Glossary

Cloud Computing is a platform that utilizes shared resources to access information, data, etc., rather than local server. Information is stores on, and retrieved form the cloud or internet. Cloud computing allows remote sharing of files, data and facilitates remote working, as long as users are connected to the internet.

A computer emergency response team (CERT) is an expert group that handles computer security incidents. Alternative names for such groups include computer emergency readiness team and computer security incident response team (CSIRT).

See also: CERT

Computer Forensics is the process of analyzing and investing computer devices, on suspecting that such devices may have been used in a cybercrime, with the aim of gathering evidence for presentation in a court of law. Computer forensics offer many tools for investigation and analysis to find out such evidence.

See also: Computer Forensics

Content Filtering is a process by which access to certain content, information, data is restricted, limited, or completely blocked based on organization’s rules. Any objectionable email, website, etc., is blocked using either software or hardware based tools.

Cross Site Scripting is an attack on trusted and otherwise secure websites, by injecting malicious scripting. Attackers target websites that do not filter user inputs for strings or common characters in a script.

See also: XSS

Cryptography is the science and art of protecting the privacy of information by encrypting it into a secret code, so no one but the authorized person with an encryption key can read or view the information.

Data Classification is a data management process that involves of categorizing and organizing data into different classes based on their forms, types, importance, sensitivity, and usage in an organization.

A Data Encryption Standard is a form of algorithm to convert plain text to a cipher text. Data Encryption Standard uses the same key to encrypt and decrypt the data, and hence it is a symmetric key algorithm.

See also: DES

Data Retention is the process of storing and protecting data for historical reasons and for data back up when needed. Every organization has its own rules governing data retention within the organization.

A decryption key is a piece of code that is required to decipher or convert encrypted text or information into plain text or information.

Defense in Depth (also known as Castle Approach is an information assurance (IA) concept in which multiple layers of security controls (defense) are placed throughout an information technology (IT) system. Its intent is to provide redundancy in the event a security control fails or a vulnerability is exploited that can cover aspects of personnel, procedural, technical and physical security for the duration of the system's life cycle.

See also: Defense in Depth

The Castle Approach is the process of creating multiple layers of security to protect electronics and information resources against attackers. It is based on the principle that in the event of an attack, even if one layer fails to protect the information resource other layers can offer defense against the attack.

See also: Castle Approach

 

A Denial of Service Attack is an attack on a network or a machine to make it unavailable to other or important users. Single user floods the network or server with the same requests keeping it busy, occupied, and unavailable for other users.

See also: DoS

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources. This effectively makes it impossible to stop the attack simply by blocking a single source.

A DoS or DDoS attack is analogous to a group of people crowding the entry door of a shop, making it hard for legitimate customers to enter, disrupting trade.

See also: DDoS

A Digital Certificate is a piece of information that guarantees that the sender is verified, genuine and that he is the person who he claims to be. Otherwise known as Public Key Information, Digital certificate issued by Certificate Authority, helps exchange information over the internet in a safe and secure manner.

See also: Digital Certificate

A Digital Signature is an electronic code that guarantees the authenticity of the sender of information as who he claims to be, and that the information he sent out is first- hand, without any alterations. Digital signatures use the private key information of the sender and cannot be imitated or forged, easily.

A Disaster Recovery Plan (DRP) or a Business Continuity Plan (BCP) prescribes steps required to carry on the business as usual in the event of a disaster. Disaster recovery plan aims to bring business activities back to normalcy in the shortest possible time; such efforts require an in-depth study and analysis of business critical processes and their continuity needs. Business continuity plans also prescribe preventive measures to avoid disasters in the first place.

See also: DR

Disk imaging is the process of generating a bit-for-bit copy of the original media, including free space and slack space.

In the aviation industry, some of the added options that are installed during construction of the aircraft are either provisioned or line-fit. This refers to items that are installed on the production line by the manufacturer. The array of options available to a new customer are quite extensive – and just like with the example of buying a car, airlines also pick from a catalog, albeit one that is much larger.

An Easter Egg is the hidden functionality within an application program, which becomes activated when an undocumented set of commands and keystrokes are entered. Easter eggs are typically used to display the credits for the development team and are intended to be nonthreatening.