Packet (or password) sniffing: A type of attack in which an attacker uses a sniffer to capture network packets and analyze their contents.
Packet-filtering Firewall: A type of firewall that examines the sources and destination addresses of an incoming packet, and then either permits or denies the packet based on an ACL.
PAN: Personal area Network (not correct in PCI Context).
Password: A string of characters (a word or a phrase) that a subject provides to an authentication mechanism in order to authenticate to a system.
Password authentication Protocol (PAP): A remote access control protocol that uses a two-way handshake to authenticate a peer to a server when a link is initially established.
Patent: As defined by the U.S. Patent and Trademark Office (PTO).
Penetration testing: A test that attempts to penetrate a system and identify potential software vulnerabilities. Also known as pen testing.
Personal Identification Number (PIN): A numeric-only password, usually used when only numeric keypad (versus an alphanumeric keyboard) is available.
Pharming: A phishing attack that targeted towards a specific organization.
Phishing: A social engineering cyber-attack technique widely used in identity theft-crimes. An e-mail, purportedly from a known legitimate business (Typically Financial institutions, online auctions, retail stores, and so on).
Physical controls: Controls that ensure the safety and security of the physical environment.
Plaintext: A message in its original readable format or a cipher-text message that’s been properly decrypted (unscrambled) to produce the original readable plaintext message.
Point-to-point Protocol (PPP): A protocol used in remote access service (RAS) servers to encapsulate Internet Protocol (IP) packets and establish dial-in connections over serial and Integrated Services Digital Network (ISDN) links.
Point-to-Point Tunneling Protocol (PPTP): A Virtual Private Network (VPN) protocol designed for individual client-server connections.
Policy: A formal high-level statement of an organization’s objectives, responsibilities, ethics and beliefs, and general requirements and controls.
Polyinstantiation: Allow different version of the same data to exist at different sensitivity levels.
Port scan: A test used to determine which Transmission Control Protocol/Internet Protocol (TCP/IP) service ports on a system are running.
Prepared Statement: A canned database command that can be called by an application.
Pretty Good Privacy (PGP): A freely available, open-source e-mail application that provides confidentiality and authentication by using the international Data Encryption Algorithm (IDEA) cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution.
Preventive Controls: Controls that prevent unwanted events.
Privacy: The security and protection of personal information.
Privacy Enhanced Mail (PEM): A protocol that provides confidentiality and authentication by using 3DES for encryption, MD2 or MD5 message digests, X.509 digital certificates, and the RSA asymmetric system for digital signatures and secure key distribution.
Privilege escalation: See escalation privilege.
Procedures: Detailed instructions about how to implement specific policies and meet the criteria defined in standards.
Process isolation: An operating system feature whereby different user processes are unable to view or modify information related to other processes.
Process table: The collection of processes that are active in operation system.
Promiscuous mode: A setting on a network adapter that passes all network trafic to the associated device for processing, not just traffic that is specifically addressed to that device. See also Sniffing.
Protected Extensible Authentication Protocol (PEAP): An Open standard used to transmit authentication information in a protected manner.
Protection Domain: Prevents other programs or processes form accessing and modifying the content of an address space that has already been assigned to an active program or process.
Protection Ring: A security architecture concept that implements multiple domains that have increasing levels of trust near the center.
Proximate causation: An action taken or not taken as part of a sequence of events that result in negative consequences.
Proxy Server: A system that transfers data packets form one network to another.
Prudent Man rule: Under the Federal Sentencing Guidelines, senior corporate officiers are required to perform their duties in good faith, in the best interest of the enterprise, and with the care and diligence that ordinary, prudent people into performing certain actions to remedy a supposed security situation.
Pseudo flow: A form of social engineering in which the attacker attempts to trick people into performing certain action to remedy a supposed security situation.
Public Key Cryptography : A cryptographic method that permits parties to communicate with each other without exchanging secret key in advance.
Public Key Infrastructure (PKI): A system that enables secure e-commerce through the integration of digital signature, digital certificates, and other others services necessary to ensure Confidentiality, Integrity, Authentication, non-repudiation, and access control.
Punitive damage: Determined by a jury and intended to punish the offender.