Glossary for my CISSP Preparation - Source: Glossary from CISSP for dummies
AAA: shorthand for the system controls Authentification, Authorization and Accountability
Abstraction : A process that involves viewing an application from its highest-level functions, wish makes lower-level functions abstract.
Access Control: The capability to permit or deny the use of an object (a passive entity, such as a system or file) by a subject (an active entity, such as a person or process).
Access Control List (ACL): Lists the specific rights and permissions assigned to a subject for a given object.
Access Matrix Model: Provides object access rights (read, write, execute or R/W/X) to subjects in a DAC system (Discretionary Access Control). An Access Matrix consist of ACLs and capability lists.
Accreditation: An official, written approval for the operation of a specific system in a specific environment, as documented in a certification report.
Active-Active: A clustered configuration in which all of the nodes in a system or network are load balanced, synchronized, and active. If one node fails, the other node(s) continue providing services seamlessly.
Address Resolution Protocol (ARP): The network protocol used to query and discover the MAC address of a device on a lan.
Address space: A programming instruction that specific where memory is located in a computer system.
Administrative Controls: The policies and procedures that an organization implements as part of its overall information security strategy.
Administrative or regulatory laws: Legal requirements passed by government institutions that define standards of performance and conduct for major industries (such as banking, energy, and healthcare), organizations and officials.
Advanced Encryption Standard (AES): A block cipher based on the Rijindael cipher, which is expected to eventually replace DES (Data Encryption Standard).
Adware: Legitimate, albeit annoying, software that’s commonly installed with a freeware or shareware program. Its provides a sources of revenue for the software developer and runs only when you’re using the associated program or until you purchase the program (in the case of shareware).
Agent: A software component that performs a particular service.
Aggregation : A database security issue that describes the act of obtaining information classified at a high sensitive level by combining other items of low-sensitivity information.
Annualized Loss Expectancy (ALE): A standard, quantifiable measure of the impact that a realized threat will have on an organization’s assets. ALE is determined by the formula Single Loss Expectancy (SLE) x Annualized rate of Occurence (ARO) = ALE
- Single Loss Expectancy (SLE): Asset Value x Exposure Factor (EF). A measure of the loss incurred from a single realized threat or event, expressed in dollars.
- Exposure Factor (EF): A measure, expressed as a percentage, of the negative effect or impact that a realized threat or event would have on a specific asset.
- Annualized Rate of Occurence (ARO): The estimated annual frequency of occurence for a specific threat or event.
Antivirus software: Software that’s designed to detect and prevent computer viruses and other malware from entering and harming a system.
Applet: A component in a distributed environnement (various components are located on separate systems) that’s downloaded into and executed by another program, such as a web browser.
Application firewall: A firewall that inspects OSI layer 7 content in ordre to block malicious content from reaching or leaving an application server.
Application scan: A test used to identify weaknesses in a software application.
Application Software: Computer Software that a person uses to accomplish a specific task.
Archive: In a PKI (Public Key Infrastructure), an archive is responsible for long-term storage of archived information from the CA (Certification Authority).
Asset: A ressource, process, product, system, and so on that has some value to an organization and must therefore by protected. Assets can be hard goods, such as computers and equipment, but can also be information and intellectual property.
Asset Valuation: The process of assigning a financial value to an organization’s information assets.
Asymmetric Key system or asymmetric algorithm; public Key: A cryptographic system that uses two separate keys -> One key to encrypt information and a different key to decrypt information. Theses keys are knows as public and private pairs.
Asynchronous Transfer Mode (ATM): A very high speed, low-latency, packet-switched communications protocols.
Audit: The independent verification of any activity or process.
Audit trial: The auxiliary records that document transactions and other events.
Authentication: The process of verifying a subject’s claimed identity in an access control system.
Authentication Header (AH): An IPSec, a protocol that provides integrity, authentication, and non-repudiation.
Automatic Controls: Controls that are automatically performed by information systems.
Availability: The process of ensuring that systems and data are accessible to authorized users when they need it.