Term
|
Definition
| A document that includes an organization's user account management guidelines. |
|
|
Term
|
Definition
| (annual loss expectancy) The total cost of a risk to an organization on an annual basis. |
|
|
Term
|
Definition
(Triple DES) A symmetric encryption
algorithm that encrypts data by processing
each block of data three times, using a
different DES key each time. |
|
|
Term
|
Definition
A family of specifications developed by the
IEEE for wireless LAN technology. |
|
|
Term
|
Definition
A fast, secure, but relatively expensive
protocol for wireless communication. The
802.11a protocol supports speeds up to 54
Mbps in the 5 GHz frequency. |
|
|
Term
|
Definition
A wireless communication protocol that
improves upon 802.11n by adding wider
channels to increase bandwidth. |
|
|
Term
|
Definition
The first specification to be called Wi-Fi, 802.11b is the least expensive wireless
network protocol used to transfer data
among computers with wireless network
cards, or between a wireless computer or
device and a wired LAN. The 802.11 b
protocol provides for an 11 Mbps transfer
rate in the 2.4 GHz frequency. |
|
|
Term
|
Definition
A specification for wireless data
throughput at the rate of up to 54 :Mbps in the 2.4 GHz band that is a potential
replacement for 802.11 b. |
|
|
Term
|
Definition
A wireless standard for home and business
implementations that adds QoS features
and multimedia support to 802.11 a and
802.11b. |
|
|
Term
|
Definition
An IEEE standard used to provide a port-based
authentication mechanism over a
LAN or wireless LAN. |
|
|
Term
|
Definition
In security terms, the process of
determining and assigning privileges to
various resources, objects, and data. |
|
|
Term
|
Definition
The practice of linking a single account
across many different management
systems. |
|
|
Term
|
Definition
A common term used to refer to the
processes, functions, and policies used to effectively manage user accounts within an organization. |
|
|
Term
|
Definition
In social networking, an attack where an
attacker creates an account and gets on the friends list of an individual just to obtain information about the individual
and their circle of friends or colleagues. |
|
|
Term
|
Definition
A document that includes an organization's
user account management guidelines. |
|
|
Term
|
Definition
Permissions granted to users that allow
them to perform various actions such as
creating, deleting, and editing files, and also accessing systems and services on the
network. |
|
|
Term
|
Definition
In security terms, the process of
determining who to hold responsible for a
particular activity or event. |
|
|
Term
|
Definition
In security terms, the process of tracking
and recording system activities and
resource access. |
|
|
Term
|
Definition
(Access Control List) In a DAC access
control scheme, this is the list that is
associated with each object, specifying the subjects that can access the object and their levels of access. |
|
|
Term
|
Definition
The standards-based directory service from
Microsoft that runs on Microsoft Windows
servers. |
|
|
Term
|
Definition
Software that automatically displays or
downloads advertisements when it is used. |
|
|
Term
|
Definition
(Advanced Encryption Standard) A
symmetric 128-, 192-,or 256-bit block
cipher based on the Rijndael algorithm
developed by Belgian cryptographers Joan
Daemen and Vincent Rijmen and adopted
by the U.S. government as its encryption
standard to replace DES. |
|
|
Term
|
Definition
(annual loss expectancy) The total cost of a
risk to an organization on an annual basis. |
|
|
Term
| all-in-one security appliance |
|
Definition
A single network device that is used to
perform a number of security functions to
secure a network. |
|
|
Term
|
Definition
A monitoring system that uses a database
of unacceptable traffic patterns identified
by analyzing traffic flows. |
|
|
Term
|
Definition
A category of software programs that scan
a computer or network for known viruses,
Trojans, worms, and other malicious
software. |
|
|
Term
|
Definition
A program that will detect specific words
that are commonly used in spam messages. |
|
|
Term
|
Definition
Software that is specifically designed to
protect systems against spyware attacks. |
|
|
Term
|
Definition
An application that scans files for
executable code that matches specific
patterns that are known to be common to
viruses. |
|
|
Term
|
Definition
(application programming interface) A
mechanism that defines how software
elements interact with each other. |
|
|
Term
|
Definition
Attacks that are targeted at web-based and
other client-server applications. |
|
|
Term
|
Definition
A network device that manages
information about any application that
connects to it. |
|
|
Term
|
Definition
The practice of preventing undesirable
programs from running on a computer,
computer network, or mobile device. |
|
|
Term
|
Definition
The practice of allowing approved programs to run on a computer, computer network, or
mobile device. |
|
|
Term
|
Definition
An attack that exploits an application
vulnerability into allowing the attacker to execute commands on a user's computer. |
|
|
Term
|
Definition
A file property that essentially indicates
whether the file has been modified since the last back up. |
|
|
Term
|
Definition
| A virus that is able to conceal its location or otherwise render itself harder to detect by anti-malware programs. |
|
|
Term
|
Definition
(annual rate of occurrence) How many times
per year a particular loss is expected to occur. |
|
|
Term
|
Definition
(Address Resolution Protocol) The mechanism
by which individual hardware MAC addresses
are matched to an IP address on a network. |
|
|
Term
|
Definition
| A method in which an attacker with access to the target network redirects an IP address to the MAC address of a computer that is not the intended recipient. |
|
|
Term
|
Definition
A two-way encryption scheme that uses pa.iced
private and public keys. |
|
|
Term
|
Definition
An attack where the attacker can merge
malicious software or code into a
downloadable file or attachment on an
application server so that users download and execute it on client systems. |
|
|
Term
|
Definition
Any technique that is used to exploit a
vulnerability in any application on a computer system without the authorization to do so. |
|
|
Term
|
Definition
| The portion of a system or application that is exposed and available to attackers. |
|
|
Term
|
Definition
A term for users who gain unauthorized access
to computers and networks for malicious
purposes. |
|
|
Term
|
Definition
| The final phase of a hack in which the attacker steals data, disrupts traffic, or damages systems. |
|
|
Term
|
Definition
The practice of examining logs of what was
recorded in the accounting process. |
|
|
Term
|
Definition
| In security teems, the process of validating a particular individual or entity's unique credentials. |
|
|
Term
|
Definition
| In security teems, the process of determining what rights and privileges a particular entity has. |
|
|
Term
|
Definition
The fundamental security goal of ensuring that systems operate continuously and that
authorized persons can access data that they need. |
|
|
Term
|
Definition
| A mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication. |
|
|
Term
|
Definition
| A type of attack where the attacker creates a software mechanism to gain access to a system and its resources. This can involve software or a bogus user account. |
|
|
Term
|
Definition
A documented plan that Incdudes specific
procedures and processes that are applied in the event that a change or modification made to a system must be undone. |
|
|
Term
|
Definition
A collection of security and configuration
settings that a.re to be applied to a particular system or network in the organization. |
|
|
Term
|
Definition
| (business continuity plan) A policy that defines how normal day-to-day business will be maintained in the event of a business disruption or crisis. |
|
|
