denial of Service (DdoS) is an attack in which multiple systems flood the bandwidth or resources of a targeted system in an attempt to make it unavailable. | + | |Daemon|A program which is often started at the time the system boots and runs continuously without intervention from any of the users on the system. |
| - | | Decapsulation | Decapsulation is the process of stripping off one layer' | + | |Data Aggregation|Data Aggregation is the ability to get a more complete picture of the information by analyzing several different types of records at once.| |
| - | | Decryption | Decryption is the process of transforming an encrypted message into its original plain-text.| | + | |Data Custodian|A Data Custodian is the entity currently using or manipulating the data, and therefore, temporarily taking responsibility for the data.| |
| - | | Deep Web | Invisible Web. That portion (estimated to be between 60 and 80 per cent) of total Web content that consists of material that is not accessible by standard Search engines. | + | |Data Encryption Standard|DES. A widely-used method of data encryption using a private (secret) key. There are 72, |
| - | | Defacement | Defacement is the method of modifying the content of a website in such a way that it becomes " | + | |Data Mining|Data Mining is a technique used to analyze existing information, |
| - | | Defense In-Depth | Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component.| | + | |Data Owner|A Data Owner is the entity having responsibility and authority for the data.| |
| - | | Demilitarized Zone (DMZ) | In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a sub-network) that sits between an organization' | + | |Data Warehouse|A central repository for all or significant parts of the data that an enterprise’s various business systems collect. |
| - | | Denial of Service | The prevention of authorized access to a system resource or the delaying of system operations and functions.| | + | |Data Warehousing|Data Warehousing is the consolidation of several previously independent databases into one location.| |
| - | | DES (Data Encryption Standard) | A widely-used method of data encryption using a private (secret) key. There are 72, | + | |Datagram|Request for Comment 1594 says, "a self-contained, |
| - | | D&I | Diversity and Inclusion.| | + | |Day Zero|The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. |
| - | | Dictionary Attack | An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.| | + | |DB|Database.| |
| - | | Diffie-Hellman | A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. | + | |DBC|Detailed Business Case.| |
| - | | Digest Authentication | Digest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password.| | + | |DCF|Data Control Framework.| |
| - | | Digital Certificate | A digital certificate is an electronic " | + | |DCO|Device Configuration Overlay.| |
| - | | Digital Envelope | A digital envelope is an encrypted message with the encrypted session key.| | + | |:::|A hidden part of a hard drive that is used by personal computer manufacturers to specify the configuration of a hard drive (regardless of its actual size) to present the same number of sectors to the BIOS and operating system.| |
| - | | Digital Signature | A digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission. | | + | |DCP|Demand Change Process.| |
| - | | Digital Signature Algorithm | + | |DDOS|Distributed Denial of Service.| |
| - | | Digital Signature Standard | + | |:::|Distributed Denial of Service (DDOS) is an attack in which multiple systems flood the bandwidth or resources of a targeted system in an attempt to make it unavailable. |
| - | | Disassembly | The process of taking a binary program and deriving the source code from it.| | + | |Decapsulation | Decapsulation is the process of stripping off one layer' |
| - | | Disaster Recovery Plan (DRP) | A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.| | + | |Decryption|Decryption is the process of transforming an encrypted message into its original plain-text.| |
| - | | Discretionary Access Control | + | |Deep Web|Invisible Web. That portion (estimated to be between 60 and 80 per cent) of total Web content that consists of material that is not accessible by standard Search engines. |
| - | | Dispensation | Temporary exclusion from Policy or Scope.| | + | |Defacement|Defacement is the method of modifying the content of a website in such a way that it becomes " |
| - | | Disruption | A circumstance or event that interrupts or prevents the correct operation of system services and functions.| | + | |Defense In-Depth|Defense In-Depth is the approach of using multiple layers of security to guard against failure of a single security component.| |
| - | | Distance Vector | Distance vectors measure the cost of routes to determine the best route to all known networks.| | + | |Demilitarized Zone|DMZ.| |
| - | | Distributed Denial of Service | + | |:::|In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a sub-network) that sits between an organization' |
| - | | Distributed Scans | Distributed Scans are scans that use multiple source addresses to gather information.| | + | |Denial of Service|The prevention of authorized access to a system resource or the delaying of system operations and functions.| |
| - | | DLL (Dynamic Link Library) | A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. | + | |DES|Data Encryption Standard).| |
| - | | DLP | Data Loss Prevention.| | + | |:::|A widely-used method of data encryption using a private (secret) key. There are 72, |
| - | | DMS | Document Management System.| | + | |D& |
| - | | DM&W | Document Management and Workflow.| | + | |Dictionary Attack|An attack that tries all of the phrases or words in a dictionary, trying to crack a password or key. A dictionary attack uses a predefined list of words compared to a brute force attack that tries all possible combinations.| |
| - | | DMZ (Demilitarized Zone) | In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a sub-network) that sits between an organization' | + | |Diffie-Hellman|A key agreement algorithm published in 1976 by Whitfield Diffie and Martin Hellman. |
| - | | DNS (Domain Name System) | The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember " | + | |Digest Authentication|Digest Authentication allows a web client to compute MD5 hashes of the password to prove it has the password.| |
| - | | Domain | A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. | + | |Digital Certificate|A digital certificate is an electronic " |
| - | | Domain Hijacking | Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain' | + | |Digital Envelope|A digital envelope is an encrypted message with the encrypted session key.| |
| - | | Domain Name | A domain name locates an organization or other entity on the Internet. | + | |Digital Signature|A digital signature is a hash of a message that uniquely identifies the sender of the message and proves the message hasn't changed since transmission. | |
| - | | Domain Name System | + | |Digital Signature Algorithm|DSA.| |
| - | | Download | To download is to retrieve Information from the Internet.| | + | |:::|An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. |
| - | | DP | Discussion Paper.| | + | |Digital Signature Standard|DSS.| |
| - | | DPIA | Data Protection Input Assessment.| | + | |:::|The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.| |
| - | | DR | Disaster Recovery. | + | |Disassembly|The process of taking a binary program and deriving the source code from it.| |
| - | | Drop Site | Malware that steals data will upload the information to a Drop Site for later retrieval.| | + | |Disaster Recovery Plan|DRP.| |
| - | | DSA (Digital Signature Algorithm) | An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. | + | |:::|A Disaster Recovery Plan is the process of recovery of IT systems in the event of a disruption or disaster.| |
| - | | DSS (Digital Signature Standard | The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.| | + | |Discretionary Access Control|DAC.| |
| - | | DTU | Data Transfer Utility.| | + | |:::|Discretionary Access Control consists of something the user can manage, such as a document password.| |
| - | | Due Care | Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry.| | + | |Dispensation|Temporary exclusion from Policy or Scope.| |
| - | | Due Diligence | Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additionally deploy a means to detect them if they occur.| | + | |Disruption|A circumstance or event that interrupts or prevents the correct operation of system services and functions.| |
| - | | Dump | Generally used to mean the data from a database, in reference to online fraud the term usually refers to debit or credit card’s dumps, which were skimmed or hacked and may include credit card track data, PINs and CCV numbers.| | + | |Distance Vector|Distance vectors measure the cost of routes to determine the best route to all known networks.| |
| - | | DumpSec | DumpSec is a security tool that dumps a variety of information about a system' | + | |Distributed Denial of Service|DDOS.| |
| - | | Dumpster Diving | Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.| | + | |:::|Distributed Denial of Service (DDOS) is an attack in which multiple systems flood the bandwidth or resources of a targeted system in an attempt to make it unavailable. |
| - | | DWB | Dispensation, | + | |Distributed Scans|Distributed Scans are scans that use multiple source addresses to gather information.| |
| - | | DX | Developer Experience.| | + | |DLL|Dynamic Link Library.| |
| - | | Dynamic Link Library | + | |:::|A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. |
| - | | Dynamic Routing Protocol | Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbour routers, is usually called a routing daemon. | + | |DLP|Data Loss Prevention.| |
| - | | E2E | End-to-End. | + | |DMS|Document Management System.| |
| - | | EAD | Exposure at Default.| | + | |DM& |
| - | | EAP (Extensible Authentication Protocol) | A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, | + | |DMZ|Demilitarized Zone.| |
| - | | Eavesdropping | Eavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network.| | + | |:::|In computer security, in general a demilitarized zone (DMZ) or perimeter network is a network area (a sub-network) that sits between an organization' |
| - | | e-Commerce | + | |DNS|Domain Name System.| |
| - | | Echo Reply | An echo reply is the response a machine that has received an echo request sends over ICMP.| | + | |:::|The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember " |
| - | | Echo Request | An echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.| | + | |Domain|A sphere of knowledge, or a collection of facts about some program entities or a number of network points or addresses, identified by a name. On the Internet, a domain consists of a set of network addresses. |
| - | | EDS | European Data Store.| | + | |Domain Hijacking|Domain hijacking is an attack by which an attacker takes over a domain by first blocking access to the domain' |
| - | | EFT (Electronic Funds Transfer) | + | |Domain Name|A domain name locates an organization or other entity on the Internet. |
| - | | Egress Filtering | Filtering outbound traffic.| | + | |Domain Name System|DNS.| |
| - | | EGP (Exterior Gateway Protocol) | A protocol which distributes routing information to the routers which connect autonomous systems.| | + | |:::|The domain name system (DNS) is the way that Internet domain names are located and translated into Internet Protocol addresses. A domain name is a meaningful and easy-to-remember " |
| - | | EGW | Engagement Gateway.| | + | |Download|To download is to retrieve Information from the Internet.| |
| - | | EIN | Employee Identification Number. | + | |DP|Discussion Paper.| |
| - | | Electronic Commerce | + | |DPIA|Data Protection Input Assessment.| |
| - | | Electronic Funds Transfer | + | |DR|Disaster Recovery. |
| - | | Emanations Analysis | Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data.| | + | |Drop Site|Malware that steals data will upload the information to a Drop Site for later retrieval.| |
| - | | Encapsulation | The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.| | + | |DSA|Digital Signature Algorithm.| |
| - | | Encryption | Cryptographic transformation of data (called " | + | |:::|An asymmetric cryptographic algorithm that produces a digital signature in the form of a pair of large numbers. |
| - | | EOD | End-of-Day.| | + | |DSS|Digital Signature Standard.| |
| - | | Ephemeral Port | Also called a transient port or a temporary port. Usually is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. | + | |:::|The US Government standard that specifies the Digital Signature Algorithm (DSA), which involves asymmetric cryptography.| |
| - | | Escrow Passwords | Escrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable.| | + | |DTU|Data Transfer Utility.| |
| - | | Espionage | Espionage is the use of illegal means (spying) to collect Information, | + | |Due Care|Due care ensures that a minimal level of protection is in place in accordance with the best practice in the industry.| |
| - | | Ethernet | The most widely-installed LAN technology. | + | |Due Diligence|Due diligence is the requirement that organizations must develop and deploy a protection plan to prevent fraud, abuse, and additionally deploy a means to detect them if they occur.| |
| - | | ETL | Extract, Transform, Load.| | + | |Dump|Generally used to mean the data from a database, in reference to online fraud the term usually refers to debit or credit card’s dumps, which were skimmed or hacked and may include credit card track data, PINs and CCV numbers.| |
| - | | EUDA | End User Developed Application.| | + | |DumpSec|DumpSec is a security tool that dumps a variety of information about a system' |
| - | | Event | An event is an observable occurrence in a system or network.| | + | |Dumpster Diving|Dumpster Diving is obtaining passwords and corporate directories by searching through discarded media.| |
| - | | EXCO | Executive Committee, Executive Council.| | + | |DWB|Dispensation, |
| - | | Exploit | A sequence of actions or a program that enables an individual to take advantage of, or exploit, a vulnerability or security weakness in a program or system.| | + | |DX|Developer Experience.| |
| - | | Exponential Backoff Algorithm | An exponential backoff algorithm is used to adjust TCP timeout values on the fly so that network devices don't continue to timeout sending data over saturated links.| | + | |Dynamic Link Library|DLL.| |
| - | | Exposure | A threat action whereby sensitive data is directly released to an unauthorized entity.| | + | |:::|A collection of small programs, any of which can be called when needed by a larger program that is running in the computer. |
| - | | Extended ACLS | Cisco. | + | |Dynamic Routing Protocol|Allows network devices to learn routes. Ex. RIP, EIGRP Dynamic routing occurs when routers talk to adjacent routers, informing each other of what networks each router is currently connected to. The routers must communicate using a routing protocol, of which there are many to choose from. The process on the router that is running the routing protocol, communicating with its neighbour routers, is usually called a routing daemon. |
| - | | Extensible Authentication Protocol | + | |E2E|End-to-End. |
| - | | Exterior Gateway Protocol | + | |EAD|Exposure at Default.| |
| - | | Extranet | Extranet is that portion of an organization’s Intranet that is accessible by selected individuals (for example, collaborators, | + | |EAP|Extensible Authentication Protocol.| |
| - | | False Rejects | False Rejects are when an authentication system fails to recognize a valid user.| | + | |:::|A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, |
| - | | Fast File System | The first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.| | + | |Eavesdropping|Eavesdropping is simply listening to a private conversation which may reveal information which can provide access to a facility or network.| |
| - | | Fast Flux | Protection method used by botnets consisting of a continuous and fast change of the DNS records for a domain name through different IP addresses.| | + | |e-Commerce|Electronic Commerce, also known as e-Commerce, covers a range of activities under which businesses and their customers can carry out transactions electronically between computer systems. |
| - | | FAT | Functional Acceptance Testing. | + | |Echo Reply| An echo reply is the response a machine that has received an echo request sends over ICMP.| |
| - | | Fault Line Attacks | Fault Line Attacks use weaknesses between interfaces of systems to exploit gaps in coverage.| | + | |Echo Request|An echo request is an ICMP message sent to a machine to determine if it is online and how long traffic takes to get to it.| |
| - | | FCT | Functional Confidence Testing. | + | |EDS|European Data Store.| |
| - | | File Transfer Protocol | + | |EFT|Electronic Funds Transfer is the transfer of cash or credit from one account to another using computers and telecommunications.| |
| - | | Filter | + | |Egress Filtering | Filtering outbound traffic.| |
| - | | Filtering Router | An inter-network router that selectively prevents the passage of data packets according to a security policy. | + | |EGP|Exterior Gateway Protocol). |
| - | | Finger | A protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. | + | |:::|A protocol which distributes routing information to the routers which connect autonomous systems.| |
| - | | Fingerprinting | Sending strange packets to a system in order to gauge how it responds to determine the operating system.| | + | |EGW|Engagement Gateway.| |
| - | | Firewall | A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.| | + | |EIN|Employee Identification Number.| |
| - | | Flooding | An attack that attempts to cause a failure in (especially, | + | |Electronic Commerce|Electronic Commerce, also known as e-Commerce, covers a range of activities under which businesses and their customers can carry out transactions electronically between computer systems. |
| - | | Forest | A forest is a set of Active Directory domains that replicate their databases with each other.| | + | |Electronic Funds Transfer|Electronic Funds Transfer |
| - | | Fork Bomb | A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. | + | |Emanations Analysis|Gaining direct knowledge of communicated data by monitoring and resolving a signal that is emitted by a system and that contains the data but is not intended to communicate the data.| |
| - | | Form-based Authentication | Form-Based Authentication uses forms on a webpage to ask a user to input username and password information.| | + | |Encapsulation|The inclusion of one data structure within another structure so that the first data structure is hidden for the time being.| |
| - | | Forward Lookup | Forward lookup uses an Internet domain name to find an IP address.| | + | |Encryption|Cryptographic transformation of data (called " |
| - | | Forward Proxy | Forward Proxies are designed to be the server through which all requests are made.| | + | |EOD|End-of-Day.| |
| - | | FQDN | Fully Qualified Domain Name. The name of the physical host including the domain name; and where necessary the name of the DNS alias or availability group listener the application uses to connect.| | + | |Ephemeral Port|Also called a transient port or a temporary port. Usually is on the client side. It is set up when a client application wants to connect to a server and is destroyed when the client application terminates. |
| - | | Fragment Offset | The fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.| | + | |Escrow Passwords|Escrow Passwords are passwords that are written down and stored in a secure location (like a safe) that are used by emergency personnel when privileged personnel are unavailable.| |
| - | | Fragment Overlap Attack | A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. | + | |Espionage|Espionage is the use of illegal means (spying) to collect Information, |
| - | | Fragmentation | The process of storing a data file in several " | + | |Ethernet|The most widely-installed LAN technology. |
| - | | Frames | Data that is transmitted between network points as a unit complete with addressing and necessary protocol control information. | + | |ETL|Extract, |
| - | | FTP (File Transfer Protocol) | A TCP/IP protocol specifying the transfer of text or binary files across the network.| | + | |EUDA|End User Developed Application.| |
| - | | Full Duplex | A type of duplex communications channel which carries data in both directions at once. Refers to the transmission of data in two directions simultaneously. | + | |Event|An event is an observable occurrence in a system or network.| |
| - | | Fully-Qualified Domain Name | A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.| | + | |EXCO|Executive Committee, Executive Council.| |
| - | | Fuzzing | The use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also see " | + | |Exploit|A sequence of actions or a program that enables an individual to take advantage of, or exploit, a vulnerability or security weakness in a program or system.| |
| - | | Gateway | A network point that acts as an entrance to another network.| | + | |Exponential Backoff Algorithm|An exponential backoff algorithm is used to adjust TCP timeout values on the fly so that network devices don't continue to timeout sending data over saturated links.| |
| - | | GETHOSTBYADDR | The gethostbyaddr DNS query is when the address of a machine is known and the name is needed.| | + | |Exposure|A threat action whereby sensitive data is directly released to an unauthorized entity.| |
| - | | GETHOSTBYNAME | The gethostbyname DNS quest is when the name of a machine is known and the address is needed.| | + | |Extended ACLS|Cisco. |
| - | | GIS | Global Information Security.| | + | |Extensible Authentication Protocol|EAP.| |
| - | | GNU | GNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. | + | |:::|A framework that supports multiple, optional authentication mechanisms for PPP, including clear-text passwords, challenge-response, |
| - | | GNUTELLA | An Internet file sharing utility. | + | |Exterior Gateway Protocol|EGP.| |
| - | | GTIS | Global Technology Infrastructure Group.| | + | |:::|A protocol which distributes routing information to the routers which connect autonomous systems.| |
| - | | GW | Gateway.| | + | |Extranet|Extranet is that portion of an organization’s Intranet that is accessible by selected individuals (for example, collaborators, |
| - | | Hactivist | An activist who uses illegal or legally ambiguous digital tools or methods in pursuit of political ends; methods employed include web site defacements, | + | |False Rejects|False Rejects are when an authentication system fails to recognize a valid user.| |
| - | | HAM | Hardware Asset Management.| | + | |Fast File System|The first major revision to the Unix file system, providing faster read access and faster (delayed, asynchronous) write access through a disk cache and better file system layout on disk. It uses inodes (pointers) and data blocks.| |
| - | | Hardening | Hardening is the process of identifying and fixing vulnerabilities on a system.| | + | |Fast Flux|Protection method used by botnets consisting of a continuous and fast change of the DNS records for a domain name through different IP addresses.| |
| - | | Hash Function | An algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object.| | + | |FAT|Functional Acceptance Testing.| |
| - | | Hash Functions | (cryptographic) hash functions are used to generate a one way "check sum" for a larger text, which is not trivially reversed. | + | |:::|See FCT.| |
| - | | Header | A header is the extra information in a packet that is needed for the protocol stack to process the packet.| | + | |Fault Line Attacks|Fault Line Attacks use weaknesses between interfaces of systems to exploit gaps in coverage.| |
| - | | Hijack Attack | A form of active wiretapping in which the attacker seizes control of a previously established communication association.| | + | |FCT|Functional Confidence Testing.| |
| - | | Honey Client | See Honeymonkey.| | + | |:::|Functional testing covers Unit Testing, Smoke Testing, Sanity Testing, Intergration Testing (Top Down, Bottom Up), Interface and Useability Testing, System Testing, Regression Testing, Per User Acceptance Testing (Alpha and Beta), User Acceptance Testing, White Box and Black Box Testing, Globalization and Location Testing.| |
| - | | Honey Pot | Programs that simulate one or more network services that you designate on your computer' | + | |File Transfer Protocol|FTP. |
| - | | Honeymonkey | Automated system simulating a user browsing websites. | + | |Filter A filter is used to specify which packets will or will not be used. It can be used in sniffers to determine which packets get displayed, or by firewalls to determine which packets get blocked.| |
| - | | Hops | A hop is each exchange with a gateway a packet takes on its way to the destination.| | + | |Filtering Router|An inter-network router that selectively prevents the passage of data packets according to a security policy. |
| - | | Host | Any computer that has full two-way access to other computers on the Internet. | + | |Finger|A protocol to lookup user information on a given host. A Unix program that takes an e-mail address as input and returns information about the user who owns that e-mail address. |
| - | | Host-based ID | Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. | + | |Fingerprinting|Sending strange packets to a system in order to gauge how it responds to determine the operating system.| |
| - | | Host-Based Intrusion Detection | Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. | + | |Firewall|A logical or physical discontinuity in a network to prevent unauthorized access to data or resources.| |
| - | | Hot Disaster Recovery Site | It contains fully redundant hardware and software, with telecommunications, | + | |Flooding|An attack that attempts to cause a failure in (especially, |
| - | | Hot Fix | A hot fix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). Typically, hot fixes are made to address a specific customer situation and are not rolled out across the organisation. | + | |Forest|A forest is a set of Active Directory domains that replicate their databases with each other.| |
| - | | HPA | Host Protected Area. Sometimes called the Hidden Protected Area is a section of a hard drive that is hidden or not normally visible to the operating system, and is often used by software or personal computer manufactorers for system recovery and the backup of system configuration data.| | + | |Fork Bomb|A Fork Bomb works by using the fork() call to create a new process which is a copy of the original. |
| - | | HTML (Hypertext Markup Language) | The set of markup symbols or codes inserted in a file intended for display on a World Wide Web browser page.| | + | |Form-based Authentication|Form-Based Authentication uses forms on a webpage to ask a user to input username and password information.| |
| - | | HTTP (Hypertext Transfer Protocol) | The protocol in the Internet Protocol (IP) family used to transport hypertext documents across an internet.| | + | |Forward Lookup|Forward lookup uses an Internet domain name to find an IP address.| |
| - | | HTTP Proxy | An HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers.| | + | |Forward Proxy|Forward Proxies are designed to be the server through which all requests are made.| |
| - | | HTTPS | When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL. | | + | |FQDN|Fully Qualified Domain Name. The name of the physical host including the domain name; and where necessary the name of the DNS alias or availability group listener the application uses to connect.| |
| - | | HUB | A hub is a network device that operates by repeating data that it receives on one port to all the other ports. | + | |Fragment Offset|The fragment offset field tells the sender where a particular fragment falls in relation to other fragments in the original larger packet.| |
| - | | Humint | + | |Fragment Overlap Attack|A TCP/IP Fragmentation Attack that is possible because IP allows packets to be broken down into fragments for more efficient transport across various media. |
| - | | Hybrid Attack | A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.| | + | |Fragmentation|The process of storing a data file in several " |
| - | | Hybrid Encryption | An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption.| | + | |Frames|Data that is transmitted between network points as a unit complete with addressing and necessary protocol control information. |
| - | | Hyperlink | In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link.| | + | |FTP|File Transfer Protocol).| |
| - | | Hypertext Markup Language | + | |:::|A TCP/IP protocol specifying the transfer of text or binary files across the network.| |
| - | | Hypertext Transfer Protocol | + | |Full Duplex|A type of duplex communications channel which carries data in both directions at once. Refers to the transmission of data in two directions simultaneously. |
| - | | ICMP (Internet Control Message Protocol) | An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.| | + | |Fully-Qualified Domain Name|A Fully-Qualified Domain Name is a server name with a hostname followed by the full domain name.| |
| - | | Identity | Identity is whom someone or what something is, for example, the name by which something is known.| | + | |Fuzzing|The use of special regression testing tools to generate out-of-spec input for an application in order to find security vulnerabilities. Also see " |
| - | | IETF (Internet Engineering Task Force) | The body that defines standard Internet operating protocols such as TCP/ | + | |Gateway|A network point that acts as an entrance to another network.| |
| - | | IMAP (Internet Message Access Protocol) | A protocol that defines how a client should fetch mail from and return mail to a mail server. | + | |GETHOSTBYADDR|The gethostbyaddr DNS query is when the address of a machine is known and the name is needed.| |
| - | | Incident | An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.| | + | |GETHOSTBYNAME|The gethostbyname DNS quest is when the name of a machine is known and the address is needed.| |
| - | | Incident Handling | Incident Handling is an action plan for dealing with intrusions, cyber-theft, | + | |GIS|Global Information Security.| |
| - | | Incremental Backups | Incremental backups only backup the files that have been modified since the last backup. | + | |GNU|GNU is a Unix-like operating system that comes with source code that can be copied, modified, and redistributed. |
| - | | Industrial Espionage | Espionage is the use of illegal means (spying) to collect Information, | + | |GNUTELLA|An Internet file sharing utility. |
| - | | INETD | Inetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP.| | + | |GTIS|Global Technology Infrastructure Group.| |
| - | | Inference Attack | Inference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information.| | + | |GW|Gateway.| |
| - | | Information Warfare | Information Warfare is the competition between offensive and defensive players over information resources.| | + | |Hactivist|An activist who uses illegal or legally ambiguous digital tools or methods in pursuit of political ends; methods employed include web site defacements, |
| - | | Ingress Filtering | Ingress Filtering is filtering inbound traffic.| | + | |HAM|Hardware Asset Management.| |
| - | | Input Validations Attack | Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.| | + | |Hardening|Hardening is the process of identifying and fixing vulnerabilities on a system.| |
| - | | Integrity | Integrity is the need to ensure that information has not been changed accidentally or deliberately, | + | |Hash Function|An algorithm that computes a value based on a data object thereby mapping the data object to a smaller data object.| |
| - | | Integrity Star Property | In Integrity Star Property a user cannot read data of a lower integrity level then their own.| | + | |Hash Functions|(cryptographic) hash functions are used to generate a one way "check sum" for a larger text, which is not trivially reversed. |
| - | | Intellectual Property | Intellectual Property refers to the definition and recording of a novel device, product, process or technique so that it may be bought, sold or legally protected. | + | |Header|A header is the extra information in a packet that is needed for the protocol stack to process the packet.| |
| - | | Intelligence | Intelligence is high-level, processed, exploitable Information.| | + | |Hijack Attack|A form of active wiretapping in which the attacker seizes control of a previously established communication association.| |
| - | | International Organization for Standardization (ISO) | A voluntary, non-treaty, non-government organization, | + | |Honey Client|See Honeymonkey.| |
| - | | International Telecommunications Union (ITU-T) | Telecommunication Standardization Sector (formerly " | + | |Honey Pot|Programs that simulate one or more network services that you designate on your computer' |
| - | | Internet | A term to describe connecting multiple separate networks together.| | + | |Honeymonkey|Automated system simulating a user browsing websites. |
| - | | Internet Control Message Protocol | + | |Hops|A hop is each exchange with a gateway a packet takes on its way to the destination.| |
| - | | Internet Engineering Task Force (IETF) | The body that defines standard Internet operating protocols such as TCP/ | + | |Host|Any computer that has full two-way access to other computers on the Internet. |
| - | | Internet Message Access Protocol | + | |Host-based ID|Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. |
| - | | Internet Protocol | + | |Host-Based Intrusion Detection|Host-based intrusion detection systems use information from the operating system audit records to watch all operations occurring on the host that the intrusion detection software has been installed upon. These operations are then compared with a pre-defined security policy. |
| - | | Internet Protocol Security | + | |Hot Disaster Recovery Site|It contains fully redundant hardware and software, with telecommunications, |
| - | | Internet Relay Chat (IRC) | Internet Relay Chat (IRC) is a huge, multi-user live chat facility. | + | |Hot Fix|A hot fix is a single, cumulative package that includes one or more files that are used to address a problem in a software product (i.e. a software bug). Typically, hot fixes are made to address a specific customer situation and are not rolled out across the organisation. |
| - | | Internet Service Provider | + | |HPA|Host Protected Area. Sometimes called the Hidden Protected Area is a section of a hard drive that is hidden or not normally visible to the operating system, and is often used by software or personal computer manufactorers for system recovery and the backup of system configuration data.| |
| - | | Internet Standard | A specification, | + | |HTML|Hypertext Markup Language. |
| - | | Interrupt | An Interrupt is a signal that informs the OS that something has occurred.| | + | |HTTP|Hypertext Transfer Protocol. |
| - | | Intranet | A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders.| | + | |HTTP Proxy|An HTTP Proxy is a server that acts as a middleman in the communication between HTTP clients and servers.| |
| - | | Intrusion Detection | A security management system for computers and networks. | + | |HTTPS|When used in the first part of a URL (the part that precedes the colon and specifies an access scheme or protocol), this term specifies the use of HTTP enhanced by a security mechanism, which is usually SSL. | |
| - | | Invisible Web | Invisible Web is that portion (estimated to be between 60 and 80 per cent) of total Web content that consists of material that is not accessible by standard Search engines. | + | |HUB|A hub is a network device that operates by repeating data that it receives on one port to all the other ports. |
| - | | IP (Internet Protocol) | The method or protocol by which data is sent from one computer to another on the Internet.| | + | |Humint|Humint is an abbreviation for Human Intelligence; |
| - | | IP Address | A computer' | + | |Hybrid Attack|A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.| |
| - | | IP Flood | A denial of service attack that sends a host more echo request (" | + | |Hybrid Encryption|An application of cryptography that combines two or more encryption algorithms, particularly a combination of symmetric and asymmetric encryption.| |
| - | | IP Forwarding | IP forwarding is an Operating System option that allows a host to act as a router. | + | |Hyperlink|In hypertext or hypermedia, an information object (such as a word, a phrase, or an image; usually highlighted by color or underscoring) that points (indicates how to connect) to related information that is located elsewhere and can be retrieved by activating the link.| |
| - | | IPSEC (Internet Protocol Security) | A developing standard for security at the network or packet processing layer of network communication.| | + | |Hypertext Markup Language|HTML. |
| - | | IP Spoofing | The technique of supplying a false IP address.| | + | |Hypertext Transfer Protocol|HTTP. |
| - | | IRC (Internet Relay Chat) | Internet Relay Chat (IRC) is a huge, multi-user live chat facility. | + | |ICMP|Internet Control Message Protocol.| |
| - | | IRM | Information Risk Management.| | + | |:::|An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.| |
| - | | ISO (International Organization for Standardization) | A voluntary, non-treaty, non-government organization, | + | |Identity | Identity is whom someone or what something is, for example, the name by which something is known.| |
| - | | ISP (Internet Service Provider) | An Internet Service Provider (ISP) is a company selling access to the Internet.| | + | |IETF|Internet Engineering Task Force.| |
| - | | Issue-specific Policy | An Issue-Specific Policy is intended to address specific needs within an organization, | + | |:::|The body that defines standard Internet operating protocols such as TCP/ |
| - | | ITU-T (International Telecommunications Union) | Telecommunication Standardization Sector (formerly " | + | |IMAP|Internet Message Access Protocol.| |
| - | | Jitter | Jitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place.| | + | |:::|A protocol that defines how a client should fetch mail from and return mail to a mail server. |
| - | | Jump Bag | A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.| | + | |Incident|An incident as an adverse network event in an information system or network or the threat of the occurrence of such an event.| |
| - | | Kerberos | A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, | + | |Incident Handling|Incident Handling is an action plan for dealing with intrusions, cyber-theft, |
| - | | Kernel | The essential centre of a computer operating system, the core that provides basic services for all other parts of the operating system. | + | |Incremental Backups|Incremental backups only backup the files that have been modified since the last backup. |
| - | | KYC | Know Your Customer.| | + | |Industrial Espionage|Espionage is the use of illegal means (spying) to collect Information, |
| - | | L2F (Layer 2 Forwarding Protocol) | An Internet protocol (originally developed by Cisco Corporation) that uses tunnelling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.| | + | |INETD|Inetd (or Internet Daemon) is an application that controls smaller internet services like telnet, ftp, and POP.| |
| - | | L2FP (Layer 2 Tunnelling | + | |Inference Attack|Inference Attacks rely on the user to make logical connections between seemingly unrelated pieces of information.| |
| - | | Lattice Techniques | Lattice Techniques use security designations to determine access to information.| | + | |Information Warfare|Information Warfare is the competition between offensive and defensive players over information resources.| |
| - | | Layer 2 Forwarding Protocol | + | |Ingress Filtering|Ingress Filtering is filtering inbound traffic.| |
| - | | Layer 2 Tunnelling | + | |Input Validations Attack|Input Validations Attacks are where an attacker intentionally sends unusual input in the hopes of confusing an application.| |
| - | | Least Privilege | Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.| | + | |Integrity | Integrity is the need to ensure that information has not been changed accidentally or deliberately, |
| - | | Legion | Software to detect unprotected shares.| | + | |Integrity Star Property|In Integrity Star Property a user cannot read data of a lower integrity level then their own.| |
| - | | Lightweight Directory Access Protocol | + | |Intellectual Property|Intellectual Property refers to the definition and recording of a novel device, product, process or technique so that it may be bought, sold or legally protected. |
| - | | Link State | With link state, routes maintain information about all routers and router-to-router links within a geographic area, and creates a table of best routes with that information.| | + | |Intelligence|Intelligence is high-level, processed, exploitable Information.| |
| - | | List-based Access Control | List Based Access Control associates a list of users and their privileges with each object.| | + | |International Organization for Standardization (ISO)|A voluntary, non-treaty, non-government organization, |
| - | | LKM (Loadable Kernel Modules) | Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.| | + | |International Telecommunications Union|ITU-T.| |
| - | | Loadable Kernel Modules | + | |:::|Telecommunication Standardization Sector (formerly " |
| - | | Log Clipping | Log clipping is the selective removal of log entries from a system log to hide a compromise.| | + | |Internet|A term to describe connecting multiple separate networks together.| |
| - | | Logic Bombs | Logic bombs are programs or snippets of code that execute when a certain predefined event occurs. | + | |Internet Control Message Protocol|ICMP.| |
| - | | Logic Gate | A logic gate is an elementary building block of a digital circuit. | + | |:::|An Internet Standard protocol that is used to report error conditions during IP datagram processing and to exchange other information concerning the state of the IP network.| |
| - | | Loopback Address | The loopback address (127.0.0.1) is a pseudo IP address that always refer back to the local host and are never sent out onto a network.| | + | |Internet Engineering Task Force|IETF.| |
| - | | LTR | Large Transaction Report.| | + | |:::|The body that defines standard Internet operating protocols such as TCP/ |
| - | | MAC (Mandatory Access Control) | Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. | + | |Internet Message Access Protocol|IMAP.| |
| - | | MAC Address | A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.| | + | |:::|A protocol that defines how a client should fetch mail from and return mail to a mail server. |
| - | | Malicious Code | Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.| | + | |Internet Protocol|IP.| |
| - | | Malware | A generic term for a number of different types of malicious code.| | + | |:::|The method or protocol by which data is sent from one computer to another on the Internet.| |
| - | | Mandatory Access Control | + | |Internet Protocol Security|IPSEC.| |
| - | | Man in the Middle | + | |:::|A developing standard for security at the network or packet processing layer of network communication.| |
| - | | Masquerade Attack | A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.| | + | |Internet Relay Chat|IRC.| |
| - | | MD5 | A one way cryptographic hash function. | + | |:::|Internet Relay Chat (IRC) is a huge, multi-user live chat facility. |
| - | | Measures of Effectiveness | + | |Internet Service Provider|ISP.| |
| - | | MFT | Managed File Transfer.| | + | |:::|An Internet Service Provider (ISP) is a company selling access to the Internet.| |
| - | | MI | Management Information.| | + | |Internet Standard|A specification, |
| - | | MITM (Man in the Middle) Attack | + | |Interrupt|An Interrupt is a signal that informs the OS that something has occurred.| |
| - | | MOE (Measures of Effectiveness) | Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.| | + | |Intranet|A computer network, especially one based on Internet technology, that an organization uses for its own internal, and usually private, purposes and that is closed to outsiders.| |
| - | | Monoculture | Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.| | + | |Intrusion Detection|A security management system for computers and networks. |
| - | | Morris Worm | A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.| | + | |Invisible Web|Invisible Web is that portion (estimated to be between 60 and 80 per cent) of total Web content that consists of material that is not accessible by standard Search engines. |
| - | | MoSCoW | Must, Should, Could, Would.| | + | |IP|Internet Protocol).| |
| - | | Mule | Also known as a money mule, a mule is an individual who transfers stolen money or merchandise either in person, through a courier service or electronically to help obscure a scammer’s identity and/or location. | + | |:::|The method or protocol by which data is sent from one computer to another on the Internet.| |
| - | | Multi-Cast | Broadcasting from one host to a given set of hosts.| | + | |IP Address|A computer' |
| - | | Multi-Homed | You are " | + | |IP Flood|A denial of service attack that sends a host more echo request (" |
| - | | Multiplexing | To combine multiple signals from possibly disparate sources, in order to transmit them over a single path.| | + | |IP Forwarding|IP forwarding is an Operating System option that allows a host to act as a router. |
| - | | NAT (Network Address Translation) | It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. | + | |IPSEC|Internet Protocol Security).| |
| - | | National Institute of Standards and Technology | + | |:::|A developing standard for security at the network or packet processing layer of network communication.| |
| - | | Natural Disaster | Any "act of God" (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component.| | + | |IP Spoofing|The technique of supplying a false IP address.| |
| - | | Netmask | 32-bit number indicating the range of IP addresses residing on a single IP network/ | + | |IRC|Internet Relay Chat (IRC) is a huge, multi-user live chat facility. |
| - | | Network Address Translation | + | |IRM|Information Risk Management.| |
| - | | Network-based IDS | A network-based IDS system monitors the traffic on its network segment as a data source. | + | |ISO|International Organization for Standardization).| |
| - | | Network Mapping | To compile an electronic inventory of the systems and the services on your network.| | + | |:::|A voluntary, non-treaty, non-government organization, |
| - | | Network Taps | Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.| | + | |ISP|Internet Service Provider).| |
| - | | Newsgroup | Newsgroup is the name for a discussion group or chat room.| | + | |:::|An Internet Service Provider (ISP) is a company selling access to the Internet.| |
| - | | Nginx | Nginx Web Server. | + | |Issue-specific Policy | An Issue-Specific Policy is intended to address specific needs within an organization, |
| - | | Node | Node is any single device connected to a Network.| | + | |ITU-T|International Telecommunications Union).| |
| - | | Non FCT | Non Functional Testing. | + | |:::|Telecommunication Standardization Sector (formerly " |
| - | | Non-printable character | A character that doesn' | + | |Jitter|Jitter or Noise is the modification of fields in a database while preserving the aggregate characteristics of that make the database useful in the first place.| |
| - | | Non-repudiation | Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified.| | + | |Jump Bag|A Jump Bag is a container that has all the items necessary to respond to an incident inside to help mitigate the effects of delayed reactions.| |
| - | | Null Session | Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers.| | + | |Kerberos|A system developed at the Massachusetts Institute of Technology that depends on passwords and symmetric cryptography (DES) to implement ticket-based, |
| - | | OAT | Operational Acceptance Testing. | + | |Kernel|The essential centre of a computer operating system, the core that provides basic services for all other parts of the operating system. |
| - | | Octet | A sequence of eight bits. An octet is an eight-bit byte.| | + | |KYC|Know Your Customer.| |
| - | | One-way Encryption | Irreversible transformation of plain-text to cipher text, such that the plain-text cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.| | + | |L2F|Layer 2 Forwarding Protocol).| |
| - | | One-way Function | A (mathematical) function, f, which is easy to compute the output based on a given input. | + | |:::|An Internet protocol (originally developed by Cisco Corporation) that uses tunnelling of PPP over IP to create a virtual extension of a dial-up link across a network, initiated by the dial-up server and transparent to the dial-up user.| |
| - | | Open Shortest Path First (OSPF) | + | |L2FP|Layer 2 Tunneling |
| - | | Open Source Information | Open source information is unclassified published information. | + | |:::|An extension of the Point-to-Point |
| - | | Open Systems Interconnection | + | |Lattice Techniques|Lattice Techniques use security designations to determine access to information.| |
| - | | OR | Operational Risk.| | + | |Layer 2 Forwarding Protocol|L2F. |
| - | | ORF | Operational Risk Framework.| | + | |Layer 2 Tunneling |
| - | | ORIA | Operational Risk Impact Assessment. | + | |Least Privilege|Least Privilege is the principle of allowing users or applications the least amount of permissions necessary to perform their intended function.| |
| - | | OSI (Open Systems Interconnection) | OSI is a standard description or " | + | |Legion|Software to detect unprotected shares.| |
| - | | OSI Layers | The main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. | + | |Lightweight Directory Access Protocol|LDAP. |
| - | | OSPF (Open Shortest Path First) | + | |Link State|With link state, routes maintain information about all routers and router-to-router links within a geographic area, and creates a table of best routes with that information.| |
| - | | Overload | Hindrance of system operation by placing excess burden on the performance capabilities of a system component.| | + | |List-based Access Control | List Based Access Control associates a list of users and their privileges with each object.| |
| - | | Packet | A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.| | + | |LKM|Loadable Kernel Modules.| |
| - | | Packet Switched Network | A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.| | + | |:::|Loadable Kernel Modules allow for the adding of additional functionality directly into the kernel while the system is running.| |
| - | | PAN | Primary Account Number.| | + | |Loadable Kernel Modules|LKM. |
| - | | Partitions | Major divisions of the total physical hard disk space.| | + | |Log Clipping|Log clipping is the selective removal of log entries from a system log to hide a compromise.| |
| - | | Password Authentication Protocol | + | |Logic Bombs|Logic bombs are programs or snippets of code that execute when a certain predefined event occurs. |
| - | | Password Cracking | Password cracking is the process of attempting to guess passwords, given the password file information.| | + | |Logic Gate|A logic gate is an elementary building block of a digital circuit. |
| - | | Password Sniffing | Passive wiretapping, | + | |Loopback Address | The loopback address (127.0.0.1) is a pseudo IP address that always refer back to the local host and are never sent out onto a network.| |
| - | | PATS | Per Application Test Strategy.| | + | |LTR|Large Transaction Report.| |
| - | | Patch | A patch is a small update released by a software manufacturer to fix bugs in existing programs.| | + | |MAC|Mandatory Access Control).| |
| - | | Patching | Patching is the process of updating software to a different version.| | + | |:::|Mandatory Access Control controls is where the system controls access to resources based on classification levels assigned to both the objects and the users. |
| - | | Payload | Payload is the actual application data a packet contains.| | + | |MAC Address|A physical address; a numeric value that uniquely identifies that network device from every other device on the planet.| |
| - | | Penetration | Gaining unauthorized logical access to sensitive data by circumventing a system' | + | |Malicious Code|Software (e.g., Trojan horse) that appears to perform a useful or desirable function, but actually gains unauthorized access to system resources or tricks a user into executing other malicious logic.| |
| - | | Penetration Testing | Penetration testing is used to test the external perimeter security of a network or facility.| | + | |Malware|A generic term for a number of different types of malicious code.| |
| - | | PERL (Practical Extraction and Reporting Language) | A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.| | + | |Mandatory Access Control|MAC. |
| - | | Permutation | Permutation keeps the same letters but changes the position within a text to scramble the message.| | + | |Man in the Middle Attack|MITM.| |
| - | | Personal Firewalls | Personal firewalls are those firewalls that are installed and run on individual PCs.| | + | |:::|In cryptography, |
| - | | PFS (Public Key Forward Secrecy) | For a key agreement protocol based on asymmetric cryptography, | + | |Masquerade Attack|A type of attack in which one system entity illegitimately poses as (assumes the identity of) another entity.| |
| - | | Pharming | This is a more sophisticated form of MITM attack. | + | |MD5|A one way cryptographic hash function. |
| - | | Phishing | The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. | + | |Measures of Effectiveness|MOE.| |
| - | | PII | Personal Identifiable Information.| | + | |:::|Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.| |
| - | | Ping of Death | An attack that sends an improperly large ICMP echo request packet (a " | + | |MFT|Managed File Transfer.| |
| - | | Ping Scan | A ping scan looks for machines that are responding to ICMP Echo Requests.| | + | |MI|Management Information.| |
| - | | Ping Sweep | An attack that sends ICMP echo requests (" | + | |MITM Attack|Man in the Middle.| |
| - | | PIR | Post Incident Review.| | + | |:::|In cryptography, |
| - | | PGP (Pretty Good Privacy) | Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.| | + | |MOE|Measures of Effectiveness).| |
| - | | PKI (Public Key Infrastructure) | + | |:::|Measures of Effectiveness is a probability model based on engineering concepts that allows one to approximate the impact a give action will have on an environment. In Information warfare it is the ability to attack or defend within an Internet environment.| |
| - | | Plaintext | Ordinary readable text before being encrypted into ciphertext or after being decrypted.| | + | |Monoculture|Monoculture is the case where a large number of users run the same software, and are vulnerable to the same attacks.| |
| - | | PMI | Potential Major Incident.| | + | |Morris Worm|A worm program written by Robert T. Morris, Jr. that flooded the ARPANET in November, 1988, causing problems for thousands of hosts.| |
| - | | PoC (Proof of Concept) | A proof of concept is realisation of a certain method or idea to demonstrate its feasibility, | + | |MoSCoW | Must, Should, Could, Would.| |
| - | | POC | Point of Contact.| | + | |Mule|Also known as a money mule, a mule is an individual who transfers stolen money or merchandise either in person, through a courier service or electronically to help obscure a scammer’s identity and/or location. |
| - | | Point-to-Point | + | |Multi-Cast|Broadcasting from one host to a given set of hosts.| |
| - | | Point-to-Point | + | |Multi-Homed|You are " |
| - | | Poison Reverse | Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.| | + | |Multiplexing|To combine multiple signals from possibly disparate sources, in order to transmit them over a single path.| |
| - | | Polyinstantiation | Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks.| | + | |NAT|Network Address Translation).| |
| - | | Polymorphism | Polymorphism is the process by which malicious software changes its underlying code to avoid detection.| | + | |:::|It is used to share one or a small number of publicly routable IP addresses among a larger number of hosts. |
| - | | POP3 (Post Office Protocol Version 3) | An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.| | + | |National Institute of Standards and Technology|NIST. |
| - | | Port | A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. | + | |Natural Disaster|Any "act of God" (e.g., fire, flood, earthquake, lightning, or wind) that disables a system component.| |
| - | | Port Scan | A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a " | + | |Netmask|32-bit number indicating the range of IP addresses residing on a single IP network/ |
| - | | Possession | Possession is the holding, control, and ability to use information.| | + | |Network Address Translation|NAT. |
| - | | Post Office Protocol Version 3 (POP3) | An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.| | + | |Network-based IDS|A network-based IDS system monitors the traffic on its network segment as a data source. |
| - | | PPP (Point-to-Point) | A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. | + | |Network Mapping|To compile an electronic inventory of the systems and the services on your network.| |
| - | | PR | Problem Record.| | + | |Network Taps|Network taps are hardware devices that hook directly onto the network cable and send a copy of the traffic that passes through it to one or more other networked devices.| |
| - | | Practical Extraction and Reporting Language (PERL) | A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.| | + | |Newsgroup|Newsgroup is the name for a discussion group or chat room.| |
| - | | Preamble | A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. | + | |Nginx|Nginx Web Server. |
| - | | Pretty Good Privacy | + | |Node|Node is any single device connected to a Network.| |
| - | | Private Addressing | IANA has set aside three address ranges for use by private or non-Internet connected networks. | + | |Non FCT|Non Functional Testing. |
| - | | Program Infector | A program infector is a piece of malware that attaches itself to existing program files.| | + | |Non-printable character|A character that doesn' |
| - | | Program Policy | A program policy is a high-level policy that sets the overall tone of an organization' | + | |Non-repudiation|Non-repudiation is the ability for a system to prove that a specific user and only that specific user sent a message and that it hasn't been modified.| |
| - | | Promiscuous Mode | When a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavoury | + | |Null Session|Known as Anonymous Logon, it is a way of letting an anonymous user retrieve information such as user names and shares over the network or connect without authentication. It is used by applications such as explorer.exe to enumerate shares on remote servers.| |
| - | | Proof of Concept | + | |OAT|Operational Acceptance Testing. |
| - | | Proprietary Information | Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.| | + | |Octet|A sequence of eight bits. An octet is an eight-bit byte.| |
| - | | Protocol | A formal specification for communicating; | + | |One-way Encryption|Irreversible transformation of plain-text to cipher text, such that the plain-text cannot be recovered from the cipher text by other than exhaustive procedures even if the cryptographic key is known.| |
| - | | Protocol Stacks | OSI. A set of network protocol layers that work together.| | + | |One-way Function |A (mathematical) function, f, which is easy to compute the output based on a given input. |
| - | | Proxy Server | A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. | + | |Open Shortest Path First|(OSPF) Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).| |
| - | | PT | Performance Testing.| | + | |Open Source Information |Open source information is unclassified published information. |
| - | | Public Key | The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.| | + | |Open Systems Interconnection|OSI is a standard description or " |
| - | | Public Key Encryption | The popular synonym for " | + | |OR|Operational Risk.| |
| - | | Public Key Infrastructure | + | |ORF|Operational Risk Framework.| |
| - | | Public Key Forward Secrecy | + | |ORIA|Operational Risk Impact Assessment. |
| - | | PWR | Product Work Request.| | + | |OSI|Open Systems Interconnection.| |
| - | | QAZ | A network worm.| | + | |:::|OSI is a standard description or " |
| - | | Race Condition | A race condition exploits the small window of time between a security control being applied and when the service is used.| | + | |OSI Layers|The main idea in OSI is that the process of communication between two end points in a telecommunication network can be divided into layers, with each layer adding its own set of special, related functions. |
| - | | Radiation Monitoring | Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.| | + | |OSPF| Open Shortest Path First is a link state routing algorithm used in interior gateway routing. Routers maintain a database of all routers in the autonomous system with links between the routers, link costs, and link states (up and down).| |
| - | | RAID | Redundant Array of Independant | + | |Overload|Hindrance of system operation by placing excess burden on the performance capabilities of a system component.| |
| - | | RapidShare | RapidShare is one of the world’s largest file-hosting sites; upon uploading, the user is supplied with a unique download URL which enables anyone with whom the uploader shares the URL to download the file. No user is allowed to search the server for content.| | + | |Packet|A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.| |
| - | | RC | Root Cause.| | + | |Packet Switched Network|A packet switched network is where individual packets each follow their own paths through the network from one endpoint to another.| |
| - | | Reconnaissance | Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.| | + | |PAN|Primary Account Number.| |
| - | | RED | Random Early Detection.| | + | |Partitions|Major divisions of the total physical hard disk space.| |
| - | | Reflexive ACLS | CISCO. | + | |Password Authentication Protocol|PAP. |
| - | | Registry | The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.| | + | |Password Cracking|Password cracking is the process of attempting to guess passwords, given the password file information.| |
| - | | Regression Analysis | The use of scripted tests which are used to test software for all possible input is should expect. | + | |Password Sniffing|Passive wiretapping, |
| - | | Regression Testing | The use of scripted tests which are used to test software for all possible input it should expect. | + | |PATS|Per Application Test Strategy.| |
| - | | Request for Comment | + | |Patch|A patch is a small update released by a software manufacturer to fix bugs in existing programs.| |
| - | | Resource Exhaustion | Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.| | + | |Patching|Patching is the process of updating software to a different version.| |
| - | | Response | A response is information sent that is responding to some stimulus.| | + | |Payload|Payload is the actual application data a packet contains.| |
| - | | Reverse Address Resolution Protocol | + | |Penetration|Gaining unauthorized logical access to sensitive data by circumventing a system' |
| - | | Reverse Engineering | Acquiring sensitive data by disassembling and analyzing the design of a system component.| | + | |Penetration Testing|Penetration testing is used to test the external perimeter security of a network or facility.| |
| - | | Reverse Lookup | Find out the hostname that corresponds to a particular IP address. | + | |PERL|Practical Extraction and Reporting Language).| |
| - | | Reverse Proxy | Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.| | + | |:::|A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.| |
| - | | RFI | Request for Information.| | + | |Permutation|Permutation keeps the same letters but changes the position within a text to scramble the message.| |
| - | | RHEL | Redhat Enterprise Linux.| | + | |Personal Firewalls|Personal firewalls are those firewalls that are installed and run on individual PCs.| |
| - | | Risk | Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.| | + | |PFS|Public Key Forward Secrecy.| |
| - | | Risk Assessment | A Risk Assessment is the process by which risks are identified and the impact of those risks determined.| | + | |:::|For a key agreement protocol based on asymmetric cryptography, |
| - | | Risk Averse | Avoiding risk even if this leads to the loss of opportunity. For example, using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered "Risk Averse" | + | |Pharming|This is a more sophisticated form of MITM attack. |
| - | | Rivest-Shamir-Adleman | + | |Phishing|The use of e-mails that appear to originate from a trusted source to trick a user into entering valid credentials at a fake website. |
| - | | Role Based Access Control (RBAC) | Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.| | + | |PII|Personal Identifiable Information.| |
| - | | ROM | Rough Order of Magnitude.| | + | |Ping of Death|An attack that sends an improperly large ICMP echo request packet (a " |
| - | | Root | Root is the name of the administrator account in Unix systems.| | + | |Ping Scan|A ping scan looks for machines that are responding to ICMP Echo Requests.| |
| - | | Rootkit | A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.| | + | |Ping Sweep|An attack that sends ICMP echo requests (" |
| - | | Router | Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.| | + | |PIR|Post Incident Review.| |
| - | | Routing Information Protocol | + | |PGP|Pretty Good Privacy).| |
| - | | Routing Loop | A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.| | + | |:::|Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.| |
| - | | RPA | Robotics Process Automation.| | + | |PKI|A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. |
| - | | RPC Scans | RPC scans determine which RPC services are running on a machine.| | + | |Plaintext|Ordinary readable text before being encrypted into ciphertext or after being decrypted.| |
| - | | RSS (Really Simple Syndication) | RSS is a family of web feed formats used to publish frequently updated works such as blog entries, news headlines, audio, and video in a standardised format. | + | |PMI|Potential Major Incident.| |
| - | | RTM | Requirements Traceability Matrix. | + | |PoC|Proof of Concept).| |
| - | | RTQ | Risk Tollerance Questionaire.| | + | |:::|A proof of concept is realisation of a certain method or idea to demonstrate its feasibility, |
| - | | Rule Set Based Access Control | + | |POC|Point of Contact.| |
| - | | S/KEY | A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. | + | |Point-to-Point|PPP.| |
| - | | Safety | Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.| | + | |:::|A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. |
| - | | Salt | In cryptography, | + | |Point-to-Point |
| - | | SAM | Software Asset Management.| | + | |Poison Reverse|Split horizon with poisoned reverse (more simply, poison reverse) does include such routes in updates, but sets their metrics to infinity. In effect, advertising the fact that there routes are not reachable.| |
| - | | SAN | Storage Area Network.| | + | |Polyinstantiation|Polyinstantiation is the ability of a database to maintain multiple records with the same key. It is used to prevent inference attacks.| |
| - | | SBI | Standard Batch Interface.| | + | |Polymorphism|Polymorphism is the process by which malicious software changes its underlying code to avoid detection.| |
| - | | Scareware | Scareware is scam software sold to consumers using social engineering to cause shock, anxiety or the perception of a threat. | + | |POP3|Post Office Protocol Version 3).| |
| - | | Scavenging | Searching through data residue in a system to gain unauthorized knowledge of sensitive data.| | + | |:::|An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.| |
| - | | Secure Electronic Transactions | + | |Port|A port is nothing more than an integer that uniquely identifies an endpoint of a communication stream. |
| - | | Secure Shell (SSH) | A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.| | + | |Port Scan|A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a " |
| - | | Secure Sockets Layer (SSL) | A protocol developed by Netscape for transmitting private documents via the Internet. | + | |Possession|Possession is the holding, control, and ability to use information.| |
| - | | Security Policy | A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.| | + | |Post Office Protocol Version 3|POP3.| |
| - | | Segment | Segment is another name for TCP packets.| | + | |:::|An Internet Standard protocol by which a client workstation can dynamically access a mailbox on a server host to retrieve mail messages that the server has received and is holding for the client.| |
| - | | Sensitive Information | Sensitive information, | + | |PPP|(Point-to-Point).| |
| - | | Separation of Duties | Separation of duties is the principle of splitting privileges among multiple individuals or systems.| | + | |:::|A protocol for communication between two computers using a serial interface, typically a personal computer connected by phone line to a server. |
| - | | Server | A system entity that provides a service in response to requests from other system entities called clients.| | + | |PR|Problem Record.| |
| - | | Session | A session is a virtual connection between two hosts by which network traffic is passed.| | + | |Practical Extraction and Reporting Language (PERL) | A script programming language that is similar in syntax to the C language and that includes a number of popular Unix facilities such as sed, awk, and tr.| |
| - | | Session Hijacking | Take over a session that someone else has established.| | + | |Preamble|A preamble is a signal used in network communications to synchronize the transmission timing between two or more systems. |
| - | | Session Key | In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.| | + | |Pretty Good Privacy|PGP.| |
| - | | SET (Secure Electronic Transactions) | Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.| | + | |:::|Trademark of Network Associates, Inc., referring to a computer program (and related protocols) that uses cryptography to provide data security for electronic mail and other applications on the Internet.| |
| - | | SFTP | Secure File Transfer Protocol.| | + | |Private Addressing|IANA has set aside three address ranges for use by private or non-Internet connected networks. |
| - | | SHA1 | A one way cryptographic hash function. Also see " | + | |Program Infector|A program infector is a piece of malware that attaches itself to existing program files.| |
| - | | Shadow Password Files | A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.| | + | |Program Policy|A program policy is a high-level policy that sets the overall tone of an organization' |
| - | | Share | A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).| | + | |Promiscuous Mode|When a machine reads all packets off the network, regardless of who they are addressed to. This is used by network administrators to diagnose network problems, but also by unsavory |
| - | | Shell | A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its " | + | |Proof of Concept|PoC.| |
| - | | Signals Analysis | Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.| | + | |:::|A proof of concept is realization |
| - | | Signature | A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.| | + | |Proprietary Information|Proprietary information is that information unique to a company and its ability to compete, such as customer lists, technical data, product costs, and trade secrets.| |
| - | | Simple Integrity Property | In Simple Integrity Property a user cannot write data to a higher integrity level than their own.| | + | |Protocol|A formal specification for communicating; |
| - | | Simple Network Management Protocol | + | |Protocol Stacks|OSI. |
| - | | Simple Security Property | In Simple Security Property a user cannot read data of a higher classification than their own.| | + | |Proxy Server|A server that acts as an intermediary between a workstation user and the Internet so that the enterprise can ensure security, administrative control, and caching service. |
| - | | SIT | System Integration Testing. | + | |PT|Performance Testing.| |
| - | | Skimming | Skimming is the theft of credit card information using an electronic device called a skimmer to read and store credit card numbers. | + | |Public Key|The publicly-disclosed component of a pair of cryptographic keys used for asymmetric cryptography.| |
| - | | SLA | Service Level Agreement.| | + | |Public Key Encryption|The popular synonym for " |
| - | | Smartcard | A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.| | + | |Public Key Infrastructure|PKI.| |
| - | | SME | Subject Matter Expert.| | + | |:::|A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. |
| - | | Smurf | The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.| | + | |Public Key Forward Secrecy|PFS.| |
| - | | Sniffer | A sniffer is a tool that monitors network traffic as it received in a network interface.| | + | |:::|For a key agreement protocol based on asymmetric cryptography, |
| - | | Sniffing | A synonym for " | + | |PWR|Product Work Request.| |
| - | | SNMP (Simple Network Management Protocol) | The protocol governing network management and the monitoring of network devices and their functions. | + | |QAZ|A network worm.| |
| - | | Social Engineering | A euphemism for non-technical or low-technology means - such as lies, impersonation, | + | |Race Condition | A race condition exploits the small window of time between a security control being applied and when the service is used.| |
| - | | Socket | The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.| | + | |Radiation Monitoring | Radiation monitoring is the process of receiving images, data, or audio from an unprotected source by listening to radiation signals.| |
| - | | Socket Pair | A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.| | + | |RAID|Redundant Array of Independent |
| - | | Socks | A protocol that a proxy server can use to accept requests from client users in a company' | + | |RapidShare|RapidShare is one of the world’s largest file-hosting sites; upon uploading, the user is supplied with a unique download URL which enables anyone with whom the uploader shares the URL to download the file. No user is allowed to search the server for content.| |
| - | | SOD | Start-of-Day.| | + | |RC|Root Cause.| |
| - | | Software | Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.| | + | |Reconnaissance|Reconnaissance is the phase of an attack where an attackers finds new systems, maps out networks, and probes for specific, exploitable vulnerabilities.| |
| - | | SOM | Supplier Operating Model.| | + | |RED|Random Early Detection.| |
| - | | Source Port | The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.| | + | |Reflexive ACLS|CISCO. |
| - | | Spam | Electronic junk mail or junk newsgroup postings.| | + | |Registry|The Registry in Windows operating systems in the central set of settings and information required to run the Windows computer.| |
| - | | Spanning Port | Configures the switch to behave like a hub for a specific port.| | + | |Regression Analysis|The use of scripted tests which are used to test software for all possible input is should expect. |
| - | | Spear-phishing | Spear-phishing is a targeted form of phishing that focuses on a single user or department within an organisation, | + | |Regression Testing|The use of scripted tests which are used to test software for all possible input it should expect. |
| - | | Split Horizon | Split horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.| | + | |Request for Comment|RFC.| |
| - | | Split Key | A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.| | + | |:::|A series of notes about the Internet, started in 1969 (when the Internet was the ARPANET). |
| - | | Spoof | Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.| | + | |Resource Exhaustion|Resource exhaustion attacks involve tying up finite resources on a system, making them unavailable to others.| |
| - | | Spyware | Spyware is any software application that is generally installed without the knowledge or consent of the user, to obtain, use, or interfere with personal information or resources, content, or setting, for malicious or undesirable purposes.| | + | |Response|A response is information sent that is responding to some stimulus.| |
| - | | SQL | Structured Query Language.| | + | |Reverse Address Resolution Protocol|RARP.| |
| - | | SQL Injection | + | |:::|RARP (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a local area network can request to learn its IP address from a gateway server' |
| - | | SSH (Secure Shell) | A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.| | + | |Reverse Engineering|Acquiring sensitive data by disassembling and analyzing the design of a system component.| |
| - | | SSL (Secure Sockets Layer) | A protocol developed by Netscape for transmitting private documents via the Internet. | + | |Reverse Lookup|Find out the hostname that corresponds to a particular IP address. |
| - | | SSO | Single Sign On.| | + | |Reverse Proxy|Reverse proxies take public HTTP requests and pass them to back-end webservers to send the content to it, so the proxy can then send the content to the end-user.| |
| - | | SSO (System Security Officer) | A person responsible for enforcement or administration of the security policy that applies to the system.| | + | |RFI|Request for Information.| |
| - | | ST | System Testing. Done just before the UAT. End-to-End testing done by the IT team, to ensure the system can be handed over to the business to test. | + | |RHEL|Redhat Enterprise Linux.| |
| - | | Stack Mashing | Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.| | + | |Risk|Risk is the product of the level of threat with the level of vulnerability. It establishes the likelihood of a successful attack.| |
| - | | Standard ACLS | CISCO. | + | |Risk Assessment|A Risk Assessment is the process by which risks are identified and the impact of those risks determined.| |
| - | | Star Property | In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.| | + | |Risk Averse|Avoiding risk even if this leads to the loss of opportunity. For example, using a (more expensive) phone call vs. sending an e-mail in order to avoid risks associated with e-mail may be considered "Risk Averse" |
| - | | State Machine | A system that moves through a series of progressive conditions.| | + | |Rivest-Shamir-Adleman|RSA.| |
| - | | Stateful Inspection | Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. | + | |:::|An algorithm for asymmetric cryptography, |
| - | | Static Host Tables | Static host tables are text files that contain hostname and address mapping.| | + | |Role Based Access Control (RBAC) | Role based access control assigns users to roles based on their organizational functions and determines authorization based on those roles.| |
| - | | Static Routing | Static routing means that routing table entries contain information that does not change.| | + | |ROM|Rough Order of Magnitude.| |
| - | | Stealthing | Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.| | + | |Root|Root is the name of the administrator account in Unix systems.| |
| - | | Steganalysis | Steganalysis is the process of detecting and defeating the use of steganography.| | + | |Rootkit|A collection of tools (programs) that a hacker uses to mask intrusion and obtain administrator-level access to a computer or computer network.| |
| - | | Steganography | Methods of hiding the existence of a message or other data. This is different than cryptography, | + | |Router|Routers interconnect logical networks by forwarding information to other networks based upon IP addresses.| |
| - | | Stimulus | Stimulus is network traffic that initiates a connection or solicits a response.| | + | |Routing Information Protocol|RIP.| |
| - | | Store-and-Forward | Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.| | + | |:::|Routing Information Protocol is a distance vector protocol used for interior gateway routing which uses hop count as the sole metric of a path's cost.| |
| - | | STP | Straight Through Processing.| | + | |Routing Loop|A routing loop is where two or more poorly configured routers repeatedly exchange the same packet over and over.| |
| - | | Straight-through-Cable | A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.| | + | |RPA|Robotics Process Automation.| |
| - | | Stream Cipher | A stream cipher works by encryption a message a single bit, byte, or computer word at a time.| | + | |RPC Scans|RPC scans determine which RPC services are running on a machine.| |
| - | | Strong Star Property | In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.| | + | |RSS|Really Simple Syndication.| |
| - | | Sub Network | A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.| | + | |:::|RSS is a family of web feed formats used to publish frequently updated works such as blog entries, news headlines, audio, and video in a standardised format. |
| - | | Subnet Mask | A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. | + | |RTM|Requirements Traceability Matrix. |
| - | | Switch | A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.| | + | |RTQ|Risk |
| - | | Switched Network | A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.| | + | |Rule Set Based Access Control|RSBAC.| |
| - | | Symbolic Links | Special files which point at another file.| | + | |:::|Rule Set Based Access Control targets actions based on rules for entities operating on objects.| |
| - | | Symmetric Cryptography | A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). | + | |S/KEY|A security mechanism that uses a cryptographic hash function to generate a sequence of 64-bit, one-time passwords for remote user login. |
| - | | Symmetric Key | A cryptographic key that is used in a symmetric cryptographic algorithm.| | + | |Safety|Safety is the need to ensure that the people involved with the company, including employees, customers, and visitors, are protected from harm.| |
| - | | SYN Flood | A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.| | + | |Salt|In cryptography, |
| - | | Synchronization | Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.| | + | |SAM|Software Asset Management.| |
| - | | Syslog | Syslog is the system logging facility for Unix systems.| | + | |SAN|Storage Area Network.| |
| - | | System Security Officer (SSO) | A person responsible for enforcement or administration of the security policy that applies to the system.| | + | |SBI|Standard Batch Interface.| |
| - | | System-specific Policy | A System-specific policy is a policy written for a specific system or device.| | + | |Scareware|Scareware is scam software sold to consumers using social engineering to cause shock, anxiety or the perception of a threat. |
| - | | T1, T3 | A digital circuit using TDM (Time-Division Multiplexing).| | + | |Scavenging|Searching through data residue in a system to gain unauthorized knowledge of sensitive data.| |
| - | | Tamper | To deliberately alter a system' | + | |Secure Electronic Transactions|SET.| |
| - | | TBC | To be confirmed.| | + | |:::|Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.| |
| - | | TCP (Transmission Control Protocol) | A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. | + | |Secure Shell|SSH.| |
| - | | TCP Fingerprinting | TCP fingerprinting is the user of odd packet header combinations to determine a remote operating system.| | + | |:::|A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.| |
| - | | TCP Full Open Scan | TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open.| | + | |Secure Sockets Layer|SSL.| |
| - | | TCP Half Open Scan | TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open.| | + | |:::|A protocol developed by Netscape for transmitting private documents via the Internet. |
| - | | TCP Wrapper | A software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic.| | + | |Security Policy|A set of rules and practices that specify or regulate how a system or organization provides security services to protect sensitive and critical system resources.| |
| - | | TCP/IP | A synonym for " | + | |Segment|Segment is another name for TCP packets.| |
| - | | TCPDump | TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.| | + | |Sensitive Information|Sensitive information, |
| - | | Technical Vulnerability Assessment (TVA) | A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs.| | + | |Separation of Duties|Separation of duties is the principle of splitting privileges among multiple individuals or systems.| |
| - | | Telnet | A TCP-based, application-layer, | + | |Server|A system entity that provides a service in response to requests from other system entities called clients.| |
| - | | Threat | A potential for violation of security, which exists when there is a circumstance, | + | |Session|A session is a virtual connection between two hosts by which network traffic is passed.| |
| - | | Threat Assessment | A threat assessment is the identification of types of threats that an organization might be exposed to.| | + | |Session Hijacking|Take over a session that someone else has established.| |
| - | | Threat Model | A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.| | + | |Session Key|In the context of symmetric encryption, a key that is temporary or is used for a relatively short period of time. Usually, a session key is used for a defined period of communication between two computers, such as for the duration of a single connection or transaction set, or the key is used in an application that protects relatively large amounts of data and, therefore, needs to be re-keyed frequently.| |
| - | | Threat Vector | The method a threat uses to get to the target.| | + | |SET|Secure Electronic Transactions).| |
| - | | Time to Live | A value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.| | + | |:::|Secure Electronic Transactions is a protocol developed for credit card transactions in which all parties (customers, merchant, and bank) are authenticated using digital signatures, encryption protects the message and provides integrity, and provides end-to-end security for credit card transactions online.| |
| - | | Tiny Fragment Attack | With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. | + | |SFTP|Secure File Transfer Protocol.| |
| - | | TLS (Transport Layer Security) | A protocol that ensures privacy between communicating applications and their users on the Internet. | + | |SHA1|A one way cryptographic hash function. Also see " |
| - | | T&M | Time and Materials.| | + | |Shadow Password Files | A system file in which encryption user password are stored so that they aren't available to people who try to break into the system.| |
| - | | Token Ring | A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.| | + | |Share|A share is a resource made public on a machine, such as a directory (file share) or printer (printer share).| |
| - | | Token-based Access Control | Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)| | + | |Shell|A Unix term for the interactive user interface with an operating system. The shell is the layer of programming that understands and executes the commands a user enters. In some systems, the shell is called a command interpreter. A shell usually implies an interface with a command syntax (think of the DOS operating system and its " |
| - | | TOM | Target Operating Model.| | + | |Signals Analysis|Gaining indirect knowledge of communicated data by monitoring and analyzing a signal that is emitted by a system and that contains the data but is not intended to communicate the data.| |
| - | | Topology | The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. | + | |Signature|A Signature is a distinct pattern in network traffic that can be identified to a specific tool or exploit.| |
| - | | TOR | Terms of Reference.| | + | |Simple Integrity Property|In Simple Integrity Property a user cannot write data to a higher integrity level than their own.| |
| - | | Traceroute | Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.| | + | |Simple Network Management Protocol|SNMP.| |
| - | | Trade Secret | A Trade Secret is Information (including a formula, pattern, compilation, | + | |:::|The protocol governing network management and the monitoring of network devices and their functions. |
| - | | Transmission Control Protocol | + | |Simple Security Property|In Simple Security Property a user cannot read data of a higher classification than their own.| |
| - | | Transport Layer Security | + | |SIT|System Integration Testing. |
| - | | TRB | Test Review Board.| | + | |Skimming|Skimming is the theft of credit card information using an electronic device called a skimmer to read and store credit card numbers. |
| - | | Triple DES | A block cipher, based on DES, that transforms each 64-bit plain-text block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.| | + | |SLA|Service Level Agreement.| |
| - | | Triple-wrapped | S/MIME usage: data that has been signed with a digital signature, and then encrypted, and then signed again.| | + | |Smartcard|A smartcard is an electronic badge that includes a magnetic strip or chip that can record and replay a set key.| |
| - | | Trojan Horse | A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.| | + | |SME|Subject Matter Expert.| |
| - | | Trunking | Trunking is connecting switched together so that they can share VLAN information between them.| | + | |Smurf|The Smurf attack works by spoofing the target address and sending a ping to the broadcast address for a remote network, which results in a large amount of ping replies being sent to the target.| |
| - | | Trust | Trust determine which permissions and what actions other systems or users can perform on remote machines.| | + | |Sniffer|A sniffer is a tool that monitors network traffic as it received in a network interface.| |
| - | | Trusted Ports | Trusted ports are ports below number 1024 usually allowed to be opened by the root user.| | + | |Sniffing|A synonym for " |
| - | | TSBIA | Technical Service Baseline Impact Assessment.| | + | |SNMP|Simple Network Management Protocol.| |
| - | | Tunnel | A communication channel created in a computer network by encapsulating a communication protocol' | + | |:::|The protocol governing network management and the monitoring of network devices and their functions. |
| - | | TVA (Technical Vulnerability Assessment) | A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs.| | + | |Social Engineering | A euphemism for non-technical or low-technology means - such as lies, impersonation, |
| - | | UAT | User Acceptance Testing.| | + | |Socket|The socket tells a host's IP stack where to plug in a data stream so that it connects to the right application.| |
| - | | UDF | User Defined Field.| | + | |Socket Pair|A way to uniquely specify a connection, i.e., source IP address, source port, destination IP address, destination port.| |
| - | | UDP (User Datagram Protocol) | A communications protocol that, like TCP, runs on top of IP networks. | + | |Socks|A protocol that a proxy server can use to accept requests from client users in a company' |
| - | | UDP Scan | UDP scans perform scans to determine which UDP ports are open.| | + | |SOD|Start-of-Day.| |
| - | | Underground Economy | The Underground Economy (sometimes known as black market or black economy) is trade, goods and services that are not part of the official economy of a country; this may be legal activities where taxes are not paid, or illegal activities, such as drug trafficking, | + | |Software|Computer programs (which are stored in and executed by computer hardware) and associated data (which also is stored in the hardware) that may be dynamically written or modified during execution.| |
| - | | Unicast | Broadcasting from host to host.| | + | |SOM|Supplier Operating Model.| |
| - | | Uniform Resource Identifier | + | |Source Port|The port that a host uses to connect to a server. It is usually a number greater than or equal to 1024. It is randomly generated and is different each time a connection is made.| |
| - | | Uniform Resource Locator | + | |Spam|Electronic junk mail or junk newsgroup postings.| |
| - | | UNIX | A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. | + | |Spanning Port|Configures the switch to behave like a hub for a specific port.| |
| - | | Unprotected Share | In Windows terminology, | + | |Spear-phishing|Spear-phishing is a targeted form of phishing that focuses on a single user or department within an organisation, |
| - | | UPI | Unique Product Identifier.| | + | |Split Horizon|Split horizon is a algorithm for avoiding problems caused by including routes in updates sent to the gateway from which they were learned.| |
| - | | URL (Uniform Resource Locator) | The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. | + | |Split Key |A cryptographic key that is divided into two or more separate data items that individually convey no knowledge of the whole key that results from combining the items.| |
| - | | User | A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.| | + | |Spoof|Attempt by an unauthorized entity to gain access to a system by posing as an authorized user.| |
| - | | User Contingency Plan | User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.| | + | |Spyware|Spyware is any software application that is generally installed without the knowledge or consent of the user, to obtain, use, or interfere with personal information or resources, content, or setting, for malicious or undesirable purposes.| |
| - | | User Datagram Protocol | + | |SQL|Structured Query Language.| |
| - | | Usenet | Usenet is an outdated term for a worldwide system of discussion groups, with comments passed among hundreds or thousands of machines. | + | |SQLInjection|SQL injection is a type of input validation attack specific to database-driven applications where SQL code is inserted into application queries to manipulate the database.| |
| - | | VDI | Virtual Desktop Infrastructure.| | + | |SSH|Secure Shell. |
| - | | Virtual Private Network | + | |:::|A program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another.| |
| - | | Virus | A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.| | + | |SSL|Secure Sockets Layer.| |
| - | | Voice Firewall | A physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.| | + | |:::|A protocol developed by Netscape for transmitting private documents via the Internet. |
| - | | Voice Intrusion Prevention System | + | |SSO|Single Sign On.| |
| - | | VPN (Virtual Private Network) | A restricted-use, | + | |SSO|System Security Officer.| |
| - | | W3 (World Wide Web) | The global, hypermedia-based collection of information (including text, audio, video, and graphics) and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.| | + | |:::A person responsible for enforcement or administration of the security policy that applies to the system.| |
| - | | W3C (World Wide Web Consortium) | The W3C is an international organization that develops Web standards.| | + | |ST|System Testing. Done just before the UAT. End-to-End testing done by the IT team, to ensure the system can be handed over to the business to test. |
| - | | WAR | Work Area Recovery.| | + | |Stack Mashing|Stack mashing is the technique of using a buffer overflow to trick a computer into executing arbitrary code.| |
| - | | War Chalking | War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.| | + | |Standard ACLS|CISCO. |
| - | | War Dialer | A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogues those numbers so that a cracker can try to break into the systems.| | + | |Star Property|In Star Property, a user cannot write data to a lower classification level without logging in at that lower classification level.| |
| - | | War Dialing | War dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security.| | + | |State Machine|A system that moves through a series of progressive conditions.| |
| - | | Warez | Warez refers primarily to copyrighted works distributed without fees or royalties, and may be traded, in general violation of copyright law. The term generally refers to unauthorized releases by organized groups, as opposed to file sharing between friends.| | + | |Stateful Inspection|Also referred to as dynamic packet filtering. Stateful inspection is a firewall architecture that works at the network layer. |
| - | | Warm Disaster Recovery Site | It contains partially redundant hardware and software, with telecommunications, | + | |Static Host Tables|Static host tables are text files that contain hostname and address mapping.| |
| - | | War Driving | War driving is the process of travelling around looking for wireless access point signals that can be used to get network access.| | + | |Static Routing|Static routing means that routing table entries contain information that does not change.| |
| - | | Web 2.0 | Web 2.0 currently lacks a precise definition. | + | |Stealthing|Stealthing is a term that refers to approaches used by malicious code to conceal its presence on the infected system.| |
| - | | Web of Trust | A web of trust is the trust that naturally evolves as a user starts to trust others' | + | |Steganalysis|Steganalysis is the process of detecting and defeating the use of steganography.| |
| - | | Web Server | A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.| | + | |Steganography|Methods of hiding the existence of a message or other data. This is different than cryptography, |
| - | | WEP (Wired Equivalent Privacy) | A security protocol for wireless local area networks defined in the standard IEEE 802.11b.| | + | |Stimulus|Stimulus is network traffic that initiates a connection or solicits a response.| |
| - | | WHOIS | An IP for finding information about resources on networks.| | + | |Store-and-Forward|Store-and-Forward is a method of switching where the entire packet is read by a switch to determine if it is intact before forwarding it.| |
| - | | Wiki | Wiki (from the Hawaiian word for quickly) is a medium for collaboration that allows many people to participate in the production of a long-term knowledge repository or database, often devoted to a specific subject or field of interest. | + | |STP|Straight Through Processing.| |
| - | | Windowing | A windowing system is a system for sharing a computer' | + | |Straight-through-Cable|A straight-through cable is where the pins on one side of the connector are wired to the same pins on the other end. It is used for interconnecting nodes on the network.| |
| - | | Windump | Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.| | + | |Stream Cipher|A stream cipher works by encryption a message a single bit, byte, or computer word at a time.| |
| - | | Wired Equivalent Privacy | + | |Strong Star Property|In Strong Star Property, a user cannot write data to higher or lower classifications levels than their own.| |
| - | | Wireless Application Protocol | A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, | + | |Sub Network|A separately identifiable part of a larger network that typically represents a certain limited number of host computers, the hosts in a building or geographic area, or the hosts on an individual local area network.| |
| - | | Wiretapping | Monitoring and recording data that is flowing between two points in a communication system.| | + | |Subnet Mask|A subnet mask (or number) is used to determine the number of bits used for the subnet and host portions of the address. |
| - | | World Wide Web Consortium | + | |Switch|A switch is a networking device that keeps track of MAC addresses attached to each of its ports so that data is only transmitted on the ports that are the intended recipient of the data.| |
| - | | World Wide Web (WWW) | Also known as "THE WEB" or W3.| | + | |Switched Network|A communications network, such as the public switched telephone network, in which any user may be connected to any other user through the use of message, circuit, or packet switching and control devices. Any network providing switched communications service.| |
| - | | Worm | A computer program that can run independently, | + | |Symbolic Links|Special files which point at another file.| |
| - | | WWW (World Wide Web) | The global, hypermedia-based collection of information (including text, audio, video, and graphics) and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.| | + | |Symmetric Cryptography|A branch of cryptography involving algorithms that use the same key for two different steps of the algorithm (such as encryption and decryption, or signature creation and signature verification). |
| - | | Zero Day | The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. | + | |Symmetric Key|A cryptographic key that is used in a symmetric cryptographic algorithm.| |
| - | | Zero-day Attack | A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. | + | |SYN Flood|A denial of service attack that sends a host more TCP SYN packets (request to synchronize sequence numbers, used when opening a connection) than the protocol implementation can handle.| |
| - | | Zombies | A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. | + | |Synchronization|Synchronization is the signal made up of a distinctive pattern of bits that network hardware looks for to signal that start of a frame.| |
| + | |Syslog|Syslog is the system logging facility for Unix systems.| | ||
| + | |System Security Officer (SSO) | A person responsible for enforcement or administration of the security policy that applies to the system.| | ||
| + | |System-specific Policy|A System-specific policy is a policy written for a specific system or device.| | ||
| + | |T1, T3|A digital circuit using TDM (Time-Division Multiplexing).| | ||
| + | |Tamper|To deliberately alter a system' | ||
| + | |TBC|To be confirmed.| | ||
| + | |TCP|Transmission Control Protocol.| | ||
| + | |:::|A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. | ||
| + | |TCP Fingerprinting|TCP fingerprinting is the user of odd packet header combinations to determine a remote operating system.| | ||
| + | |TCP Full Open Scan|TCP Full Open scans check each port by performing a full three-way handshake on each port to determine if it was open.| | ||
| + | |TCP Half Open Scan|TCP Half Open scans work by performing the first half of a three-way handshake to determine if a port is open.| | ||
| + | |TCP Wrapper| A software package which can be used to restrict access to certain network services based on the source of the connection; a simple tool to monitor and control incoming network traffic.| | ||
| + | |TCP/IP|A synonym for " | ||
| + | |TCPDump|TCPDump is a freeware protocol analyzer for Unix that can monitor network traffic on a wire.| | ||
| + | |Technical Vulnerability Assessment (TVA) | A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs.| | ||
| + | |Telnet|A TCP-based, application-layer, | ||
| + | |Threat|A potential for violation of security, which exists when there is a circumstance, | ||
| + | |Threat Assessment|A threat assessment is the identification of types of threats that an organization might be exposed to.| | ||
| + | |Threat Model|A threat model is used to describe a given threat and the harm it could to do a system if it has a vulnerability.| | ||
| + | |Threat Vector|The method a threat uses to get to the target.| | ||
| + | |Time to Live|A value in an Internet Protocol packet that tells a network router whether or not the packet has been in the network too long and should be discarded.| | ||
| + | |Tiny Fragment Attack|With many IP implementations it is possible to impose an unusually small fragment size on outgoing packets. | ||
| + | |TLS|Transport Layer Security.| | ||
| + | |:::|A protocol that ensures privacy between communicating applications and their users on the Internet. | ||
| + | |T& | ||
| + | |Token Ring|A token ring network is a local area network in which all computers are connected in a ring or star topology and a binary digit or token-passing scheme is used in order to prevent the collision of data between two computers that want to send messages at the same time.| | ||
| + | |Token-based Access Control | Token based access control associates a list of objects and their privileges with each user. (The opposite of list based.)| | ||
| + | |TOM|Target Operating Model.| | ||
| + | |Topology|The geometric arrangement of a computer system. Common topologies include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e., virtual, arrangement of the elements of a network. | ||
| + | |TOR|Terms of Reference.| | ||
| + | |Traceroute|Traceroute is a tool the maps the route a packet takes from the local machine to a remote destination.| | ||
| + | |Trade Secret|A Trade Secret is Information (including a formula, pattern, compilation, | ||
| + | |Transmission Control Protocol|TCP.| | ||
| + | |:::|A set of rules (protocol) used along with the Internet Protocol to send data in the form of message units between computers over the Internet. | ||
| + | |Transport Layer Security|TLS.| | ||
| + | |:::|A protocol that ensures privacy between communicating applications and their users on the Internet. | ||
| + | |TRB|Test Review Board.| | ||
| + | |Triple DES|A block cipher, based on DES, that transforms each 64-bit plain-text block by applying the Data Encryption Algorithm three successive times, using either two or three different keys, for an effective key length of 112 or 168 bits.| | ||
| + | |Triple-wrapped|S/ | ||
| + | |Trojan Horse|A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program.| | ||
| + | |Trunking|Trunking is connecting switched together so that they can share VLAN information between them.| | ||
| + | |Trust|Trust determine which permissions and what actions other systems or users can perform on remote machines.| | ||
| + | |Trusted Ports|Trusted ports are ports below number 1024 usually allowed to be opened by the root user.| | ||
| + | |TSBIA|Technical Service Baseline Impact Assessment.| | ||
| + | |Tunnel|A communication channel created in a computer network by encapsulating a communication protocol' | ||
| + | |TVA|Technical Vulnerability Assessment.| | ||
| + | |:::|A Technical Vulnerability Assessment is a key component of an organization’s Risk Assessment and Risk Management programs.| | ||
| + | |UAT|User Acceptance Testing.| | ||
| + | |UDF|User Defined Field.| | ||
| + | |UDP|User Datagram Protocol| | ||
| + | |:::|A communications protocol that, like TCP, runs on top of IP networks. | ||
| + | |UDP Scan|UDP scans perform scans to determine which UDP ports are open.| | ||
| + | |Underground Economy|The Underground Economy (sometimes known as black market or black economy) is trade, goods and services that are not part of the official economy of a country; this may be legal activities where taxes are not paid, or illegal activities, such as drug trafficking, | ||
| + | |Unicast|Broadcasting from host to host.| | ||
| + | |Uniform Resource Identifier|URI.| | ||
| + | |:::|The generic term for all types of names and addresses that refer to objects on the World Wide Web.| | ||
| + | |Uniform Resource Locator|URL.| | ||
| + | |:::|The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. | ||
| + | |UNIX|A popular multi-user, multitasking operating system developed at Bell Labs in the early 1970s. | ||
| + | |Unprotected Share|In Windows terminology, | ||
| + | |UPI|Unique Product Identifier.| | ||
| + | |URL|Uniform Resource Locator.| | ||
| + | |:::|The global address of documents and other resources on the World Wide Web. The first part of the address indicates what protocol to use, and the second part specifies the IP address or the domain name where the resource is located. | ||
| + | |User| A person, organization entity, or automated process that accesses a system, whether authorized to do so or not.| | ||
| + | |User Contingency Plan| User contingency plan is the alternative methods of continuing business operations if IT systems are unavailable.| | ||
| + | |User Datagram Protocol|UDP| | ||
| + | |:::|A communications protocol that, like TCP, runs on top of IP networks. | ||
| + | |Usenet|Usenet is an outdated term for a worldwide system of discussion groups, with comments passed among hundreds or thousands of machines. | ||
| + | |VDI|Virtual Desktop Infrastructure.| | ||
| + | |Virtual Private Network|VPN| | ||
| + | |:::|A restricted-use, | ||
| + | |Virus| A hidden, self-replicating section of computer software, usually malicious logic, that propagates by infecting - i.e., inserting a copy of itself into and becoming part of - another program. A virus cannot run by itself; it requires that its host program be run to make the virus active.| | ||
| + | |Voice Firewall|A physical discontinuity in a voice network that monitors, alerts and controls inbound and outbound voice network activity based on user-defined call admission control (CAC) policies, voice application layer security threats or unauthorized service use violations.| | ||
| + | |Voice Intrusion Prevention System|Voice IPS is a security management system for voice networks which monitors voice traffic for multiple calling patterns or attack/ | ||
| + | |VPN|Virtual Private Network.| | ||
| + | |:::|A restricted-use, | ||
| + | |W3|World Wide Web.| | ||
| + | |:::|The global, hypermedia-based collection of information (including text, audio, video, and graphics) and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.| | ||
| + | |W3C|World Wide Web Consortium| | ||
| + | |:::|The W3C is an international organization that develops Web standards.| | ||
| + | |WAR|Work Area Recovery.| | ||
| + | |War Chalking|War chalking is marking areas, usually on sidewalks with chalk, that receive wireless signals that can be accessed.| | ||
| + | |War Dialer|A computer program that automatically dials a series of telephone numbers to find lines connected to computer systems, and catalogues those numbers so that a cracker can try to break into the systems.| | ||
| + | |War Dialing|War dialing is a simple means of trying to identify modems in a telephone exchange that may be susceptible to compromise in an attempt to circumvent perimeter security.| | ||
| + | |Warez|Warez refers primarily to copyrighted works distributed without fees or royalties, and may be traded, in general violation of copyright law. The term generally refers to unauthorized releases by organized groups, as opposed to file sharing between friends.| | ||
| + | |Warm Disaster Recovery Site|It contains partially redundant hardware and software, with telecommunications, | ||
| + | |War Driving|War driving is the process of travelling around looking for wireless access point signals that can be used to get network access.| | ||
| + | |Web 2.0|Web 2.0 currently lacks a precise definition. | ||
| + | |Web of Trust|A web of trust is the trust that naturally evolves as a user starts to trust others' | ||
| + | |Web Server|A software process that runs on a host computer connected to the Internet to respond to HTTP requests for documents from client web browsers.| | ||
| + | |WEP|Wired Equivalent Privacy.| | ||
| + | |:::|A security protocol for wireless local area networks defined in the standard IEEE 802.11b.| | ||
| + | |WHOIS|An IP for finding information about resources on networks.| | ||
| + | |Wiki|Wiki (from the Hawaiian word for quickly) is a medium for collaboration that allows many people to participate in the production of a long-term knowledge repository or database, often devoted to a specific subject or field of interest. | ||
| + | |Windowing|A windowing system is a system for sharing a computer' | ||
| + | |Windump|Windump is a freeware tool for Windows that is a protocol analyzer that can monitor network traffic on a wire.| | ||
| + | |Wired Equivalent Privacy|WEP.| | ||
| + | |:::|A security protocol for wireless local area networks defined in the standard IEEE 802.11b.| | ||
| + | |Wireless Application Protocol|A specification for a set of communication protocols to standardize the way that wireless devices, such as cellular telephones and radio transceivers, | ||
| + | |Wiretapping|Monitoring and recording data that is flowing between two points in a communication system.| | ||
| + | |World Wide Web Consortium|W3C.| | ||
| + | |:::|The W3C is an international organization that develops Web standards.| | ||
| + | |World Wide Web|WWW.| | ||
| + | |:::|Also known as "THE WEB" or W3.| | ||
| + | |Worm|A computer program that can run independently, | ||
| + | |WWW|World Wide Web.| | ||
| + | |:::|The global, hypermedia-based collection of information (including text, audio, video, and graphics) and services that is available on Internet servers and is accessed by browsers using Hypertext Transfer Protocol and other information retrieval mechanisms.| | ||
| + | |Zero Day|The "Day Zero" or "Zero Day" is the day a new vulnerability is made known. | ||
| + | |Zero-day Attack|A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. | ||
| + | |Zombies|A zombie computer (often shortened as zombie) is a computer connected to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. | ||
glossary/start.1689604261.txt.gz · Last modified: 2023/07/17 14:31 by peter