Upgrade to remove ads
Only $35.99/year

Official (ISC)² CSSLP - Chapter 1: Secure Software Concepts Domain

Terms in this set (18)

Algorithm
A clearly specified mathematical process for computation; a set of rules that, if followed, will give a prescribed result.
Asset
Anything of value may be considered an asset. Assets may be tangible or intangible.
Asymmetric Algorithm
A reference to cryptographic algorithms that rely on a mathematically related public-private key pair to perform encryption/decryption. Whichever key is used to encrypt a message, the other key must be used to decrypt the message. Aside from confidentiality, these algorithms may also be used for the purpose of key exchange and/or digital signatures.
Authentication
The process of verifying a subject's identity based on one or more authentication factors. Authentication follows identification.
Authorization
The process of determining the rights and permissions of subjects in regard to objects. Authorization follows authentication.
Countermeasure
A reference to physical, administrative, or technical security controls used to protect assets. Countermeasures are reactive in nature.
Cryptographic Hash Function
An algorithm (function) suited for use in cryptography and used to map input data of arbitrary length to a fixed size output. Good hash functions are one way, deterministic, and collision resistant.
Deterministic
A reference to hash functions that always produce the same digest from the same input data.
Digital Signature
A reference to cryptographic operations that, when implemented correctly, can provide assurance for data integrity, origin, and nonrepudiation.
Encryption Algorithm
Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key.
Identification
Claim of an identity by a subject.
Malware
Malicious software such as viruses, worms, or Trojans. Different malware may have different characteristics and deliver various payloads.
Safeguard
A reference to physical, administrative, or technical security controls used to protect assets. Safeguards are proactive in nature.
Software Development Lifecycle (SDLC)
A framework and a systematic process with associated tasks that are performed in a series of steps for building software applications. The lifecycle begins with planning and requirements gathering and ends with decommissioning and sunsetting the software.
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.
Recommended textbook explanations

Introduction to Algorithms

3rd EditionCharles E. Leiserson, Clifford Stein, Ronald L. Rivest, Thomas H. Cormen
709 explanations

Computer Organization and Design MIPS Edition: The Hardware/Software Interface

5th EditionDavid A. Patterson, John L. Hennessy
220 explanations

Engineering Electromagnetics

8th EditionJohn Buck, William Hayt
483 explanations

Introduction to the Theory of Computation

3rd EditionMichael Sipser
389 explanations