Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
A
Acceptable interruption window
The maximum period of time that a system can be unavailable before
compromising the achievement of the business objectives
Access controls
The processes, rules and deployment mechanisms that control access to
information systems, resources and physical access to premises
Access path
The logical route that an end user takes to access computerized information.
Typically, it includes a route through the operating system,
telecommunications software, selected application software and the access
control system.
Access rights
The permission or privileges granted to users, programs or workstations to
create, change, delete or view data and files within a system, as defined by
rules established by data owners and the information security policy
Accountability
The ability to map a given activity or event back to the responsible party
Action plan
A plan for the steps necessary to navigate the roadmap to achieve objectives
Ad hoc
Arbitrary approach, no formal plan or process
Administrative controls
The rules, procedures and practices dealing with operational effectiveness,
efficiency and adherence to regulations and management policies
Adware
Any software package that automatically plays, displays or downloads
advertising material to a computer after the software is installed on it or
while the application is being used. In most cases, this is done without any
notification to the user or without the users consent. The term adware may
also refer to software that displays advertisements, whether or not it does so
with the users consent; such programs display advertisements as an
alternative to shareware registration fees. These are classified as adware in
the sense of advertising-supported software, but not as spyware. Adware in
this form does not operate surreptitiously or mislead the user, and provides
the user with a specific service.
Algorithm
A finite set of step-by-step instructions for a problem-solving or computation
procedure, especially one that can be implemented by a computer.
Anomaly-Based Detection
The process of comparing definitions of what activity is considered normal
against observed events to identify significant deviations. This approach is
used on some intrusion detection systems.
Alert situation
The point in an emergency procedure when the elapsed time passes a
threshold and the interruption is not resolved. The organization entering into
an alert situation initiates a series of escalation steps.
Alternate facilities
Locations and infrastructures from which emergency or backup processes are
executed, when the main premises are unavailable or destroyed. This
includes other buildings, offices or data processing centers.
Alternate process
Automatic or manual processes designed and established to continue critical
business processes from point-of-failure to return-to-normal
Antivirus software
An application software deployed at multiple points in an IT architecture. It is
designed to detect and potentially eliminate virus code before damage is
done, and repair or quarantine files that have already been infected
Application controls
The policies, procedures and activities designed to provide reasonable
assurance that objectives relevant to a given automated solution
(application) are achieved
Application layers
In the Open Systems Interconnection (OSI) communications model, the
application layer provides services for an application program to ensure that
effective communication with another application program in a network is
possible. The application layer is not the application that is doing the
communication; it is a service layer that provides these services.
Architecture
Description of the fundamental underlying design of the components of the
business system, or of one element of the business system (e.g.,
technology), the relationships among them, and the manner in which they
support the organization's objectives
Assurance
The grounds for confidence that the set of intended security controls in an
information system are effective in their application.
Assymetric encryption
A cryptographic key that may be widely published and is used to enable the
operation of an asymmetric cryptography scheme. This key is
mathematically linked with a corresponding private key. Typically, a public
key can be used to encrypt, but not decrypt, or to validate a signature, but
not to sign.
Attack Signature
A specific sequence of events indicative of an unauthorized access attempt.
Typically a characteristic byte pattern used in malicious code or an indicator,
or set of indicators that allows the identification of malicious network
activities.
Attributes
The fundamental characteristics of something
Audit
Independent review and examination of records and activities to assess the
adequacy of system controls, to ensure compliance with established policies
and operational procedures, and to recommend necessary changes in
controls, policies, or procedures
Audit Review
The assessment of an information system to evaluate the adequacy of
implemented security controls, assure that they are functioning properly,
identify vulnerabilities, and assist in implementation of new security controls
where required. This assessment is conducted annually or whenever
significant change has occurred and may lead to recertification of the
information system.
Audit trail
A series of records either in hard copy or in electronic format that provide a
chronological record of user activity and other events that show the details of
user and system activity. Audit trails can be used to document when users
log in, how long they are engaged in various activities, what they were doing,
and whether any actual or attempted security violations occurred.
Authentication
The act of verifying the identity of an entity (e.g., a user, a system, a
network node)
Authorization
Access privileges granted to a user, program, or process or the act of
granting those privileges
Credit transfers include direct deposit payroll and vendor payments and
ACH direct debit transfers include consumer payments on insurance
premiums, mortgage loans, and other kinds of bills
Availability
Information that is accessible when required by the business process now
and in the future
B
Backup center
An alternate facility to continue IT/IS operations when the primary DP center
is unavailable
Biometrics
To recognize the identity, or verify the claimed identity, of an applicant.
Facial images, fingerprints, and iris scan samples are all examples of
biometrics.
Baseline Security
The minimum security controls required for safeguarding an IT system based
on its identified needs for confidentiality, integrity, and/or availability
protection.
Bastion Host
A special-purpose computer on a network specifically designed and
configured to withstand attacks.
Benchmarking
A systematic approach to comparing an organizations performance against
peers and competitors in an effort to learn the best ways of conducting
business. Examples include benchmarking of quality, logistical efficiency and
various other metrics.
Biometric
A measurable physical characteristic or personal behavioral trait used to
recognize the identity, or verify the claimed identity, of an applicant. Facial
images, fingerprints, and iris scan samples are all examples of biometrics.
Bit-stream image
Bit-stream backups, also referred to as mirror image backups, involve the
backup of all areas of a computer hard disk drive or other type of storage
media. Such backups exactly replicate all sectors on a given storage device
including all files and ambient data storage areas.
Bit copy
A bit copy provides an exact image of the original and is a requirement for
legally justifiable forensics
Bit
The smallest unit of information storage; a contraction of the term "binary
digit;" one of two symbols"0" (zero) and "1" (one) - that are used to
represent binary numbers.
Blacklisting
The process of the system invalidating a user ID based on the users
inappropriate actions. A blacklisted user ID cannot be used to log on to the
system, even with the correct authenticator. Blacklisting and lifting of a
blacklisting are both security-relevant events. Blacklisting also applies to
blocks placed against IP addresses to prevent inappropriate or unauthorized
use of Internet resources.
Botnet
A botnet is a large number of compromised computers that are used to
create and send spam or viruses or flood a network with messages as a
denial of service attack.
Boundary
Physical or logical perimeter of a system
Business case
Documentation of the rationale for making a business investment, used both
to support a business decision on whether to proceed with the investment
and as an operational tool to support management of the investment
through its full economic life cycle
10
Byte
A fundamental unit of computer storage; the smallest addressable unit in a
computer's architecture. Usually holds one character of information and
usually means eight bits.
C
Capability Maturity Model (CMM)
CMM is a qualitative approach typically using a 0 to 5 scale with each value
assigned a set of attributes or characteristics to determine a relative level of
competency and proficiency.
11
Certificate
A digitally signed representation of information that 1) identifies the
authority issuing it, 2) identifies the subscriber, 3) identifies its valid
operational period (date issued / expiration date). In the information
assurance (IA) community, certificate usually implies public key certificate
and can have the following types:
Cross certificate a certificate issued from a CA that signs the public key of
another CA not within its trust hierarchy that establishes a trust relationship
between the two CAs.
Encryption certificate a certificate containing a public key that can encrypt or
decrypt electronic messages, files, documents, or data transmissions, or
establish or exchange a session key for these same purposes.
Key management sometimes refers to the process of storing, protecting, and
escrowing the private component of the key pair associated with the
encryption certificate.
Identity certificate a certificate that provides authentication of the identity
claimed. Within the National Security Systems (NSS) PKI, identity certificates
may be used only for authentication or may be used for both authentication
and digital signatures.
name or key space it represents. CAs are characteristic of many public key
infrastructure (PKI) schemes. Many commercial CAs charge for their services.
Institutions and governments may have their own CAs, and there are free
CAs.
Chain of custody
The chain of custody is a legal principle regarding the validity and integrity of
evidence. It requires accountability for anything that will be used as evidence
in a legal proceeding, to ensure that it can be accounted for from the time it
was collected until the time it is presented in a court of law. This includes
documentation as to who had access to the evidence and when, as well as
13
the ability to identify evidence as being the exact item that was recovered or
tested. Lack of control over evidence can lead to it being discredited. Chain
of custody depends on the ability to verify that evidence could not have been
tampered with. This is accomplished by sealing off the evidence, so it cannot
be changed, and providing a documentary record of custody to prove that
the evidence was, at all times, under strict control and not subject to
tampering.
Chain of Evidence
A process and record that shows who obtained the evidence; where and
when the evidence was obtained; who secured the evidence; and who had
control or possession of the evidence. The sequencing of the chain of
evidence follows this order: collection and identification; analysis; storage;
preservation; presentation in court; return to owner.
Challenge-Response Protocol
An authentication protocol where the verifier sends the claimant a challenge
(usually a random value or a nonce) that the claimant combines with a
shared secret (often by hashing the challenge and secret together) to
generate a response that is sent to the verifier. The verifier knows the shared
secret and can independently compute the response and compare it with the
response generated by the claimant. If the two are the same, the claimant is
considered to have successfully authenticated himself. When the shared
secret is a cryptographic key, such protocols are generally secure against
eavesdroppers. When the shared secret is a password, an eavesdropper does
14
not directly intercept the password itself, but the eavesdropper may be able
to find the password with an off-line password guessing attack.
Change management
A controlled approach to managing the transition from a current to a desired
organizational state while ensuring that critical success factors and potential
risks are determined and addressed.
Checksum
A value that is computed by a function that is dependent on the contents of
a data object and is stored or transmitted together with the object, for the
purpose of detecting changes in the data.
Cipher
A cryptographic algorithm for encryption and decryption.
Cipher-text
Cipher-text is the encrypted form of the message being sent.
15
the chief knowledge officer (CKO) who deals in knowledge, not just
information. Also see chief technology officer.
Classification
The system or process that segregates information resources according to
their sensitivity and criticality.
Cipher
Series of transformations that converts plaintext to ciphertext using the
Cipher Key
16
Clear Text
Information that is not encrypted
Client-Client server
Individual or process acting on behalf of an individual who makes requests of
a dedicated server. The clients requests to the dedicated server can involve
data transfer to, from, or through dedicated server.
Cloud computing
An approach using external services for convenient on-demand IT operations
using a shared pool of configurable computing capability. Typical capabilities
include infrastructure as a service (IaaS), platform as a service (PaaS) and
software as a service (SaaS). (e.g., networks, servers, storage, applications
and services) that can be rapidly provisioned and released with minimal
management effort or service provider interaction.
This cloud model is composed of five essential characteristics (on-demand
selfservice, ubiquitous network access, location independent resource
pooling, rapid elasticity, and measured service).
It allows users to access technology-based services from the network cloud
without knowledge of, expertise with, or control over the technology
infrastructure that supports them and provides and four models for
enterprise access (Private cloud, Community cloud, Public cloud, and Hybrid
cloud)
COBIT
The international IT management framework and set of IT control objectives
published by ISACA, 2007, 2005, 2000, 1998, 1996
Cold Site
Backup site that can be up and operational in a relatively short time span,
such as a day or two. Provision of services, such as telephone lines and
power, is taken care of, and the basic office furniture might be in place, but
17
Common Carrier
In a telecommunications context, a telecommunications company that holds
itself out to the public for hire to provide communications transmission
services. Note: In the United States, such companies are usually subject to
regulation by federal and state regulatory commissions.
Compartmentalization
A nonhierarchical grouping of sensitive information used to control access to
data more finely than with hierarchical security classification alone.
Competitive Intelligence
Competitive Intelligence is espionage using legal, or at least not obviously
illegal, means.
18
Confidentiality
The protection of sensitive or private information from unauthorized
disclosure
Control center
Hosts the recovery meetings where disaster recovery operations are
managed
Controls
Any regulatory document, process, structure or technology
19
Configuration Management
Process of controlling modifications to hardware, firmware, software, and
documentation to protect the information system against improper
modification prior to, during, and after system implementation
Controls policy
A policy defining control operational and failure modes e.g. fail secure, fail
open, allowed unless specifically denied, denied unless specifically
permitted.
Content Filtering
The process of monitoring communications such as email and Web pages,
analyzing them for suspicious content, and preventing the delivery of
suspicious content to users.
Contingency Plan
Management policy and procedures used to guide an enterprise response to
a perceived loss of mission capability. The Contingency Plan is the first plan
used by the enterprise risk managers to determine what happened, why, and
what to do. It may point to the Continuity of Operations Plan (COOP) or
Disaster Recovery Plan for major disruptions
Convergence
The trend of combining physical and information security under one manager
to increase efficiency and effectiveness
20
Continuous Monitoring
The process implemented to maintain a current security status for one or
more information systems or for the entire suite of information systems on
which the operational mission of the enterprise depends. The process
includes:
The development of a strategy to regularly evaluate selected IA
controls/metrics,
Recording and evaluating IA relevant events and the effectiveness of the
enterprise in dealing with those events,
Recording changes to IA controls, or changes that affect IA risks, and
Publishing the current security status to enable information-sharing decisions
involving the enterprise.
Corporate governance
The system by which organizations are directed and controlled. Boards of
directors are responsible for the governance of their organizations.
COSO
Refers to the report Internal ControlAn Integrated Framework, sponsored
by the Committee of Sponsoring Organizations of the Treadway Commission
in 1992. It provides guidance and a comprehensive framework of internal
control for all organizations.
Countermeasures
Any process that directly reduces a threat or vulnerability
Credential
An object that authoritatively binds an identity (and optionally, additional
attributes) to a token possessed and controlled by a person.
21
Critical Infrastructure
System and assets, whether physical or virtual, so vital to a country that the
incapacity or destruction of such systems and assets would have a
debilitating impact on security, national economic security, national public
health or safety, or any combination of those matters.
Criticality
A measure of the impact that the failure of a system to function as required
will have on the organization.
Criticality analysis
An analysis to evaluate resources or business functions to identify their
importance to the organization, and the impact if a function cannot be
completed or a resource is not available
22
Cross-Certificate
A certificate used to establish a trust relationship between two Certification
Authorities.
Critical path
Critical Path Analysis (CPA) or the Critical Path Method (CPM) defines all
essential tasks that must be completed in sequence as part of a project in
the least possible time.
Culture
The set of shared attitudes, values, goals, and practices that characterizes
an institution or organization
Cryptographic Algorithm
A well-defined computational procedure that takes variable inputs, including
a cryptographic key, and produces an output
Cryptographic Strength
A measure of the expected number of operations required to defeat a
cryptographic mechanism.
Cryptography
The discipline that embodies the principles, means, and methods for the
transformation of data in order to hide their semantic content, prevent their
unauthorized use, or prevent their undetected modification.
23
Cybercops
An investigator of computer-crime-related activities
D
Discretionary Access Control (DAC)
In computer security, discretionary access control (DAC) is a type of access
control defined by the Trusted Computer System Evaluation Criteria[1] "as a
means of restricting access to objects based on the identity of subjects
and/or groups to which they belong. The controls arediscretionary in the
sense that a subject with a certain access permission is capable of passing
that permission (perhaps indirectly) on to any other subject
Damage evaluation
The determination of the extent of damage that is necessary to provide for
an estimation of the recovery time frame and the potential loss to the
organization
Data classification
The assignment of a level of sensitivity to data (or information) that results in
the specification of controls for each level of classification. Levels of
sensitivity of data are assigned according to predefined categories as data
are created, amended, enhanced, stored or transmitted. The classification
level is an indication of the value or importance of the data to the
organization.
24
Data Custodian
A Data Custodian is the entity currently using or manipulating the data, and
therefore, temporarily taking responsibility for the data.
Data Integrity
The property that data has not been altered in an unauthorized manner.
Data integrity covers data in storage, during processing, and while in transit.
Data Mining
Data Mining is a technique used to analyze existing information, usually with
the intention of pursuing new avenues to pursue business.
Data Owner
A Data Owner is the entity having responsibility and authority for the data.
Data Warehousing
Data Warehousing is the consolidation of several previously independent
databases into one location.
Decrypt
Generic term encompassing decode and decipher
Data leakage
Siphoning out or leaking information by dumping computer files or stealing
computer reports and tapes
25
Data normalization
A structured process for organizing data into tables in a common form in
such a way that it preserves the relationships among the data
Data warehouse
A generic term for a system that stores, retrieves and manages large
volumes of data. Data warehouse software often includes sophisticated
comparison and hashing techniques for fast searches, as well as advanced
filtering.
Decentralization
The process of distributing computer processing to different locations within
an organization
Decryption
Decryption is the process of transforming an encrypted message into its
original plaintext.
Decryption key
A digital piece of information used to recover plaintext from the
corresponding ciphertext by decryption
Defense in depth
The practice of layering defenses to provide added protection. Defense in
depth increases security by raising the effort needed in an attack. This
strategy places multiple barriers between an attacker and an organizations
computing and information resources.
26
Degauss
The application of variable levels of alternating current for the purpose of
demagnetizing magnetic recording media. The process involves increasing
the alternating current field gradually from zero to some maximum value and
back to zero, leaving a very low residue of magnetic induction on the media.
Degauss loosely means: to erase.
Disruption
An unplanned event that causes the general system or major application to
be inoperable for an unacceptable length of time (e.g., minor or extended
power outage, extended unavailable network, or equipment or facility
damage or destruction).
Digital certificate
An electronic credential issued by a certificate authority (CA). A digital
certificate binds a user's identity to a public key. It contains a user identifier,
a unique serial number, valid to-from dates, usage information, a copy of the
certificate holders public key, and a thumbprint (hash) to verify integrity.
The certificate is signed by the digital signature of the certificate-issuing
authority so that a recipient can verify the validity of the certificate.
27
Disaster declaration
The communication to appropriate internal and external parties that the
disaster recovery plan is being put into operation
28
Disk mirroring
The practice of duplicating data in separate volumes on two hard disks to
make storage more fault tolerant. Mirroring provides data protection in the
case of disk failure because data are constantly updated to both disks.
Disk Imaging
Generating a bit-for-bit copy of the original media, including free space and
slack space.
Domain
A sphere of knowledge, or a collection of facts about some program entities
or a number of network points or addresses, identified by a name. On the
Internet, a domain consists of a set of network addresses. In the Internet's
domain name system, a domain is a name with which name server records
are associated that describe sub-domains or host. In Windows NT and
Windows 2000, a domain is a set of network resources (applications, printers,
and so forth) for a group of users. The user need only to log in to the domain
to gain access to the resources, which may be located on a number of
different servers in the network.
29
Dual control
A procedure that uses two or more entities (usually persons) operating in
concert to protect a system resource such that no single entity acting alone
can access that resource
Due care
The level of care expected from a reasonable person of similar competency
under similar conditions
Due diligence
The performance of those actions that are generally regarded as prudent,
responsible and necessary to conduct a thorough and objective investigation,
review and/or analysis
E
Electronic data exchange (EDI)
Electronic data interchange (EDI) is the structured transmission of data
between organizations by electronic means. It is used to transfer electronic
documents or business data from one computer system to another computer
30
system, i.e. from one trading partner to another trading partner without
human intervention.
Encryption
Cryptographic transformation of data (called "plaintext") into a form (called
"cipher text") that conceals the data's original meaning to prevent it from
being known or used.
Encipher
Convert plain text to cipher text by means of a cryptographic system
End-to-End Encryption
Communications encryption in which data is encrypted when being passed
through a network, but routing information remains visible.
End-to-End Security
Safeguarding information in an information system from point of origin to
point of destination.
Enterprise governance
A set of responsibilities and practices exercised by the board and executive
management with the goal of providing strategic direction, ensuring that
objectives are achieved, ascertaining that risks are managed appropriately
and verifying that the enterprises resources are used responsibly.
Entitlements
Entitlements is the process business users manage the data that controls
how policies are evaluated at runtime. They can add and delete users for
applications and put those users into groups or assign them to roles. They
manage sets of actions (permissions) that can be logically grouped for a
particular business function. They assign those sets of actions to users or to
roles defined for the application.
Ethernet
The most widely-installed LAN technology. Specified in a standard, IEEE
802.3, an Ethernet LAN typically uses coaxial cable or special grades of
twisted pair wires. Devices are connected to the cable and compete for
access.
Event
An event is an observable occurrence in a system or network.
32
Exposure
The extent of the area exposed to a viable threat creating a risk. i.e Both a
viable threat and a susceptible vulnerability may exist but the risk is a
function of the degree of exposure.
External storage
The location that contains the backup copies to be used in case recovery or
restoration is required in the event of a disaster
Extranet
A private network that uses Web technology, permitting the sharing of
portions of an enterprises information or operations with suppliers, vendors,
partners, customers, or other enterprises.
F
Fail Safe
Automatic protection of programs and/or processing systems when hardware
or software failure is detected.
Failover
The capability to switch over automatically (typically without human
intervention or warning) to a redundant or standby information system upon
the failure or abnormal termination of the previously active system.
Fall-through logic
An optimized code based on a branch prediction that predicts which way a
program will branch when an application is presented
False Positive
An alert that incorrectly indicates that malicious activity is occurring
33
False Negative
A lack of or incorrect alert indicating that no malicious activity is occurring
File Encryption
The process of encrypting individual files on a storage medium and
permitting access to the encrypted data only after proper authentication is
provided.
34
Firewall
A system or combination of systems that enforces a boundary between two
or more networks typically forming a barrier between a secure and an open
environment such as the Internet
Firmware
Computer programs and data stored in hardware - typically in read-only
memory (ROM) or programmable read-only memory (PROM) - such that the
programs and data cannot be dynamically written or
modified during execution of the programs.
Flooding
An attack that attempts to cause a failure in a system by providing more
input than the system can process properly.
Forensic Copy
An accurate bit-for-bit reproduction of the information contained on an
electronic device or associated media, whose validity and integrity has been
verified using an accepted algorithm.
35
Forensic examination
The process of collecting, assessing, classifying and documenting digital
evidence to assist in the identification of an offender and the method of
compromise
Forensic Specialist
A professional who locates, identifies, collects, analyzes, and examines data
while preserving the integrity and maintaining a strict chain of custody of
information discovered.
Forensics
The practice of gathering, retaining, and analyzing computer-related data for
investigative purposes in a manner that maintains the integrity of the data.
G
Generally accepted information security principles (GAISP)
GAISP describes eight pervasive principles and fourteen practices for
information security. Each of the principles applies to each of the practices.
Gap analysis
A process used to determine the difference between and what is required to
move from an existing state and the desired state.
36
Guideline
A description of a particular way of accomplishing something that is less
prescriptive than a procedure
H
Hardening
Configuring a hosts operating systems and applications to reduce the hosts
security weaknesses.
Hash Function
An algorithm that computes a value based on a data object thereby mapping
the data object to a smaller data object.
Help desk
A service offered via telephone/Internet by an organization to its clients or
employees, which provides information, assistance and troubleshooting
advice regarding software, hardware or networks. A help desk is staffed by
people that can either resolve the problem on their own or escalate the
problem to specialized personnel. A help desk is often equipped with
dedicated customer relationship management (CRM) software that logs the
problems and tracks them until they are solved.
High Availability
A failover feature to ensure availability during device or component
interruptions.
37
Honeypot
A specially configured server, also known as a decoy server, designed to
attract and monitor intruders in a manner such that their actions do not
affect production systems
Hot site
A fully operational offsite data processing facility equipped with hardware
and system software to be used in the event of a disaster
HTTPS
A secure form of HTTP using encryption
I
IA Architecture
A description of the structure and behavior for an enterprises security
processes, information security systems, personnel and organizational sub-
38
units, showing their alignment with the enterprises mission and strategic
plans.
IA Infrastructure
The underlying security framework that lies beyond an enterprises defined
boundary, but supports its IA and IA-enabled products, its security posture
and its risk management plan.
ICT
ICT is an acronym that stands for Information Communications Technology
and is largely synonymous with IT
Identification
The process of verifying the identity of a user, process, or device, usually as
a prerequisite for granting access to resources in an IT system
Identity
A unique name of an individual person or device. Since the legal names of
persons are not necessarily unique, the identity of a person must include
sufficient additional information to make the complete name unique
Impact
The magnitude of harm that can be expected to result from the
consequences of unauthorized disclosure of information, unauthorized
modification of information, unauthorized destruction of information, or loss
of information or information system availability.
Impact analysis
An impact analysis is a study to prioritize the criticality of information
resources for the organization based on costs (or consequences) of adverse
events. In an impact analysis, threats to assets are identified and potential
business losses determined for different time periods. This assessment is
39
used to justify the extent of safeguards that are required and recovery time
frames. This analysis is the basis for establishing the recovery strategy.
Information communication technologies (ICT)
Incident
An incident as an adverse network event in an information system or
network or the threat of the occurrence of such an event.
Incident Handling
Incident Handling is an action plan for dealing with intrusions, cyber-theft,
denial of service, fire, floods, and other security-related events. It is
comprised of a six step process: Preparation, Identification, Containment,
Eradication, Recovery, and Lessons Learned.
40
Incremental Backups
Incremental backups only backup the files that have been modified since the
last backup. If dump levels are used, incremental backups only backup files
changed since last backup of a lower dump level.
Information Security
The protection of information and information systems from unauthorized
access, use, disclosure, disruption, modification, or destruction in order to
provide confidentiality, integrity, and availability. Synonymous with
Information Assurance (IA)
41
Integrity
The accuracy, completeness and validity of information
Intellectual Property
Useful artistic, technical, and/or industrial information, knowledge or ideas
that convey ownership and control of tangible or virtual usage and/or
representation. i.e. intangible property of value
Internal controls
The policies, procedures, practices and organizational structures designed to
provide reasonable assurance that business objectives will be achieved and
undesired events will be prevented or detected and corrected
42
Internet
A term to describe connecting multiple separate networks together.
Interruption window
The time the company can wait from the point of failure to the restoration of
the minimum and critical services or applications. After this time, the
progressive losses caused by the interruption are excessive for the
organization.
Intranet
A computer network, especially one based on Internet technology that an
organization uses for its own internal, and usually private, purposes and that
is closed to outsiders.
Intrusion detection
The process of monitoring the events occurring in a computer system or
network to detect signs of unauthorized access or attack
43
IP Security (IPSec)
A set of protocols developed by the Internet Engineering Task Force (IETF) to
support the secure exchange of packets
ISO/IEC 17799
Originally released as part of the British Standard for Information Security in
1999 and then as the Code of Practice for Information Security Management
in October 2000, it was elevated by the International Organization for
Standardization (ISO) to an international code of practice for information
security management. This standard defines informations confidentiality,
integrity and availability controls in a comprehensive information security
management system. The latest version is ISO/IEC 17799:2005.
ISO/IEC 27001
An international standard, released in 2005 and revised in 2006, that defines
a set of requirements for an information security management system. Prior
its adoption by the ISO, this standard was known as BS 17799 Part 2, which
was originally published in 1999.
ISO/IEC 27002
A code of practice that contains a structured list of suggested information
security controls for organizations implementing an information security
44
ISO/IEC Family
Requirements
ISO/IEC 27002 Code of practice for information security
management
ISO/IEC 27003 Information security management system
implementation guidance
ISO/IEC 27004 Information security management Measurement
ISO/IEC 27005 Information security risk management
ISO/IEC 27006 Requirements for bodies providing audit and
ISO/IEC 31000
The purpose of ISO 31000:2009 is to provide principles and generic
guidelines on risk management. ISO 31000 seeks to provide a universally
recognized paradigm for practitioners and companies employing risk
management processes to replace the myriad of existing standards,
methodologies and paradigms that differed between industries, subject
matters and regions
45
ISO/IEC 15504
ISO/IEC 15504 Information technology Process assessment, also known
as SPICE (Software Process Improvement and Capability Determination), is a
set of technical standards documents for the computer software
development process and related business management functions
IT governance
The responsibility of executives and the board of directors. Consists of the
leadership, organizational structures and processes that ensure that the
enterprises IT sustains and extends the organization's strategies and
objectives.
IT steering committee
An executive management-level committee that assists the executive in the
delivery of the IT strategy, oversees daytoday management of IT service
delivery and IT projects and focuses on implementation aspects
IT strategic plan
A longterm plan, i.e., three to fiveyear horizon, in which business and IT
management cooperatively describe how IT resources will contribute to the
enterprises strategic objectives (goals)
IT strategy committee
A committee at the level of the board of directors to ensure that the board is
involved in major IT matters and decisions. The committee is primarily
accountable for managing the portfolios of ITenabled investments, IT
services and other IT resources. The committee is the owner of the portfolio.
46
K
Kerberos
A widely used authentication protocol developed at the Massachusetts
Institute of Technology (MIT). In classic Kerberos, users share a secret
password with a Key Distribution Center (KDC). The user, Alice, who wishes
to communicate with another user, Bob, authenticates to the KDC and is
furnished a ticket by the KDC to use to authenticate with Bob. When
Kerberos authentication is based on passwords, the protocol is known to be
vulnerable to off-line dictionary attacks by eavesdroppers who capture the
initial user-toKDC exchange.
Key Logger
A program designed to record which keys are pressed on a computer
keyboard used to obtain passwords or encryption keys and thus bypass other
security measures.
Keystroke Monitoring
The process used to view or record both the keystrokes entered by a
computer user and the computers response during an interactive session.
Keystroke monitoring is usually considered a special case of audit trails.
L
Least Privilege
Least Privilege is the principle of allowing users or applications the least
amount of permissions necessary to perform their intended function.
Likelihood of Occurrence
In Information Assurance risk analysis, a weighted factor based on a
subjective analysis of the probability that a given threat is capable of
exploiting a given vulnerability.
Link Encryption
Link encryption encrypts all of the data along a communications path (e.g., a
satellite link, telephone circuit, or T1 line). Since link encryption also encrypts
routing data, communications nodes need to decrypt the data to continue
routing.
transfer rates, smaller geographic area, and lack of a need for leased
telecommunication lines
Logic Bomb
A piece of code intentionally inserted into a software system that will set off
a malicious function when specified conditions are met.
M
MAC Address
A physical address; a numeric value that uniquely identifies that network
device from every other device on the planet.
Malicious Code
Software (e.g., Trojan horse) that appears to perform a useful or desirable
function, but actually gains unauthorized access to system resources or
tricks a user into executing other malicious logic.
Malware
A generic term for a number of different types of malicious code.
Masqueraders
Attackers that penetrate systems by using the identity of legitimate users
and their login credentials
Message Digest
A cryptographic checksum, typically generated for a file that can be used to
detect changes to the file; Secure Hash Algorithm-1 (SHA-1) is an example of
a message digest algorithm.
Metric
A measure from one or more points of reference
Mirrored site
An alternate site that contains the same information as the original. Mirror
sites are set up for backup and disaster recovery as well as to balance the
traffic load for numerous download requests. Such download mirrors are
often placed in different locations throughout the Internet.
50
Mobile site
The use of a mobile/temporary facility to serve as a business resumption
location. They can usually be delivered to any site and can house information
technology and staff.
Monitoring policy
Rules outlining or delineating the way in which information about the use of
computers, networks, applications and information is captured and
interpreted.
N
Naming Authority
An organizational entity responsible for assigning distinguished names (DNs)
and for assuring that each DN is meaningful and unique within its domain.
Need-To-Know
A method of isolating information resources based on a users need to have
access to that resource in order to perform their job but no more. The terms
need-to know and least privilege express the same idea. Need-to-know
is generally applied to people, while least privilege is generally applied to
processes.
51
Nonce
A value used in security protocols that is never repeated with the same key.
For example, challenges used in challenge-response authentication protocols
generally must not be repeated until authentication keys are changed, or
there is a possibility of a replay attack. Using a nonce as a challenge is a
different requirement than a random challenge, because a nonce is not
necessarily unpredictable.
Nonintrusive monitoring
The use of transported probes or traces to assemble information, track traffic
and identify vulnerabilities
52
Nonrepudiation
The assurance that a party cannot later deny originating data; that is, it is
the provision of proof of the integrity and origin of the data and can be
verified by a third party. A digital signature can provide nonrepudiation.
O
Organization for Economic Cooperation and Development (OECD)
The Organization for Economic Co-operation and
Development (OECD, French:Organisation de coopration et de
dveloppement conomiques, OCDE) is an international economic
organisation of 34 countries founded in 1961 to stimulate economic progress
and world trade. It is a forum of countries committed to democracy and
the market economy, providing a platform to compare policy experiences,
seek answers to common problems, identify good practices, and co-ordinate
domestic and international policies of its members
Offline files
Computer file storage media not physically connected to the computer;
typically tapes or tape cartridges used for backup purposes
syntax layer.
Layer 5: The session layer...This layer sets up, coordinates, and
terminates conversations, exchanges, and dialogs between the
applications at each end. It deals with session and connection
coordination.
54
Outcome measure
Represents the consequences of actions previously taken and is often
referred to as a lag indicator. An outcome measure frequently focuses on
results at the end of a time period and characterizes historical performance.
Also referred to as a key goal indicator (KGI) and used to indicate whether
goals have been met. Can be measured only after the fact and, therefore, is
called a lag indicator.
55
P
Packet
A piece of a message transmitted over a packet-switching network. One of
the key features of a packet is that it contains the destination address in
addition to the data. In IP networks, packets are often called datagrams.
Packet filtering
Controlling access to a network by analyzing the attributes of the incoming
and outgoing packets, and either letting them pass or denying them based
on a list of rules
Packet Sniffer
Software that observes and records network traffic.
Partitions
Major divisions of the total physical hard disk space.
Password Cracking
Password cracking is the process of attempting to guess passwords, given
the password file information.
56
Password Sniffing
Passive wiretapping, usually on a local area network, to gain knowledge of
passwords.
Patch
A patch is a small update released by a software manufacturer to fix bugs in
existing programs.
Patching
Patching is the process of updating software to a different version.
Patch Management
The systematic notification, identification, deployment, installation, and
verification of operating system and application software code revisions.
These revisions are known as patches, hot fixes, and service packs.
Passive response
A response option in intrusion detection in which the system simply reports
and records the problem detected, relying on the user to take subsequent
action
Password cracker
A tool that tests the strength of user passwords searching for passwords that
are easy to guess by repeatedly trying words from specially crafted
dictionaries and often also by generating thousands (and, in some cases,
even millions) of permutations of characters, numbers and symbols
57
Penetration testing
A live test of the effectiveness of security defenses through mimicking the
actions of real-life attackers
Pharming
This is a more sophisticated form of MITM attack. A users session is
redirected to a masquerading website. This can be achieved by corrupting a
DNS server on the Internet and pointing a URL to the masquerading
websites IP. Almost all users use a URL like www.worldbank.com instead of
the real IP (192.86.99.140) of the website.
Changing the pointers on a DNS server, the URL can be redirected to send
traffic to the IP of the pseudo website. At the pseudo website, transactions
can be mimicked and information like login credentials can be gathered. With
this the attacker can access the real www.worldbank.com site and conduct
transactions using the credentials of a valid user on that website.
58
Phishing
The use of e-mails that appear to originate from a trusted source to trick a
user into entering valid credentials at a fake website. Typically the e-mail and
the web site looks like they are part of a bank the user is doing business
with.
Port Scanning
Using a program to remotely determine which ports on a system are open
(e.g., whether systems allow connections through those ports).
Plan-do-check-act (PDCA)
PDCA (plandocheckact or plandocheckadjust) is an iterative four-step
management method used in business for the control and continuous
improvement of processes and products. It is also known as the
Deming circle/cycle/wheel, Shewhart cycle, control circle/cycle, or plando
studyact (PDSA).
Policies
High-level statements of management intent and direction
Port
A hardware interface between a CPU and a peripheral device. Can also refer
to a software (virtual) convention that allows remote services to connect to a
host operating system in a structured manner
Port Scan
A port scan is a series of messages sent by someone attempting to break
into a computer to learn which computer network services, each associated
with a "well-known" port number, the computer provides. Port scanning, a
favorite approach of computer cracker, gives the assailant an idea where to
probe for weaknesses. Essentially, a port scan consists of sending a message
59
to each port, one at a time. The kind of response received indicates whether
the port is used and can therefore be probed for weakness.
Protocol
A formal specification for communicating; an IP address the special set of
rules that end points in a telecommunication connection use when they
communicate. Protocols exist at several levels in a telecommunication
connection.
Privacy
Freedom from unauthorized intrusion or disclosure of information about
individuals
Private Key
The secret part of an asymmetric key pair that is typically used to digitally
sign or decrypt data in a PKI.
Privileged Accounts
Individuals who have access to set access rights for users on a given
system. Sometimes referred to as system or network administrative
accounts.
Procedures
A detailed description of the steps necessary to perform specific operations
in conformance with applicable standards
60
Proxy
A proxy is an application that breaks the connection between client and
server. The proxy accepts certain types of traffic entering or leaving a
network and processes it and forwards it. This effectively closes the straight
path between the internal and external networks making it more difficult for
an attacker to obtain internal addresses and other details of the
organizations internal network. Proxy servers are available for common
Internet services; for example, a Hyper Text Transfer Protocol (HTTP) proxy
used for Web access, and a Simple Mail Transfer Protocol (SMTP) proxy used
for email.
Proxy server
A server that acts on behalf of a user. Typically proxies accept a connection
from a user, make a decision as to whether or not the user or client IP
address is permitted to use the proxy, perhaps perform additional
authentication, and then complete a connection to a remote destination on
behalf of the user.
Proximity factors
The distance from potential hazards, which can include flooding risk from
nearby waterways, hazardous material manufacturing or storage, or other
situations that may pose a risk to the operation of a recovery
Public Key
The public part of an asymmetric key pair that is typically used to verify
signatures or encrypt data in a PKI
and public-private key pairs, including the ability to issue, maintain, recover,
and revoke public key certificates.
Q
Quality assurance (QA)
A process for testing to ensure specifications are met
R
Red Team
A group of people authorized and organized to emulate a potential
adversarys attack or exploitation capabilities against an enterprises
security posture. The Red Teams objective is to improve enterprise
Information Assurance by demonstrating the impacts of successful attacks
and by demonstrating what works for the defenders (i.e., the Blue Team) in
an operational environment.
Relying Party
An entity that relies upon the subscribers credentials, typically to process a
transaction or grant access to information or a system typically in a PKI.
Remediation
The act of correcting a vulnerability or eliminating a threat. Three possible
types of remediation are installing a patch, adjusting configuration settings,
or uninstalling a software application.
Reciprocal agreement
Emergency processing agreements among two or more organizations with
similar equipment or applications. Typically, participants promise to provide
processing time to each other when an emergency arises.
62
Recovery action
Execution of a response or task according to a written procedure
Redundant site
A recovery strategy involving the duplication of key information technology
components, including data or other key business processes, whereby fast
recovery can take place
Registration Authority
A trusted entity that establishes and vouches for the identity of a subscriber
to a CSP i.e binds physical identity to a logical identity such as a certificate.
The RA may be an integral part of a CSP, or it may be independent of a CSP,
but it has a relationship to the CSP(s)
63
Replay Attacks
An attack that involves the capture of transmitted authentication or access
control information and its subsequent retransmission with the intent of
producing an unauthorized effect or gaining unauthorized access.
Residual risk
The remaining risk after management has implemented risk response
Resilience
The ability of a system or network to resist failure or to recover quickly from
any disruption, usually with minimal recognizable effect
64
Risk
The combination of the probability of an event and its consequence. (ISO/IEC
73). Risk has traditionally been expressed as Threats X Vulnerabilities = Risk.
Risk assessment
A process used to identify and evaluate risk and potential effects. Risk
assessment includes assessing the critical functions necessary for an
organization to continue business operations, defining the controls in place
to reduce organization exposure and evaluating the cost for such controls.
Risk analysis often involves an evaluation of the probabilities of a particular
event.
Risk avoidance
The process for systematically avoiding risk, constituting one approach to
managing risk
Risk mitigation
The management and reduction of risk through the use of countermeasures
and controls
Risk Tolerance
The acceptable level of deviation from acceptable risk
Risk transfer
The process of assigning risk to another organization, usually through the
purchase of an insurance policy or outsourcing the service
Robustness
The extent of the ability of systems to withstand attack; system strength.
The ability of an Information Assurance entity to operate correctly and
reliably across a wide range of operational conditions, and to fail gracefully
outside of that operational range.
65
Root
Root is the name of the administrator account in Unix systems.
Router
Routers interconnect logical networks by forwarding information to other
networks based upon IP addresses.
Rootkit
A rootkit is a set of software tools intended to conceal running processes,
files or system data from the operating system. Rootkits have their origin in
benign applications, but have been used increasingly by malware to help
intruders maintain access to systems while avoiding detection. Rootkits exist
for a variety of operating systems such as Microsoft Windows, Linux and
Solaris. Rootkits often modify parts of the operating system or install
themselves as drivers or kernel modules.
S
Secret key
A cryptographic key that is used with a secret key (symmetric) cryptographic
algorithm, that is uniquely associated with one or more entities and is not
made public. The same key is used to both encrypt and decrypt data. The
use of the term secret in this context does not imply a classification level,
but rather implies the need to protect the key from disclosure.
66
Security Attribute
A security-related quality of an object. Security attributes may be
represented as hierarchical levels, bits in a bit map, or numbers.
Compartments, caveats, and release markings are examples of security
attributes.
Security metrics
A standard of measurement from one or more reference points used in
management of security-related activities
67
Security Posture
The security status of an enterprises networks, information, and systems
based on IA resources (e.g., people, hardware, software, policies) and
capabilities in place to manage the defense of the enterprise and to react as
the situation changes.
Sensitivity
A measure of the impact that improper disclosure of information may have
on an organization
Separation of Duties
Separation of duties is the principle of splitting privileges among multiple
individuals or systems to reduce risk of fraud or other malfeasance
Session Key
In the context of symmetric encryption, a key that is temporary or is used for
a relatively short period of time. Usually, a session key is used for a defined
period of communication between two computers, such as for the duration of
a single connection or transaction set, or the key is used in an application
68
that protects relatively large amounts of data and, therefore, needs to be rekeyed frequently.
Shell programming
A shell script is a script written for the shell, or command line interpreter, of
an operating system. It is often considered a simple domain-specific
programming language. Typical operations performed by shell scripts include
file manipulation, program execution and printing text. Usually, shell script
refers to scripts written for a Unix shell, while COMMAND.COM (DOS) and
cmd.exe (Windows) command line scripts are usually called batch files.
Many shell script interpreters double as command line interface such as the
various Unix shells, Windows PowerShell or the MS-DOS COMMAND.COM.
Others, such as AppleScript, add scripting capability to computing
environments lacking a command line interface. Other examples of
programming languages primarily intended for shell scripting include digital
command language (DCL) and job control language (JCL).
69
Skimming
The unauthorized use of a reader to read tags without the authorization or
knowledge of the tags owner or the individual in possession of the tag.
Smart Card
A credit card-sized card with embedded integrated circuits that can store,
process, and communicate information.
Sniffing
The process by which data traversing a network are captured or monitored
Social engineering
An attack based on deceiving users or administrators at the target site into
revealing confidential or sensitive information
Specification
An assessment object that includes document-based artifacts (e.g., policies,
procedures, plans, system security requirements, functional specifications,
and architectural designs) associated with an information system.
Spoofing
Faking the sending address of a transmission in order to gain illegal entry
into a secure system
70
Spyware
Software that is secretly or surreptitiously installed into an information
system to gather information on individuals or organizations without their
knowledge; a type of malicious code.
71
Standard
An internal mandatory requirement defining allowable boundaries of people,
processes and technologies or a specification approved by a recognized
external standards organization, such as ISO
Steganography
The art and science of communicating in a way that hides the existence of
the communication. For example, a secret documentcan be hidden inside
another graphic image file, audio file, or other file format.
Supply Chain
A system of organizations, people, activities, information, and resources,
possibly international in scope, that provides products or services to
consumers
72
Symmetric Cryptography
A branch of cryptography involving algorithms that use the same key for two
different steps of the algorithm (such as encryption and decryption, or
signature creation and signature verification). Symmetric cryptography is
sometimes called "secret-key cryptography" (versus public-key
cryptography) because the entities that share the key.
Symmetric Key
A cryptographic key that is used in a symmetric cryptographic algorithm.
Also called a secret key based on the notion of a shared secret.
System Owner
Person or organization having responsibility for the development,
procurement, integration, modification, operation and maintenance, and/or
final disposition of an information system.
T
Technical Controls
The security controls (i.e., safeguards or countermeasures) for an information
system that are primarily implemented and executed by the information
system through mechanisms contained in the hardware, software, or
firmware components of the system.
73
Threat
Anything (e.g., object, substance, human) that is capable of acting against
an asset in a manner that can result in harm. A potential cause of an
unwanted incident. (ISO/IEC 13335)
Threat agent
Methods and things used to exploit a vulnerability. Examples include
determination, capability, motive and resources.
Threat analysis
An evaluation of the type, scope and nature of events or actions that can
result in adverse consequences; identification of the threats that exist
against information assets and information technology. The threat analysis
usually also defines the level of threat and the likelihood of it materializing.
Threat event
Any event where a threat element/actor acts against an asset in a manner
that has the potential to directly result in harm
Threat Assessment
A threat assessment is the identification of types of threats that an
organization might be exposed to.
Threat Model
A threat model is used to describe a given threat and the harm it could to do
a system if it has a vulnerability.
Threat Vector
The method a threat uses to get to the target.
communication security over the Internet.[1] TLS and SSL encrypt the
segments of network connections above the Transport Layer, using
asymmetric cryptography for key exchange, symmetric encryption for
privacy, and message authentication codes for message integrity.
Token
Something that the claimant possesses and controls (typically a key or
password) used to authenticate the claimants identity.
Token-Based Devices
A token-based device is triggered by the time of day, so every minute the
password changes, requiring the user to have the token with them when they
log in.
Topology
The geometric arrangement of a computer system. Common topologies
include a bus, star, and ring. The specific physical, i.e., real, or logical, i.e.,
virtual, arrangement of the elements of a network. Note 1: Two networks
have the same topology if the connection configuration is the same,
although the networks may differ in physical interconnections, distances
between nodes, transmission rates, and/or signal types.
75
Trojan horse
A Trojan horse, or Trojan, is a standalone malicious program which may give
full control of infected PC to another PC[1]. It may also perform
typical computer virus activities. Trojan horses may make copies of
themselves, steal information, or harm their host computer systems.
Two-factor authentication
The use of two independent mechanisms for authentication, for example,
requiring a smart card and a password. Typically the combination of
something you know, are or have.
Tunneling
Technology enabling one network to send its data via another networks
connections. Tunneling works by encapsulating a network protocol within
packets carried by the second network.
U
Unauthorized Access
A person gains logical or physical access without permission to a network,
system, application, data, or other IT resource. Any access that violates the
stated security policy.
Unauthorized Disclosure
An event involving the exposure of information to entities not authorized
access to the information.
Unix
A popular multi-user, multitasking operating system developed at Bell Labs
in the early 1970s. Created by just a handful of programmers, Unix was
designed to be a small, flexible system used exclusively by programmers.
V
Validation
The process of demonstrating that the system under consideration meets in
all respects the specification of that system.
Vulnerability
A weakness in the design, implementation, operation or internal controls in a
process that could be exploited to violate system security
Vulnerability analysis
Process of identifying and classifying vulnerabilities
W
Warm site
A warm site is similar to a hot site; however, a warm site is not fully
equipped with all necessary hardware needed
for recovery.
Web hosting
The business of providing the equipment and services required to host and
maintain files for one or more web sites, and provide fast Internet
connections to those sites. Most hosting is shared, which means that web
sites of multiple companies are on the same server to share/reduce costs.
79
Web server
Using the client-server model and the World Wide Webs Hypertext Transfer
Protocol (HTTP), Web server is a software program that serves web pages to
users.
Wiki
Web applications or similar tools that allow identifiable users to add content
(as in an Internet forum) and allow anyone to edit that content collectively.
Worm
A programmed network attack in which a self-replicating program does not
attach itself to programs, but rather spreads independently of users actions
80
users can access their wireless networks. Based on the ratified IEEE 802.11i
standard, WPA2 provides government grade security by implementing the
National Institute of Standards and Technology (NIST) FIPS 140-2 compliant
AES encryption algorithm and 802.1X-based authentication
81
Acronyms
The CISM candidate should be familiar with the following list of acronyms.
These acronyms are the only standalone abbreviations used in examination
questions.
Acrony
m
CD
CD-ROM
DMZ
HTML
ID
IP
IPS
IPSec
IS
ISP
IT
OS
URL
XML
Description
Compact Disk
Compact Disk Read Only
Memory
Demilitarized zone
Hypertext Markup Language
Identification
Internet Protocol
Intrusion prevention system
Internet Protocol Security
Information systems
Internet service provider
Information technology
Operating system
Universal resource locator
Extensible Markup
Language
Description
Advanced Encryption Standard
Alliance for Enterprise Security Risk Management
American Institute of Certified Public Accountants
Acceptable interruption window
Annual loss expectancy
Application programming interface
Address Resolution Protocol
Australian Standard/New Zealand Standard
ASCII
ASIC
ASP
ATM
BCI
BCM
BCP
BGP
BI
BIA
BIMS
BIOS
BIS
BITS
BLP
BLP
BMS
BS
CA
CASPR
CBT
CCO
CEO
CERT
CFO
CICA
CIM
CIO
CIRT
CIS
CISO
CLC
CMM
CMU
COO
COOP
CORBA
COSO
CPO
83
CPS
CPU
CRL
CRM
CSA
CSF
CSIRT
CSO
CSRC
CTO
CVE
CW
DAC
DBMS
DCE
DCE
DCE
DCL
DDoS
DES
DHCP
DLP
DLT
DNS
DNSSEC
DoS
DOSD
DR
DRII
DRP
EDI
EER
EFT
EGRP
EIGRP
EU
FAR
FCPA
FERC
FFIEC
84
FIPS
FISMA
FSA
GAISP
GAS
GASSP
GLBA
GMI
HD-DVD
HIDS
HIPAA
HIPO
HR
HTTP
HTTPS
HVAC
I&A
I/O
ICMP
ICT
IDC
IDEFIX
IDS
IEC
IETF
IFAC
IIA
IMT
IPF
IPL
IPMA
IPRs
IPS
IRP
IRS
IRT
ISF
ISO
ISO
ISS
85
ISSA
ISSEA
ITGI
JCL
KGI
KLOC
KPI
KRI
L2TP
LAN
LCP
M&A
MAC
MAO
MIME
MIS
MitM
MTD
MTO
NAT
NCP
NDA
NetBIO
S
NFPA
NFS
NIC
NIDS
NIST
NPV
OCC
OCSP
OCTAVE
OECD
OEM
OEP
OSI
OSPF
PAN
PC
86
PCI
PDCA
PKI
PMBOK
POS
PPP
PPPoE
PPT
PSTN
PVC
QA
RAID
RARP
RCERT
ROI
ROSI
RPO
RRT
RSA
RTO
S/HTTP
S/MIME
SABSA
SAC
SCADA
SDLC
SDO
SEC
SEI
SIEM
SIM
SLA
SMART
SMF
SOP
SPI
SPICE
SPOC
SPOOL
87
SQL
SSG
SSH
SSL
SSO
TCO
TCP
TCP/IP
TCP/UD
P
TLS
UDP
UPS
USB
VAR
VoIP
VPN
WAN
XBRL
88
89