Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
35 Cards in this Set
- Front
- Back
|
ACO
|
Authenticated ciphering offset
|
|
|
AES
|
Advanced Encryption Standard: A symmetric block cipher with a block size of 128 bits in which the key can be 128, 192, or 256 bits.
|
|
|
AIS
|
Automated Information System
|
|
|
Assurance
|
A measure of confidence that the features and architecture of an AIS accurately mediate and enforce the security policy. Grounds for confidence that an IT product or system meets it's security objectives.
|
|
|
Asymmetric Key Encryption
|
Cryptographic system that employs two keys, a public key and a private key. The public key is made available to anyone wishing to send an encryped message to an individual holding the corresponding private key of the public private key pair. Any message encrypted with one of these keys can be decrypted with the other. The private key is always kept private. It should not be possible to derive the private key from the public key.
|
|
|
Attack
|
The act of trying to bypass security controls on a system. An attack can be active, resulting in data modification, or passive, resulting in the release of data.
|
|
|
Blackbox test
|
Ethical hacking team has no knowledge of target network.
|
|
|
Block Cipher
|
A symmetric key algorithm that operates on a fixed-length block of plaintext and transforms it into a fixed-length block of ciphertext. A block cipher is obtained by segregating plaintext into blocks of n characters or bits and applying the same encryption algorithm and key to each block.
|
|
|
Blind signature
|
A form of digital signature where the signer is not privy to the content of the message.
|
|
|
BSI ISO/IEC 17799-2000,
BS 7799-I: 2000 |
Information technology -- Code of practice for information security management, British Standards Institution, London UK.
A standard intended to provide a comprehensive set of controls comprising best practices in information security." ISO refers to the International Organization for Standardization, and IEC is the International Electrotechnical Commission. |
|
|
BSA
|
Business Software Alliance: An international organization representing leading software and e-commerce developers in 65 countries around the world. BSA efforts include educating users about software copyrights; advocating for public policy that fosters innovation and expands trade opportunities; and fighting software piracy.
|
|
|
CA
|
Certification Authority: the official responsible for performing the comprehensive evaluation of the technical and non-technical security feature of an IT system and other safeguards, made in support of the accreditation process, to establish the extent that a particular design and implementation meet a set of specified security requirements.
|
|
|
Carnivore
|
A device used by the U.S. FBI to monitor ISP traffic.
|
|
|
CBC
|
Cipher Block Chaining is an encryption mode of the Data Encryption Standard (DES) that operates on plaintext blocks 64 bits in length.
|
|
|
CERT Coordination Center
|
A unit of the Carnegie Mellon University Software Engineering Institute (SEI). SEI is a federally funded R&D center. CERT's mission is to alert the Internet community to vulnerabilities and attacks and to conduct research and training in the areas of computer security including incident response.
|
|
|
Cipher
|
A cryptographic transformation that operates on characters or bits.
|
|
|
Ciphertext
|
An unintelligible encrypted message.
|
|
|
Cryptogram
|
An unintelligible encrypted message.
|
|
|
Closed Security Environment
|
An environment in which both of the following conditions hold true:
1. Application developers have sufficient clearances and authorizations to provide an acceptable presumption that they have not introduced malicious logic 2. Configuration control provides sufficient assurance that applications and equipment are protected against the introduction of malicious logic prior to and during the operation of system applications. |
|
|
Clustering
|
Situation in which a plaintext message generates identical ciphertext messages using the same transformation algorithm but with different cryptovariables or keys.
|
|
|
Codes
|
Cryptographic transformations that operate at the level of words or phrases.
|
|
|
COM
|
Common Object Model
A model that allows two oftwar components to communicate with each other independent of their platforms' operating systems and languages of implementation. |
|
|
COBRA
|
Common Object Request Broker Architecture:
|
|
|
CALEA
|
Communications Assistance for Law Enforcement Act of 1994:
An act that required all communications carriers to make wiretaps possible in ways approved by the FBI. |
|
|
COMSEC
|
Communications Security
Measures and controls taken to deny unauthorized persons information derived from telecommunications and to ensure the authenticity of such telecommunications. Communications security includes cryptosecurity, transmission security, emission security and physical security of COMSEC material and information. |
|
|
Compartment
|
A class of information that has need-to-know access controls beyond those normally provided for access to confidential, secret, or top-secret information.
|
|
|
Compensating Controls
|
A combination of controls, such as physical and technical or technical and administrative (or all three).
|
|
|
Composition model
|
An information security model that investigated the resulting security properties when subsystems are combined.
|
|
|
CSTVRP
|
Computer Security Technical Vulnerability Reporting Program.
A program that focuses on technical vulnerabilities in commercially available hardware, firmware, and software products acquired by the DoD, CSTVRP provides for the reporting, cataloging, and discrete dissemination of technical vulnerability and corrective measure information to DoD components on a need-to-know basis. |
|
|
Contamination
|
The intermixing of data at different sensitivity and need-to-know levels. The lower-level data is said to be contaminated by the higher-level data; thus, the contaminating (higher-level) data might not receive the require level of protection.
|
|
|
COTS
|
Commercial off-the-shelf
|
|
|
Covert Channel
|
A communications channel that enables two cooperating processes to transfer information in a manner that violates the system's security policy.
|
|
|
CRL
|
Certificate Revocation List
|
|
|
Cryptanalysis
|
Refers to the ability to "break" the cipher so that the encrypted message can be read. Cryptanalysis can be accomplished by exploiting weaknesses in the cipher or in some fashion determining the key.
|
|
|
Crypto-Algorithm
|
A well-defined procedure, sequence of rules, or steps used to produce a key stream or cyphertext from plaintext, and visa versa. A step-by-step procedure that is used to encipher plaintext and decipher ciphertext.
|
