regcetrtam son A ASO! sow ceraion. tamPepsaion Mantes CniningEdxaon Conmustes CISSP Glossary - Student Guide Familiarize yourself with the terms you may encounter in the official (ISC}? CISSP courseware. BCD ECHL KLM NOOB ST UvW Acceptable risk _Astable ove of isk comensurate withthe potential benefts ofthe organizations operations a determined by Senlor management ‘Accesscontol system Means toensure that acces to acess authorize and restricted based on business and securiy requirements Felted ological and physical systems ‘Aecesscontraltokens_Thesystom dais if accessis tobe grate ordered based upon the vay ofthe token fr the pent where it \seadbased on ie, dae, day hokey, oF oer condtion sed for centvoling validation. Account _Aecountaility ensures that account management system and using prope sssorance that ony authorized users are accessing the ActiveX Data Objects Microsoft hig evel interface forall kinds of a 00) Address Resluion Isused atthe Media Access Control MAC) Layer ta provide for rect communication between two devices within Protocl AR) ‘the same LAN segment ‘Ngoc _Amathemstcal function thats used inthe encryption and decryption processes eset ‘an iter pareve a having value ese eile “Th phases that an asset goes hugh fom creation colction) to destuton. Ammen Netidentcaon bthsides: In cryptography, Key pairs are used one to enc the oer to decrypt rtacsurace Different security testing methods lifferenevunerabalty types. ‘uibute- based access This san access contol pad whereby access rights are ranted to users wth poles that combine atuibutes corre B40) together. Auditing “The tooe process, nd atte used to perf compliance evens Authoristion ‘The proves of dering the specific resources a wer needs and determining the typeof acess to those resources the user may have Dvsinbigy Ensuring ily and relisble access to and use of information by authorized usersBaclines ackboxtesting Bluetooth Wireess Personal Area Network veeen02.15) ridges Business continuity (80) Business como and dear ecovery ‘econ, Business impact, analy (84) capatity atari ode for Software oF Sofware apabilty arty Model (CMM or Swen Cellar Nework erticate authority (CA) ‘Charge management WAC Tad Chere assfeaton cossene Code sion ile _access(COMA) common Obiac Aminimuam eel of security. ost essential representation of data (2a or one) at Layer 1 ofthe Open Stems nterconnection (0) model ‘Testing where no internal det ofthe syste implementation are used ‘Buetooth wireless technology san open standard for short range ai frequency communication used primary ‘establish wireless personal area networks (PANS) andithas been iterated intomany types of business and ‘consumer devices Layer 2 devices tat fer raf beeen segments based on Mada Access Control MAC] adresses, ‘Actions, processes, and tools for ensuring an organization can continue cra operations during aconingeny _Aterm ust oly describ sins coninuty and deat racovery effet ‘Alt ofthe orgaizaon' assets annotated torflect the cai ofeach asst tothe organization. Maturity model focused on quality management processes and has ve maturity levels that contain several key practices wthin ech macury eve Arata nemorkafsributed over and areas cabed els each served by atleast oneFiedcation transceiver, roan asa cal ste or base tation. ‘an entiy trusted by one or more users as an autor that sues, revokes and manages digital certicates to bind Indus and enties to her pubic keys _Aformal, methodical comprehensive process for requesing reviewing. and approving changesto thebazeline of ther enviconmers. Security medel wth the thre secur concepts of confident, iter anc avalailty makeup the OA Tr Ils aso sometimes referred 35 the AC Tad. “The tered form ofa plaintext message soa tobe unreadable for anyone excep the intended recipients Something that hasbeen turned into a secret arrangement of sets into categories ‘Th mova of svete dt from torage devices in uch ay hat thee leaesurance het the deta may nate reconstructed using normal sjstem functions or sofware recovery wits ery call dsais encoded with unique ky, hen the cls areal transmits at once [Aset of sandards that advesses the need for interoperabilty between harguare and software products.Request Broker ‘biecare (CORBA) Compliance Computer views concetrters Condon coverage confidently Configwraton snanagernant(oM) Confusion Content Distribution Newark (CDN) covert channel covert securty testing Crossover Eto Rate ed crypanalss rypography cryptology ure Temperature custodian Data dassicaton [Adherence toa mandate: both the actions demonstating adherence and the tools, processes and documentation ‘that re usd in adherence program writen vth fonctions and intent 0 copy and pers se without the knowledge and cooperation of the anne use ofthe compute. Multiplc connected devices ito one signal tobe transite on aretwork ‘This ertarion requires sufcient test cases for each contonn program decison to take onal possible ‘outcomes t east onc. ifers rom branch coverage ony when mule conditions must be evaluated to resch a decsien, Preserving authorized restrictions on information acess and islosure, nding means for protecting personal privacy and propitaynfomatio, [formal methodical comprehensive process for establishing basdine ofthe I environment (and each ofthe _ascete thin tat ensironmen Provide by mining changing) the key valves ured doing the repested rounds of encryption, When the aye ‘modes foreach ound, provides added complet that heather would encouner. Isalarge distributed system of servers depoyedin mile datacenters across the internet, An information flow that snot corral by secur contra nd has the opportunity of dsosing confidential left, Performed to sat the tress that are associated wth external adversaries While the ecurystaffhas no ronledge ofthe coer test, the organization managements fully anare and consetsto the et. ‘Thists achieved when the type and ype are equal ‘The sty of techniques for attempting to deat cxypograpic techniques and, more generaly, information security eeies provided throug eoyetgraphy cre uring Today proves th ayo achieve confides gry, authentic, non repudiation, and acces conto ‘The clence that deals wit hidden dsguse, or encrypted nfocmaton and communications ‘The crtcl pint where a materi’ invinsie magnetic alignment changes rection ezponsbefr protecting an aseethat ha value, whe nthe custdian’s possession, tals araying the data thatthe organization retains, determining importance and vale, and then assigning toa categoryData custodian Dataflow coverage Data ming Data owner! contol Data subject Database Management 5m (O85) Databace made! Decsion ranch) coverage Decryption Defense destruction Devos Difasion Digtal cenifeate agra ge manager (O84) gral signatures Disaster recovery (8) Discretionary access contol OAC) Doeeare Due gence ‘The personrole thin the organization onnericontoler, ‘This ertera requires sficentest are for each Fase dataflow tobe executed st ast once A decision-making techriqua hat based on sre of nail techniques taan from the fils of mathematics, tats, cybernetics and genetics. ‘An entity that calles or creates P ‘The ndvdal human elated toa set of personal data, [suite of application programs that pally manages lage structured ses of persistent dt, Describes the relationship between the dts elements and provides framework fr organising the data Considered to be 2 minimum evel of coverage for most softuare products, but decision coverage alone it insulin for highsinegry apations, “The reverse process rom encryption. tts the process of earwertng 3 ciphertext message bakit planteat ‘through the use of the cryptographic algorithm andthe appropriate key that was used te dothe final encrypton. Eliminating data using a controle, egal defen, nd reguatry compliant wa, _an approach boca on lean and gle princes in wich business overs andthe development operations and ‘quality assurance deparemens colaborte Provides by mixing up the location ofthe plaintext throughout the ciphertext The strongest lgoritims exhibita high degre of confusion and difusion. ‘an elecroni document that contains the name of 2 organization or individual the business adres, the dtl signature ofthe cetfcate authority issuing the certs, thecerifat holder's publickey. a serialnumber, and ‘the expiration dete. Used to bind individual nd eis to thelr public key, ued by trusted tid party referred to 25 a Cotfcate Autry (CA Abroad range of technologies that ran contre and protction ocentent provides over the own gk media Mayusecxypography techniques. Provide authentication of a ender and iagiy of senders meszage and non repudiation service. ‘Those tasks and acts required bring an orgaizaton back rom contingency operations and reinstate regular operations. ‘The system oumer decides who gets acess legal concept pertaining tothe duty owed by a provider to customer. ‘Actions taken bya vendor to demonstrat’ provide due cre,Dynamic o Private Pons Dynamic tasting Encoding Enexpion False Aceptnce Rate ype) False Rejection Rae pe) Fiore Chae over here (FCoE) Frame Global Sytem for oils (Sm) ‘Governance ‘coverance committee uideines baer tencton| Honeypots/honaynts Identity a service (00335) Identity rooting Iniization vector) Ports 49152-65535. Whenever a srvicels requested that associated wih Wall-Known o Regstered Ports ‘those services will spond witha dynamic port ‘hen the system under test exacted ands behalor is abserved ‘The action of changing a message nto another format through the use of code, “The proces of convering the message fom ts planter to phere. ‘This eroneous recognition ether by cafusing one user wth anther, by accepting an imposter as 2 legtnate user ‘This fallureto recognize legimat use. Alighnsig encapsulation prota nd lacks the lable datatransport of the TCP layer Devices that enforce admiisraive secu poles by tering incoming afc based on aset of res. Data represented at Layer 2 ofthe Open Systems interconnection (0S) mode Each alistransformed int gal data that sven a channel and atime lot ‘The proves how an organizations manage usualy incisal aspects of how decons are made for that ganization, suchas poles, oles andprocedwes the ogarzation uses to make hose deisons _Aformal body of personnel who determin how deans wil be made within the organization andthe ety that ‘an approve changes an exceptions fo current relevent governance Suggested practices and expectations of activity to best accomplish tasks and attain gas Accepts an ing message any length and generates, through a one-way operation afuedlength output called a message gest or hash. Machines that eit onthe netweck but donot contin sense or valuable data, and are meant ta distract and occupy maiousor unuthorize intruders asa means odeayng thee attempts to accesprodction dataacets, ‘Anumber ofmachins ofthis Kn, nked together as anetwork or subnet. are referred 0 a5 a-haneynet.” ous tase services that broker identity and access managernnt (AM functions to target sjstemson customers pramices andor inthe cloud. ‘The proves fcobecing and vertynginformtion about a person forthe purpose of proving tht person who has requested an account, credential o othe special pivieges Indeed who eo she dims be and setabichng reliable rlaonchip that canbe trusted electronically between the nds an ead credential for purposes of electronic authentication, ‘Anon secret binary vector used asthe intilzinginput algorithm, or 2 random stating pin forthe encryption of _2plaitoxt block sequence to ncrease security byintoducig addon cryptographic ariance and toIntegrated Process nd Produc Development (7) serty Inet propery Internet Conte Message Protocol cue) nena Group Managerene Protocol cm) Internet rota 1P4) Inerme roto 16) Intron detection stem (05) Inrusion prevention ster (5) Inventory Jeb roxaten ay clusteriog key Loner Key or cyprovaricbe rowedge Discoveryin Databaces(KD0) Least prilege Ltese _smeronin cryptographic equipment. _Amanagement technique tha simultaneously integrates alesse acqison acute through the se of ‘muliscpinary teams to optimize the design manutacurig, and supportaby processes carding against improper information madison or destruction and includes ensuring formation non repudiation and authenticity. Ineangible aces (otbly includes sofware and ta. Provides areans to send eror messages anda way to probe theneworkt determine netaork vail Usd a manage mulcasting groups that are se of hosts anywhere on a network that are lieing fora |sthe dominant protocol tht operates atthe Open Systems Interconnection (2S) Network Layer. PIs responsible for adcresing packets so that they canbe transite from the source tothe destination hosts Isamoderizaion of Pa thatincudes a much larger adress fli: \Pv6 adresses are 128 bits that support 2128 hosts solution that monitors the enironmant and automaticaly recogrizes malous attempts to gain unauthorized _Asolution that monitors the enirenmnt and automaticaly akes action when it recognizes malious tempo ‘Bin unauthorized acess, Completes ofits ‘The pactice of having personnel become familar wih mutiple postions within the organization asa means to reduce ingle pois of alr a to beter dtectinsser tress, ihe afaent encryption kaye generate the ame cgheret fom the same planet massage ‘The Sze of key, usally neasuredin bts, thaa cryptographic algorthm uses in cpheting or deciphering protected information ‘The inputthtcorivls te operation ofthe cryptographic algorithm determines the behavior ofthe algorithm and permits the reliable encryption and decryption ofthe message -Amathematcal, statist, and vsualzaon method of identfhng vad and use pares in data, “The practice of only granting a user the minimal permissions necessary fo perform thei expctob function Phases that an asset goes thraugh rom creation to destruction,les, Logical access control system Loop coverage Mandatory access contra (MAC) Masmum alowsble ountime(MAD) media Message authentication cade (AC) Message digest Metadata isu case usicondton coverage usifacor authentication Yusrotocol abe Sitching (MPLS) Ned-o-knon Negative tesing Vetuaization (NF) Nom epudation lige ‘open authorization -Avesord of cone and event thathave taken place on 3 computer aster Nor: physical system thst allows acess based upon predetermined polices “This crterion requires suficent test cases fo al program loops tobe executed fo ero, one, two and many iterations covering intiaizaion typical runing andterminston (boundary condiors. Access control that requires the system se to manage acess controls in accordance wth he organizations security pots. “Tha measure of how lang an erganation can suv an nteruption of alu. Also known a imum tolerable drtime (TD), Any objec hat contains data [smal block of data that s generated using secret ey and then appended tothe message, sed to adress ea. ‘Asmall representation of lrger message. Message digest are used to ensure the authentication and ineprity oF Infmtion, at the confidential Infomation about hed Aus case fram the point of wf an actor haste tothe syste under design, “Tage crtriaraquir cuentas cases to exercae al posible combinations of condlons aa program ‘decison Eneurasthaturerlewhoheorsha dabnsto be, The mara factors used to determine a peson's deny, the rete the tuto authentic. Isa wide area networking protocol that operates at both Layer2 and’ and does abl sitchig rena assclaced with eqganzations that assign cescnce levels to ll users and clsstcation levels to all asses restricts users wth the same clearance level ram sharing information uness they ae working on the same for. Ents compartmentalzation ‘This ensures the application can graceful handle inating or unexpected user behave. “Th cbeciv of NV it decouple functions sucha real management, rtuson detection, netwark acess ‘Warlation, name service resolution anay from specichardware implementation nto software sluions nab ta deny. n cypography, a service that ensures the sander cannot deny a message was sant andthe inegity of tre messages intact and the receiver cannot dam eceing a deren message Hiding plaintext win ther latent. form of segan0y phy ‘The OAuth 20 authorization framework enables a third party application to obtain ined acess to an HTTP(onathy ‘Open shorest ath Fest (oF) osttayert ositayer2 ositayer3 osttayers ositayers ositayers ositayer7 ‘over security esting ownership ces arty tts ac Path coverage Personally ideneiabe ioformaion PH) Physica access control ten Pingo Death Ping caning ‘service, ether on behalf ofa resource owner by orchestrating an aprovainteracton beween the resource owner _and the HTT service, by allowing the thir party appition to obtain acess on ts own beh. An terior gatenay routing protca developed fori? networks based onthe shortest path sto lak state algorth, Pysalayer. Datalnk ayer Network ayer. Traneportiyes Sesion ayer Presertation yer -epicaton layer. ‘overt testingcan be used wth bat internal and external esting When used from an internal perspective the bad actor smulated i an employee ofthe organization. The organizanis IT ais made aware of thetesing andcan _ssst the assessor in iting the impact ofthe tet by proving specc giles forthe est scape and parameters. Possessing someting usally of vale Representation of data at Layer 3 ofthe Open Systems Interconnection (0S) mode _Atechnque calle Packet Lots Conceslmen (PLC) sd in ValP communications to masktne effect of dropped pockets RAD tecnique; ole mechanism used to mark stipe dara allows recovery f missing iv) by pull data from adjacent ives. An update fran ae ‘This ertera require sufficient test cases for eachfsstl path, bass path, etc, rom start to wait defined program segment tobe executed a east once ‘any data abouta human bing hat could be used to deny that person, an automated system that manages the passage of people or assets through an opening) ina secure pene) base ona set of authorzation cls. Exceeds maximum packet Size and causes receiving sjstem tf. Network mapping technique to detect i host reps to aping, then the atackr knows that ahost ex a that adress,