CompTIA CASP+ 004 Glossary Account policies - Set of rules governing user security information, such as password expiration and uniqueness, which can be set globally. Ad hoc network - Type of wireless network where connected devices communicate directly with each other instead of over an established medium. Address space layout randomization (ASLR) - Technique that randomizes where components in a running application are placed in memory to protect against buffer overflows. Advanced persistent threat (APT) - Attacker's ability to obtain, maintain, and diversify access to network systems using exploits and malware. Adversarial AI - Using AI to identify vulnerabilities and attack vectors to circumvent security systems. AES Galois Counter Mode Protocol (GCMP) - High performance mode of operation for symmetric encryption; provides a special characteristic called authenticated encryption with associated data, or AEAD. Agile model - Software development model that focuses on iterative and incremental development to account for evolving requirements and expectations. Airplane Mode - A toggle found on mobile devices enabling the user to disable and enable wireless functionality quickly. Annual loss expectancy (ALE) - The total cost of a risk to an organization on an annual basis. This is determined by multiplying the SLE by the annual rate of occurrence (ARO). Annual rate of occurrence (ARO) - Expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur. Antivirus - Technology used to locate and block viruses. API Gateway - A special cloud-based service that is used to centralize the functions provided by APIs. Application programming interface (API) - A library of programming utilities used, for example, to enable software developers to access functions of the TCP/IP network stack under a particular operating system. Application-specific integrated circuit (ASIC) - Processor designed to perform a specific function, such as switching. Asymmetric algorithm - A cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) alogrithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example. Attack vector - Specific path by which a threat actor gains unauthorized access to a system. Attestation of compliance (AOC) - Set of policies, contracts, and standards identified as essential in the agreement between two parties. Attribute-based access control (ABAC) - Technique that evaluates a set of attributes that each subject possesses to determine if access should be granted. Authentication header (AH) - IPSec protocol that provides authentication for the origin of transmitted data as well as integrity and protection against replay attacks. Authenticator - A PNAC switch or router that activates EAPoL and passes a supplicant's authentication data to an authenticating server, such as a RADIUS server. Authority to Operate - Formal letter of accreditation provided to the system owner granting them permission to operate a system. Availability - Ensuring that computer systems operate continuously and that authorized persons can access data that they need. Availability zone - Public cloud provider’s data center that contains its own power and network connectivity. Basic Input/Output System (BIOS) - Firmware interface that initializes hardware for an operating system boot. Bit splitting - Splitting encrypted data into parts which are then stored in different storage locations and further encrypted at the storage location. Blackhole Routing - Retrieves all the traffic intended for an endpoint and drops both legitimate and malicious traffic. Block cipher - Type of symmetric encryption that encrypts data one block at a time, often in 64-bit blocks. It is usually more secure, but is also slower, than stream ciphers. Blockchain - An expanding list of transactional records listed in a public ledger is secured using cryptography. Border gateway protocol (BGP) - Path vector exterior gateway routing protocol used principally by ISPs to establish routing between autonomous systems. Bring your own device (BYOD) - Use of personally-owned devices to access corporate networks and data. Buffer overflow - Attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code. Caching - Technique used for maintaining consistent performance during file access and data processing. Caching engine - A feature of many proxy servers that enables the servers to retain a copy of frequently requested web pages. Certificate authority (CA) - A server that guarantees subject identities by issuing signed digital certifcate wrappers for their public keys. Certificate chaining - Method of validating a certificate by tracing each CA that signs the certificate, up through the hierarchy to the root CA. Also referred to as chain of trust. Certificate revocation list (CRL) - List of certificates that were revoked before their expiration date. Certificate signing request (CSR) - Base64 ASCII file that a subject sends to a CA to get a certificate. Certificate stapling - Allows a webserver to perform certificate status checking instead of the browser. The webserver checks the status of a certificate and provides the browser with the digitally signed response from the OCSP responder. Certification & accreditation (C&A) - A process executed in four distinct phases: initiation and planning, certification, accreditation, and continuous monitoring. Certifying Authority - Entity responsible for reviewing the results of a certification and accreditation package, including audits reports, and making the final decision regarding accreditation status. Chain of custody - Record of evidence history from collection, to presentation in court, to disposal. Choose your own device (CYOD) - Employees are offered a selection of corporate devices for work and, optionally, private use. Cloud access security broker (CASB) - Designed to mediate access to cloud services by users across all types of devices. Cloud computing - A method of computing that involves realtime communication over large distributed networks to provide the resources, software, data, and media needs of a user, business, or organization. cloud deployment model - Classifying the ownership and management of a cloud as public, private, community, or hybrid. Cloud Security Alliance (CSA) - Industry body providing security guidance to CSPs, including enterprise reference architecture and security controls matrix. Cloud service provider (CSP) - Third-party organization providing infrastructure, application and/or storage services via an "as a service" subscription-based, cloud-centric offering. Code injection - Exploit technique that runs malicious code with the ID of a legitimate process. Code signing - Method of using a digital signature to ensure the source and integrity of programming code. Cold site - Predetermined alternate location where a network can be rebuilt after a disaster. Collision - In cryptography, the act of two different plaintext inputs producing the same exact ciphertext output. Command injection - Where a threat actor is able to execute arbitrary shell commands on a host via a vulnerable web application. Common Criteria (CC) - Set of standards developed to create a baseline of security assurance for a trusted operating system (TOS). Common Industrial Protocol (CIP) - A specialized communication protocol used by industrial control systems to acheive automation. Common Vulnerability Scoring System (CVSS) - Risk management approach to quantifying vulnerability data and then taking into account the degree of risk to different types of systems or information. Community cloud - A cloud that is deployed for shared use by cooperating tenants. Container - An operating system virtualization deployment containing everything required to run a service, application, or microservice. Containerization - A type of virtualization applied by a host operating system to provision an isolated execution environment for an application. Content Delivery Network (CDN) - Distributing and replicating the components of any service (such as web apps, media and storage) across all the key service areas needing access to the content. Content filtering - A security measure performed on email and internet traffic to identify suspicious, malicious and/or inappropriate content in accordance with an organization’s policies. Continuous Integration (CI) - Software development method in which code updates are tested and committed to a development or build server/code repository rapidly. Controller area network bus (CAN bus) - A serial network designed to allow communications between embedded programmable logic controllers. Corporate owned, business only (COBO) - The device is the property of the organization and personal use is prohibited. Corporate owned, personally enabled (COPE) - The device remains the property of the organization, but certain personal use, such as private email, social networking, and web browsing, is permitted. Criminal syndicates - Threat actor that uses hacking and computer fraud for commercial gain. Cross-site request forgery (XSRF) - A malicious script hosted on the attacker's site that can exploit a session started on another site in the same browser. Cross-site scripting (XSS) - A malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones. Cybersecurity Maturity Model Certification (CMMC) - Cybersecurity standards developed by the United States Department of Defense (DoD) and designed to help fortify the DoD supply chain by requiring suppliers to demonstrate that they have mature cybersecurity capabilities. Data acquisition - Method and tools used to create a forensically sound copy of data from a source device, such as system memory or a hard disk. Data at rest - Information that is primarily stored on specific media, rather than moving from one medium to another. Data classification - Process of applying confidentiality and privacy labels to information. Data dispersion - Storing data across different storage locations (such as multiple data centers) to improve durability and availability Data execution prevention (DEP) - A form of malware protection designed to block applications (malware) that attempt to run from protected memory locations. Data historian - Software that aggregates and catalogs data from multiple sources within an industrial control system. Data in transit - Information that is being transmitted between two hosts. Data loss (leak) prevention (DLP) - Detects and prevents sensitive information from being stored on unauthorized systems or transmitted over unauthorized networks. Data owner - Role with ultimate responsibility for maintaining the confidentiality, integrity, and availability of an information asset. Data retention - The process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations. Data sovereignty - Principle that countries and states may impose individual requirements on data collected or stored within their jurisdiction. Data subject - An individual that is identified by privacy data. DDoS Mitigation Software/Appliance - Methods used to reduce the impact of a distributed denial of service (DDoS) attack. Deep fake - Use of artificial intelligence and machine learning to generate a highly-realistic video of a person. A fake video rendered using deep learning. Deep learning (DL) - A refinement of machine learning that enables a machine to develop strategies for solving a task given a labeled dataset and without further explicit instructions. Deployment model - Methods of provisioning mobile devices to users, such as BYOD and CYOD. Deprovisioning - Process of removing an application from packages or instances. Digital signature - A message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity. Directory service - Network service that stores identity information about all the objects in a particular network, including users, groups, servers, client computers, and printers. Directory traversal - Attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory. Discretionary access control (DAC) - Each resource is protected by an Access Control List (ACL) managed by the resource's owner (or owners). Distributed Denial of Service (DDoS) - Attack that involves the use of infected Internet-connected computers and devices to disrupt the normal flow of traffic of a server or service by overwhelming the target with traffic. Distributed Network Protocol (DNP3) - Allows ICS components to communicate with each other. DLL hijacking - An attack against Windows systems designed to replace the important DLL's needed by software applications with malicious alternatives. DNS poisoning - Attack where a threat actor injects false resource records into a client or server cache to redirect a domain name to an IP address of the attacker's choosing. Domain name system (DNS) - Service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the Internet. Domain Name System Security Extensions (DNSSEC) - Security protocol that provides authentication of DNS data and upholds DNS data integrity. Due diligence - Legal principal that a subject has used best practice or reasonable care when setting up, configuring, and maintaining a system. e-Discovery - Procedures and tools to collect, preserve, and analyze digital evidence. EAP flexible authentication via secure tunneling (EAP-FAST) - Expected to address the shortcomings of LEAP. EAP transport layer security (EAP-TLS) - Requires server-side and client-side certificates for authentication using SSL/ TLS. EAP tunneled transport layer security (EAP-TTLS) - Enables a client and server to establish a secure connection without mandating a client-side certificate. Elastic IP address - A public IPv4 address that can be assigned to any instance or network interface in a VPC within an AWS account. Encapsulating security protocol (ESP) - IPSec sub-protocol that enables encryption and authentication of the header and payload of a data packet. Endpoint detection and response (EDR) - Software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats. Enterprise risk management (ERM) - Comprehensive process of evaluating, measuring, and mitigating risks that an organization faces. Enterprise service bus (ESB) - Component of SOA architecture that facilitates decoupled service-to-service communication. Evil twin - Wireless access point that deceives users into believing that it is a legitimate network access point. Execution control - Process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software. Exposure factor (EF) - Percentage of an asset's value that would be lost during a security incident or disaster scenario. Extensible authentication protocol (EAP) - Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials. eXtensible markup language (XML) - A system for structuring documents so that they are human- and machine-readable. Information within the document is placed within tags, which describe how information within the document is structured. False negative - A case that is not reported when it should be. False positive - A case that is reported when it should not be. Federation - Process that provides a shared login capability across multiple systems and enterprises. It essentially connects the identity management services of multiple systems. Field programmable gate array (FPGA) - Processor that can be programmed to perform a specific function by a customer rather than at the time of manufacture. File inclusion - Web application vulnerability that allows an attacker either to download a file from an arbitrary location on the host file system or to upload an executable or script file to open a backdoor. File integrity monitoring (FIM) - Type of software that reviews system files to ensure that they have not been tampered with. Firewall - Software or hardware device that protects a system or network by blocking unwanted network traffic. Gap analysis - Measures the difference between current state and desired state in order to help assess the scope of work included in a project. Geofencing - Security control that can enforce a virtual boundary based on real-world geography. Geotagging - Adding geographical information to files, such as latitude and longitude coordinates as well as date and time. Hacktivist - Threat actor that is motivated by a social issue or political cause. Hardening - Process of making a host or app configuration secure by reducing its attack surface, through running only necessary services, installing monitoring software to protect against malware and intrusions, and establishing a maintenance schedule to ensure the system is patched to be secure against software exploits. Hardware root of trust (RoT) - Cryptographic module embedded within a computer system that can endorse trusted execution and attest to boot settings and metrics. Hardware security module (HSM) - An external appliance for generating and storing cryptographic keys. Hash-based message authentication code (HMAC) - Method used to verify both the integrity and authenticity of a message by combining a cryptographic hash of the message with a secret key. Hashing - Function that converts an arbitrary length string input to a fixed length string output. Heating, ventilation, air conditioning (HVAC) - Control systems that maintain an optimum heating, cooling, and humidity level working environment for different parts of the building. HMAC-based one-time password (HOTP) - Algorithm that generates a one-time password using a hash-based authentication code to verify the authenticity of the message. Homomorphic encryption - Method that allows computation of certain fields in a dataset without decrypting it. Host-based firewall - Software application running on a single host and designed to protect only that host. Host-based intrusion detection system (HIDS) - Type of IDS that monitors a computer system for unexpected behavior or drastic changes to the system's state. Hot site - Fully configured alternate processing site that can be brought online either instantly or very quickly after a disaster. Human-machine interface (HMI) - Input and output controls on a PLC to allow a user to configure and monitor the system. IEEE 802.1X - Standard for encapsulating EAP communications over a LAN (EAPoL) to implement port-based authentication. Impact - The severity of a risk if realized. In-band authentication - Use of a communication channel that is the same as the one currently being used. Incident response plan (IRP) - Specific procedures that must be performed if a certain type of event is detected or reported. Indicator of compromise (IoC) - A sign that an asset or network has been attacked or is currently under attack. Industrial control system (ICS) - Network managing embedded devices (computer systems that are designed to perform a specific, dedicated function). Information systems security officer (ISSO) - Role with technical responsibilities for implementation of security policies, frameworks, and controls. Infrastructure as a service (IaaS) - Cloud service model that provisions virtual machines and network infrastructure. Infrastructure as code (IaC) - Provisioning architecture in which deployment of resources is performed by scripted automation and orchestration. Initialization vector (IV) - Technique used in cryptography to generate random numbers to be used along with a secret key to provide data encryption. Initialization vector attack (IV attack) - A wireless attack where the attacker is able to predict or control the IV of an encryption process, thus giving the attacker access to view the encrypted data that is supposed to be hidden from everyone else except the user or network. Insider threat - Type of threat actor who is assigned privileges on the system that can lead to an intentional incident occuring. Integration test - Individual components of a system are tested together to ensure that they interact as expected. Intellectual property (IP) - Data that is of commercial value and can be granted rights of ownership, such as copyrights, patents, and trademarks. International Organization for Standardization (ISO) - Develops many standards and frameworks governing the use of computers, networks, and telecommunications, including ones for information security (27000 series) and risk management (31000 series). International Organization for Standardization 31000 Series (ISO/IEC 31000) - A comprehensive set of standards for enterprise risk management. Internet of Things (IoT) - Devices that can report state and configuration data and be remotely managed over IP networks. Internet Protocol Security (IPsec) - Network protocol suite used to secure data through authentication and encryption as the data travels across the network or the Internet. Intrusion detection system (IDS) - Security appliance or software that uses passive hardware sensors to monitor traffic on a specific segment of the network. IP flow information export (IPFIX) - Standards-based version of the Netflow framework. Job rotation - Policy of preventing any one individual performing the same role or tasks for too long; deters fraud and provides better oversight of the person's duties. JSON web token - Compact and self-contained method for securely transmitting messages. Kerberos - Single sign-on authentication and authorization service that is based on a time-sensitive ticket-granting system. Key distribution center (KDC) - Component of Kerberos that authenticates users and issues tickets (tokens). Key performance indicator (KPI) - Formal mechanism designed to measure performance of a program against desired goals. Key risk indicator (KRI) - Method by which emerging risks are identified and analyzed so that changes can be adopted to proactively avoid issues from occuring. Key signing key - Used to sign the special DNSKEY record which contains the (public) Zone Signing Key. Key stretching - Technique that strengthens potentially weak input for cryptographic key generation, such as passwords or passphrases created by people, against bruteforce attacks. LDAP injection - Application attack that targets web-based applications by fabricating LDAP statements that are typically created by user input. Least privilege - Principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role. Legal hold - Process designed to preserve all relevant information when litigation is reasonably expected to occur. Lessons learned report (LLR) - Analysis of events that can provide insight into how to improve response processes in the future. Lightweight Directory Access Protocol (LDAP) - Network protocol used to access network directory databases, which store information about authorized users and their privileges, as well as other organizational information. Lightweight Directory Access Protocol Secure (LDAPS) - Method of implementing LDAP using SSL/TLS encryption. Likelihood - Chance of a threat being realized, expressed as a percentage. Load balancer - Type of switch, router, or software that distributes client requests between different resources, such as communications links or similarly-configured servers, providing fault tolerance and improving throughput. Logs - Provide valuable troubleshooting information; security logs provide an audit trail of actions performed on the system as well as warning of suspicious activity. Machine learning (ML) - Component of AI that enables a machine to develop strategies for solving a task given a labeled dataset where features have been manually identified but without further explicit instructions. Mandatory Access Control (MAC) - Access control model where resources are protected by inflexible, system defined rules; resources (objects) and users (subjects) are allocated a clearance level (or label). Mandatory vacations - Principle that states when and how long an employee must take time off from work so that their activities may be subjected to a security review. Mean time between failures (MTBF) - Metric for a device or component that predicts the expected time between failures. Mean time to repair/replace/recover (MTTR) - Metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure. Measured boot - UEFI feature that gathers secure metrics to validate the boot process in an attestation report. Message Authentication Code (MAC) - Proving the integrity and authenticity of a message by combining its hash with a shared secret. Message Digest Algorithm v5 (MD5) - Cryptographic hash function producing a 128-bit output. Microservices - Software architecture where components of the solution are conceived as highly decoupled services not dependent on a single platform type or technology. Multi-purpose Internet Mail Extensions (MIME) - Protocol specifying Internet mail message formats and attachments. Modbus - Communications protocol used in operational technology networks. ModSecurity - Open source Web Application Firewall (WAF) for Apache, nginx, and IIS. Multi-cloud - Cloud deployment model where the cloud consumer uses mutiple public cloud services. Multidomain certificate - Single SSL certificate that can be used to secure multiple, different domain names. Multifactor authentication (MFA) - Requires the user to present at least two different factors as credentials, from something you know, something you have, something you are, something you do, and somewhere you are. MX record - Special type of DNS record used to identify the email servers used by a domain. Near field communication (NFC) - Standard for peer-to-peer (2-way) radio communications over very short (around 4") distances, facilitating contactless payment and similar technologies; NFC is based on RFID. Netflow - Cisco-developed means of reporting network flow information to a structured database. NetFlow allows better understanding of IP traffic flows as used by different network applications and hosts. Network access control (NAC) - Protocols, policies, and hardware that authenticate and authorize access to a network at the device level. Network address translation (NAT) - Routing mechanism that conceals internal addressing schemes from the public Internet by translating between a single public address on the external side of a router and private, non-routable addresses internally. Network intrusion detection system sensors (NIDS sensors) - Device that captures network traffic within a specific segment of a network and forwards it to the NIDS server for analysis. Network intrusion detection system server (NIDS server) - Server running intrusion detection software that analyzes network traffic for signs of suspicious activity. Network intrusion prevention system (NIPS) - Inline security device that monitors suspicious network and/or system traffic and reacts in real time to block it. Nmap security scanner - Open-source network scanner used primarily to scan hosts and ports to locate services and detect vulnerabilites. Non-transparent proxy - Server that redirects requests and responses for clients configured with the proxy address and port. On-path attack - Attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic. Online certificate status protocol (OCSP) - Allows clients to request the status of a digital certificate, to check whether it is revoked. Open authorization (OAuth) - Standard for federated identity management, allowing resource servers or consumer sites to work with user accounts created and managed on a separate identity provider. Open Web Application Security Project (OWASP) - A community publishing a number of secure application development resources. openID - Identity federation method that enables users to be authenticated on cooperating websites by a third-party authentication service. Operational technology (OT) - Communications network designed to implement an industrial control system rather than data networking. Out-of-band mechanism - Use of a communication channel that is different than the one currently being used. Over the air (OTA) - Firmware update delivered on a cellular data connection. Packet analysis - Analysis of the headers and payload data of one or more frames in captured network traffic. Passwordless authentication - Does not require the use of knowledge based information, such as a password, in order to prove identity. Personal firewall - Implemented as applications software running on the host, and can provide sophisticated filtering of network traffic as well as block processes at the application level. Personal identifiable financial information (PIFI) - Personal information about a consumer provided to a financial institution that can include account number, credit/debit card number, name, social security number and other information. Pinning - A deprecated method of trusting digital certificates that bypasses the CA hierarchy and chain of trust to minimize man-in-the-middle attacks. Platform as a service (PaaS) - Cloud service model that provisions application and database services as a platform for development of apps. Private cloud - A cloud that is deployed for use by a single entity. Private key - In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely; a private key can be used to encrypt data that can be decrypted by the linked public key or vice versa. Privileged access management (PAM) - Policies, procedures, and support software for managing accounts and credentials with administrative permissions. Production - IT environment available to consumer for normal, day-to-day use. Protected Extensible Authentication Protocol (PEAP) - EAP implementation that uses a server-side certificate to create a secure tunnel for user authentication, referred to as the inner method. Protected health information (PHI) - Data that can be used to identify an individual and includes information about past, present, or future health, as well as related payments and data used in the operation of a healthcare business. Protocol analysis - Analysis of per-protocol utilization statistics in a packet capture or network traffic sampling. Provisioning - Process of deploying an application to the target environment, such as enterprise desktops, mobile devices, or cloud infrastructure. Public cloud - A cloud that is deployed for shared use by multiple independent tenants. Public key - During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair. Public key infrastructure (PKI) - Framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities. Quality assurance (QA) - Policies, procedures, and tools designed to ensure defect-free development and delivery. Rate limiting - Approach that prevents an attack from consuming all available bandwidth and impacting other servers and services on the network by reducing the amount of throughput available to the server or service being attacked. Redundant array of independent/ inexpensive disks (RAID) - Specifications that support redundancy and fault tolerance for different configurations of multiple-device storage systems. Regression testing - Process of testing an application after changes are made to see if these changes have triggered problems in older areas of code. Reliability - Ensuring that an information processing system is trustworthy. Remote Authentication Dial-in User Service (RADIUS) - AAA protocol used to manage remote and wireless authentication infrastructures. Remote code execution (RCE) - Vulnerability that allows an attacker to transmit code from a remote host for execution on a target host or a module that exploits such a vulnerability. Remote wipe - Deletion of data and settings on a mobile device to be initiated from a remote server. Representation state transfer (REST) - A standardized, stateless architectural style used by web applications for communication and integration. Residual risk - Risk that remains even after controls are put into place. Resource Record Set (RRset) - Grouping of Resource Records of the same type at the same domain name (for example, all A Records at itpro.tv) Return on investment (ROI) - A metric to calculate whether an asset is worth the cost of deploying and maintaining it. Risk - Likelihood and impact (or consequence) of a threat actor exercising a vulnerability. Risk acceptance - Determining that a risk is within the organization's appetite and no countermeasures other than ongoing monitoring is needed. Risk appetite - Strategic assessment of what level of residual risk is tolerable for an organization. Risk avoidance - Practice of ceasing activity that presents risk. Risk management - Cyclical process of identifying, assessing, analyzing, and responding to risks. Risk mitigation - Reducing risk to fit within an organization's risk appetite. Risk tolerance - Determines the thresholds that separate different levels of risk. Risk transference - Response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance. Rogue access point - Wireless access point that has been enabled on the network without authorization. Role-based access control (RBAC) - Access control model where resources are protected by ACLs that are managed by administrators and that provide user permissions based on job functions. Router - Intermediate system working at the Network layer capable of forwarding packets around logical networks of different layer 1 and layer 2 types. Rule-based access control - Non-discretionary access control technique that is based on a set of operational rules or restrictions to enforce a least privileges permissions policy. Sandbox - Computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Scalability - Property by which a computing environment is able to gracefully fulfill its ever-increasing resource needs. Script kiddie - Inexperienced, unskilled attacker that typically uses tools or scripts created by others. Secure boot - UEFI feature that prevents unwanted processes from executing during the boot operation. Secure hash algorithm (SHA) - Cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2. Secure multi-party computation (MPC) - Calculations performed by more than one system whereby the function used to perform the calculations is only known by a single party. Secure/multipurpose internet mail extensions (S/MIME) - Email encryption standard that adds digital signatures and public key cryptography to traditional MIME communications. Security assertion markup language (SAML) - XML-based data format used to exchange authentication information between a client and a service. Security information and event management (SIEM) - Provides real-time or near-real-time analysis of security alerts generated by network hardware and applications. Security orchestration, automation, and response (SOAR) - Facilitates incident response, threat hunting, and security configuration by orchestrating automated runbooks and delivering data enrichment. Security, trust, assurace and risk (STAR) - Framework of security best practices for Cloud service providers that is developed and maintained by the Cloud Security Alliance (CSA). Security-enhanced Android (SEAndroid) - Since version 4.3, Android has been based on Security-Enhanced Linux, enabling granular permissions for apps, container isolation, and storage segmentation. Separation of duties - Security policy concept that states that duties and responsibilities should be divided among individuals to prevent ethical conflicts or abuse of powers. Serverless - Software architecture that runs functions within virtualized runtime containers in a cloud rather than on dedicated server instances. Service-oriented architecture (SOA) - Software architecture where components of the solution are conceived as loosely coupled services not dependent on a single platform type or technology. sflow - Web standard for using sampling to record network traffic statistics. Shared responsibility model - Responsibility for the management, configuration, and manintenance of cloud infrastructure, as well as implementation of security are shared between the customer and the cloud service provider (CSP.) Shibboleth - Identity federation method that provides single sign-on capabilities and enables websites to make informed authorization decisions for access to protected online resources. Sideloading - Installing an app to a mobile device without using an app store. Simple Network Management Protocol (SNMP) - Application protocol used for monitoring and managing network devices. SNMP works over UDP ports 161 and 162 by default. Simple Object Access Protocol (SOAP) - XML-based web services protocol that is used to exchange messages. Simultaneous Authentication of Equals (SAE) - Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method. Single loss expectancy (SLE) - Amount that would be lost in a single occurrence of a particular risk factor. Single sign-on (SSO) - Authentication technology that enables a user to authenticate once and receive authorizations for multiple services. Smart card authentication - Use of a specialized card containing cryptographic information to achieve authentication. Social engineering - Activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines. Software as a service (SaaS) - Cloud service model that provisions fully developed application services to users. Software development life cycle (SDLC) - Processes of planning, analysis, design, implementation, and maintenance that often govern software and systems development. Source code escrow - Copy of vendor-developed source code provided to a trusted third party in the event the vendor ceases business. Spam - Junk messages sent over email or instant messaging, which is called Spim. SPAM block list (SBL) - Identifies known bad senders. Spiral method - Software development method that combines several approaches, such as incremental and waterfall, into a single hybrid method that is modified repeatedly in response to stakeholder feedback and input. Staging - User acceptance testing environment that is a copy of the production environment. Standalone server - Server that is not integrated into a Microsoft Active Directory Domain. State actor - Threat actor that is supported by the resources of its host country's military and security services. Static code analysis - Process of reviewing uncompiled source code either manually or using automated tools. Stream cipher - Type of symmetric encryption that combines a stream of plaintext bits or bytes with a pseudorandom stream initialized by a secret key. Structured Query Language injection (SQL injection) - Attack that injects a database query into the input data directed at a server by accessing the client side of the application. Subject alternative name (SAN) - Field in a digital certificate allowing a host to be identifed by multiple host names/subdomains. Supervisory Control and Data Acquisition (SCADA) - Industrial control system that manages large-scale, multiple-site devices and equipment spread over geographically large areas from a host computer. Supplicant - In EAP architecture, the device requesting access to the network. Supply chain - End-to-end process of supplying, manufacturing, distributing, and finally releasing goods and services to a customer. Supply chain visibility (SCV) - Capacity to understand how all vender hardware, software, and services are produced and delivered as well as how they impact an organization's operations or finished products. Support availability - Verifying the type and level of support to be provided by the vendor in support of their product or service. Switched port analyzer (SPAN) - Copying ingress and/or egress communications from one or more switch ports to another port, used to monitor communications passing over the switch. System and organization controls (SOC) - Standards established by the American Institute of Certified Public Accountants (AICPA) to evaluate the policies, processes, and procedures in place and designed to protect technology and financial operations. Tcpdump - Command-line packet sniffing utility. Terminal Access Controller Access Control System Plus (TACACS+) - AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management. Test access port (TAP) - Hardware device inserted into a cable to copy frames for analysis. Tethering - Using the cellular data plan of a mobile device to provide Internet access to a laptop or PC. The PC can be tethered to the mobile by USB, Bluetooth, or Wi-Fi (a mobile hotspot). Time to live (DNS) (TTL) - Amount of time that the record returned by a DNS query should be cached before discarding it. Time-based one-time password (TOTP) - An improvement on HOTP that forces one-time passwords to expire after a short period of time. Tradeoff analysis - Comparing potential benefits to potential risks and determining a course of action based on adjusting factors that contribute to each area. Transparent proxy - Server that redirects requests and responses without the client being explicitly configured to use it. Also referred to as a forced or intercepting proxy. True negative - A case that is not reported when it should not be. True positive - A case that is reported when it should be. Trust model - Description of how users and different CAs exchange information and certificates. Trusted platform module (TPM) - Specification for hardware-based storage of digital certificates, keys, hashed passwords, and other user and platform identification information. Total cost of ownership (TCO) - Associated costs of an asset including acquisition costs and costs to maintain and safely operate the asset over its entire lifespan. Two-factor authentication (2FA) - Form of multi-factor authentication (MFA) that uses two authentication factors, such as something you know and something you have, also known as 2-step authentication. Unified Extensible Firmware Interface (UEFI) - System firmware providing support for 64-bit CPU operation at boot, full GUI and mouse operation at boot, and better boot security. Unified threat management (UTM) - Combines the functions of a firewall, malware scanner, intrusion detection, vulnerability scanner, data loss prevention, and content filtering. Unit test - Simple "pass/no pass" test for code; ensures that a particular block of code performs the exact action intended, and provides the exact output expected. Vendor lock-in - Customer is dependent on a vendor for products or services because switching is either impossible or would result in substantial complexity and costs. Vendor lockout - Vendor's product is developed in a way that makes it inoperable with other products, the ability to integrate it with other vendor products is not a feasible option or does not exist. Version control - Practice of ensuring that the assets that make up a project are closely managed when it comes time to make changes. Virtual appliance - A preconfigured, self-contained virtual machine image ready to be deployed and run on a hypervisor. Virtual local area network (VLAN) - A logically separate network, created by using switching technology. Even though hosts on two VLANs may be physically connected to the same cabling, local traffic is isolated to each VLAN so they must use a router to communicate. Virtual machine (VM) - A guest operating system installed on a host computer using virtualization software (a hypervisor), such as Microsoft Hyper-V or VMware. Virtual private cloud (VPC) - A private network segment made available to a single cloud consumer on a public cloud. Virtual private network (VPN) - Secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet). Virtualization - Process of creating a simulation of a computing environment, where the virtualized system can simulate the hardware, operating system, and applications of a typical computer without being a separate physical computer. Visualization - Showing records or metrics in a visual format, such as a graph or table. VLAN hopping - Exploiting a misconfiguration to direct traffic to a different VLAN without authorization. Warm site - Alternate processing location that is dormant or performs noncritical functions under normal conditions, but which can be rapidly converted to a key operations site if needed. Waterfall model - A software development model where the phases of the SDLC cascade so that each phase will start only when all tasks identified in the previous phase are complete. Web application firewall (WAF) - Designed specifically to protect software running on web servers and their backend databases from code injection and DoS attacks. Wireless intrusion detection system (WIDS) - Type of NIDS that scans the radio frequency spectrum for possible threats to the wireless network, primarily rogue access points. Wireless intrusion prevention system (WIPS) - An active, inline security device that monitors suspicious network and/or system traffic on a wireless network and reacts in real time to block it. Wireshark - Protocol analyzer. Zone signing key - Used to sign the RRset of a zone in order for it to be verified as trustworthy by receiving systems.