Term
|
Definition
| Weaknesses in your computer network design and individual host configuration. |
|
|
Term
|
Definition
| The possibility of a malicious attack or other threat causing damage or downtime to a computer system. |
|
|
Term
|
Definition
| The identification, assessment, and prioritization of risks, and the mitigating and monitoring of those risks. |
|
|
Term
|
Definition
Information Assurance
The practice of managing risks that are related to computer
hardware and software systems. |
|
|
Term
|
Definition
| The risk that is left over after a security and disaster recovery plan have been implemented. |
|
|
Term
|
Definition
| The attempt to determine the amount of threats or hazards that could possibly occur in a given amount of time to your computers and networks. |
|
|
Term
| Qualitative Risk Assessment |
|
Definition
| An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network. |
|
|
Term
| Quantitative Risk Assessment |
|
Definition
| An assessment that measures risk by using exact monetary values. |
|
|
Term
|
Definition
| When a risk is reduced or eliminated altogether. |
|
|
Term
|
Definition
| The transfer or outsourcing of risk to a third party. Also known as risk sharing. |
|
|
Term
|
Definition
| When an organization avoids risk because the risk factor is too great. |
|
|
Term
|
Definition
| When an organization mitigates risk to an acceptable level. |
|
|
Term
|
Definition
| The amount of risk an organization is willing to accept. Also known as risk retention. |
|
|
Term
|
Definition
| The practice of finding and mitigating software vulnerabilities in computers and networks. |
|
|
Term
|
Definition
| Baselining of the network to assess the current security state of computers, servers, network devices, and the entire network in general. |
|
|
Term
|
Definition
| A method of evaluating the security of a system by simulating one or more attacks on that system. |
|
|
Term
|
Definition
Open Vulnerability and Assessment Language
A standard and a programming language designed to standardize the transfer of secure public information across networks and the Internet utilizing any security tools and services available. |
|
|
Term
|
Definition
| The study of physical and logical connectivity of networks. |
|
|
Term
|
Definition
| The act of scanning for weaknesses and susceptibilities in the network and on individual systems. |
|
|
Term
|
Definition
| Software used to decipher which ports are open on a host. |
|
|
Term
|
Definition
| Software tool used to capture and analyze packets. |
|
|
Term
|
Definition
| Software tool used to recover passwords from hosts or to discover weak passwords. |
|
|
Term
|
Definition
| A password attack that uses a prearranged list of likely words, trying each of them one at a time. |
|
|
Term
|
Definition
| A password attack where every possible password is attempted. |
|
|
Term
|
Definition
| A password attack uses a considerable set of precalculated encrypted passwords located in a lookup table. |
|
|
Term
|
Definition
| In password cracking, a set of precalculated encrypted passwords located in a lookup table. |
|
|
Term
|
Definition
| The randomization of the hashing process to defend against cryptanalysis password attacks and Rainbow Tables. |
|
|
