Skip to content

Cybersecurity Terms

A

  • Access Controls (Models and Mechanisms) - The management of admission to system and network resources. It grants authenticated users access to specific resources based on company policies and the permission level assigned to the user or user group. Access control often includes authentication, which proves the identity of the user or client machine attempting to log in (PC Magazine, 2018).
  • Accountability - The security goal that generates the requirements for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action (Dukes, 2015).
  • Administrative Law - A body that governs the administration and regulation of government agencies, both federal and state (Kenton, 2019c).
  • Advanced Persistent Threat (APT) - An adversary that possesses sophisticated levels of expertise and significant resources which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception) (NIST, 2013).
  • Adversary Model (resources, capabilities, intent, motivation, risk aversion, access) - The model that describes the type of adversary, the objective, the motivation, and the payload ramifications. The model described is extensible and the tactics are clear and concise (Invincea, 2015).
  • Adversarial Thinking - The ability to think like a hacker. Identifying characteristics including where, when, and how hackers might attack, and their tactics for evading detection (Hamman, Hopkinson, Markham, Chaplik, & Metzler, 2017).
  • Agile Software Development - An umbrella term for a variety of best practices in creating applications and information systems. These methods have proven to be more effective in dealing with changing requirements during the development phase, which always seem to occur (PC Magazine, 2019).
  • Analysis - The third phase of the computer and network forensic process, after collection and examination. Analysis involves using legally justifiable methods and techniques to derive useful information that addresses the questions that were the impetus for performing the collection and examination.
  • Anomaly Detection - An approach to intrusion detection that establishes a baseline model of behavior for users and components in a computer system or network. Deviations from the baseline cause alerts that direct the attention of human operators to the anomalies (PC Magazine, 2018).
  • Anti-Forensic - A technique for concealing or destroying data so that others cannot access it.
  • Artificial Intelligence - Devices and applications that exhibit human intelligence and behavior, including robots, self-driving cars, medical diagnosis, and voice- and natural-language recognition. AI implies the capability to learn and adapt through experience and the ability to come up with solutions to problems without using rigid, predefined algorithms, which is the approach of non-AI software (PC Magazine, 2018).
  • Asset - Any software, hardware, data, administrative, physical, communications, or personnel resource within an IS (CNSS, 2003)
  • Asymmetric Encryption - A method of encryption that uses two separate and distinct keys for encrypting and decrypting data.
  • Asynchronous Model - A model in which the components act independently or in parallel (Robertson & Robertson, 2013).
  • Attack Timing - The measured and planned time that the cyber incident will be carried out. This could lead to a sequences of events that over a period of time are meant to weaken the defenses of the system by using planned timing sequences to carry out the attacks (Brocklehurst, 2014).
  • Attack Trees - These provide a formal, methodical way of describing the security of systems, based on varying attacks. The structure is used represent attacks against a system, with the goal as the root node and different ways of achieving that goal as leaf (Saini, V., Duan & Paruchuri, 2008).
  • Attack Vectors - The approach used to assault a computer system or network. A fancy way of saying "method or type of attack," the term may refer to a variety of vulnerabilities. For example, an operating system or Web browser may have a flaw that is exploited by a website. Human shortcomings are also used to engineer these. For example, a novice user may open an email attachment that contains a virus, and most everyone can be persuaded at least once in their life to reveal a password for some seemingly relevant reason (PC Magazine, 2018).
  • Audience - The assembled spectators or listeners at a public event, such as a play, movie, concert, or meeting (PC Magazine, 2019).
  • Availability - The act of ensuring timely and reliable access to and use of information (Dukes, 2015).

B

  • Backdoor - A secret way to take control of a computer. Also called "trap doors," these are built into software by the original programmer, who can gain access to the computer by entering a code locally or remotely. For example, in an application, this would enable a person to activate either normal or hidden functions within the software. In an operating system, it would provide access to all system functions in the computer (PC Magazine, 2018).
  • Basic Cryptography
    • AES - Advanced Encryption Standard (AES) is a U.S. government encryption standard supported by the National Institute of Standards and Technology (NIST). A cryptographic cipher that uses a block length of 128 bits and key lengths of 128, 192, or 256 bits (PC Magazine, 2019).
    • Authentication - Verifying the integrity of a transmitted message. Also, verifying the identity of a user logging into a network. Passwords, digital certificates, smart cards, and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client (PC Magazine, 2019).
    • Block Level Data - Reading and writing a disk at the physical level. The disk controller in every computer and server reads and writes the disks at this level (PC Magazine, 2019).
    • Brute Force - The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the key space to decrypt a ciphertext (PC Magazine, 2019).
    • Chosen Plaintext Attack - Cryptanalysts can choose arbitrary plaintext data to be encrypted, and then they receive the corresponding ciphertext. They try to acquire the secret encryption key, or alternatively to create an algorithm, that would allow them to decrypt any ciphertext messages encrypted using this key (Kowalczyk, 2019).
    • Collision Resistance - The process of resolving issues with hash functions that result in the same output.
    • Cryptographic Modes - The methods and forms of cryptography. This includes public and private key encryption and all the hash functions associated with the cryptography.
    • Data Integrity - The quality of correctness, completeness, wholeness, soundness, and compliance with the intention of the creators of the data. It is achieved by preventing accidental or deliberate but unauthorized insertion, modification, or destruction of data in a database (PC Magazine, 2019).
    • Data Protection - An umbrella term for various procedures that ensure information is secure and available only to authorized users (PC Magazine, 2019).
    • DES - A NIST-standard cryptographic cipher that uses a 56-bit key. Adopted by NIST in 1977, it was replaced by AES in 2001 as the official standard (PC Magazine, 2019).
    • Differential Cryptanalysis Attack - The process of using the differences in inputted information to determine what the output is going to be. This attack is usually performed on block ciphers.
    • Diffie-Hellman - In this method, both sides use a common number, and both sides use a different random number as a power to raise the common number. The results are then sent to each other. The receiving party raises the received number to the same random power used before, and the results are the same on both sides (PC Magazine, 2019).
    • Digital Certificate - The digital equivalent of an ID card used in conjunction with a public key encryption system (PC Magazine, 2019).
    • Digital Signature - The electronic equivalent of a person's physical signature. It is also a guarantee that information has not been modified, as if it were protected by a tamper-proof seal that is broken if the contents are altered (PC Magazine, 2019).
    • DSA - The algorithm used in the Digital Signature Standard (DSS) by the U.S. government. Not as widely used as RSA (PC Magazine, 2019).
    • ECC - A public key cryptography method that provides fast decryption and digital signature processing. It uses points on an elliptic curve to derive a 163-bit public key that is equivalent in strength to a 1024-bit RSA key. The public key is created by agreeing on a standard generator point in an elliptic curve group (elliptic curve mathematics is a branch of number theory) and multiplying that point by a random number (the private key). Although the starting point and public key are known, it is extremely difficult to backtrack and derive the private key (PC Magazine, 2019).
    • ElGamal - A form of asymmetric encryption that uses encryption for digital signatures. Uses discrete logarithms in its formulas (PC Magazine, 2019).
    • FIPS 140 Series - This standard specifies the security requirements that are to be satisfied by a cryptographic module utilized within a security system, protecting unclassified information within computer and telecommunication systems (PC Magazine, 2019).
    • Hash Function - An algorithm that turns a variable amount of text into a small, fixed-length value (PC Magazine, 2019).
    • Key Management (Creation, Exchange/Distribution) - The creation, distribution, and maintenance of a secret key. It determines how secret keys are generated and made available to both parties; for example, public key systems are widely used for such an exchange (PC Magazine, 2019).
    • Known Plaintext Attack - The attacker has access to the ciphertext and its corresponding plaintext. The goal is to guess the secret key (or a number of secret keys) or to develop an algorithm that would allow the attacker to decrypt any further messages (Kowalczyk, 2019).
    • Linear Cryptanalysis Attack - The process of analyzing the relationships between parity bits of plaintext. It uses the straightforward inputted information to determine what the output is going to be. This attack is usually performed on block ciphers.
    • MD4 - A broken hash function developed by Ronald Rivest for 32-bit computers. This outdated method was used to create message digests for digital signatures (PC Magazine, 2019).
    • MD5 - A popular cryptographic hash function developed by Ronald Rivest (the "R" in RSA), which is used to create a message digest for digital signatures (PC Magazine, 2019).
    • Non-Repudiation - To be unable to reject the validity of a document (unable to prove it is counterfeit). The term is the opposite of "repudiate," which means to reject the validity of something. Digital signatures and certificates provide non-repudiation because they guarantee the authenticity of a document or message. As a result, the sending parties cannot deny that they sent it (they cannot repudiate it) (PC Magazine, 2019).
    • Public Key Cryptography - An encryption method that uses a two-part key: one private, the other public. To send an encrypted message to someone, the recipient's public key is used, which can be published anywhere or sent openly via email. When the message arrives, the recipient uses his or her private key, which is always kept secret (PC Magazine, 2019).
    • Public Key Infrastructure - A public key infrastructure (PKI) is a framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of organizations and individuals over a public system such as the internet (PC Magazine, 2019).
    • RSA - In the RSA method, data is encrypted by using the recipient's public key, which can be decrypted only by the recipient's private key. This method encrypts the secret DES key so that it can be transmitted over the network, but it encrypts and decrypts the actual message using the much faster DES algorithm (PC Magazine, 2019).
    • SHA-1 - A family of popular cryptographic hash algorithms used to create digital signatures. Similar to the MD4 and MD5 algorithms developed by Ronald Rivest, but slightly slower and more secure (PC Magazine, 2019).
    • SHA-2 - Extension of SHA-1 to include hash lengths of 256 and 512 (PC Magazine, 2019).
    • SHA-3 - Released by NIST in 2015. Supports the same hash lengths as SHA-2, but uses a different cryptographic method based on the Keccak algorithm (PC Magazine, 2019).
    • Streaming Data - Data that is transmitted and processed in a continuous flow, such as digital audio and video (PC Magazine, 2019).
    • Symmetric Cryptography - An encryption method that uses the same secret key to encrypt and decrypt messages. The problem with this method is transmitting the secret key to a legitimate person who needs it (PC Magazine, 2019).
    • Twofish - A 128-bit block cipher by Counterpane Labs, published in 1998. It was one of the five Advanced Encryption Standard (AES) finalists, and was not selected as AES (Schneier, 2019).
  • Benchmarking - A performance test of hardware and/or software. There are various programs that very accurately test the raw power of a single machine, the interaction in a single client/server system (one server/multiple clients), and the transactions per second in a transaction processing system (PC Magazine, 2019).
  • Bit Stream Imaging - A bit-for-bit copy of the original media, including free space and slack space. Also known as disk imaging.
  • Blacklisting - During creation of access control for computer systems, a list of items, such as IP addresses, that are explicitly denied due to untrustworthiness.
  • Bots
    • A search engine program that indexes the Web;
    • A program on the Internet that performs a repetitive function such as posting a message on blogs, newsgroups and social networks, or searching for information. These reside in the background waiting to respond to certain conditions. The term is used for myriad "intelligent agents" that continuously or periodically perform some function. It is estimated that as much as 60% of Web traffic comes from these, not humans. (PC Magazine, 2018)
  • Boundary Data Flow - A data flow that enters or leaves the system context. The term boundary is used because it crosses the perimeter of the system (Robertson & Robertson, 2013).
  • Brainstorming - Group discussion to produce ideas or solve problems (PC Magazine, 2019).
  • Brute Force Attack - A computer processor power-based method of attack to successfully guess a password.
  • Brute Force (Password Guessing) - The systematic, exhaustive testing of all possible methods that can be used to break a security system. For example, in cryptanalysis, trying all possible keys in the keyspace to decrypt a ciphertext (PC Magazine, 2018).
  • Business Continuity Plan (BCP) - A plan that focuses on the restoration or continuity of business functions, including operations, equipment, inventory, and staff.
  • Business Impact Analysis (BIA) - An analysis of the potential financial impact of business function interruption from an extreme event.
  • Business Process Automation (BPA) - The automation of a vital part of a business need (PC Magazine, 2019).
  • Business Process Improvement (BPI) - The effort to improve the structure or flow of a business (PC Magazine, 2019).
  • Business Process Reengineering (BPR) - The effort to redesign the way a business structures its work flow (PC Magazine, 2019).
  • Business Requirement - The characteristics of a proposed system from the viewpoint of the system's end user (PC Magazine, 2019).

C

  • Calculating Quantified Risk
    • Calculate the asset value (AV) - An asset is anything of value to an organization. Assets can be tangible (buildings) or intangible (reputation). A first step in risk assessment is to determine all the organization’s assets and their valuethat is, the importance of each asset to the organization’s ability to meet its mission. Asset value should consider the replacement value of equipment or systems. It should also include factors such as lost productivity and loss of reputation or customer confidence.
    • Calculate the exposure factor (EF) - This represents the percentage of the asset value that will be lost if an incident were to occur. For example, not every car accident is a total loss. Insurance companies have actuaries who calculate the likely percentage loss for every claim. They know the cost of repairs for every make and model and can predict this value per claim. Their prediction won’t be right for any single claim (except by chance), but it will be right when grouped by the hundreds or thousands.
    • Calculate the single loss expectancy (SLE) - You can calculate the value of a single loss using asset value and exposure factor. If an actuary calculates that the EF of a late-model SUV is 20 percent, then every time he receives a claim, all he needs to do is look up the asset value, multiply by the EF, and he’ll have a very good prediction of the payout. This allows the actuary to calculate insurance premiums accurately and reduce the risk of the insurance company losing money. (Equation: SLE = AV * EF)
    • Determine how often a loss is likely to occur every year (ARO) - This is the annualized rate of occurrence, also called the risk likelihood. Some are greater than one. For example, a snowstorm in Buffalo or Berlin will happen many times per year. Others are likely to happen far less often. For example, a warehouse fire might happen once every 20 years. It is often difficult to estimate how often an incident will happen. Sometimes internal or external factors can affect that assessment. Historical data do not always predict the future. An incident such as one stemming from an internal threat is far more likely during times of employee unrest or contract negotiations than at other times.
    • Determine annualized loss expectancy (ALE) - This value is the SLE (the loss when an incident happens) multiplied by the ARO. It helps an organization identify the overall impact of a risk. For infrequent events, this value will be much less than the SLE. For example, if you expect an event to occur only once every 10 years, the value will be 0.10, or 10 percent. If the SLE is $1,000, this is only \(100 (\)1,000 × 0.10). On the other hand, if the ARO is 20, indicating that it is likely to occur 20 times every year, the value is \(20,000 (\)1,000 × 20). (Equation: ALE = SLE * ARO) (Kim & Solomon, 2013)
  • Capability - In information security, an indicator (token, semaphore, etc.) that authorizes an access mode to an object such as a file or a device for a specific user or process (PC Magazine, 2018)
  • Capture Filtering - Enables you to capture only traffic that you want to be captured, eliminating an unwanted stream of packets (PC Magazine, 2019).
  • Cardinality - The number of entities of each type participating in a relationship (Robertson & Robertson, 2013).
  • Cascading - A defense in depth circumstance. The concept of allowing one network control to feed into the next network control to provide a defense in depth scenario.
  • CIA Triad - A widely used formulation of the INFOSEC mission of the U.S. military. Also known as the "Classic Triad," the three concepts fail to include important problems intuitively seen as breaches of security, forgeries or counterfeits; mislabeling of data; and problems of data usability (PC Magazine, 2018).
  • Cipher Text - A scrambled and unintelligible version of plain text.
  • Civil Law - Deals with disputes between one entity and another (Erstad, 2018).
  • Cluster - A group of contiguous sectors.
  • Cold Site - A non-emergency recovery site with the necessary environmental and power systems required for the restoration of computing services.
  • Collection - The first phase of the computer and network forensics process, before examination and analysis. Collection involves identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following guidelines and procedures that preserve the integrity of the data.
  • Communications Plan - A policy-driven approach to providing stakeholders with information (Rouse, 2015a).
  • Compliance - Conforming to a specification, standard, or law that has been clearly defined (Cambridge Dictionary, 2019).
  • Composition and Security - The devices and hardware that make up the system. This also refers to the software and the controls put in place to defend the infrastructure.
  • Computer-Aided Software Engineering (CASE) - Software that is used in any and all phases of developing an information system, including analysis, design, and programming. For example, data dictionaries and diagramming tools aid in the analysis and design phases, while application generators speed up the programming phase (PC Magazine, 2019).
  • Confidentiality - Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information (Dukes, 2015).
  • Context Diagram - The highest-level diagram of a leveled set of data flow diagrams. It shows the system being studied as a single bubble connected to the outside world by its boundary data flows (Robertson & Robertson, 2013).
  • Copyright - A law that gives creators of original material the exclusive right to further use and duplicate that material for a given amount of time, at which point the copyrighted item becomes public domain (Kenton, 2019a).
  • Cost–Benefit Analysis - The study that projects the costs and benefits of a new information system. Costs include people and machine resources for development, as well as running the system. Tangible benefits are derived by estimating the cost savings of both human and machine resources to run the new system versus the old one. Intangible benefits, such as improved customer service and employee relations, may ultimately provide the largest payback, but are harder to quantify (PC Magazine, 2019).
  • Correlation Techniques - The analysis of intrusion detection based on previous incidents that may be similar to the current incident. Can be used to identify possible ways to start to create a fix for the vulnerability.
  • Covert Channels - An unintended or unauthorized intra-system channel that enables two cooperating entities to transfer information in a way that violates the system's security policy but does not exceed the entities' access authorizations (CNSS, 2003)
  • Criminal Law - Deals with an individual’s offenses against the state of federal government (Erstad, 2018).
  • Cross Log Comparison and Analysis - The comparison of two different log files to try and determine outliers and anomalies. Usually done with some type of software analysis tool (PC Magazine, 2018).
  • Cross-Site Scripting (XSS) - Causing a user's Web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent Web page. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it (PC Magazine, 2018).
  • CRUD Check - A way of verifying that every data element within the context is being created, retrieved, updated, or deleted by at least one process; a way of checking that every data element needed by every process within the context of study has been defined (Robertson & Robertson, 2013).
  • Cyber Threats Motivations and Techniques (EXAMPLES: fraud, sabotage, vandalism, theft)
    • Fraud - a deliberate action taken to benefit oneself or a collaborator at the expense of the organization;
    • Sabotage - a deliberate action taken to cause a failure in an organizational asset or process, generally carried out against targeted key assets by someone possessing or with access to inside knowledge;
    • Vandalism - the deliberate damaging of organizational assets, often at random;
    • Theft - Taking something that doesn’t belong to you that you have not paid for (Cebula, Popeck, & Young, 2014)
    • Denial-of-Service Attacks - An assault on a network that floods it with so many requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, this interrupts network service for some period (PC Magazine, 2018).

D

  • Data - Distinct pieces of digital information that have been formatted in a specific way.
  • Data-at-rest - Inactive data stored in any form (for example, on hard drives or in offsite cloud backup). Data at rest is in a stable state, not currently being transmitted across a network or actively being read or being used by any application (Saltzer & Schroeder, 1975).
  • Data-in-motion - Data that is currently traveling across a network or has been accessed by computer’s RAM ready to be read, updated, or processed (Saltzer & Schroeder, 1975).
  • Data-in-use - Data that is actively being generated, updated, viewed or erased. It also includes data being viewed by users accessing it through various endpoints. (Saltzer & Schroeder, 1975).
  • Data Dictionary - The collection of definitions of every piece of data used within a context of study; the part of the analysis model that provides definitions of the data flows, data elements, stores, entities, and relationships (Robertson & Robertson, 2013).
  • Data Flow
    1. In computers, the path of data from source document to data entry to processing to final reports. Data changes format and sequence (within a file) as it moves from program to program.
    2. In communications, the path taken by a message from origination to destination that includes all nodes through which the data travels (PC Magazine, 2019).
  • Data Logging - The continuous recording of data. The term may refer to the automatic collection of data from sensors in the field, or in a factory or scientific environment. It may also refer to gathering traffic statistics in a network or events in the computer (PC Magazine, 2018).
  • Data Model - A formal way of representing the data that is used and created by a business system (PC Magazine, 2019).
  • Data Store - A collection of information that is stored in some way (PC Magazine, 2019).
  • Decision Trees - A graphical representation of all alternatives in a decision-making process (PC Magazine, 2019).
  • Deep Packet Inspection - Analyzing network traffic to discover the type of application that sent the data. In order to prioritize traffic or filter out unwanted data, deep packet inspection can differentiate data such as video, audio, chat, voice over IP (VoIP), email, and web. As it inspects the packets all the way up to layer seven, deep packet inspection can be used to analyze anything and everything within the packet that is not encrypted. For example, it can determine not only that the packets contain the contents of a webpage, but also which website the page is from (PC Magazine, 2018).
  • Defense in Depth - Using multiple systems to resist attackers. For example, if an external firewall is breached, an internal intrusion detection system can sound an alarm. If systems are breached and data can be stolen, keeping all vital records encrypted on disk and encrypted during transmission prevents attackers from using the data, even if they get it (PC Magazine, 2018).
  • Deliverable - The measurable result or output of a process (PC Magazine, 2019).
  • Demilitarized Zone (DMZ) - A middle ground between an organization’s trusted internal network and an untrusted, external network such as the internet. Also called a perimeter network, the DMZ is a subnetwork (subnet) that may sit between firewalls or off one leg of a firewall. Organizations typically place their web, mail, and authentication servers in it. It is a military term that refers to the area between two enemies (PC Magazine, 2018).
  • Denial of Service (DoS) - The prevention of authorized access to resources or the delaying of time-critical operations (Dukes, 2015).
  • Denial-of-Service Attacks - An assault on a network that floods it with so many requests that regular traffic is either slowed or completely interrupted. Unlike a virus or worm, which can cause severe damage to databases, this interrupts network service for some period (PC Magazine, 2018).
  • Dependencies - Part of a system or component of a system that relies on another component or control to be able to do its job properly.
  • Device Reconfiguration - The changing of hardware on the fly to protect against a compromised device. Restoring the device to the system defaults or changing the protection scheme to secure the device from an attack in real time.
  • Dictionary Attack - A more precise method of attack to successfully guess a password through the use of words and phrases.
  • Digital Forensics - The application of science to the identification, collection, examination, and analysis of data, while preserving the integrity of the information and maintaining a strict chain of custody for the data.
  • Directory - Organizational structures that are used to group files together.
  • Disaster Recovery Plan (DRP) - A plan that focuses on the restoration of the computing infrastructure and its services.
  • Disk Imaging - Generating a bit-for-bit copy of the original media, including free space and slack space. Also known as bit stream imaging.
  • Disk-to-Disk Copy - Copying the contents of media directly to other media.
  • Disk-to-File Copy - Copying the contents of media to a single logical data file.
  • Display Filtering - Enables you to capture and view only traffic that you want to be captured, hiding an unwanted packet (PC Magazine, 2019).
  • Distributed Intrusion Detection - The implementation of network protection across multiple computers or devices. The formation allows for systems to not fall prey if a single machine is compromised. Normally a system has measure to regain control of a compromised system.
  • Dumpster Diving - A technique where hackers are sifting through trash looking for elements of personal information which can be used for illegal purposes (White, n.d.).

E

  • Emergent Properties - New classifications of hardware and software as they are used in the industry. The evolution of hardware to bring new controls into the environment.
  • Encrypting File System (EFS) - A Microsoft technology that uses a Windows username and password as part of the algorithm for encrypting files and folders within the Windows Operating System.
  • Encryption - The conversion of data into a form that cannot be easily understood by unauthorized people.
  • Enterprise Architectures - An umbrella term for the management systems, information systems, and computer systems within an organization.
  • Entity - A rational collection of data elements that describes something from the real world of importance to the business. Must have a unique and definable role in the business and must have at least one attribute to describe it (Robertson & Robertson, 2013).
  • Entity Relationship Diagram (ERD) - A picture that shows the information that is created, stored, and used by a business system. The entity is the basic building block for a data model. It is a person, place, event, or thing about which data is collected (PC Magazine, 2019).
  • Essential Viewpoint - An abstract view of the system, showing only the requirements specific to the subject matter within the context of study, and excluding anything that exists because of how the system is designed and implemented (Robertson & Robertson, 2013).
  • Establishing Profiles - Creating patterns and signatures of attack vectors for the purpose of identifying threats.
  • Event - An action initiated by the user or the computer. For example, a user event would be any mouse movement or keystroke. An internal event detected by software could have myriad causes, from unexpected data in the input to a security camera sensing motion (PC Magazine, 2019).
  • Event-Driven - Responding to input from the user (mouse movement, keystrokes, menu choices, etc.) or from messages from other applications. This is in contrast to a batch operation that continuously processes the next item from a group (PC Magazine, 2019).
  • Event List - A practical tool for inventorying all the events to which the system responds. It contains the event name, along with its associated input and output, for every event that is the concern of a context of study (Robertson & Robertson, 2013).
  • Examination - The second phase of the computer and network forensics process (after collection), which involves forensically processing large amounts of collected data using a combination of automated and manual methods to assess and extract data of particular interest, while preserving the integrity of the data.
  • Exculpatory Evidence - Evidence used to disprove or absolve the fault or guilt of a defendant.
  • Exposure - The degree to which information can be accessed using authorized or unauthorized methods (PC Magazine, 2018).
  • External Trigger - An event that happens outside of the system that begins a process within the system.

F

  • False Negative - Incorrectly classifying malicious activity as benign.
  • False Positive - Incorrectly classifying benign activity as malicious.
  • Feasibility Study - The analysis of a problem to determine if it can be solved effectively. The operational (will it work?), economical (costs and benefits), and technical (can it be built?) aspects are part of the study. Results of the study determine whether the solution should be implemented (PC Magazine, 2019).
  • Feature Creep - The continual adding of new functions to an information system project while it is in the process of being programmed (PC Magazine, 2019).
  • Federal Information Processing Standards (FIPS) - A standard for adoption and use by Federal agencies that has been developed within the Information Technology Laboratory and published by the National Institute of Standards and Technology (Dukes, 2015).
  • Federal Information Security Management Act (FISMA) - Title III of the E-Government Act requiring each federal agency to develop, document, and implement an agency-wide program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source (Dukes, 2015).
  • Federal Information Technology Security Assessment Framework (FITSAF) - A five level information technology security program effectiveness capability reviewing management, operational, and technical control objectives (Roback, 2000).
  • File - A collection of information logically grouped into a single entity and referenced by a unique name, such as a file name.
  • File Allocation Unit - A group of contiguous sectors, also known as a cluster.
  • File Header - Data within a file that contains identifying information about the file and possibly metadata with information about the file contents.
  • File Name - A unique name used to reference a file.
  • Filesystem - A method for naming, storing, organizing, and accessing files on logical volumes.
  • Files Systems - The software that people use to copy, move, rename, and delete files is known as a file manager, not a file system. The software and method for storing and retrieving files on a disk, SSD, or USB drive. The file system takes commands from the operating system to read and write the disk clusters (groups of sectors). It manages the folder/directory structure and provides an index to the files. It also defines the syntax used to access them (i.e., how the “path” to the file is coded). File systems dictate how files are named, the maximum size of a file, and the volume of storage (PC Magazine, 2018).
  • Filtering - To select data, filters use patterns (masks) against which all data are compared. Only matching data are “passed through,” hence the concept of a filter. For example, email clients and servers can look for messages with text patterns that are recognized as spam and then delete them. An email client can be set up to filter messages and store them in separate mailboxes as a way of organizing the mail, or it can be set to alert the user when a certain type of message arrives (PC Magazine, 2018).
  • Filtering Algorithms - A process that allows traffic through based on some set of rules. The rules are enforced to keep unauthorized information from passing through the network defense.
  • Firewall - The primary method for keeping a computer secure from intruders. A firewall allows or blocks traffic into and out of a private network or the user’s computer. Firewalls are widely used to give users secure access to the internet and to separate a company’s public web server from its internal network. They are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the enterprise (PC Magazine, 2018).
  • Foreign Key - One or more attributes that are included in one entity for the purpose of identifying another (Robertson & Robertson, 2013).
  • Forensically Clean - Digital media that is completely wiped of all data (including nonessential and residual data), scanned for malware, and verified before use.
  • Forensic Science - The application of science to the law.
  • Formal Speech - A presentation given without visual aids.
  • Framework - A real or conceptual structure intended to serve as support or guide for the building of something that expands the structure into something useful (Rouse, 2015b).
  • Free Space - An area on media or within memory that is not allocated.
  • Functional Requirement - The blueprint for the design of a system that performs a specific action (PC Magazine, 2019).
  • Fundamental Design Principles
    • Separation (of Domains) - The division of power within a system. No one part of a system should have complete control over another part. There should always be a system of checks and balances that leverage the ability for parts of the system to work together (Tjaden, 2015).
    • Isolation - Individual processes or tasks running in their own space. This ensures that the processes will have enough resources to run and will not interfere with other processes running (Tjaden, 2015).
    • Encapsulation - The ability to only use a resource as it was designed to be used. This may mean that a piece of equipment is not being used maliciously or in a way that could be detrimental to the overall system (Tjaden, 2015).
    • Least Privilege - The assurance that an entity only has the minimal amount of privileges to perform their duties. There is no extension of privileges to senior people just because they are senior; if they don’t need the permissions to perform their normal everyday tasks, then they don’t receive higher privileges (Tjaden, 2015).
    • Simplicity (of Design) - The straightforward layout of the product. The ability to reduce the learning curve when analyzing and understanding the hardware or software involved in the Information System (Tjaden, 2015).
    • Layering - Having multiple forms of security. This can be from hardware or software, but it involves a series of checks and balances to make sure the entire system is secured from multiple perspectives (Tjaden, 2015).
    • Abstraction - Removal of clutter. Only the needed information is provided for an object-oriented mentality. This is a way to allow adversaries to see only a minimal amount of information while securing other aspects of the model (Tjaden, 2015).
    • Information Hiding - Users having an interface to interact with the system behind the scenes. The user should not be worried about the nuts and bolts behind the scenes, only the modes of access presented to them. This topic is also integrated with object-oriented programming (Tjaden, 2015).
    • Modularity - The breaking down of larger tasks into smaller, more manageable tasks. This smaller task may be reused, and therefore the process can be repurposed time and time again (Tjaden, 2015).
    • Minimization of Implementation (Least Common Mechanism) - Mechanisms used to access resources should not be shared (Bishop, 2003).
    • Open Design - The security of a mechanism should not depend on the secrecy of its design or implementation (Bishop, 2003).
    • Complete Mediation - All accesses to objects should be checked to ensure that they are allowed (Bishop, 2003).
    • Fail-Safe Defaults / Fail Secure - The theory that unless a subject is given explicit access to an object, it should be denied access to that object (Bishop, 2003).
    • Least Astonishment (Psychological Acceptability) - Security mechanisms should not make the resource more difficult to access than when security mechanisms were not present (Bishop, 2003).
    • Minimize Trust Surface (Reluctance to Trust) - The ability to reduce the degree to which the user or a component depends on the reliability of another component (Bishop, 2003)
    • Usability - How easy hardware or software is to operate, especially for the first-time user. Considering how difficult applications and websites can be to navigate through, one would wish that all designers took usability into greater consideration than they do (PC Magazine, 2018).
    • Trust Relationships - A logical connection that is established between directory domains so that the rights and privileges of users and devices in one domain are shared with the other (PC Magazine, 2018)
  • Fundamental Security Design Principles
    • Abstraction - The removal of clutter. Only the needed information is provided for an object-oriented mentality. This is a way to allow adversaries to see only a minimal amount of information while securing other aspects of the model (Tjaden, 2015).
    • Complete Mediation - All accesses to objects should be checked to ensure that they are allowed (Bishop, 2003).
    • Encapsulation - The ability to only use a resource as it was designed to be used. This may mean that a piece of equipment is not being used maliciously or in a way that could be detrimental to the overall system (Tjaden, 2015).
    • **Fail-Safe Defaults / Fail Secure The theory that unless a subject is given explicit access to an object, it should be denied access to that object (Bishop, 2003).
    • Information Hiding - Users having an interface to interact with the system behind the scenes. The user should not be worried about the nuts and bolts behind the scenes, only the modes of access presented to them. This topic is also integrated with object-oriented programming (Tjaden, 2015).
    • Isolation - Individual processes or tasks running in their own space. This ensures that the processes will have enough resources to run and will not interfere with other processes running (Tjaden, 2015).
    • Layering - Having multiple forms of security. These forms of security can be from hardware or software and involve a series of checks and balances to make sure the entire system is secured from multiple perspectives (Tjaden, 2015).
    • Least Astonishment (Psychological Acceptability) - Security mechanisms should not make the resource more difficult to access than when security mechanisms were not present (Bishop, 2003).
    • Least Privilege - The assurance that an entity only has the minimal amount of privileges to perform its duties. There is no extension of privileges to senior people just because they are senior; if they don’t need the permissions to perform their normal everyday tasks, then they don’t receive higher privileges (Tjaden, 2015).
    • Minimization of Implementation (Least Common Mechanism) - Mechanisms used to access resources should not be shared (Bishop, 2003).
    • Minimize Trust Surface (Reluctance to Trust) - The ability to reduce the degree to which the user or a component depends on the reliability of another component (Bishop, 2003)
    • Modularity - Breaking down large tasks into smaller, more manageable tasks. This smaller task may be reused, and therefore the process can be repurposed time and time again (Tjaden, 2015).
    • Open Design - The security of a mechanism should not depend on the secrecy of its design or implementation (Bishop, 2003).
    • Separation (of Domains) - The division of power within a system. No one part of a system should have complete control over another part. There should always be a system of checks and balances that leverage the ability for parts of the system to work together (Tjaden, 2015).
    • Simplicity (of Design) - The straightforward layout of a product. The ability to reduce the learning curve when analyzing and understanding the hardware or software involved in the information system (Tjaden, 2015).
    • Trust Relationships - A logical connection that is established between directory domains so that the rights and privileges of users and devices in one domain are shared with the other (PC Magazine, 2018)
    • Usability - How easy hardware or software is to operate, especially for the first-time user. Considering how difficult applications and websites can be to navigate through, one would wish that all designers took usability into greater consideration than they do (PC Magazine, 2018).
  • Fuzzy Logic - A mathematical technique for dealing with imprecise data and problems that have many solutions rather than one. Although it is implemented in digital computers, which ultimately make only yes-no decisions, fuzzy logic works with ranges of values, solving problems in a way that more resembles human logic. Fuzzy logic is used for solving problems with expert systems and real-time systems that must react to an imperfect environment of highly variable, volatile, or unpredictable conditions. It “smoothes the edges,” so to speak, circumventing abrupt changes in operation that could result from relying on traditional either-or and all-or-nothing logic (PC Magazine, 2018).

G

  • Governance - The action or manner of governing (Cambridge Dictionary, 2019).
  • Guideline - Generally recommended practices that are based on industry-recognized practices or cultural norms within an organization (Cornelius, 2017).

H

  • Head-Sized Piece - The portion of a system that fits comfortably inside an analyst’s head and is thus readily understood; it is a functional primitive and is described by a mini specification (Robertson & Robertson, 2013).
  • Health Insurance Portability and Accountability Act (HIPAA) - A U.S. Law designed to provide privacy standards to protect patients’ medical records and other health information provide to health plans, doctors, hospitals and other health care providers (Shiel, n.d.).
  • Hierarchical IDSs - Defense-in-depth methodology that puts layers of intrusion detection in place. Each level elevates the strength of the response to the next level if needed.
  • Honeynets - A honeynet is a network containing honeypots. A virtual honeynet is one that resides in a single server, but pretends to be a full network (PC Magazine, 2018).
  • Honeypot - A server that is configured to detect an intruder by mirroring a real production system. A honeypot appears as an ordinary server doing work, but all the data and transactions are phony. Located either in or outside the firewall, the honeypot is used to learn about an intruder’s techniques as well as determine vulnerabilities in the real system (PC Magazine, 2018).
  • Hot Site - An emergency recovery site that is essentially an exact copy of the original production site. This type of site is often used as a failover site for production environments and may be in a geographically distant location.
  • Human Attack Surface - Humans have a range of complex vulner¬abilities that are frequently exploited. One of the great strengths of highly secure organizations is their emphasis on communicating security awareness and safety principles to their employees, partners, supply chain and even their customers (as when using the web to gain secure access to a bank or 401K accounts) (Brocklehurst, 2014).
  • Hypervisor - A system program that provides a virtual machine environment. The term came from the IBM mainframe world, which first introduced the virtual machine (virtualization) concept in the form of VM. This was initially introduced as software only, but was later enhanced with hardware circuits (PC Magazine, 2018).

I

  • Identity and Access Management (IAM) - A framework of policies and technologies that ensure appropriate access to enterprise resources is given to end users.
  • Importance Level - A classification mechanism that determines the priority of a given trigger within a system.
  • Incident Response Team (IRT) - A team of individuals who are ready to, and have the expertise to, investigate a data breach.
  • Inculpatory Evidence - Evidence used to prove a defendant is guilty or had criminal intent for perpetuating criminal activity.
  • Informal Benchmarking -A performance test of hardware and/or software. There are various programs that very accurately test the raw power of a single machine, the interaction in a single client/server system (one server/multiple clients), and the transactions per second in a transaction processing system. However, it is next to impossible to benchmark the performance of an entire enterprise network with a great degree of accuracy (PC Magazine, 2019).
  • Informal Speech - A presentation given in a relaxed tone, not in business attire.
  • Information Systems Security (infosec) - The protection of information systems against unauthorized access to or modification of information, whether in storage, processing in transit, and against the denial of service to authorized users (Dukes, 2015).
  • Infrastructure
    1. The fundamental structure of a system or organization. The basic, fundamental architecture of any system (electronic, mechanical, social, political, etc.) determines how it functions and how flexible it is to meet future requirements.
    2. May refer to system and development programs in contrast to applications. A computer system's infrastructure would include the operating system, database management system (DBMS), communications protocols, compilers, and other development tools (PC Magazine, 2019).
  • Input
    1. Data that is ready for entry into the computer.
    2. To enter data into the computer (PC Magazine, 2019).
  • Insider Problem - The threat that an insider will use their authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through espionage, terrorism, unauthorized disclosure, or through the loss or degradation of departmental resources or capabilities (CNSS, 2003).
  • Integrity - Guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity (Dukes, 2015).
  • Interface - The connection between two components of a system (Robertson & Robertson, 2013).
  • Intrusion Detection Systems - Software that detects an attack on a network or computer system. A network IDS (NIDS) is designed to support multiple hosts, whereas a host IDS (HIDS) is set up to detect illegal actions within the host. Most IDS programs typically use signatures of known hacker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack. Intrusion detection is very tricky. Too much analysis can add excessive overhead and also trigger false alarms. Insufficient analysis can overlook a valid attack (PC Magazine, 2018).
  • Intrusion Prevention Systems - Software that prevents an attack on a network or computer system. It is a significant step beyond an intrusion detection system (IDS). Whereas an IDS passively monitors traffic by sniffing packets at a switch port, an IPS resides inline like a firewall, intercepting and forwarding packets. It is thus capable of blocking the attack in real time (PC Magazine, 2018).
  • IP Security (IPsec) - A security protocol from the IETF that provides authentication and encryption over the internet. Unlike SSL, which provides services at layer 4 and secures two applications, this works at layer 3 and secures everything in the network. Also unlike SSL, which is typically built into the web browser, this requires a client installation. It can access both web and non-web applications, whereas SSL requires workarounds for non-web access such as file sharing and backup (PC Magazine, 2018).
  • IPv4 Addressing (Internet Protocol Version 4) - The previous version of the IP protocol, which was introduced in 1981 and continues to be used alongside the subsequent Version 6 (PC Magazine, 2018).
  • IPv6 Addressing (Internet Protocol Version 6) - The latest generation of the IP protocol. The specification was completed in 1997 by the Internet Engineering Task Force (IETF) and first deployed in 2004 when the Internet Corporation for Assigned Names and Numbers (ICANN) added IPv6 records to its DNS root servers for Japan and Korea. IPv6 is backward compatible with IPv4 and was designed to fix its shortcomings, such as data security and maximum number of user addresses (PC Magazine, 2018).
  • Iteration - One repetition of a sequence of instructions or events. For example, in a program loop, one iteration is once through the instructions in the loop (PC Magazine, 2019).
  • Iterative Development - The process of continuous rework of a project while working toward the final product (PC Magazine, 2019).

J

  • Jurisdiction - The official power to make legal decisions and judgments (Cambridge Dictionary, 2019).

K

L

  • Layer 3 Security Issues - In networking, the communications protocol that contains the logical address of a client or server station. It is called the "network layer" and contains the address (IP, IPX, etc.) inspected by a router that forwards it through the network. It contains a type field so that traffic can be prioritized and forwarded based on message type as well as network destination. Since this provides more filtering capabilities, it also adds more overhead than layer 2 processing (PC Magazine, 2018).
  • Least Privilege - The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function (Dukes, 2015).
  • Leveling - A technique for decomposing a system and modeling it at various levels of detail (Robertson & Robertson, 2013).
  • Linux System Administration
    • Audit - A formal examination by certified auditors of systems, programming, operations, and security to determine compliance with internal policies and procedures or with external standards. An audit is often used to satisfy legal requirements of regulatory agencies and laws (PC Magazine, 2018).
    • Backup - A duplicate of data or an entire storage drive on a separate storage medium (PC Magazine, 2018).
    • Command Line - Software that provides a blank line and cursor on screen, allowing the user to type in instructions for immediate execution. All major operating systems (Windows, Mac, Unix, Linux, etc.) support command lines that programmers and power users can employ to perform file-management operations directly and often more efficiently than by using a graphical user interface (GUI). After a user types a command, it is executed by pressing the enter key (PC Magazine, 2018).
    • Configuration Management - In a network, a system for gathering current configuration information from all nodes in a LAN. In software development, a system for keeping track of large projects. Although version control, which maintains a database of revisions, is part of the system, a full-blown software configuration management system (SCM system or CM system) automatically documents all components used to build executable programs. It is able to recreate each build as well as to recreate earlier environments in order to maintain previous versions of a product. It may also be used to prevent unauthorized access to files or to alert the appropriate users when a file has been altered (PC Magazine, 2018).
    • Event Logging - An action initiated by the user or the computer. For example, a user event would be any mouse movement or keystroke. An internal event detected by software could be caused by myriad things, from unexpected data in the input to a security camera sensing motion (PC Magazine, 2018).
    • File System Security - Securing software and the storage of files on a disk, SSD, or USB drive.
    • Hardware Virtualization - Hardware virtualization is what most computer people are referring to when they talk about virtualization. It partitions the computer's RAM into separate and isolated virtual machines (VMs) simulating multiple computers within one physical computer. Hardware virtualization enables multiple copies of the same or different operating systems to run in the computer and prevents the OS and its applications in one VM from interfering with the OS and applications in another VM (PC Magazine, 2018).
    • Intrusion Detection System (IDS) - Software that detects an attack on a network or computer system. A network IDS (NIDS) is designed to support multiple hosts, whereas a host IDS (HIDS) is set up to detect illegal actions within the host. Most IDS programs typically use signatures of known hacker attempts to signal an alert. Others look for deviations of the normal routine as indications of an attack. Intrusion detection is very tricky. Too much analysis can add excessive overhead and also trigger false alarms. Insufficient analysis can overlook a valid attack (PC Magazine, 2018).
    • Managing System - The leadership and control within an organization. It is made up of people interacting with other people and machines that, together, set the goals and objectives, outline the strategies and tactics, and develop the plans, schedules, and necessary controls to run an organization (PC Magazine, 2018).
    • Network Configuration - The configuration of infrastructure to provide the safety of the ports within a given network.
    • Operating System (OS) - The computer’s master control program. When a computer is turned on, a small boot program loads the OS. Although additional system modules may be loaded as needed, the main part, known as the kernel, resides in memory (RAM) at all times. The OS sets the standards for all application programs that run in the computer. Applications talk to the operating system for all user-interface and file-management operations. The OS is also called an executive or supervisor (PC Magazine, 2018).
    • Patch - A modification of software. In the past, a patch used to mean changing actual executable machine instructions, but today it means replacing an executable module in its entirety, such as an .exe or .dll file. A profusion of patches to an application implies that its logic was poorly designed in the first place. Although the term typically refers to fixing a problem, a patch may also refer to a general enhancement, as the distinction between the two scenarios has become blurred. For example, a security enhancement is often a fix for a vulnerability in the program. In addition, software vendors like to announce something new in an update other than just fixing problems. Therefore, applying patches often refers to both fixes and new features (PC Magazine, 2018).
    • Security Policy Management - Enforcing the policy (rules and regulations) of the organization that pertain to information and computing. Also called policy-based management, it mostly deals with database access and network resource issues: which users have access to what data and how network traffic is prioritized (PC Magazine, 2018).
    • Update - To change data in a file or database or to upgrade software to a new version.
      • Update and Edit - The terms update and edit are used synonymously to indicate making changes to text, data, images, and video. Update is also used in reference to changing the source code of software.
      • Update and Upgrade - The terms update and upgrade are used synonymously to refer to installing new versions of software. However, update refers to changes within the same version, while upgrade means switching to an entirely new version (upgrades are huge updates). Examples: "I kept updating the free version, but I decided to upgrade to the premium version." "Microsoft kept updating Windows 7, but I finally upgraded to Windows 8." (PC Magazine, 2018)
    • User Accounts Management
      • Access Control - The management of admission to system and network resources. It grants authenticated users access to specific resources based on company policies and the permission level assigned to the user or user group. Access control often includes authentication, which proves the identity of the user or client machine attempting to log in (PC Magazine, 2018).
      • Authentication
        • Verifying the integrity of a transmitted message.
        • Verifying the identity of a user logging in to a network. Passwords, digital certificates, smart cards, and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client. The latter is important in wireless networks to ensure that the desired network is being accessed (PC Magazine, 2018).
      • Group Policy Object (GPO) - The essential component in Microsoft’s Active Directory, a GPO defines rules for users, computers, groups, and organizational units (OUs). GPOs are used to establish security settings, install applications, run scripts, set group preferences, and configure the registry (PC Magazine, 2018).
      • Password Policies - The rules and regulations set by the organization for what a password can be. Policy determines the characters and symbols that can be used. It also determines the length and sophistication of the phrase (PC Magazine, 2018).
    • Virtualization - A variety of technologies for managing computer resources by providing a software interface, known as an abstraction layer, between the software (operating system and applications) and the hardware. Virtualization turns physical RAM and storage into logical resources (PC Magazine, 2018).
  • Log Aggregation - Log management is the process of handling copious volumes of logs that are made up of several processes, such as log collection, log aggregation, storage, rotation, analysis, search, and reporting. Log aggregation, therefore, is a step in the overall management process in which you consolidate different log formats coming from different sources all into one place. This makes it easier for you to analyze, search, and report on your data. (Stringfellow, 2017).
  • Log File Analysis - The analysis of information generated by the computer systems. The files can be analyzed for anomalies or other patterns that are set by the alert levels of the organization.
  • Logic Bomb - A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met (Dukes, 2015).
  • Logical Backup - A copy of the directories and files of a logical volume.
  • Logical Volume - A partition or a collection of partitions acting as a single entity that has been formatted with a filesystem.

M

  • MAC Spoofing
    • Faking the sending address of a transmission to gain illegal (unauthorized) entry into a secure system;
    • The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of this (CNSS, 2003).
  • Man-in-the-Middle Attack (MitM) - A form of active wiretapping attack in which the attacker intercepts and selectively modifies communicated data to masquerade as one or more of the entities involved in a communication association (Dukes, 2015).
  • Man-in-the-Middle (MITM) Attacks - An unauthorized interception of network traffic. The packets are viewed or modified by the perpetrator and sent on to the recipient, who is unaware of the intrusion. This can be used to intercept an encrypted message exchange and spoof the recipient into thinking the message is intact from a legitimate sender. In such a case, the attackers replace the public key from the original sender with their own public key in order to decrypt the message that will be sent back from the unsuspecting recipient (PC Magazine, 2018).
  • Mandatory Vacation - A requirement for employees to take time off work and for other employees to accomplish responsibilities as a fraud or irregularities detection method (Blaha, 2018).
  • Malware Attacks - Software designed to destroy data, steal information or aggravate the user (PC Magazine, 2018)
  • Memory - The computer’s temporary workspace, which for decades has been a collection of dynamic RAM (DRAM) chips. A major resource in the computer, memory (RAM) determines the size and number of programs that can be run at the same time, as well as the amount of data that can be processed instantly (PC Magazine, 2018).
  • Memory Management - A variety of methods used to store and keep track of data and programs in memory and reclaim the space when no longer needed. Virtual memory is the most common memory management function in every computer (PC Magazine, 2018).
  • Message Digest - A hash that uniquely identifies data. Changing a single bit in the data stream used to generate the message digest will yield a completely different message digest.
  • Metadata - Data about data. For filesystems, metadata is data that provides information about a file’s contents.
  • Milestones - The special criteria that are met by completing a specified amount of work toward the final product (PC Magazine, 2019).
  • Mini Specification - An analysis tool, named for its manageable size, for describing the policy to be carried out by a functional primitive; it can usually be described in a page or less (Robertson & Robertson, 2013).
  • Mis-selling - The act of selling something that is not suitable for the person who buys it (Cambridge Dictionary, 2019).
  • Mobile Code - Software programs or parts of programs obtained from remote information system, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient (Dukes, 2015).
  • Multithreading - A feature within a CPU that allows two or more instruction streams (threads) to execute concurrently. Each stream is a subprocess that is managed by the CPU and operating system. Today’s CPUs support a large number of threads. For example, IBM’s POWER8 CPU comes with up to 12 cores, and each core handles eight threads for a total of 96 threads. Operating systems are written to use multithreading wherever possible; however, applications can also be written to take advantage of this parallel processing. If the application is very complex, the effort can be formidable even for experienced programmers (PC Magazine, 2018).

N

  • Narrow Interface - A connection in which only a small amount of data connects one process to another (Robertson & Robertson, 2013).
  • Net Present Value (NPV) - The value in the present of a sum of money, in contrast to some future value it will have when it has been invested at compound interest (PC Magazine, 2019).
  • Netstat (Network Statistics) - A command-line utility that reports the status of TCP/IP and Ethernet connections. It comes with all major operating systems, but the Linux/Unix versions provide the most command options. GUI-based versions for Windows, such as NetStat Live and X-NetStat, are also available.
  • Network Access Control - An umbrella term for managing access to a network. Network access control (NAC) authenticates users logging into the network and determines what they can see and do. Network access control may also be capable of examining the health of the user’s computer or mobile device (the endpoints), and it can be implemented with multiple software components or via an integrated package (PC Magazine, 2018).
  • Network Address Translation - The process of mapping addresses on one network to addresses on another network.
  • Network Address Translation (NAT) - The technology that maintains the privacy of the addresses of the computers in a home or business network when accessing the internet. NAT converts the private addresses that are assigned to the internal computers to one or more public addresses that are visible on the internet. It is an IETF standard that is implemented in a router or firewall as well as in any user’s machine that is configured to share its internet connection. NAT assigns a number to the packet headers of the messages going out to the internet and keeps track of them via an internal table that it creates. When responses come back from the internet, NAT uses the table to perform the reverse conversion to the private IP address of the requesting client machine (PC Magazine, 2018).
  • Network Analyzer - A hardware device or server software that captures packets transmitted in a network for routine inspection and problem detection. Also called a “sniffer,” “packet sniffer,” “packet analyzer,” “packet sampler,” “traffic analyzer” and “protocol analyzer,” the hardware analyzer plugs into a port on a network switch and decodes one or more protocols into a human-readable format for the network administrator. It can also store packets for further analysis later on. In order to alert admins about traffic problems, packets are analyzed in real time. Hardware network analyzers can detect voltage and cable problems, whereas software analyzers cannot (PC Magazine, 2018).
  • Network Application
    • Hypertext Transfer Protocol (HTTP) - The communications protocol used to connect to web servers on the internet or on a local network (intranet). Its primary function is to establish a connection with the server and send HTML pages back to the user's browser. It is also used to download files from the server either to the browser or to any other requesting application that uses HTTP (PC Magazine, 2018).
    • Secure Shell (SSH) - A security protocol for logging into a remote server. It provides an encrypted session for transferring files and executing server programs. Also serving as a secure client/server connection for applications such as database access and email, it supports a variety of authentication methods. It was developed in the mid-1990s by Helsinki University researcher Tatu Ylönen as a secure alternative to non-secure telnet, rlogin, and rsh programs for Unix servers. SSH2, a more advanced version introduced in 1998, was standardized by the IETF and is not compatible with SSH1 (PC Magazine, 2018).
    • Simple Mail Transfer Protocol (SMTP) - The standard email protocol on the internet and part of the TCP/IP protocol suite, as defined by IETF RFC 2821. It defines the message format and the message transfer agent (MTA), which stores and forwards the mail. It was originally designed for only plain text (ASCII text), but MIME and other encoding methods enable executable programs and multimedia files to be attached to and transported with the email message (PC Magazine, 2018).
    • Voice Over IP (VoIP) - A digital telephone service that uses the internet for transport, as well as private IP networks. IP stands for "internet protocol." In order for calls to originate and terminate from regular telephones, connections to the public telephone network (PSTN) are also provided. Telephone companies, cable companies, and dedicated providers offer this type of calling for a fixed monthly fee or low per-minute charge. Customers must have existing internet access (PC Magazine, 2018).
  • Network Architectures
    • Demilitarized Zone (DMZ) - A middle ground between an organization's trusted internal network and an untrusted, external network such as the internet. Also called a "perimeter network," it is a subnetwork (subnet) that may sit between firewalls or off one leg of a firewall. Organizations typically place their web, mail, and authentication servers in it. It is a military term that refers to the area between two enemies (PC Magazine, 2018).
    • Local Area Network (LAN) - A communications network that is typically confined to a building or premises. The "clients" are user workstations running the Windows, Mac, or Linux operating systems, while the "servers" hold programs and data shared by the clients. Servers come in a wide range of sizes, from PC-based servers to mainframes (PC Magazine, 2018).
    • Network Address Translation (NAT) - The technology that maintains the privacy of the addresses of the computers in a home or business network when accessing the internet. It converts the private addresses that are assigned to the internal computers to one or more public addresses that are visible on the internet. It is an IETF standard that is implemented in a router or firewall as well as in any user's machine that is configured to share its internet connection. It assigns a number to the packet headers of the messages going out to the internet and keeps track of them via an internal table that it creates. When responses come back from the internet, it uses the table to perform the reverse conversion to the private IP address of the requesting client machine (PC Magazine, 2018).
    • Personal Area Network (PAN) - Transmitting data wireless over a short distance. Bluetooth and Wi-Fi Direct are examples of this (PC Magazine, 2018).
    • Protected Enclaves - Subdivision of the internal network so that it is not one large zone with no internal protections. This architectural approach to information security defense in depth can be accomplished in a number of ways, including network admissions control, firewalls, VLANs, and VPN (Northcutt, n.d.).
    • Subnetwork (Subnet) - A logical division of a local area network, which is created to improve performance and provide security. To enhance performance, it limits the number of nodes that compete for available bandwidth. Instead of one network handling all the traffic, the network is divided into groups of clients and servers that interact with each other most of the time. For security, the divisions can be based on servers that have restricted applications. Routers are bridges used to traverse network segments. In an IP network, the subnet is identified by a subnet mask (PC Magazine, 2018).
    • Supernetting - Combining several IP network addresses into one IP address. It reduces the number of entries in a routing table and is done in CIDR addressing as well as in internal networks. In the following example, a group of networks with contiguous numbers starting with 172.16.8.0 and ending with 172.16.16.0 are supernetted into the subnet mask of 255.255.224.0. The subnet mask is derived by comparing the binary of the first and last addresses. The last bit location on the right that is the same in both addresses marks the end of the mask. The CIDR notation for this is /19, because there are 19 1 bits in the subnet mask. For example, the IP address 172.16.8.1 would be 172.16.8.1/19 (PC Magazine, 2018).
    • VLAN - A logical subgroup within a local area network that is created via software rather than by manually moving cables in the wiring closet. It combines user stations and network devices into a single unit regardless of the physical LAN segment they are attached to and allows traffic to flow more efficiently within populations of mutual interest. These are implemented in port-switching hubs and LAN switches and generally offer proprietary solutions. They reduce the time it takes to implement moves, adds, and changes. VLANs function at layer 2. Since their purpose is to isolate traffic within the VLAN, in order to bridge from one VLAN to another, a router is required. The router works at the higher layer 3 network protocol, which requires that network layer segments are identified and coordinated with the VLANs. This is a complicated job, and VLANs tend to break down as networks expand and more routers are encountered. The industry is working toward "virtual routing" solutions, which allow the network manager to view the entire network as a single routed entity (PC Magazine, 2018).
    • Wide Area Network (WAN) - A long-distance communications network that covers a wide geographic area, such as a state or country. The telephone companies and cellular carriers deploy these to service large regional areas or the entire nation. Large enterprises have their own private WANs to link remote offices, or they use the internet for connectivity. Of course, the internet is the world's largest WAN (PC Magazine, 2018).
  • Network Attacks - An assault against a computer system or network as the result of deliberate, intelligent actionfor example, denial-of-service attacks, penetration, or sabotage (PC Magazine, 2018).
  • Network Attack Surface
    • This presents exposure related to ports, protocols, channels, devices (from routers and firewalls to laptops and smartphones), services, network applications (SaaS) and even firmware interfaces;
    • Depending on your infrastructure, you may need to include cloud servers, data, systems and processes in this (Brocklehurst, 2014).
  • Network Hardening / System Hardening - Making a user’s computer more secure. It ensures that the latest patches to operating systems, web browsers, and other vulnerable applications are automatically applied. It may also include the disabling of file sharing and the establishing of login passwords (PC Magazine, 2018).
  • Network Intrusion Detection System - Software that performs packet sniffing and network traffic analysis to identify suspicious activity and record relevant information.
  • Network Mapper (Nmap) - A free, open-source security scanner for auditing networks that runs on most platforms and is written by Fyodor (a person). When aimed at a particular host, it can determine which ports are open, which operating system and version is running, what services are offered, and what firewalls are used (PC Magazine, 2018).
  • Network Media
    • Optical - Communications between computers, telephones, and other electronic devices using light. This type of network is far more reliable and has far greater potential transmission capacity than networking in the electrical domain (PC Magazine, 2018).
    • Wired - Connected via cable (PC Magazine, 2018)
    • Wireless - Transmission through the air. Although all forms of radio transmission over the air (AM, FM, TV, cordless phones, cell phones, etc.) are naturally wireless, there is a tendency for the term to refer only to Wi-Fi or to cellular data services (PC Magazine, 2018).
  • Network Naming
    • Border Gateway Protocol (BGP) - The routing protocol that is used to span autonomous systems on the internet. It is a robust, sophisticated, and scalable protocol that was developed by the Internet Engineering Task Force (IETF). BGP4 supports the CIDR addressing scheme, which increased the number of available IP addresses on the internet. A path vector protocol, it was designed to supersede EGP, the original exterior gateway protocol (PC Magazine, 2018).
    • Classless Interdomain Routing (CIDR) - An expansion of the IP addressing system that allows for a more efficient and appropriate allocation of addresses. The original class-based method used fixed fields for network IDs, which was wasteful. For example, Class A and B networks can address 16 million and 65 thousand hosts respectively, and most organizations given those addresses never had intentions of putting that many computers on the internet (PC Magazine, 2018).
    • Domain Name System (DNS) - The internet's system for converting alphabetic names into numeric IP addresses. For example, when a web address (URL) is typed into a browser, these servers return the IP address of the web server associated with that name. In this made-up example, it converts the URL “www.company.com” into the IP address 204.0.8.51. Without this, you would have to type the series of four numbers and dots into your browser to retrieve the website, which you actually can do (PC Magazine, 2018).
    • Dynamic Host Configuration Protocol (DHCP) - The automatic assigning of IP addresses to client machines logging into an IP network. The same address, although technically temporary, may remain with a machine indefinitely unless a conflict arises with other devices on the network. The software, which resides in the router or a server, eliminates the need to manually assign permanent "static" IP addresses to devices. In a home network, it is typically in the wireless router (PC Magazine, 2018).
    • Dynamic IP - A temporary numeric identification assigned to a node in a TCP/IP network. When computers and devices in the network are turned on for the first time, they are assigned an IP address by a DHCP server (PC Magazine, 2018).
    • Firewall - The primary method for keeping a computer secure from intruders. It allows or blocks traffic into and out of a private network or the user's computer. These are widely used to give users secure access to the internet as well as to separate a company's public web server from its internal network. They are also used to keep internal network segments secure; for example, the accounting network might be vulnerable to snooping from within the enterprise (PC Magazine, 2018).
    • Gateway - A device that converts one protocol or format to another. A network gateway converts packets from one protocol to another. An application gateway converts commands and/or data from one format to another. An email gateway converts messages from one mail format to another (PC Magazine, 2018).
    • Hosts - A source of information or signals. The term can refer to a computer, smartphone, tablet, or any electronic device. In a network, clients (users' machines) and servers are hosts because they are both sources of information in contrast to network devices, such as routers and switches, which only direct traffic (PC Magazine, 2018).
    • NetBIOS - The original networking protocol for DOS and Windows PCs. These packets did not contain a network address and were not easily routable between networks. As a result, the interface to NetBIOS and the transport part of NetBIOS were later separated so that NetBIOS applications could use routable protocols such as TCP/IP and SPX/IPX (PC Magazine, 2018).
    • NetFlow - A network protocol developed by Cisco for the collection and monitoring of network traffic flow data generated by NetFlow-enabled routers and switches (Rouse, 2014)
    • Open Systems Interconnection Model (OSI Model) - This International Organization of Standardization model serves as a standard template for describing a network protocol stack (PC Magazine, 2018).
    • Port Address Translation (PAT) Protocol - The most common way network address translation is implemented. Also called "NAT overloading," "network address port translation" (NAPT) and "NAT/PAT." It assigns a different TCP port number to each client session with a server on the internet. When responses come back from that server, the source port number becomes the destination port number and determines which user to route the packets to. It also validates that the incoming packets were indeed requested (PC Magazine, 2018).
    • Port Forwarding - Also called "port mapping," this is directing traffic from the outside world to the appropriate server inside a local TCP/IP network. Internet services are identified by a standard port number; for example, web traffic uses port number 80. If the local network hosts a web server that is accessible on the public internet, the port forwarding panel in the router would be configured to direct web/HTTP packets (port 80 traffic) to the IP address of the web server in the local network (LAN) (PC Magazine, 2018).
    • Routing - Forwarding data to its destination (PC Magazine, 2018)
    • Static IP - A permanent numeric identification assigned by the network administrator to a node in a TCP/IP network. These addresses are used for shared resources such as web servers, PBXs, and webcams (PC Magazine, 2018).
    • Switching - A mechanical or electronic device that directs the flow of electrical or optical signals from one side to the other. Those with more than two ports, such as a LAN switch or PBX, are able to route traffic (PC Magazine, 2018).
    • Virtual Private Network (VPN) - A private network configured within a public network such as the internet or a carrier's network. Years ago, this obsoleted private lines between company branches. Using data encryption to maintain privacy, they also allow mobile users access to the company LAN. In the past, common carriers used their vast networks to "tunnel" traffic between customer locations to give the appearance of a private network while sharing backbone trunks, no different than the way the internet works. Prior to the internet's IP protocol, these were built over X.25, Switched 56, frame relay, and ATM technologies (PC Magazine, 2018).
  • Network Protocols
    • Internet Control Message Protocol (ICMP) - A TCP/IP protocol used to send error and control messages. For example, a router uses this to notify the sender that its destination node is not available. A ping utility sends ICMP echo requests to verify the existence of an IP address (PC Magazine, 2018).
    • Internet Protocol (IP) - The communications technology used worldwide in local networks, wide area networks, and the internet. It is the network layer in the TCP/IP protocol suite, which is used to route packets from one network to another (PC Magazine, 2018).
    • Transmission Control Protocol (TCP) - The reliable transport protocol within the TCP/IP protocol suite. It ensures that all data arrive accurately and 100% intact at the other end. It is "connection oriented" and requires a handshake before the session can begin (PC Magazine, 2018).
    • User Datagram Protocol (UDP) - A TCP/IP protocol that is widely used for streaming of audio and video, voice over IP (VoIP), and videoconferencing. It is considered an unreliable delivery protocol because it does not check for errors. When transmitting voice and video, there is no time to retransmit erroneous or dropped packets. In contrast, when financial and other data are transmitted, TCP is used, which does check for errors (PC Magazine, 2018).
  • Network Services
    • Network Time Protocol (NTP) - A TCP/IP protocol used to synchronize the real-time clocks in computers, network devices, and other electronic equipment that is time-sensitive. It is also used to maintain the correct time in NTP-based wall and desk clocks (PC Magazine, 2018).
  • Network Switching (Ethernet)
    • Address Resolution Protocol (ARP) - A TCP/IP protocol used to obtain a node's physical address. A client station broadcasts this request onto the network with the IP address of the target node it wishes to communicate with, and the node with that address responds by sending back its physical address so that packets can be transmitted. This returns the layer 2 address for a layer 3 address (PC Magazine, 2018).
    • Layer 2 Security Issues - In networking, the communications protocol that contains the physical address of a client or server station. It is called the "data link layer" or "MAC layer" and contains the address inspected by a bridge or switch. Layer 2 processing is faster than layer 3 processing because less analysis of the packet is required (PC Magazine, 2018).
    • Reverse ARP (RARP) - A TCP/IP protocol used by a diskless workstation to obtain its IP address. Upon startup, the client station sends out this request in an Ethernet frame to the RARP server, which returns the layer 3 address for a layer 2 address (performing the opposite function of an ARP) (PC Magazine, 2018).
  • Network Traffic - Computer network communications that are carried over wired or wireless networks between hosts.
  • Neural Network - An artificial intelligence (AI) modeling technique loosely based on the behavior of neurons in the human brain. Unlike regular applications that are programmed to deliver precise results (e.g., “if this, do that”), neural networks “learn” how to solve a problem and improve over time. The foundation of “machine learning” and “deep learning,” neural networks are used in robotics, diagnosing, forecasting, image processing, and pattern recognition (PC Magazine, 2018).
  • Noise - Extraneous, unwanted signals that invade an electrical or optical system. In electronics, noise can come from strong electrical or magnetic signals in nearby lines, from poorly fitting electrical contacts, and from power line spikes. In optics, noise comes from the stray reflections of light that emanate from the various components in the optical system (PC Magazine, 2019).
  • Nonfunctional Requirements - The blueprint for the design of a system that performs an action in response to some triggering event. This requirement is in reaction to a specific action from the system (PC Magazine, 2019).
  • Non-Volatile Data - Data that persists even after a computer is powered down.
  • Normalization - In relational database management, a process that breaks down data into record groups for efficient processing. There are six stages. By the third stage (third normal form), data are identified only by the key field in their record (PC Magazine, 2019).
  • Normalize - The process by which differently formatted data is converted into a standardized format and labeled consistently.

O

  • Opening Application - The initial program that is instantiated when an intrusion is detected. Often used as a first line of defense to start mitigation strategies.
  • Operating System - A program that runs on a computer and provides a software platform on which other programs can run.
  • Operating System Concepts
    • Application - Software that is used for business or entertainment (PC Magazine, 2018).
    • File System - The software and method for storing and retrieving files on a disk, SSD, or USB drive. It is a major component of the operating system (OS). Applications command the OS, and the file system reads and writes the disk clusters (PC Magazine, 2018).
    • Memory - The computer's temporary workspace (PC Magazine, 2018).
    • Memory Management - A variety of methods used to store and keep track of data and programs in memory (RAM) and reclaim the space when the data or program is no longer needed (PC Magazine, 2018).
    • Privileged State - A high level of rights granted to users, which allows them to make many changes to the computer. A high level of rights granted to software (PC Magazine, 2018).
    • Thread - One process that occurs simultaneously with other processes (PC Magazine, 2018).
    • Virtual Memory - Simulating more random access memory (RAM) than actually exists, allowing the computer to run larger programs and multiple programs concurrently (PC Magazine, 2018).
  • Operating System Hardening
    • Access - To store data on and retrieve data from a disk or other peripheral device (PC Magazine, 2018).
    • Authorization - The right or permission to use a system resource; the process of granting access (PC Magazine, 2018)
    • Closing Unnecessary/Unneeded Ports - The closing of communication portals within a computer or network device that stops the flow of unwanted traffic.
    • File Management - Copying, renaming, relocating, and deleting files in the computer (PC Magazine, 2018).
    • Group Management - Adding names and passwords to electronic directories along with the assignment of rights to data and network resources (files, databases, printers, internet, etc.) for more than one person.
    • Isolation of Sensitive Data - The encapsulation of the software for storing and retrieving files on a disk, SSD, or USB drive.
    • Password Standards and Requirements - The guidelines put forth to secure a secret word or code that is used to serve as a security measure against unauthorized access to data.
    • Patch Management/Software Updates - The installation of patches from a software vendor onto an organization’s computers. Patching thousands of PCs and servers is a major issue (PC Magazine, 2018).
    • Secure Installation - The steps taken to ensure that the installation of an operating system has limited vulnerabilities.
    • Shutting Down Unnecessary/Unneeded Services - The removal of computer processes that do not lend to the functional requirements needed to execute tasks.
    • User Management - Adding names and passwords to electronic directories along with the assignment of rights to data and network resourcesfiles, databases, printers, internet, and so on (PC Magazine, 2018).
    • Vulnerability Scanning - Software that analyzes a network to determine its exposure to unwanted intruders (PC Magazine, 2018).
  • Output
    1. Any computer-generated information displayed on screen, printed on paper, or in machine readable form, such as disk and tape.
    2. To transfer or transmit from the computer to a peripheral device or communications line (PC Magazine, 2019).

P

  • Packet - The logical unit of network communications produced by the transport layer.
  • Packet Internet Groper (Ping) - An internet utility used to determine whether a particular IP address is reachable online by sending out a packet and waiting for a response. It is used to test and debug a network as well as see if a user or server is online (PC Magazine, 2018).
  • Packet Sniffer - Software that monitors network traffic on wired or wireless networks and captures packets.
  • Parallel Development - The simultaneous development of more than one version of an object (PC Magazine, 2019).
  • Partition - A logical portion of storage technology that functions as though it were physically separate from other logical portions of storage technology.
  • Password Cracking - Also known as breaking passwords, refers to the methods and tools used for successfully guessing passwords.
  • Patent - The granting of a property right by a sovereign authority to an inventor (Kenton, 2019b).
  • PCI DSS - A document library that includes framework of specifications, tools, measurements and support resources to help organizations ensure the safe handling of cardholder information (PCISSC, 2018).
  • Phishing - A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person (Dukes, 2015).
  • Phishing Attacks - This is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," this process involves an official-looking email being sent to potential victims and pretending to be from their bank or retail establishment. Emails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization (PC Magazine, 2018).
  • Plain Text - The original unencrypted message.
  • Policy - A high-level statement of management intent that formally establishes requirements to guide decisions and achieve rational outcomes (Cornelius, 2017).
  • Policy Management - Enforcing the policy (i.e., rules and regulations) of the organization that pertain to information and computing. Also called “policy-based management,” policy management mostly deals with database access and network resource issues, such as which users have access to what data and how network traffic is prioritized (PC Magazine, 2018).
  • Privileged and Non-privileged States - The rights granted to a single user or group of users who operate a computer. Administrative privileges allow a user the right to make any and all changes in the computer, including setting up accounts for other users. User-level privileges are more restricted. The rights granted to software running in the computer, which determines which hardware and software resources can be accessed and changed (PC Magazine, 2018).
  • Procedure - A formal method of doing something based on a series of action conducted in a certain order or manner (Cornelius, 2017).
  • Process - An executing program.
  • Process - To manipulate data in the computer. The computer is said to be processing no matter what action it is taking upon the data, whether the data is actually being updated in a database or just being displayed on-screen. In order to evaluate a computer system’s performance, the time it takes to process data internally is often analyzed separately from the time it takes to get it in and out of the computer. The I/O (input/output) is usually more time consuming than the processing (PC Magazine, 2018).
  • Process Model - A formal way of representing how a business system operates (PC Magazine, 2019).
  • Program Manager - A person who is responsible for managing different, but related projects (Cohen, 2017).
  • Project Charter - The authority to initial the project which contains the preliminary roles and responsibilities of the project (Westland, 2018).
  • Project Integration Management - A means of identifying, defining, combining, unifying, and coordinating the many processes and activities within the project management process (Westland, 2018).
  • Project Management Plan - Defines how processes in the project can work together for greater efficiency and productivity (Westland, 2018).
  • Project Manager - The person responsible for leading a project from its inception to execution (Techopedia, 2019).
  • Project Plan - An essential document for keeping the project on track. Normally includes scope, timeline, and goals (PC Magazine, 2019).
  • Project Sponsor - A person or organization in charge of driving the project towards directions to bring a successful realization of expected benefits (McConnell, 2012).
  • Project Triangle - Three constraints which are part of every project based on time, scope, and cost (Astle, 2015).
  • Protocol Analyzer - Software that can reassemble streams from individual packets and decode communications that use various protocols.
  • Prototype - Creating a demo of a new system. Prototyping is essential for clarifying information requirements. The design of a system (functional specs) must be finalized before the system can be built. While analytically oriented people may have a clear picture of requirements, others may not (PC Magazine, 2019).
  • Proxy - Software that receives a request from a client, then sends a request on the client’s behalf to the desired destination.
  • Proxy Server - It is a computer system or router that breaks the connection between sender and receiver. Functioning as a relay between client and server, proxy servers help prevent an attacker from invading a private network and are one of several tools used to build a firewall. The word proxy means “to act on behalf of another,” and a proxy server acts on behalf of the user. All requests from clients to the internet go to the proxy server first. The proxy evaluates the request, and if allowed, reestablishes it on the outbound side to the internet. Likewise, responses from the internet go to the proxy server to be evaluated. The proxy then relays the message to the client. Both client and server think they are communicating with one another, but, in fact, they are dealing only with the proxy (PC Magazine, 2018).

Q

R

  • Rapid Application Development - Developing systems incrementally and delivering working pieces every three to four months, rather than waiting until the entire project is programmed before implementing it (PC Magazine, 2019).
  • Rate Fixing - The authority of a state to set the rates that a company or a public utility can charge its customers (Cambridge Dictionary, 2019).
  • Reach Back - The amount of time that can be assessed to look back at events that influenced behaviors. This methodology is used to determine the history of events that led up to an intrusion.
  • Regulatory Objectives - Protecting and promoting the public interest. Supporting the constitutional principle of the rule of law. Improving access to justice. Protecting and promoting the interests of consumers (Cambridge Dictionary, 2019).
  • Relationship- The association of two or more entities; through this association, the business policy of the data model is expressed (Robertson & Robertson, 2013).
  • Remote Access Server - Devices, such as virtual private network gateways and modem servers, that facilitate connections between networks.
  • Reporting - The final phase of the computer and network forensic process after collection, examination, and analysis. Reporting involves reporting the results of the analysis. This may include describing the actions used; explaining how tools and procedures were selected; determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls); and providing recommendations for improvement to policies, guidelines, procedures, tools, and other aspects of the forensic process. The formality of the reporting step varies greatly depending on the context.
  • Requirement - The information needed to support a business or other activity. Systems analysts turn information requirements (the what and when) into functional specifications (the how) of an information system (PC Magazine, 2019).
  • Requirements Gathering - The process of gathering system functionality that must exist within the final product (PC Magazine, 2019).
  • Return on Investment (ROI) - A measure of performance used to evaluate the efficiency of an investment or compart the efficiency of a number of different investments (Chen, 2019).
  • Risk - A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of the adverse impacts that would arise if the circumstance or event occurs and the likelihood of the occurrence (Dukes, 2015).
  • Risk - The expectation of loss. Risk is a function of the probability and consequences of harm (PC Magazine, 2019).
  • Risk Assessment - An analysis of the potential for risk of loss or damage of organizational assets in an extreme event.
  • Risk Assessment - A report that shows an organization's vulnerabilities and the estimated cost of recovery in the event of damage. It also summarizes defensive measures and associated costs based on the amount of risk the organization is willing to accept (PC Magazine, 2019).
  • Risk Management - The optimal allocation of resources to arrive at a cost-effective investment in defensive measures within an organization (PC Magazine, 2019).
  • Risk Management - The process of identifying, estimating, and prioritizing risks to organizational operations, organization assets, individuals, other organizations, and the Nation, resulting from the operation of an information system (Dukes, 2015).
  • Risk Management Framework (RMF) - A structured approach used to oversee and manage risk for an enterprise (Dukes, 2015).
  • Risk Register - A document or system that is used to capture risk management status (Spacey, 2017).
  • Rogue Trader - A stockbroker who secretly loses a large amount of their employer's money after making a bad or illegal investment (Cambridge Dictionary, 2019).
  • Root Cause - An initiating cause of either a condition or a causal chain that leads to an outcome or effect of interest (PC Magazine, 2019).
  • Root Cause Analysis - A method of problem solving used for identifying the root causes of faults or problems (PC Magazine, 2019).
  • Routing Table - A database in a router that contains the current network topology (PC Magazine, 2018).
  • Rule of Data Conservation - The concept that each system component must receive data that are both necessary and sufficient to produce its output (Robertson & Robertson, 2013).

S

  • Scope Creep - The continual enhancement of the requirements of a project as the system is being constructed (PC Magazine, 2019).
  • Sector The smallest unit that can be accessed on media.
  • Secure Network Design - The development of system protection to control access to data in or on a network.
  • Security Architectures - An umbrella term for the protection of electronic data and networks. In the IT world, security comprises authorization (who has access), authentication (whether this is the authorized user), encryption (scrambling data for privacy), and malware protection (avoiding destructive infiltration), as well as backup and disaster recovery (assurance against failure) (PC Magazine, 2019).
  • Security Event Management Software - Software that imports security event information from multiple data sources, normalizes the data, and correlates events among the data sources.
  • Separation of Duty (SOD) - A security principle that divides critical functions among different staff members in an attempt to ensure that no one individual has enough information or access privilege to perpetrate damaging fraud (CSRC, n.d.).
  • Session Hijacking - Seizing unauthorized control of a computer or communications session in order to steal data or compromise the system in some manner (PC Magazine, 2018).
  • Session Interruption - Stopping the current process where irregularities have been detected. This is a form of intrusion detection that stops rogue processes from getting out of control.
  • Signature Detection - The identification of a threat based on the pattern or content of its creation. Signatures are also identified by previous incidents that involved the process.
  • Slack Space - The unused space in a file allocation block or memory page that may hold residual data.
  • Sniffing - This allows individuals to capture data as it is transmitted over a network. This technique is used by network professionals to diagnose network issues, and by malicious users to capture unencrypted data, like passwords and usernames (PC Magazine, 2018).
  • SNMP Trap - Using the network management protocol to trap data on the network. This can be used to isolate bad traffic so it can be handled.
  • Specification-Based Detection - Identification of a threat based on a set of rules that were violated. This process is very specific and is used in companies that are looking for compliance issues and compliance regulations.
  • Spoofing
    • Faking the sending address of a transmission in order to gain illegal entry into a secure system;
    • Creating fake responses or signals in order to keep a session active and prevent timeouts. For example, mainframes continuously poll their terminals. If the lines to remote terminals are temporarily suspended because there is no traffic, a local device spoofs the host with "I'm still here" responses;
    • The most common forms of spoofing are:
      • DNS server: Modifies a DNS server in order to redirect a domain name to a different IP address. It's typically used to spread viruses;
      • ARP: Links a perpetrator’s MAC address to a legitimate IP address through spoofed ARP messages. It's typically used in denial of service (DoS) and man-in-the-middle assaults;
      • IP address: Disguises an attacker’s origin IP. It's typically used in DoS assaults. (PC Magazine, 2018)
  • Social Engineering - An attempt to trick someone into revealing information (e.g., a password) that can be used to attack systems or networks (Dukes, 2015).
  • Social Engineering - Using deception to obtain confidential information from someone by phone or in person. For example, these attackers may persuade someone to reveal an ID or password for a supposedly benign purpose. ("My computer is down; can I use yours in the meantime?") They can even walk in off the street and pretend to be from IT doing a routine inspection (PC Magazine, 2018).
  • Software Attack Surface
    • This is comprised of the software environment and its interfaces. These are the applications and tools available to authorized (and unauthorized) users;
    • This is calculated across a lot of different kinds of code, including applications, email services, configurations, compliance policy, databases, executables, DLLs, web pages, mobile apps, device OS, etc. (Brocklehurst, 2014)
  • Software Security Analysis
    • Brainstorming - This group activity is a popular technique among business analysts. Brainstorming as a group is used to generate ideas, analyze root causes, and propose solutions for problems (WhizLabs, 2018).
    • Business Process Modeling - This business analysis technique is used during the analysis phase of a project to identify gaps between an existing business process and a future business process that the organization is opting for (WhizLabs, 2018).
    • Dynamic Analysis Techniques - The examination of interpreted resources that are within a system. The target is normally a front-end process or application that changes regularly. This is commonly used for detection of malware and viruses as they are being executed in a controlled manner.
    • MOST Analysis - Mission, objective, strategy, tactics (MOST) analysis is the process of outlining the details of the business plan. The outline is used during the startup of the business and also after the business is up and running. The analysis can be used for continuous improvement to keep the business aligned to its strategic goals.
    • Sandbox - A restricted environment in which certain functions are prohibited. For example, deleting files and modifying system information, such as registry settings and other control panel functions, may be prohibited. Sandboxes are used to isolate one running application from another and to run software downloaded from the internet that is not entirely trusted (PC Magazine, 2018).
    • Source and Binary Code Analysis - The examination of executable files within a computer. Usually done with some type of pattern matching algorithm that can detect when viruses or exploits have been added to an executable software package.
    • Static Analysis Techniques - The examination of compiled resources that are within a system. The target is normally a system component and is not subject to change regularly. This process looks to detect malware without actually executing the code.
    • SWOT Analysis - Strengths, weaknesses, opportunities, threats (SWOT) is a four-quadrant analysis. The business analyst answers the questions in the quadrants by placing relevant data in each quadrant (WhizLabs, 2018).
    • Testing Methodologies - Quality assurance methodologies that consist of test plans and other avenues to assure that the code within an application is as error free as possible.
    • Use Case Modeling - A technique to pictorially illustrate how the business functions should work in a proposed system through user interactions. This is mainly used in the design phase of software development projects to transform business requirements into functional specifications (WhizLabs, 2018).
  • Specification-Based Detection - Identification of a threat based on a set of rules that were violated. This process is very specific and is used in companies that are looking for compliance issues and compliance regulations.
  • Spoofing - Faking the sending address of a transmission to gain illegal entry into a secure system (Dukes, 2015).
  • Spoofing - Faking the sending address of a transmission in order to gain illegal entry into a secure system. Creating fake responses or signals in order to keep a session active and prevent timeouts. For example, mainframes continuously poll their terminals. If the lines to remote terminals are temporarily suspended because there is no traffic, a local device spoofs the host with “I’m still here” responses. The most common forms of spoofing are the following:
    • ARP: Links a perpetrator’s MAC address to a legitimate IP address through spoofed ARP messages. It’s typically used in denial-of-service (DoS) and man-in-the-middle assaults.
    • IP Address: Disguises an attacker’s origin IP. It’s typically used in DoS assaults.
    • DNS Server: Modifies a DNS server in order to redirect a domain name to a different IP address. It’s typically used to spread viruses. (PC Magazine, 2018)
  • SQL Injection Attacks (SQLi) - An exploit that takes advantage of database query software that does not thoroughly test the query statement for correctness. Along with cross-site scripting, this is used by worms to break into websites and extract data or embed malicious code (PC Magazine, 2018).
  • Stakeholder - A person or a group who has an interest—vested or otherwise—in an enterprise and whose support is required to be successful (Rouse, 2017).
  • Stakeholder - Any individual who may be affected by a business decision. The term may refer to just about anyone who has some interest in a company or its products; however, it specifically excludes shareholders, who are officially part owners of the company (PC Magazine, 2019).
  • Standards - Are formally-established requirements in regard to processes, actions, and configuration (Cornelius, 2017).
  • Statistical Techniques - The analysis of intrusion detection based on a pattern of numbers or a sequence of steps taken by the attacker.
  • Stealth Mode - Taking place in secret. Stealth mode often refers to the policy of startups, when companies are developing unique products, or the policy of established companies when they are creating something new. Everyone is sworn to secrecy, and a low profile is kept until launch time (PC Magazine, 2018).
  • Steganography - Embedding data within other data to conceal it.
  • Strategic Alignment - The process and the result of linking an organization's structure and resources with its strategy and business environment (PC Magazine, 2019).
  • Strengths, Weaknesses, Opportunities, and Threats (SWOT) Analysis - An organizational study used to determine the strengths, weaknesses, opportunities, and threats that relate to the organization, as well as to its external opportunities and threats.
  • Structured Design - A set of tools, concepts, and strategies involving hierarchical partitioning in a top-down manner, using coupling and cohesion analysis to refine the design (Robertson & Robertson, 2013).
  • Structured Programming - The convention, first proposed by the Italians Böhm and Jacopini, that computer programs are written using only selection and repetition to join the statements. This is commonly, and somewhat incorrectly, known as “goto-less” programming (Robertson & Robertson, 2013).
  • Subdirectory - A directory contained within another directory.
  • Subtype - An entity that has its own unique characteristics and also shares the characteristics of its supertype entity (Robertson & Robertson, 2013).
  • Supertype - A generalized entity. Its business role and its attributes are common to all subtypes (Robertson & Robertson, 2013).
  • Supply Chain Risk Management (SCRM) - A systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier (Dukes, 2015).
  • Symmetric Encryption - A method of encryption that uses the same key for encrypting and decrypting data.
  • Systems Analysis and Design - The examination of a problem and the creation of its solution (PC Magazine, 2019).
  • Systems Development Life Cycle (SDLC) - The sequence of events in the development of an information system (application), which requires mutual effort on the part of both the user and technical staff (PC Magazine, 2019).
  • System Development Life Cycle (SDLC) - The scope of activities associated with a system, encompassing the system’s initiation, development, and acquisition, implementation, operation and maintenance, and ultimately its disposal that instigates another system initiation (Dukes, 2015).

T

  • T1 Line - A 1.544-Mbps point-to-point, dedicated, digital circuit provided by the telephone companies. With the monthly cost typically based on distance, these are widely used for connecting an organization's PBX to the telephone company or a local network (LAN) to an internet provider (ISP). They are also used for internet access in buildings that have no DSL, cable, or fixed wireless coverage (PC Magazine, 2018).
  • Temporal Trigger - An event that is caused by some period of time.
  • Thread - In a multithreaded system, a thread is one process that occurs simultaneously with other processes (PC Magazine, 2018).
  • Threat - Any circumstance or event with the potential to adversely impact organizational operations, organizational assets, individuals, or other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service (Dukes, 2015).
  • Threat Actor - An individual or entity that poses a threat to the security of an organization. Also called a "malicious actor" (PC Magazine, 2018).
  • Threat Information Sources (e.g., CERT) - Analytical insights into trends, technologies, or tactics of an adversarial nature affecting information systems security (CNSS, 2003).
  • Three-Way Handshake - Signals transmitted back and forth over a communications network in order to establish a valid connection between two stations (PC Magazine, 2019).
  • Time Bomb - Resident computer program that triggers an unauthorized act at a predefined time (Dukes, 2015).
  • Tone - The attitude of a writer toward a subject or audience.
  • Trace Recording - The capture of network traffic from a specific host to a destination. Usually done after an intrusion has been detected.
  • Transmission Control Protocol - The reliable transport protocol within the TCP/IP protocol suite (PC Magazine, 2019).
  • Trigger
    1. A mechanism that initiates an action when an event occurs such as reaching a certain time or date or upon receiving some type of input. A trigger generally causes a program routine to be executed.
    2. In a database management system (DBMS), a trigger is an SQL procedure that is executed when a record is added or deleted. It is used to maintain referential integrity in the database. A trigger may also execute a stored procedure (PC Magazine, 2019).
  • Trojan Horse - The term comes from Greek mythology, in which the Greeks battled the Trojans (people of Troy). After years of being unable to break into the fortified city, the Greeks built this, filled it with soldiers and pretended to sail away. After the Trojans brought this into the city, the Greek soldiers crept out at night and opened the gates of Troy to the returning soldiers, and Troy was destroyed (PC Magazine, 2018).
  • Trojan Horse - A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms (Dukes, 2015).
  • Trojan Virus - A program that appears legitimate but performs some illicit activity when run. It may be used to locate password information or make the system more vulnerable to future entry or simply destroy the user's stored software and data. This is similar to a virus, except that it does not replicate itself. Often sneaking in attached to a free game or other supposedly worthwhile utility, it remains in the computer doing damage or allowing someone from a remote location to take control (PC Magazine, 2018).
  • Trusted Computing Base (TCB) Subsets - Everything that causes a computer system or network to be devoid of malicious software or hardware (PC Magazine, 2019).
  • Tuckman-Jensen Model - A five-step team development process consisting of forming, storming, norming, performing, and adjourning (Mulder, 2013).
  • Turning Point A time at which a decisive change in a situation occurs, especially one with beneficial results (Cambridge Dictionary, 2019).

U

  • Uniform Resource Locator (URI) - The address that defines the route to a file on an internet server (PC Magazine, 2019).
  • Use Case - An action that takes place between two entities, typically between the user and the computer. A use case may also be an event that takes place between two computers (PC Magazine, 2019).
  • User Datagram Protocol (UDP) - A TCP/IP protocol that is widely used for streaming audio and video, voice over IP (VoIP), and videoconferencing (PC Magazine, 2019).

V

  • Viewpoint - A particular attitude or way of considering a matter (PC Magazine, 2019).
  • Virtualization - A variety of technologies for managing computer resources by providing a software interface, known as an abstraction layer, between the software (operating system and applications) and the hardware. Virtualization turns “physical” RAM and storage into “logical” resources (PC Magazine, 2018).
  • Virtual Memory - Simulating more random access memory (RAM) than actually exists, allowing the computer to run larger programs and multiple programs concurrently. A common function in most every OS and hardware platform, virtual memory uses storage (hard drive or solid-state drive) to temporarily hold what was in RAM. Virtual memory allows multiple programs to load in RAM at the same time. Each application addresses RAM starting at zero, but virtual memory takes control of the RAM addressing and lets each application function as if it had unlimited RAM (PC Magazine, 2018).
  • Virtual Private Network (VPN) - A private network configured within a public network, such as the internet or a carrier’s network. Years ago, this obsoleted private lines between company branches. VPNs also allow mobile users access to the company LAN by using data encryption to maintain privacy. In the past, common carriers used their vast networks to “tunnel” traffic between customer locations to give the appearance of a private network while sharing backbone trunks, no different than the way the internet works. Prior to the internet’s IP protocol, VPNs were built over X.25, Switched 56, frame relay, and ATM technologies (PC Magazine, 2018).
  • Virus - Software used to infect a computer. After the code is written, it is buried within an existing program. Once that program is executed, the code is activated and attaches copies of itself to other programs in the computer and other computers in the network. Infected programs continue to propagate it, which is how it spreads (PC Magazine, 2018).
  • Visual / Audio Alert - The use of alarms or warning systems to make individuals aware that the system has been compromised.
  • Visualization - Using the computer to convert data into picture form. The most basic visualization is that of turning transaction data and summary information into charts and graphs. Visualization is used in computer-aided design (CAD) to render screen images into three-dimensional models that can be viewed from all angles and can also be animated (PC Magazine, 2019).
  • Volatile Data - Data on a live system that is lost after a computer is powered down.
  • Vulnerability - A weakness in an information system, system security procedures, internal controls, or implementation that could be exploited by a threat source (Dukes, 2015).

W

  • Warm Site - Considered a hybrid recovery site, this site has the necessary environmental systems, power systems, and computing infrastructure required for the restoration of computing services. However, the systems may require patching and updating before normal processing can begin.
  • Waterfall Development - An information system development project that proceeds sequentially from the requirements stage to the implementation stage without delivering working pieces in between and without obtaining customer feedback on the way (PC Magazine, 2019).
  • Web Application Attacks - These attacks are considered by security experts to be the greatest and often the least understood of all risks related to confidentiality, availability, and integrity. The purpose of a this attack is significantly different from other attacks; in most traditional penetration testing exercises, a network or host is the target of attack. These attacks focus on an application itself and function on layer 7 of the OSI (Desmond, 2004).
  • Web Application Security
    • Access Controls - The management of admission to system and network resources. It grants authenticated users access to specific resources based on company policies and the permission level assigned to the user or user group. Access control often includes authentication, which proves the identity of the user or client machine attempting to log in (PC Magazine, 2018).
    • AJAX - Asynchronous JavaScript and XML (AJAX) is an enhancement in JavaScript that allows web pages to be more interactive and behave like local applications, which are also known as "rich client" applications (PC Magazine, 2018).
    • Application Server Vulnerabilities - Exploits that occur on networked computers that share a vulnerability through commonly installed software.
    • Attacking Application Logic - The process of reverse engineering software to determine the best course of exploitation of the software.
    • Authentication - Verifying the integrity of a transmitted message. Also, verifying the identity of a user logging into a network. Passwords, digital certificates, smart cards, and biometrics can be used to prove the identity of the client to the network. Passwords and digital certificates can also be used to identify the network to the client. The latter is important in wireless networks to ensure that the desired network is being accessed (PC Magazine, 2018).
    • Blind SQL Injection - A type of Structured Query Language (SQL) injection attack that asks the database true or false questions and determines the answer based on the application’s response. This attack is often used when the web application is configured to show generic error messages, but the code that is vulnerable to SQL injection has not been mitigated (CGISecurity, 2018).
    • Client-Side Controls - Any mechanisms or devices that allow any operations performed at the user’s computer.
    • Cross-Site Request Forgery - An attack that forces an end user to execute unwanted actions on a web application in which the user is currently authenticated (CGISecurity, 2018).
    • Cross-Site Scripting - Causing a user's web browser to execute a malicious script. There are several ways this is done. One approach is to hide code in a "click here" hyperlink attached to a URL that points to a non-existent webpage. When the page is not found, the script is returned with the bogus URL, and the user's browser executes it (PC Magazine, 2018).
    • Encoding System - In a digital system, a method of assigning binary codes to represent data (PC Magazine, 2018).
    • Function-Specific Input Vulnerabilities - The variables or objects that are used as parameters to a function that may or may not be susceptible to exploits.
    • HTTP Protocol - The communications protocol used to connect to web servers on the internet or on a local network (intranet). Its primary function is to establish a connection with the server and send HTML pages back to the user's browser. It is also used to download files from the server either to the browser or to any other requesting application that uses HTTP (PC Magazine, 2018).
    • JSON - JavaScript object notation (JSON) is a text-based data format that is the lightweight alternative to XML. JSON is widely used on the web for data interchange (PC Magazine, 2018).
    • Recent Attack Trends - The current threat landscape and the modern exploits that are being used.
    • Server-Side Controls - Any mechanisms or devices that allow any operations performed at the server (PC Magazine, 2018).
    • Session Management - The overview and control of communications. The active connection between a user and a computer or between two computers (PC Magazine, 2018).
    • Shared Hosting Vulnerabilities - Exploits that are common between PCs. Typically caused by some type of file sharing protocol.
    • SQL Injection - An exploit that takes advantage of database query software that does not thoroughly test the query statement for correctness. Along with cross-site scripting, SQL injection is used to break into websites and extract data or embed malicious code (PC Magazine, 2018).
    • Web Application Architectures - An application in which all or some parts of the software are downloaded from the web every time it runs. Following are explanations of each type:
      • Browser Based - In a browser-based web application, the user simply goes to a website, and JavaScript instructions are contained within the webpages that are retrieved. Combined with the HTML and Cascading Style Sheets (CSS) style sheet, which provide the visual layout, the browser executes the code and renders the page. In addition, processing at the server side is typically performed to access databases and other support functions. The data for a web application may be stored locally, on the web, or in both locations (PC Magazine, 2018).
      • Client Based - Web applications may also run without the browser. A client program, which is either installed in the user's computer or mobile device or is downloaded each session, interacts with a server on the web using standard web protocols. This is similar to the "client/server" architecture that prevailed in companies before the internet exploded, except that today the server is on the internet rather than the local network. Just as in browser-based applications, the data may be stored remotely or locally (PC Magazine, 2018).
      • Native Mobile Apps - Countless native iOS and Android apps use the web for additional information, such as a weather app that downloads the latest climate data or a stock app that gets the latest market quotes. Using the web's HTTP protocol, myriad mobile apps retrieve data in the background that users may or may not be aware of (PC Magazine, 2018).
    • XML - The most widely used semi-structured format for data, introduced by the World Wide Web Consortium (W3C) in 1998. XML files contain only tags and text, similar to HTML (PC Magazine, 2018).
  • Whitelisting - During creation of access control for computer systems, a list of items, such as IP addresses, that are explicitly allowed due to trustworthiness.
  • Wiping - Overwriting media or portions of media with random or constant values to hinder the collection of data.
  • Wireless Attacks - A malicious action against wireless system information or wireless networks; examples can be denial of service attacks, penetration, and sabotage (Khosrow-Pour, 2005).
  • Work Breakdown Structure - A deliverable-oriented breakdown of a project into smaller components (PC Magazine, 2019).
  • Working Model - A prototype that demonstrates that each process in the data flow diagram can manufacture its outputs from its inputs, and each entity and relationship in the data model can supply or store the data needed by all the processes (Robertson & Robertson, 2013).
  • Write Blocker - A tool that prevents all computer storage media connected to a computer from being written to or modified.

X

Y

Z

  • Zero-Day Exploits - An attack that exploits a previously unknown hardware, firmware, or software vulnerability (CNSS, 2003)

References

Astle, M. (2018, August 18). The Project Management Triangle: How to Manage Constraints and Ship on Time. Retrieved from https://clearbridgemobile.com/the-project-management-triangle-how-to-manage-constraints-and-ship-on-time/

Bishop, M. (2003). Computer security: Art and Science (1st ed.). Boston, MA: Addison-Wesley Professional.

Blaha, J. (2018, May 25). Mandatory Vacations. Retrieved from http://www.osa.state.mn.us/default.aspx?page=20090724.060

Brocklehurst, K., (2014). Understanding what constitutes your attack surface. Retrieved from https://www.tripwire.com/state-of-security/featured/understanding-constitutes-attack-surface-2/

Brooks, C. (2015). CHFI: Computer hacking forensic investigator certification all-in-one exam guide. McGraw-Hill Education.

Cambridge dictionary. (2019). Cambridge University Press. Retrieved from https://dictionary.cambridge.org/us/

Cebula, J. J., Popeck, M. E., & Young, L. R. (2014). A taxonomy of operational cyber security risks version 2. Pittsburgh, PA: Software Engineering Institute.

CGISecurity. (2018). What is blind SQL injection? Retrieved from https://www.cgisecurity.com/questions/blindsql.shtml

Chen, J. (2019, October 13). Return on Investment (ROI). Retrieved from https://www.investopedia.com/terms/r/returnoninvestment.asp

CNSS. (2003). National information assurance (IA) glossary. Retrieved from https://www.ecs.csus.edu/csc/iac/cnssi_4009.pdf

Cohen, E. (2017, October 24). Program Management: Definition, Roles, Responsibilities & Resources. Retrieved from https://www.workamajig.com/blog/program-management-guide

Computer Security Resource Center. (2019). National Institute of Standards and Technology. Retrieved from https://csrc.nist.gov/csrc/media/publications/fips/140/1/archive/1994-01-11/documents/fips1401.pdf

Cornelius, B. (2017, November 27). Understanding Policies, Control Objectives, Standards, Guidelines & Procedures. Tripwire. Retrieved from https://www.tripwire.com/state-of-security/regulatory-compliance/understanding-policies-control-objectives-standards-guidelines-procedures/

CSRC. (n.d.). Separation of Duty. Retrieved from https://csrc.nist.gov/glossary/term/Separation-of-Duty

Desmond, P. (2004). All-out blitz against web app attacks. Retrieved from http://www.networkworld.com/techinsider/2004/0517techinsidermain.html

Dukes, C. (2015, April 6). Committee on National Security Systems (CNSS) Glossary. Retrieved from https://www.cnss.gov/CNSS/openDoc.cfm?9HTh9TDtTymEEVYw+FdaWQ==

Erstad, W. (2018, October 29). Civil Law vs. Criminal Law: Breaking Down the Differences. Retrieved from https://www.rasmussen.edu/degrees/justice-studies/blog/civil-law-versus-criminal-law/

Hamman, S. T., Hopkinson, K. M., Markham, R. L., Chaplik, A. M., & Metzler, G. E. (2017). Teaching game theory to improve adversarial thinking in cybersecurity students. IEEE Transactions on Education, 60(3), 205-211.

Invincea. (2015). Know your adversary: An adversary model for mastering cyber-defense strategies. Retrieved from http://www.ten-inc.com/presentations/invincea1.pdf

Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006, August). Guide to integrating forensic techniques into incident response. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf

Kenton, W. (2019a, May 9). Copyright. Retrieved from https://www.investopedia.com/terms/c/copyright.asp

Kenton, W. (2019b, June 23). Patent. Retrieved from https://www.investopedia.com/terms/p/patent.asp

Kenton, W. (2019c, October 24). Administrative Law. Retrieved from https://www.investopedia.com/terms/a/administrative-law.asp

Khosrow-Pour, M. (Ed.). (2015). Encyclopedia of information science and technology (3rd ed.). Hershey, PA: IGI Global.

Kim, D., & Solomon, M. G. (2013). Fundamentals of information systems security (2nd ed.). Burlington, MA: Jones & Bartlett Publishers.

Kowalczyk, C. (2019). Crypto-IT. Retrieved from http://www.crypto-it.net/eng/attacks/

McConnell, E. (2012, February 22). Project Sponsor – The Role and Responsibilities. Retrieved from http://mymanagementguide.com/project-sponsor-indentifying-project-sponsor-role-and-responsibilities/

Mulder, P. (2013). Tuckman stages of group development. Retrieved from https://www.toolshero.com/management/tuckman-stages-of-group-development/

Muniz, J., & Lakhani, A. (2018). Investigating the cyber breach: The digital forensics guide for the network engineer. Indianapolis, IN: Cisco Press.

NIST. (2013). Security and privacy controls for federal information systems and organizations. Retrieved from http://dx.doi.org/10.6028/NIST.SP.800-53r4

Northcutt, S. (n.d.). Security laboratory: Defense in depth series. SANS Technology Institute. Retrieved from https://www.sans.edu/cyber-research/security-laboratory/article/372

PCISSC. (2018). Document library. Retrieved from https://www.pcisecuritystandards.org/document_library

PC Magazine. (2018). Encyclopedia. Retrieved from https://www.pcmag.com/encyclopedia

PC Magazine. (2019). Encyclopedia. Retrieved from https://www.pcmag.com/encyclopedia

Price, R. (2019). CompTIA Server+ certification guide. Birmingham, UK: Packt Publishing.

Robertson, J., & Robertson, S. (2013). Complete systems analysis: The workbook, the textbook, the answers. New York, NY: Dorset House Publishing Co., Inc.

Rerup, N., & Aslaner, M. (2018). Hands-on cybersecurity for architects. Birmingham, UK: Packt Publishing.

Roback, E. (2000, November 28). Federal Information Technology Security Assessment Framework. NIST. Retrieved from https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=918351

Rouse, M. (2015a, May). Communications Plan. TechTarget. Retrieved from https://whatis.techtarget.com/definition/communication-plan

Rouse, M. (2015b, February). Framework. TechTarget. Retrieved from https://whatis.techtarget.com/definition/framework

Rouse, M. (2017, January). Stakeholder. TechTarget. Retrieved from https://searchcio.techtarget.com/definition/stakeholder

Rouse, M. (2014). NetFlow. WhatIs.com. Retrieved from https://whatis.techtarget.com/definition/NetFlow-Cisco

Saini, V. K., Duan, Q., & Paruchuri, V. (2008). Threat modeling using attack trees. Journal of Computing Sciences in Colleges, 23(4), 124-131.

Saltzer, J., & Schroeder, M. (1975). The protection of information in computer systems. Proceedings of the IEEE, 63(9), 1278-1308. doi:10.1109/proc.1975.9939

Sammons, J. (2015). The basics of digital forensics: The primer for getting started in digital forensics (2nd ed.). Waltham, MA: Syngress/Elsevier.

Schneier, B. (n.d). Schneier on Security. Retrieved from https://www.schneier.com/academic/twofish/

Sheward, M. (2018). Hands-on incident response and digital forensics. Swindon, UK: BCS Learning & Development Ltd.

Shiel, W. C. (n.d.). Medical Definition of HIPAA. Retrieved from https://www.medicinenet.com/script/main/art.asp?articlekey=31785

Snedaker, S., & Rima, C. (2014). Business continuity and disaster recovery planning for IT professionals (2nd ed.). Waltham, MA: Syngress/Elsevier.

Spacey, J. (2017, April 20). 11 Elements of a Risk Register. Retrieved from https://simplicable.com/new/risk-register

Stringfellow, Angela. (2017, September). Log aggregation 101: Methods, tools, tutorials and more. Retrieved from https://stackify.com/log-aggregation-101/

Techopedia. (2019). Project Manager. Retrieved from https://www.techopedia.com/definition/677/project-manager-pm

Tjaden, B. C. (2015). Appendix 1 Cybersecurity first principles. Retrieved from https://users.cs.jmu.edu/tjadenbc/Bootcamp/0-GenCyber-First-Principles.pdf

Westland, J. (2018, July 12). Project Integration Management – A Quick Guide. Retrieved from https://www.projectmanager.com/blog/project-integration-management-a-quick-guide

White, J. (n.d.). Dumpster Diving. Retrieved from https://www.lifelock.com/learn-identity-theft-resources-dumpster-diving.html

WhizLabs. (2018). 10 most popular business analysis techniques. Retrieved from https://www.whizlabs.com/blog/best-business-analysis-techniques/