Upgrade to remove ads
Only $2.99/month

SEC 6060 Glossary

Terms in this set (164)

acceptance ( risk control strategy)
The choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
access control lists ( ACLs)
Lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system.
acceptance ( risk control strategy)
The choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
access control lists
( ACLs) Lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system.
adverse event
An event with negative consequences.
after action review ( AAR)
A detailed examination of the events that occurred during an incident. In incident response, a detailed examination of the events that occurred, from first detection to final recovery, in which all team members review their actions during the incident and identify areas where the IR plan worked, didn't work, or should be improved.
alert message
A scripted description of the disaster that, to avoid impeding the notification process, consists of just enough information so that each responder knows what portion of the DR plan to implement.
anomaly based intrusion detection and prevention system
A type of IDPS that collects statistical summaries of known valid traffic, then compares current traffic against it in order to detect questionable traffic.
anti forensic
s An attempt made by those who may become subject to digital forensic techniques to obfuscate or hide items of evidentiary value.
application based intrusion detection and prevention system ( AppIDPS)
A type of IDPS that monitors an application for abnormal events.
archive
A long term storage of a document or data file, usually for legal or regulatory purposes.
assembly area ( AA)
An area where people should gather in the event of a specific type of emergency, to facilitate a quick head count.
attack
An intentional or unintentional attempt to cause damage to or otherwise compromise the information or the systems that support it.
auxiliary phone alert and reporting system
An information system with a telephony interface that can be used to automate the alert process.
Availability
The situation in which information assets are able to be accessed in the specified format without interference or obstruction.
behavior based intrusion detection and prevention system
The basic approach is to use machine learning to create a model of trustworthy activity, and then compare new behavior against this model. Although this approach enables the detection of previously unknown attacks, it suffers from false positives: previously unknown legitimate activity may also be classified as malicious.
business continuity
The rapid relocation of an organization's critical business functions to an alternate location until such time as the organization is able to return to the primary site or relocate to a new permanent facility.
business continuity plan ( BC plan)
A plan that describes how, in the event of a disaster, critical business functions will continue at an alternate location while the organization recovers its ability to function at the primary site— as supported by the DR plan.
business continuity planning
The process of completing a set of specialized team plans documenting the backup, continuity strategies, and associated actions needed to restore or relocate a business.
business crisis
A significant business disruption with a direct impact on the lives, health, and welfare of an organization and its employees.
business impact analysis ( BIA)
A formal investigation and assessment of the impact that various attacks can have on the organization.
business resumption plan ( BR plan)
A single planning document incorporating both the DR plan and the BC plan in order to reduce the effort and cost needed to prepare separate plans.
business resumption planning
A planning approach merging disaster recovery and business continuity.
C. I. A. triangle
The three most critical characteristics of information used within information systems: confidentiality, integrity, and availability.
clipping level
The level at which an intrusion detection and prevention system triggers an alert.
cold site
An exclusive use resumption strategy that provides only rudimentary services and facilities; no computer hardware or peripherals are provided. All communication services must be installed after the site is occupied, and frequently there are no quick recovery or data duplication functions to the site.
computer forensics
The use of forensic techniques when the source of evidence is a computer system.
computer security incident response team ( CSIRT)
In larger organizations, consortia of organizations, or public agencies, the set of people, policies, procedures, technologies, and information necessary to detect, react, and recover from an incident that could potentially result in unwanted modification, damage, destruction, or disclosure of the organization's information; in other organizations, a loose or informal association of IT and InfoSec staffers who are called up if an attack on the information assets within the scope of the CSIRT is detected.
confidentiality
The situation in which only those persons or computer systems with the rights and privileges to access an information asset are able to do so.
configuration rules
The specific configuration codes entered into security systems to guide the execution of the system when information is passing through it.
contingency plan
A planning mechanism used to anticipate, react to, and recover from events that threaten the security of information and information assets in the organization; also used to restore the organization to normal modes of business operations.
contingency planning management team ( CPMT)
Collection of individuals responsible for the overall planning and development of the contingency planning process.
Control
A security mechanism, policy, or procedure that can successfully counter attacks, reduce risk, resolve vulnerabilities, and generally improve the security within an organization.
copy backup
A backup of a set of specified files, regardless of whether they have been modified or otherwise flagged for backup.
crisis management ( CM)
The set of actions taken by an organization in response to an emergency situation in an effort to minimize injury or loss of life, preserve the image and market share of the organization, and complement a disaster recovery and/ or business continuity process.
crisis management planning ( CMP)
The process of preparing for, responding to, recovering from, and managing communications during a crisis.
crisis management planning committee
The group charged with analyzing vulnerabilities, evaluating existing plans, and developing and implementing the comprehensive CM program.
cross training
The process of ensuring that every employee is trained to perform at least part of the job of another employee.
Common Vulnerabilities and Exposures (CVE)
a dictionary of publicly known information security vulnerabilities and exposures.
daily backup
A backup of only the files that were modified on a particular day— that is, a date specific incremental backup.
data backup
A redundant storage of a document or data file, typically a snapshot of the data from a specific point in time. The most commonly used varieties of data backup are online backup, disk backup, and tape backup.
data classification schemes
Procedures that require organizational data to be classified into mutually exclusive categories based on the need to protect the confidentiality of each category of data.
database shadowing
The storage of duplicate online transaction data, along with the duplication of the databases at the remote site on a redundant server. It combines e vaulting with remote journaling, writing multiple copies of the database simultaneously in two separate locations.
de facto standards
Informally applied standards that may be part of organizational culture or promulgated within established policy.
de jure standards
Formal standards that may be published, scrutinized, and ratified by a group.
defense ( risk control strategy)
Attempts to prevent the exploitation of the vulnerability by means of countering threats, removing vulnerabilities in assets, limiting access to assets, and adding protective safeguards. This approach is sometimes referred to as avoidance.
degraded mode
A practice of continuing operations under adverse or suboptimum conditions.
denial of service ( DoS) attack
When an attacker's action prevents the legitimate users of a system or network from using it.
differential backup
The storage of all files that have changed or been added since the last full backup.
digital forensics
The use of forensic techniques when the source of evidence is a digital electronic device.
disaster recovery plan ( DR plan)
A plan that deals with the preparation for and recovery from a disaster, whether natural or man made.
disaster recovery planning ( DRP)
The preparation for and recovery from a disaster, whether natural or man made, focused on restoring operations back at an organization's primary site or at a new permanent site.
disaster recovery policy
The organization wide, businessfocused policy document, established at the highest level of the organization and then passed down to guide the organization's preparation of disaster recovery processes and plans.
disaster scenario
A description of the disasters that may befall an organization, along with information on their probability of occurrence, a brief description of the organization's actions to prepare for that disaster, and the best case, worst case, and most likely case outcomes of the disaster.
discovery
The legal component of civil law whereby one party can obtain evidence from the opposing party through specific requests for information, which usually requires formal legal requests, such as subpoenas.
disk mirroring
RAID Level 1, which uses twinned drives in a computer system, recording all data to both drives simultaneously, providing a backup if the primary drive fails.
disk striping
A process of dividing data being stored on a disk drive array into smaller quantities, each of which is stored on a different physical hard disk drive. It may be implemented with or without parity.
disk striping with parity
Implementation of disk striping in which parity information is appended to each sub divided quantity of data to facilitate data recovery in the event of a drive failure.
disk striping without parity
Implementation of disk striping in which parity information is not appended to each sub divided quantity of data to multiple drives to be considered virtually as a single, larger drive without data redundancy.
distributed denial of service ( DDoS) attack
The denial of others' ability to use a targeted computer's service resulting from the use of multiple attacking systems to simultaneously attack and overwhelm a single target.
DNS cache poisoning
An attack against a DNS server that injects false data into the DNS environment so that the service responds to all requests for address resolution with an answer of the attacker's choosing.
eDiscovery
The search for, collection, and review of items stored in electronic ( or, more precisely, digital) format that are of potential evidentiary value based on criteria specified by a legal team.
electronic vaulting
The bulk transfer of data in batches to an off site facility, usually conducted via leased lines, data communications services provided for a fee, or online/ cloud backup.
employee assistance program ( EAP)
A program that provides a variety of counseling services to assist employees in coping with the changes in life resulting from surviving a crisis.
enterprise information security policy ( EISP)
The critical element of information security policy that is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.
event
Any observable occurrence in a system or network deemed to be of interest to system administrators.
evidentiary material
Information, graphics, images, or any other physical or electronic item that could have value as evidence in a legal proceeding.
Exploit
( 1) Threat agents are said to exploit a system or information asset by using it illegally for their personal gains. ( 2) Threat agents can create an exploit, or means to target a specific vulnerability, usually found in software, to formulate an attack.
false negative
An alert in which an event or incident that deserves attention goes unreported.
false positive
An alert in which an event or incident gets attention by being reported when no actual risk is involved; sometimes called a false alarm.
full backup
A full and complete copy of the entire system being protected. May include only data or may include all applications, operating systems components, and data.
guest machine
A hosted operating system or platform running on a host machine.
head count
The process of accounting for all personnel— that is, determining each individual's whereabouts— during an emergency.
Honeypot
A type of trap and trace system that is configured to resemble production systems, in an attempt to draw attackers to it and away from actual production systems.
horizontal job rotation
The movement of employees among positions at the same organizational level rather than through progression and promotion.
host platform
The physical server ( and operating system) that the virtualization application and all virtual machines run on.
host based intrusion detection and prevention system ( HIDPS)
A type of IDPS that monitors a single system for signs of attack.
hot site
An exclusive site resumption strategy that consists of a fully configured computer facility, with all services, communications links, and physical plant operations, capable of establishing operations at a moment's notice. Hot sites duplicate computing resources ( servers, appliances, and support computers), peripherals, phone systems, applications, and workstations.
hot swapped
A specialized hard drive implementation that can be replaced without taking the entire disk storage system offline.
hypervisor
The specialized software that enables the virtual machine to operate on the host platform.
inappropriate use ( IU)
A category of incidents that covers a spectrum of violations made by authorized users of a system who nevertheless use the system in ways specifically prohibited by management. These are predominantly characterized as a violation of policy rather than an effort to abuse existing systems.
incident
An adverse event that presents risk to the confidentiality, integrity, or availability of ongoing operations of an organization.
incident candidate
An adverse event that is a possible incident.
incident classification
The process of evaluating the circumstances of reported events.
incident containment
The process by which the CSIRT or system operators act to limit the scale and scope of an incident as it begins to regain control over the organization's information assets.
incident damage assessment
The initial determination of the scope of the breach of confidentiality, integrity, and availability of information and information assets.
incident recovery
The process of reestablishing the preincident status of all organizational systems.
incident response plan
( IR plan) A plan that identifies the actions an organization can, and perhaps should, take while an incident is in progress.
incremental backup
The storage of a copy of the files ( data) that have been modified since the last backup.
information security
( InfoSec) The protection of the confidentiality, integrity, and availability of information, whether in storage, during processing, or in transmission, through the application of policy, education and training, and technology.
information security policy
Written statements providing rules for the protection of the information assets of the organization.
integrity
The state in which information assets are not exposed ( while being stored, processed, or transmitted) to corruption, damage, destruction, or other disruption of their authentic state; in other words, the information is whole, complete, and uncorrupted.
intellectual property
( IP) The ownership of ideas and control over the tangible or virtual representation of those ideas.
intrusion
Access by an unauthorized entity to a system thought to be protected from such access.
intrusion detection and prevention system ( IDPS)
A collection of hardware, software, or a combination of both that determines whether activity is present that is contrary to organization policy.
intrusion detection system ( IDS)
The hardware, software, or a combination of both that determines when an intrusion occurs and notifies appropriate personnel but takes no other action.
intrusion prevention system ( IPS)
The hardware, software, or a combination of both that determines when an intrusion occurs and takes pre determined steps to combat it.
IR reaction strategies
Procedures for regaining control of systems and restoring operations to normalcy.
issue specific security policy ( ISSP)
An element of information security policy that addresses specific areas of technology and contains a statement about the organization's position on a specific issue.
job rotation
The movement of employees from one position to another so they can develop additional skills and abilities.
knowledge based intrusion detection and prevention system
A type of IDPS that uses signature matching; looks for predefined patterns of characters to identify malware.
Likelihood
The probability that a specific vulnerability within an organization will be successfully attacked.
log file monitor
A type of IDPS that reviews log files generated by servers, network devices, and other IDPSs.
malicious code
Program code designed to damage, destroy, or deny service to the target systems.
malicious software
Program designed to damage, destroy, or deny service to the target systems.
man made disasters
Those disasters caused by mankind, including acts of terrorism ( cyberterrorism or hactivism), acts of war, and acts that begin as incidents and escalate into disasters.
mirror port
(Also SPAN port) is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed..mirrored site The ultimate in hot sites, identical to the primary site and including live or periodic data transfers.
mission statement
A written statement of an organization's purpose.
mitigation ( risk control strategy)
Attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. This approach includes contingency planning and its functional components.
mutual agreement
A shared site resumption strategy that consists of a contract between two organizations stipulating that each organization is obligated to provide the necessary facilities, resources, and services until the receiving organization is able to recover from the disaster.
natural disasters
Those disasters caused by natural occurrences, such as fire, flood, earthquake, lightning, landslide, tornado, hurricane, tornado, tsunami, electrostatic discharge, dust, or excessive rainfall.
need to know
A prerequisite that access to protected information is required by an entity to perform an assigned role or task regardless of the entity's security clearance. Authentication should require both the proper level of clearance and a need to know.
network attached storage ( NAS)
An advance in data storage and recovery that, unlike direct attached storage, is commonly a single device or server that attaches to a network and uses common communications methods to provide an online storage environment.
network based intrusion detection and prevention system ( NIDPS)
A type of IDPS that monitors network traffic for indications of attacks.
noise
An event that does not rise to the level of an incident.
National Vulnerability Database (NVD)
is the U.S. government repository of standards based vulnerability management . This data enables automation of vulnerability management, security measurement, and compliance. NVD includes databases of security checklists, security related software flaws, misconfigurations, product names, and impact metrics.
policy
A plan or course of action used by an organization to convey instructions from its senior management to those who make decisions, take actions, and perform other duties on behalf of the organization.
Precursor
An activity currently underway that may signal an incident that will occur in the future.
rapid onset disasters
Those disasters that occur suddenly, with little warning, taking the lives of people and destroying the means of production.
recovery phase
The phase of the disaster response plan associated with the recovery of the most time critical business functions, those necessary to reestablish business operations and prevent further economic and image loss to the organization.
redundant array of inexpensive disks ( RAID)
A system that uses a number of hard drives to store information across multiple drive units.
redundant personnel
Those individuals who are hired above and beyond the minimum number of personnel needed to perform a business function in order to insure sufficient coverage of critical functions in the event of need.
remote journaling ( RJ)
The transfer of live transactions to an off site facility in close to real time; developed by IBM in 1999.
residual risk
The risk that remains to the information asset even after the existing control has been applied.
response phase
The phase of the disaster response process associated with implementing the initial reaction to a disaster; focused on controlling or stabilizing the situation to the degree possible.
restoration phase
The phase of the disaster response process associated with the operations necessary to rebuild the facilities and fully reestablish all operations at the organization's primary facilities.
retention schedule
Timetable of events that guides the frequency of replacement and the duration of data storage, for both data backups and archives.
risk assessment
A formal process to assess the relative risk for each identified vulnerability.
risk control
The process of applying controls to reduce the risks to an organization's data and information systems.
risk identification
The process of examining, documenting, and assessing the security posture of an organization's information technology and the risks it faces.
risk management
The process of identifying vulnerabilities in an organization's information systems and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of all the components.
root cause analysis
The determination of the initial flaw or vulnerability that allowed the incident to occur, done by examining the systems, networks, and procedures that were involved.
security clearance
A means of classifying personnel with respect to information security, resulting in various levels of access to confidential materials.
service bureau
A shared site resumption strategy in which a service agency provides physical facilities in the event of a disaster, for a fee.
service level agreement ( SLA)
A legal agreement or contract between two parties that specifies the type and duration of services that will be provided from one party to the other.
signature matching
Comparing current activity against a library of known malicious activity, for purposes of detecting an attack.
signature based intrusion detection and prevention system
A type of IDPS that uses signature matching; looks for predefined patterns of characters to identify malware.
slow onset disasters
Those disasters that occur over time and slowly deteriorate the organization's capacity to withstand their effects.
smoldering crisis
Any serious business problem, which is not generally known about within or without the company, that may generate negative news coverage if or when it goes public and could result in more than a predetermined amount in fines, penalties, legal damage awards, unbudgeted expenses, or other costs.
Standards
Detailed statements of what must be done to comply with policy.
storage area networks ( SANS)
An advance in data storage and recovery that uses fiber channel direct connections between the systems needing the additional storage and the storage devices themselves.
strategic planning
The process of moving the organization toward its vision.
succession planning
A process that enables an organization to cope with any loss of personnel with a minimum degree of disruption to the functionality of the organization, by predefining the promotion of internal personnel, usually by the current incumbents of identified positions.
sudden crisis
A disruption in the company's business that occurs without warning and is likely to generate news coverage and may adversely impact employees, investors, customers, suppliers, and other stakeholders.
switched port analysis ( SPAN Port)
is a method of monitoring network traffic. With port mirroring enabled, the switch sends a copy of all network packets seen on one port (or an entire VLAN) to another port, where the packet can be analyzed..
systems diagramming
Common approach in the discipline of systems analysis and design, used to understand how systems operate, chart process flows, and interdependencies.
systems specific security policies ( SysSPs)
Elements of information security policy that are frequently codified as standards and procedures to be used when configuring or maintaining systems.
task rotation
A personnel practice functionally similar to job rotation but only involving the rotation of a portion of a job.
termination ( risk control strategy)
Removal of the asset or function from the environment that represents risk.
threat assessment
A formal process to assess potential threats' potential to endanger the organization.
threat agent
A specific and identifiable instance of a general threat that exploits vulnerabilities set up to protect the asset.
time share
A shared site resumption strategy that operates like a hot, warm, or cold site but is leased in conjunction with a business partner or sister organization.
transferal ( risk control strategy)
Attempt to shift the risk to other assets, other processes, or other organizations. This may be accomplished through rethinking how services are offered, revising deployment models, outsourcing to other organizations, purchasing insurance, or implementing service contracts with providers.
trap and trace
A system that combines resources to detect an intrusion, then trace it back to the source.
unauthorized access
( UA) A circumstance in which an individual, an application, or another program, through access to the operating systems or application programming interface ( API), attempts to and/ or gains access to an information asset without explicit permission or authorization.
vertical job rotation
The ability of one employee to perform the task of a lower level ( or higher level) employee in an emergency, usually on the basis of previous job experience.
virtual machine
A hosted operating system or platform running on a host machine.
virtual machine monitor
The specialized software that enables the virtual machine to operate on the host platform..
virtualization
The development and deployment of virtual rather than physical implementations of systems and services.
vision statement
A written statement about the organization's goals.
vulnerability
A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised ( accidentally triggered or intentionally exploited) and result in a security breach or violation of the system's security policy.
war gaming
A simulation of attack and defense activities using realistic networks and information systems, with the exercise of IR plans being an important element.
warm site
An exclusive site resumption strategy that provides some of the same services and options as a hot site, but the software applications are typically not included, installed, or configured. A warm site does frequently include computing equipment and peripherals with servers, but not client workstations.
well known vulnerabilities
Those vulnerabilities that have been examined, documented, and published.
YOU MIGHT ALSO LIKE...