Term
| Time-Based Model of Security |
|
Definition
| Implementing a set of preventive, detective and corrective controls that enable an organization to recognize that an attack is occurring and take steps to thwart it before any assets have been compromised. If P>D+C then the system is effective. |
|
|
Term
|
Definition
| Employing multiple layers of controls in order to avoid having a single point-of-failure. The use of overlapping, complementary, and redundant controls buys time for the organization to detect and react to attacks; it also increases effectiveness because even if one procedure fails or is circumvented, another may function as planned. |
|
|
Term
|
Definition
| Verifying the identity of the person or device attempting to access the system |
|
|
Term
|
Definition
| a physical characteristic (fingerprint, voice, etc.) used to authenticate the identity of a user. |
|
|
Term
| Multifactor Authentication |
|
Definition
| The use of two or more authentication methods (passwords, ID badges, biometrics, etc.) in conjunction to achieve a greater level of securtiy. |
|
|
Term
|
Definition
| The empowerment of an employee to perform certain functions within an organization, such as to purchase or sell on behalf of the company. Can be either general or specific. General is when regular employees are authorized to handle routine transactions without special approval. Specific is when an employee must get special approval before handling a transaction. |
|
|
Term
|
Definition
| An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform. Contains a list of user codes, a list of all files and programs maintained on the system, and a list of the accesses each user is authorized to make. |
|
|
Term
|
Definition
| Checking to see whether a person attempting to access a particular information system resource is authorized to do so. The computer matches the user's authentication credentials against the access control matrix to determine whether the employee should be allowed to access that resource and perform the requested operation. |
|
|
Term
|
Definition
| Using deception to obtain unauthorized access to information resources. Access is usually obtained by fooling an employee. |
|
|
Term
|
Definition
| A device that connects an organization's informations system to the Internet. |
|
|
Term
|
Definition
| A combination of security algorithms and router communication protocols that prevent outsiders from tapping into corporate databases and e-mail systems. |
|
|
Term
|
Definition
| Placing the organization's Web servers and e-mail servers in a separate network that sits outside the corporate network but is accessible from the Internet. |
|
|
Term
| Transmission Control Protocol/Internet Protocol (TCP/IP) |
|
Definition
| The protocol enabling communications on the Internet. It creates what is called a packet-switching network. When a message is ready to be sent over the Internet, the TCP breaks it up into small packets. Each packet is then given a header, which contains the destination address, and the packets are then sent individually over the Internet. The IP uses the information in the packet header to guide the packets so that they arrive at the proper destination. Once there, the TCP reassembles the packets into the original message. |
|
|
Term
|
Definition
| Special purpose devices that are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next. |
|
|
Term
| Access Control List (ACL) |
|
Definition
| A set of rules that determine which packets of information transmitted over a network, such as the Internet, are allowed entry and which are dropped. |
|
|
Term
|
Definition
| A process that screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header. |
|
|
Term
| Stateful Packet Filtering |
|
Definition
| A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet. The firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer. |
|
|
Term
|
Definition
| When the firewall examines the data in the body of an IP packet rather than only looking at the information in the IP header. |
|
|
Term
| Intrusion Prevention Systems (IPS) |
|
Definition
| A new type of filter designed to identify and drop packets that are part of an attack. |
|
|
Term
| Remote Authentication Dial-In User Service (RADIUS) |
|
Definition
| A standard method for verifying the identity of users attempting to connect via dial-in access. Users connect to a remote access server and submit their login credentials. The remote access server passes those credentials to the RADIUS server, which performs compatibility tests to authenticate the identity of that user. |
|
|
Term
|
Definition
| Searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected. |
|
|
Term
|
Definition
| The workstations, servers, printers, and other devices that comprise the organizations network. |
|
|
Term
|
Definition
| Flaws in programs which can be exploited to either crash the system or take control of it. |
|
|
Term
|
Definition
| The process of turning off unnecessary program features. |
|
|
Term
|
Definition
| The process of transforming normal text, called plain-text, into unreadable gibberish, called cipher-text. It is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be electronically monitored without the user's knowledge. |
|
|
Term
|
Definition
| Normal text that hasn't been encrypted. |
|
|
Term
|
Definition
| Plaintext that has been transformed into unreadable gibberish through the process of encryption. |
|
|
Term
|
Definition
| Transforming ciphertext back into plaintext. |
|
|
Term
|
Definition
| The process of storing a copy of an encryption key in a secure location. |
|
|
Term
| Symmetric Encryption Systems |
|
Definition
| Encryption systems that use the same key both to encrypt and decrypt. |
|
|
Term
| Asymmetric Encryption Systems |
|
Definition
| Asymmetric encryption systems use two keys. One key, called the public key, is widely distributed and available to everyone; the other, called the private key, is kept secret and known only to the owner of that pair of keys. Either the public or private key can be used to encrypt, but only the other key can decrypt the ciphertext. |
|
|
Term
|
Definition
| A process that takes plaintext of any length and transforms it into a short code called a hash. |
|
|
Term
|
Definition
| (1) A piece of data signed on a document by a computer. Cannot be forged and is useful in tracing authorization. (2) Information encrypted with the creator's private key. |
|
|
Term
|
Definition
| An electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key. Contains that third party's public key. Thus they provide an automated method for obtaining an organization's or individual's public key. |
|
|
Term
| Public Key Infrastructure (PKI) |
|
Definition
| An approach to encryption that uses two keys: a public key that is publicly available and a private key that is kept secret and known only by the owner of that pair of keys. Either key (the public or the private) can be used to encode a message, but only the other key in that public-private pair can be used to decode that message. |
|
|
Term
|
Definition
| An independent organization that issues public and private keys and records the public key in a digital certificate. |
|
|
Term
|
Definition
| A cursive style imprint of a person's name that is applied to an electronic document. |
|
|
Term
|
Definition
| The process of examining logs to monitor security. |
|
|
Term
| Intrusion Detection Systems (IDS) |
|
Definition
| A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions. |
|
|
Term
|
Definition
| Automated tools designed to identify whether a given system possesses any well-known vulnerabilities. |
|
|
Term
|
Definition
| An authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's information system. |
|
|
Term
| Computer Emergency Response Team (CERT) |
|
Definition
| A team responsible for dealing with major security incidents. |
|
|
Term
|
Definition
| The set of instructions for taking advantage of a vulnerability. |
|
|
Term
|
Definition
| Code released by software developers that fixes a particular vulnerability. |
|
|
Term
|
Definition
| The process of regularly applying patches and updates to software used by the organization. |
|
|
