Glossary

Public Key Encryption is also known as asymmetric cryptography. Public key encryption is a cryptographic system that uses two keys, a public key known to everyone and a private or secret key known only to the recipient of the message.

Registry is a system-defined database where applications and system components store and retrieve configuration data. Applications use the registry API to retrieve, modify, or delete registry data.

Reverse engineering is also known as the “Back Engineering” and is the process of extracting design information or any kind of sensitive information by disassembling and analyzing the design of a system component.

Risk assessment is a systematic process to analyze and identify any possible threats or risks that may leave sensitive information vulnerable to attacks. It also employs methods to calculate the risk impact and eliminate such threats.

A rootkit is a type of malicious software that is activated each time the system boots up. Rootkits are difficult to detect as they are activated before your system’s Operating System has completely booted up.

See also: Rootkit 

A router is a device that forwards or transfers data packets across networks. A router is connected to at least two networks, commonly two LANs or WANs or a LAN and its ISP’s network. Routers are located at gateways, the places where two or more networks connect.

A security authorization boundary is an information security area that includes a grouping of tools, technologies, and data.

A Smurf Attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim’s spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network respond to this by sending a reply to the source IP address. This can slow down the victim’s computer to the point where it becomes impossible to work on.

See also: Smurf Attack

A sniffer is a tool that monitors network traffic that is received in a network interface.

A socket is an end point for communication between two systems. The socket tells a host’s IP stack where to plug in a data stream so that it connects to the right application.

Spam is the term used for flooding the Internet with many copies of the same message, in an attempt to force the message on individuals who would not otherwise choose to receive it. Most spam mails or messages are commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services.

A Spoof is an attack attempt by an unauthorized entity or attacker to gain illegitimate access to a system by posing as an authorized user.

SQL injection is a code injection technique that is used to attack data-driven applications, in which malicious or manipulative SQL statements are inserted into an entry field for execution.

See also: SQL Injection

 

A SYN flood is a type of denial-of-service attack in which an attacker sends a succession of SYN requests to a target’s system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

See also: SYN Flood 

 

Security Functions are the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based.

Security Goals are the five security goals are confidentiality, availability, integrity, accountability, and assurance.

A security plan is a formal document that provides an overview of the security requirements for an information system or an information security program and describes the security controls in place or planned for meeting those requirements.

Security Policy is a set of rules and practices that specify how a system or organization delivers security services to protect sensitive and critical information.

Security requirements are requirements levied on an information system that are derived from applicable laws, Executive Orders, directives, policies, standards, instructions, regulations, or procedures, or organizational mission/business case needs to ensure the confidentiality, integrity, and availability of the information being processed, stored, or transmitted.

A Security Requirements Traceability Matrix (SRTM) is a Matrix that captures all security requirements linked to potential risks and addresses all applicable C&A requirements.  It is, therefore, a correlation statement of a system’s security features and compliance methods for each security requirement.