Term
Time-Based Model of Security |
|
Definition
Implementing a set of preventive, detective and corrective controls that enable an organization to recognize that an attack is occurring and take steps to thwart it before any assets have been compromised. If P>D+C then the system is effective. |
|
|
Term
|
Definition
Employing multiple layers of controls in order to avoid having a single point-of-failure. The use of overlapping, complementary, and redundant controls buys time for the organization to detect and react to attacks; it also increases effectiveness because even if one procedure fails or is circumvented, another may function as planned. |
|
|
Term
|
Definition
Verifying the identity of the person or device attempting to access the system |
|
|
Term
|
Definition
a physical characteristic (fingerprint, voice, etc.) used to authenticate the identity of a user. |
|
|
Term
Multifactor Authentication |
|
Definition
The use of two or more authentication methods (passwords, ID badges, biometrics, etc.) in conjunction to achieve a greater level of securtiy. |
|
|
Term
|
Definition
The empowerment of an employee to perform certain functions within an organization, such as to purchase or sell on behalf of the company. Can be either general or specific. General is when regular employees are authorized to handle routine transactions without special approval. Specific is when an employee must get special approval before handling a transaction. |
|
|
Term
|
Definition
An internally maintained table specifying which portions of the system users are permitted to access and what actions they can perform. Contains a list of user codes, a list of all files and programs maintained on the system, and a list of the accesses each user is authorized to make. |
|
|
Term
|
Definition
Checking to see whether a person attempting to access a particular information system resource is authorized to do so. The computer matches the user's authentication credentials against the access control matrix to determine whether the employee should be allowed to access that resource and perform the requested operation. |
|
|
Term
|
Definition
Using deception to obtain unauthorized access to information resources. Access is usually obtained by fooling an employee. |
|
|
Term
|
Definition
A device that connects an organization's informations system to the Internet. |
|
|
Term
|
Definition
A combination of security algorithms and router communication protocols that prevent outsiders from tapping into corporate databases and e-mail systems. |
|
|
Term
|
Definition
Placing the organization's Web servers and e-mail servers in a separate network that sits outside the corporate network but is accessible from the Internet. |
|
|
Term
Transmission Control Protocol/Internet Protocol (TCP/IP) |
|
Definition
The protocol enabling communications on the Internet. It creates what is called a packet-switching network. When a message is ready to be sent over the Internet, the TCP breaks it up into small packets. Each packet is then given a header, which contains the destination address, and the packets are then sent individually over the Internet. The IP uses the information in the packet header to guide the packets so that they arrive at the proper destination. Once there, the TCP reassembles the packets into the original message. |
|
|
Term
|
Definition
Special purpose devices that are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next. |
|
|
Term
Access Control List (ACL) |
|
Definition
A set of rules that determine which packets of information transmitted over a network, such as the Internet, are allowed entry and which are dropped. |
|
|
Term
|
Definition
A process that screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header. |
|
|
Term
Stateful Packet Filtering |
|
Definition
A technique employed by firewalls in which a table is maintained that lists all established connections between the organization's computers and the Internet. The firewall consults this table to determine whether an incoming packet is part of an ongoing communication initiated by an internal computer. |
|
|
Term
|
Definition
When the firewall examines the data in the body of an IP packet rather than only looking at the information in the IP header. |
|
|
Term
Intrusion Prevention Systems (IPS) |
|
Definition
A new type of filter designed to identify and drop packets that are part of an attack. |
|
|
Term
Remote Authentication Dial-In User Service (RADIUS) |
|
Definition
A standard method for verifying the identity of users attempting to connect via dial-in access. Users connect to a remote access server and submit their login credentials. The remote access server passes those credentials to the RADIUS server, which performs compatibility tests to authenticate the identity of that user. |
|
|
Term
|
Definition
Searching for an idle modem by programming a computer to dial thousands of phone lines. Finding an idle modem often enables a hacker to gain access to the network to which it is connected. |
|
|
Term
|
Definition
The workstations, servers, printers, and other devices that comprise the organizations network. |
|
|
Term
|
Definition
Flaws in programs which can be exploited to either crash the system or take control of it. |
|
|
Term
|
Definition
The process of turning off unnecessary program features. |
|
|
Term
|
Definition
The process of transforming normal text, called plain-text, into unreadable gibberish, called cipher-text. It is particularly important when confidential data is being transmitted from remote terminals because data transmission lines can be electronically monitored without the user's knowledge. |
|
|
Term
|
Definition
Normal text that hasn't been encrypted. |
|
|
Term
|
Definition
Plaintext that has been transformed into unreadable gibberish through the process of encryption. |
|
|
Term
|
Definition
Transforming ciphertext back into plaintext. |
|
|
Term
|
Definition
The process of storing a copy of an encryption key in a secure location. |
|
|
Term
Symmetric Encryption Systems |
|
Definition
Encryption systems that use the same key both to encrypt and decrypt. |
|
|
Term
Asymmetric Encryption Systems |
|
Definition
Asymmetric encryption systems use two keys. One key, called the public key, is widely distributed and available to everyone; the other, called the private key, is kept secret and known only to the owner of that pair of keys. Either the public or private key can be used to encrypt, but only the other key can decrypt the ciphertext. |
|
|
Term
|
Definition
A process that takes plaintext of any length and transforms it into a short code called a hash. |
|
|
Term
|
Definition
(1) A piece of data signed on a document by a computer. Cannot be forged and is useful in tracing authorization. (2) Information encrypted with the creator's private key. |
|
|
Term
|
Definition
An electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key. Contains that third party's public key. Thus they provide an automated method for obtaining an organization's or individual's public key. |
|
|
Term
Public Key Infrastructure (PKI) |
|
Definition
An approach to encryption that uses two keys: a public key that is publicly available and a private key that is kept secret and known only by the owner of that pair of keys. Either key (the public or the private) can be used to encode a message, but only the other key in that public-private pair can be used to decode that message. |
|
|
Term
|
Definition
An independent organization that issues public and private keys and records the public key in a digital certificate. |
|
|
Term
|
Definition
A cursive style imprint of a person's name that is applied to an electronic document. |
|
|
Term
|
Definition
The process of examining logs to monitor security. |
|
|
Term
Intrusion Detection Systems (IDS) |
|
Definition
A system that creates logs of all network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions. |
|
|
Term
|
Definition
Automated tools designed to identify whether a given system possesses any well-known vulnerabilities. |
|
|
Term
|
Definition
An authorized attempt by either an internal audit team or an external security consulting firm to break into the organization's information system. |
|
|
Term
Computer Emergency Response Team (CERT) |
|
Definition
A team responsible for dealing with major security incidents. |
|
|
Term
|
Definition
The set of instructions for taking advantage of a vulnerability. |
|
|
Term
|
Definition
Code released by software developers that fixes a particular vulnerability. |
|
|
Term
|
Definition
The process of regularly applying patches and updates to software used by the organization. |
|
|