Glossary for my CISSP Preparation - Source: Glossary from CISSP for dummies
This is my personal glossary about preparation for my CISSP Certification and understand all Security keywords. Here all keywords beginning by letter B.
Background check: The process of verifying a person’s professional, financial and legal background, usually in connection with employment.
Baseline: A process that identifies a consistent basis for an organization’s security architecture, taking into account system-specific parameters, such as different operating systems.
Bell-LaPadula Model: A formal confidentiality model that define two basic properties:
- Simple Security Property (ss property): A subject can’t read information from an object that has a higher sensitivity label than the subject (no read up, NRU).
- Star Property (* property): A subject can’t write information to an object that has a lower sensitivity label than the subject (no write done, or NWD)
Best evidence: Original, unaltered evidence, which is preferred by the court over secondary evidence.
Best evidence rule: Defined in the Federal Rules if Evidence; state that “to prove the content of a writing, recording, or photograph, the original writing, recording, photograph is (ordinarily) required.”
Biba Model: A formal integrity model that defines two basic properties:
- Simple integrity property: A subject can’t read information from an object that has a lower integrity level than the subject (no read down, or NRD)
- Star integrity property (*-integrity property): A subject can’t write information to an object that has a higher integrity level than the subject (no write up, NWU).
Biometrics: Any of various means used, as part of an authentication mechanism, to verify the identity of a person. Types of biometrics used include fingerprints, palm prints, signatures, retinal scans, voice scans and keystroke pattern.
Birthday Attack: A type of attack that attempts to exploit the probability of two messages using the same hash function and producing the same message digest.
Black-Box testing: A security test wherein the tester has no prior knowledge of the system being tested.
Blackout: Total loss of electric power.
Block cipher: An Encryption Algorithm that divides plaintext into fixed-size blocks or characters or bits, and then uses the same key on each fixed-size block to produce corresponding cipher suite.
Bridge: A network device that forwards packets to other devices on a network.
Brownout: Prolonged drop in voltage from an electric power source, such as a public utility.
Brute-Force Attack: A type of attack in which the attacker attempts every possible combination of letters, numbers,, and characters to crack a password, passphrase, or PIN.
Buffer (or stack) overflow attack: A type of attack in which the attacker enters an out-of-range parameter or intentionally exceeds the buffer capacity of a system or application to effect a Denial of Services (DoS) or exploit a vulnerability.
Bus (Computer Architecture): The logical interconnection between basic components in a computer system, including Central Processing Unit (CPU), memory and peripherals.
Bus (Network topology): A network topology in which all devices are connected to a single cable.
Business Impact Assessment (BIA): A Risk Analysis that, a part of a Business Continuity Pan, describe the impact to Business operations that the loss of various IT Systems would impose.