CISSP

CISSP – Glossary Term B

by  • 

Glossary for my CISSP Preparation - Source: Glossary from CISSP for dummies

CISSP LogoThis is my personal glossary about  preparation for my CISSP Certification and understand all Security keywords.  Here all keywords  beginning by letter B.

 

B

Background check: The process of verifying a person’s professional, financial and legal background, usually in connection with employment.

Baseline: A process that identifies a consistent basis for an organization’s security architecture, taking into account system-specific parameters, such as different operating systems.

Bell-LaPadula Model: A formal confidentiality model that define two basic properties:

  • Simple Security Property (ss property): A subject can’t read information from an object that has a higher sensitivity label than the subject (no read up, NRU).
  • Star Property (* property): A subject can’t write information to an object that has a lower sensitivity label than the subject (no write done, or NWD)

Best evidence: Original, unaltered evidence, which is preferred by the court over secondary evidence.

Best evidence rule: Defined in the Federal Rules if Evidence; state that “to prove the content of a writing, recording, or photograph, the original writing, recording, photograph is (ordinarily) required.

Biba Model: A formal integrity model that defines two basic properties:

  • Simple integrity property: A subject can’t read information from an object that has a lower integrity level than the subject (no read down, or NRD)
  • Star integrity property (*-integrity property): A subject can’t write information to an object that has a higher integrity level than the subject (no write up, NWU).

Biometrics: Any of various means used, as part of an authentication mechanism, to verify the identity of a person. Types of biometrics used include fingerprints, palm prints, signatures, retinal scans, voice scans and keystroke pattern.

Birthday Attack: A type of attack that attempts to exploit the probability of two messages using the same hash function and producing the same message digest.

Black-Box testing: A security test wherein the tester has no prior knowledge of the system being tested.

Blackout: Total loss of electric power.

Block cipher: An Encryption Algorithm that divides plaintext into fixed-size blocks or characters or bits, and then uses the same key on each fixed-size block to produce corresponding cipher suite.

Bridge: A network device that forwards packets to other devices on a network.

Brownout: Prolonged drop in voltage from an electric power source, such as a public utility.

Brute-Force Attack: A type of attack in which the attacker attempts every possible combination of letters, numbers,, and characters to crack a password, passphrase, or PIN.

Buffer (or stack) overflow attack: A type of attack in which the attacker enters an out-of-range parameter or intentionally exceeds the buffer capacity of a system or application to effect a Denial of  Services (DoS) or exploit a vulnerability.

Bus (Computer Architecture): The logical interconnection between basic components in a computer system, including Central Processing Unit (CPU), memory and peripherals.

Bus (Network topology): A network topology in which all devices are connected to a single cable.

Business Impact Assessment (BIA): A Risk Analysis that, a part of a Business Continuity Pan, describe the impact to Business operations that the loss of various IT Systems would impose.