LexiconInfoSec & PM Terms
ABAC – See attribute-based access control.
Acceptable Use Policy (AUP) – A policy that communicates to users what specific uses of computer resources are permitted. access A subject’s ability to perform specific operations on an object, such as a file. Typical access levels include read, write, execute, and delete. access control Mechanisms or methods used to determine what access permissions subjects (such as users) have for specific objects (such as files).
Access Control List (ACL) – A list associated with an object (such as a file) that identifies what level of access each subject (such as a user) has—what they can do to the object (such as read, write, or execute).
Access Point (AP) – Shorthand for wireless access point, the device that allows devices to connect to a wireless network.
Active Directory – The directory service portion of the Windows operating system that stores information about network-based entities (such as applications, files, printers, and people) and provides a structured, consistent way to name, describe, locate, access, and manage these resources.
ActiveX – A Microsoft technology that facilitates rich Internet applications, and therefore extends and enhances the functionality of Microsoft Internet Explorer. Like Java, ActiveX enables the development of interactive content. When an ActiveX-aware browser encounters a web page that includes an unsupported feature, it can automatically install the appropriate application so the feature can be used.
Address Resolution Protocol (ARP) – A protocol in the TCP/IP suite specification used to map an IP address to a Media Access Control (MAC) address.
Address Space Layout Randomization (ASLR) – A memory-protection process employed by operating systems where the memory space is block randomized to guard against targeted injections from buffer-overflow attacks.
Acceptance Test-Driven Development (ATDD) – Test-first software development practice in which acceptance criteria for new functionality are created as automated tests. The failing tests are constructed to pass as development proceeds and acceptance criteria are met.
Advanced Encryption Standard (AES) – The current U.S. government standard for symmetric encryption, widely used in all sectors. Advanced Encryption Standard 256-bit An implementation of AES using a 256-bit key.
Advanced Persistent Threat (APT) – A threat vector whose main objective is to remain on the system stealthily, with data exfiltration as a secondary task.
Adware – Advertising-supported software that automatically plays, displays, or downloads advertisements after the software is installed or while the application is being used.
AES – See Advanced Encryption Standard.
AES256 – See Advanced Encryption Standard 256-bit.
Agile Development Practices – Procedures and techniques used to conduct Agile software development. Although there is no canonical set of Agile practices, most Agile practitioners adopt some subset of Scrum and XP practices. Broadly speaking, any practice or technique that facilitates the values and principles set forth in the Agile Manifesto can be considered an Agile practice.
Agile Manifesto – A philosophical foundation for effective software development, the Agile Manifesto was created by representatives from Extreme Programming, Scrum, DSDM, Adaptive Software Development, Crystal, Feature-Driven Development, Pragmatic Programming, and others who are sympathetic to the need for an alternative to documentation-driven, heavyweight software development processes.
Agile Project Management – The style of project management used to support Agile software development. Scrum is the most widely used Agile project management practice. XP practices also include practices that support Agile project management. Essential feature of Agile project management include: Iterative development cycles, self-organizing teams, multi-level planning, dynamic scope and frequent collaboration with customer and/or business sponsors.
Agile Software Development – The development of software using Agile development practices and Agile project management. Features of Agile software development include a heavy emphasis on collaboration, responsiveness to change, and the reduction of waste throughout the development cycle. Agile software development (ASD) focuses on keeping code simple, testing often, and delivering functional bits of the application as soon as they’re ready.
Air Gap – The forced separation of networks, resulting in an air gap between systems. Communications across an air gap require a manual effort to move data from one network to another, as no network connection exists between the two networks.
Algorithm – A step-by-step procedure—typically an established computation for solving a problem within a set number of steps.
Alignment – Includes any actions or policies that exist so that a process or activity in one section of the organization is congruent with the organization’s or business unit’s governing mission. See Business/IT Alignment.
ALM – See Application Lifecycle Management
Amplification – An act of leveraging technology to increase the volume of an attack, such as pinging a network address to get all attached devices to respond.
Annualized loss expectancy (ALE) – How much an event is expected to cost the business per year, given the dollar cost of the loss and how often it is likely to occur. ALE = single loss expectancy × annualized rate of occurrence.
Annualized rate of occurrence (ARO) – The frequency with which an event is expected to occur on an annualized basis.
Anomaly – Something that does not fit into an expected pattern.
Antivirus (AV) – A software program designed to detect, mitigate, or remove malware and viruses from a system or network.
Application – A program or group of programs designed to provide specific user functions, such as a word processor or web server.
Application Lifecycle Management (ALM) – A continuous process of managing the life of an application through governance, development and maintenance. When Agile software development is introduced into an organization it generally requires substantial changes in the organization’s ALM tools and policies, which are typically designed to support alternative methodologies such as Waterfall.
Application Programming Interface (API) – A set of instructions as to how to interface with a computer program so that developers can access defined interfaces in a program.
Application Service Provider (ASP) – A company that offers entities access over the Internet to applications and services.
APT – See advanced persistent threat.
ARP – See Address Resolution Protocol.
ARP Poisoning – An attack on the ARP table where values are changed to result in misdirected traffic.
Asset – A resource or information that an organization needs to conduct its business.
Asset Value (AV) – The value of an asset that is at risk.
Asymmetric Encryption – Also called public key cryptography, a data encryption system that uses two mathematically derived keys to encrypt and decrypt a message—a public key, available to everyone, and a private key, available only to the owner of the key.
ATDD – See Acceptance Test-Driven Development
Attribute-Based Access Control (ABAC) – An access control mechanism that grants access based on attributes of a user.
Audit Trail – A set of records or events, generally organized chronologically, that records what activity has occurred on a system. These records (often computer files) are often used in an attempt to re-create what took place when a security incident occurred, and they can also be used to detect possible intruders.
Audit – Actions or processes used to verify the assigned privileges and rights of a user, or any capabilities used to create and maintain a record showing who accessed a particular system and what actions they performed.
Authentication – The process by which a subject’s (such as a user’s) identity is verified.
Authentication, Authorization, and Accounting (AAA) – Three common functions performed upon system login. Authentication and authorization almost always occur, with accounting being somewhat less common. Authentication and authorization are parts of the access control system.
Authentication Header (AH) – A portion of the IPsec security protocol that provides authentication services and replay-detection ability. AH can be used either by itself or with Encapsulating Security Payload (ESP). Refer to RFC 2402.
Availability – Part of the “CIA” of security, applies to hardware, software, and data, specifically meaning that each of these should be present and accessible when the subject (the user) wants to access or use them.
Backlog – A collection of stories and tasks the Sprint team will work on at some point in the future. Either the Product Owner has not prioritized them or has assigned them lower priority.
Backlog Grooming – Backlog grooming is the process of adding new user stories to the backlog, re-prioritizing existing stories as needed, creating estimates, and deconstructing larger stories into smaller stories or tasks. Rather than grooming the backlog sporadically throughout an iteration, the team may hold a backlog grooming session once per iteration. Scrum Alliance founder Ken Schwaber recommends that teams allocate 5% of their time to revisiting and tending to the backlog.
Backlog Item – A unit of work, usually a story or a task, listed on the project backlog.
Backup – Refers to copying and storing data in a secondary location, separate from the original, to preserve the data in the event that the original is lost, corrupted, or destroyed.
Baseline – A system or software as it is built and functioning at a specific point in time. Serves as a foundation for comparison or measurement, providing the necessary visibility to control change.
Basic Input/Output System (BIOS) – A firmware element of a computer system that provides the interface between hardware and system software with respect to devices and peripherals. BIOS is being replaced by Unified Extensible Firmware Interface (UEFI), a more complex and capable system.
BDD – See Behavior Driven Development.
Behavior Driven Development (BDD) – Agile software development practice adding to TDD the description of the desired functional behavior of the new functionality.
BGP – See Border Gateway Protocol.
Big Visible Charts – Big visible charts are exactly what you would think they would be: Big charts posted near the agile team that describe in different ways the team’s progress. Big visible charts not only can be useful tools for the team but also make it easier for any stakeholder to learn how the team is progressing. Big visible charts are an important tool for implementing the essential agile values of transparency and communication.
Biometrics – Used to verify an individual’s identity to the system or network using something unique about the individual, such as a fingerprint, for the verification process. Examples include fingerprints, retinal scans, hand and facial geometry, and voice analysis.
BIOS – See Basic Input/Output System.
Birthday attack – An attack methodology based on combinations rather than linear probability. In a room of thirty people, one doesn’t have to match a specific birthday, rather match any two birthdays in the room match, making the problem a combinatorial match, which is much more likely.
Blowfish – A free implementation of a symmetric block cipher developed by Bruce Schneier as a drop-in replacement for DES and IDEA. It has a variable-bit-length scheme from 32 to 448 bits, resulting in varying levels of security.
Bluebugging – The use of a Bluetooth-enabled device to eavesdrop on another person’s conversation using that person’s Bluetooth phone as a transmitter. The bluebug application silently causes a Bluetooth device to make a phone call to another device, causing the phone to act as a transmitter and allowing the listener to eavesdrop on the victim’s conversation in real life.
Bluejacking – The sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, tablets, or laptop computers.
Bluesnarfing – The unauthorized access of information from a Bluetooth-enabled device through a Bluetooth connection, often between mobile phones, desktops, laptops, and tablets.
Border Gateway Protocol (BGP) – The interdomain routing protocol implemented in Internet Protocol (IP) networks to enable routing between autonomous systems.
Botnet – A collection of software robots, or bots, that run autonomously and automatically and, commonly, invisibly in the background. The term is most often associated with malicious software, but it can also refer to the network of computers using distributed computing software.
Bottleneck – Any resource or process whose capacity is less than or equal to the demand placed on it, thus constraining the flow of work or information through the process.
Branching – Creating a logical or physical copy of code within a version control system so that this copy might be changed in isolation.
Breaking the Build – When a developer adds changes to the source code repository that result in the failure of a subsequent build process, the developer has “broken the build.”
Bridge Protocol Data Unit (BPDU) – BPDUs are a type of data messages that are exchanged across the switches within an extended LAN that uses a Spanning Tree Protocol (STP) topology.
Bring Your Own Device (BYOD) – A term used to describe an environment where users bring their personally owned devices into the enterprise and integrate them into business systems.
Buffer Overflow – A specific type of software coding error that enables user input to overflow the allocated storage area and corrupt a running program.
Bug – In the context of software, a bug is a flaw produces an undesired outcome. These flaws are usually the result of human error and typically exist in the source code or compilers of a program.
Build – Measure – Learn – The rapid experiment and learning cycle in LSU that permits us to rapidly validate assumptions and potentially fail fast.
Build Process – The process of creating the application program for a software release, by taking all the relevant source code files and compiling them and then creating a build artifacts, such as binaries or executable program, etc.
Burndown Chart – A publicly displayed chart that depicts the total task hours remaining per day. It shows where the team stands regarding completing the tasks that comprise the backlog items that achieve the goals of the sprint.
Burnup Chart – Representation of the amount of stories completed, with points plotted on an X and Y axis that map an upward trend of work completed until reaching 100%.
Business Availability Center (BAC) – A software platform that allows the enterprise to optimize the availability, performance, and effectiveness of business services and applications.
Business Continuity Plan (BCP) – The plan a business develops to continue critical operations in the event of a major disruption.
Business Impact Analysis (BIA) – An analysis of the impact to the business of a specific event.
Business Partnership Agreement (BPA) – A written agreement defining the terms and conditions of a business partnership.
Business Value – An informal term that includes all forms of value that determine the health and well-being of the firm in the long run.
Business/IT Alignment -Includes any actions or policies that exist so that a process or activity in one section of the organization is congruent with the organization’s or business unit’s governing mission. See Alignment.
BVC – See Big Visible Charts.
BYOD – See bring your own device.
Cache – The temporary storage of information before use, typically used to speed up systems. In an Internet context, refers to the storage of commonly accessed web pages, graphic files, and other content locally on a user’s PC or a web server. The cache helps to minimize download time and preserve bandwidth for frequently accessed websites, and it helps reduce the load on a web server.
Capability Maturity Model (CMM) – A structured methodology helping organizations improve the maturity of their software processes by providing an evolutionary path from ad hoc processes to disciplined software management processes. Developed at Carnegie Mellon University’s Software Engineering Institute.
CAPTCHA – Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA), software that is designed to pose tests that require human ability to resolve, preventing robots from filling in and submitting web pages.
Centralized Management – A type of privilege management that brings the authority and responsibility for managing and maintaining rights and privileges into a single group, location, or area.
CERT – See Computer Emergency Response Team.
Certificate – A cryptographically signed object that contains an identity and a public key associated with this identity. The certificate can be used to establish identity, analogous to a notarized written document.
Certificate Authority (CA) – An entity responsible for issuing and revoking certificates. CAs are typically not associated with the company requiring the certificate, although they exist for internal company use as well (such as Microsoft). This term is also applied to server software that provides these services. The term certificate authority is used interchangeably with certification authority.
Certificate Enrollment Protocol (CEP) – Originally developed by VeriSign for Cisco Systems to support certificate issuance, distribution, and revocation using existing technologies.
Certificate Revocation List (CRL) – A digitally signed object that lists all of the current but revoked certificates issued by a given certification authority. This allows users to verify whether a certificate is currently valid even if it has not expired. A CRL is analogous to a list of stolen charge card numbers that allows stores to reject bad credit cards.
Certificate Signing Request (CSR) – A message sent from an applicant to a certificate authority in order to apply for a digital identity certificate.
Certified ScrumMaster – Someone who is acting in the role of ScrumMaster on a Scrum Team and who has attended a two-day Certified ScrumMaster (CSM) class to obtain certification.
Chain of Custody – Rules for documenting, handling, and safeguarding evidence to ensure no unanticipated changes are made to the evidence.
Challenge Handshake Authentication Protocol (CHAP) – Used to provide authentication authentication across point-to-point links using the Point-to-Point Protocol (PPP).
Change (Configuration) Management – A standard methodology for performing and recording changes during software development and operation.
Change Control Board (CCB) – A body that oversees the change management process and enables management to oversee and coordinate projects.
Channel Service Unit (CSU) – A device used to link local area networks (LANs) into a wide area network (WAN) using telecommunications carrier services.
CHAP – See Challenge Handshake Authentication Protocol.
Choose your own device (CYOD) – A mobile device deployment methodology where each person chooses their own device type.
CIA of Security – Refers to confidentiality, integrity, and availability, the basic functions of any security system.
Cipher – A cryptographic system that accepts plaintext input and then outputs ciphertext according to its internal algorithm and key.
Cipher Block Chaining (CBC) – A method of adding randomization to blocks, each block of plaintext is XORed with the previous ciphertext block before being encrypted.
Cipher Feedback – A method to make a block cipher into a self-synchronizing stream cipher.
Ciphertext – The output of an encryption algorithm—the encrypted data.
CIRT – See Computer Emergency Response Team.
Clean Code – Software code that is expressed well, formatted correctly, and organized for later coders to understand. Clarity is preferred over cleverness.
Clickjacking – An attack against a user interface where the user clicks on something without knowing it, triggering a browser action unbeknownst to the user at the time.
Closed Circuit Television (CCTV) – A private television system, usually hardwired in security applications to record visual information. cloud computing The automatic provisioning of computational resources on demand across a network.
Cloud Service Provider (CSP) – A company that offers cloud-based network services, infrastructure, or business applications.
Code Coverage – A measurement indicating the amount of product code that is exercised by tests.
Cohesion and Coupling – Coupling refers to the interdependencies between modules, while cohesion describes how related the functions within a single module are.
Cold Site – An inexpensive form of backup site that does not include a current set of data at all times. A cold site takes longer to get your operational system back up, but it is considerably less expensive than a warm or hot site.
Collective Code Ownership – A software development principle popularized by Extreme Programming holding that all contributors to a given codebase are jointly responsible for the code in its entirety.
Collisions – Used in the analysis of hashing cryptography, it is the outcome situation that occurs when a hash algorithm will produce the same hash value from two different sets of data.
Collocation – Refers to development teams located and working in the same location. When possible collocation is desirable since it facilitates face-to-face collaboration, an important features of Agile software development. Contrast with distributed development team.
Common Access Card (CAC) – A smart card used to access U.S. federal computer systems, and to also act as an ID card.
Compensating – Controls that provide an alternative measure of control.
Computer Emergency Response Team (CERT) – Also known as a Computer Incident Response Team (CIRT), the group responsible for investigating and responding to security breaches, viruses, and other potentially catastrophic incidents.
Computer Security – In general terms, the methods, techniques, and tools used to ensure that a computer system is secure.
Computer Software Configuration Item – See configuration item.
Confidentiality Part of the CIA of Security, refers to the security principle that states that information should not be disclosed to unauthorized individuals.
Configuration Auditing – The process of verifying that configuration items are built and maintained according to requirements, standards, or contractual agreements.
Configuration Control – The process of controlling changes to items that have been baselined.
Configuration Identification – The process of identifying which assets need to be managed and controlled.
Configuration Item – Data and software (or other assets) that are identified and managed as part of the software change management process. Also known as computer software configuration items.
Configuration Status Accounting – Procedures for tracking and maintaining data relative to each configuration item in the baseline.
Content Management System (CMS) – A management system to manage the content for a specific system, such as a website.
Contingency Planning (CP) – The act of creating processes and procedures that are used under special conditions (contingencies).
Continuity Of Operations Planning (COOP) – The creation of plans related to continuing essential business operations after any major disruption.
Continuous Delivery – A software delivery practice similar to Continuous Deployment except a human action is required to promote changes into a subsequent environment along the pipeline.
Continuous Deployment – A software delivery practice in which the release process is fully automated in order to have changes promoted to the production environment with no human intervention.
Continuous Integration – Continuous Integration (CI) is an Extreme Programming (XP) practice where members of a delivery team frequently integrate their work (e.g. hourly, or at least once daily). Each integration is verified by an automated build, which also performs testing, to detect any integration errors quickly and automatically.
Controller Area Network (CAN) – A bus standard for use in vehicles to connect microcontrollers.
Cookie – Information stored on a user’s computer by a web server to maintain the state of the connection to the web server. Used primarily so preferences or previously used information can be recalled on future requests to the server.
COOP – See Continuity Of Operations Planning.
Corporate Owned, Personally Enabled (COPE) – A form of mobile device ownership/management.
Corrective – Fixes components or systems after an incident occurs.
Corrective Action Report (CAR) – A report used to document the corrective actions taken on a system.
Counter Mode (CTM) – Turns a block cipher into a stream cipher.
Counter Mode with Cipher Block Chaining–Message Authentication Code Protocol (CCMP) – An enhanced data cryptographic encapsulation mechanism based upon the Counter Mode with CBC-MAC from AES, designed for use over wireless LANs.
Countermeasure – See security control.
Cracking – A term used by some to refer to malicious hacking, in which an individual attempts to gain unauthorized access to computer systems or networks. See also hacking.
CRC – See cyclic redundancy check.
CRL – See Certificate Revocation List.
Cross-Functional Team – Team comprised of members with all functional skills and specialties necessary to complete a project from start to finish.
Cross-Site Request Forgery (CSRF or XSRF) – A method of attacking a system by sending malicious input to the system and relying upon the parsers and execution elements to perform the requested actions, thus instantiating the attack. XSRF exploits the trust a site has in the user’s browser.
Cross-Site Scripting (XSS) – A method of attacking a system by sending script commands to the system input and relying upon the parsers and execution elements to perform the requested scripted actions, thus instantiating the attack. XSS exploits the trust a user has for the site.
Cryptanalysis – The process of attempting to break a cryptographic system.
Cryptography – The art of secret writing that enables an individual to hide the contents of a message or file from all but the intended recipient.
Crypto-Malware – Malware that uses cryptography to encrypt files for ransom.
CTR – See Counter Mode (CTM)—an alternative abbreviation.
Customer – The recipient of the output (product, service, information) of a process. Customers may be internal or external to the organization. The customer may be one person, a department, or a large group. Internal customers (outside of Information Technology) are sometimes called the “Business.”
Cyclic Redundancy Check (CRC) – An error detection technique that uses a series of two 8-bit block check characters to represent an entire block of data. These block check characters are incorporated into the transmission frame and then checked at the receiving end.
Cyclomatic Complexity – A measure of code complexity based on the number of independent logical branches through a code base. Cyclomatic complexity is expressed as a simple integer.
DAC – See discretionary access control.
Daily Scrum/Daily Standup – A daily time-boxed event of 15 minutes, or less, for the Development Team to re-plan the next day of development work during a Sprint. The ‘semi-real-time’ status allows participants to know about potential challenges as well as coordinate efforts to resolve difficult and/or time-consuming issues. Updates are reflected in the Sprint Backlog.
Data Encryption Key (DEK) – An encryption key whose function it is to encrypt and decrypt data.
Data Encryption Standard (DES) – A private key encryption algorithm adopted by the U.S. government as a standard for the protection of sensitive but unclassified information. Commonly used in 3DES, where three rounds are applied to provide greater security.
Data Execution Prevention (DEP) – A security feature of an OS that can be driven by software, hardware, or both, designed to prevent the execution of code from blocks of data in memory.
Data Loss Prevention (DLP) – Technology, processes, and procedures designed to detect when unauthorized removal of data from a system occurs. DLP is typically active, preventing the loss either by blocking the transfer or dropping the connection.
Data Service Unit – See channel service unit.
Datagram – A packet of data that can be transmitted over a packet-switched system in a connectionless mode.
Decision Tree – A data structure in which each element is attached to one or more structures directly beneath it.
Definition of Done (DOD) – The criteria for accepting work as completed. Specifying these criteria is the responsibility of the entire team, including the business.
Demilitarized Zone (DMZ) – A network segment that exists in a semi-protected zone between the Internet and the inner, secure trusted network.
Denial-Of-Service (DoS) Attack – An attack in which actions are taken to deprive authorized individuals from accessing a system, its resources, the data it stores or processes, or the network to which it is connected.
DES – See Data Encryption Standard.
Design Pattern – A design pattern is a general reusable solution to a commonly occurring problem in software design.
Destination Network Address Translation (DNAT) – A one-to-one static translation from a public destination address to a private address.
Detective – Helps identify an incident’s activities and potentially an intruder.
Deterrent – Intended to discourage a potential attacker.
Developer – Any member of a Development Team, regardless of technical, functional or other specialty.
Development Team – The role within a Scrum Team accountable for managing, organizing and doing all development work required to create a releasable Increment of product every Sprint.
DevOps – An organizational concept serving to bridge the gap between development and operations, in terms of skills, mind-set, practices and silo-mentality. The underlying idea is that developers are aware of, and in daily work consider implications on operations, and vice versa.
DHCP – See Dynamic Host Configuration Protocol.
Diffie-Hellman – A cryptographic method of establishing a shared key over an insecure medium in a secure fashion.
Diffie-Hellman Ephemeral (DHE) – A cryptographic method of establishing a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.
Digital Forensics and Investigation Response (DFIR) – Another name for the incident response process.
Digital Signature – A cryptography-based artifact that is a key component of a public key infrastructure (PKI) implementation. A digital signature can be used to prove identity because it is created with the private key portion of a public/private key pair. A recipient can decrypt the signature and, by doing so, receive the assurance that the data must have come from the sender and that the data has not changed.
Digital Signature Algorithm (DSA) – A U.S. government standard for implementing digital signatures.
Direct-Sequence Spread Spectrum (DSSS) – A method of distributing a communication over multiple frequencies to avoid interference and detection.
Disassociation – An attack on a wireless network whereby the attacker sends a deauthentication frame in a wireless connection, to break an existing connection.
Disaster Recovery Plan (DRP) – A written plan developed to address how an organization will react to a natural or manmade disaster in order to ensure business continuity. Related to the concept of a business continuity plan (BCP).
Discretionary Access Control (DAC) – An access control mechanism in which the owner of an object (such as a file) can decide which other subjects (such as other users) may have access to the object, and what access (read, write, execute) these objects can have.
Distinguished Encoding Rules (DER) – A method of providing exactly one way to represent any ASN.1 value as an octet string.
Distributed Denial-Of-Service (DDoS) Attack – A special type of DoS attack in which the attacker elicits the generally unwilling support of other systems to launch a many-against-one attack.
Distributed Development Team – Refers to development teams that work on the same project but are located across multiple geographic locations or work sites. Agile development is more difficult for distributed teams and generally require that special practices are adopted that mitigate the inherent risks of distributed development.
Diversity of Defense – The approach of creating dissimilar security layers so that an intruder who is able to breach one layer will be faced with an entirely different set of defenses at the next layer.
DLL Injection – An attack that uses the injection of a dll onto a system, altering the processing of a program by in essence recoding it.
DNS Poisoning – The changing of data in a DNS table to cause misaddressing of packets.
DOD – See Definition of Done.
Domain in IT – Many computers and/or workgroups are directly connected. A domain is comprised of combined systems, servers and workgroups. Multiple server types may exist in one domain – such as Web, database and print – and depend on network requirements.
Domain Model in Agile – Agile project practitioners engage in a number of tasks in the course of working on projects in an Agile environment. These tasks have been delineated and organized into six major domains of practice.
Domain Hijacking – The act of changing the registration of a domain name without the permission of its original registrant.
Domain Name Service/Server (DNS) – The service that translates an Internet domain name (such as www.mhprofessional.com) into IP addresses.
Don’t repeat yourself (DRY) – Software development principle to avoid repetition of the same information in one system, preventing the same code from being produced multiple times on a code base.
DRP – See disaster recovery plan.
DRY – See Don’t repeat yourself.
DSSS – See direct-sequence spread spectrum.
Dumpster Diving – The practice of searching through trash to discover material that has been thrown away that is sensitive, yet not destroyed or shredded.
Dynamic Host Configuration Protocol (DHCP) – An Internet Engineering Task Force (IETF) Internet Protocol (IP) specification for automatically allocating IP addresses and other configuration information based on network adapter addresses. It enables address pooling and allocation and simplifies TCP/IP installation and administration.
Dynamic Link Library (DLL) – A shared library function used in the Microsoft Windows environment.
Electromagnetic Interference (EMI) – The disruption or interference of electronics due to an electromagnetic field.
Electromagnetic Pulse (EMP) – The disruption or interference of electronics due to a sudden, intense electromagnetic field in the form of a spike or pulse.
Electronic Code Book (ECB) – A block cipher mode where the message is divided into blocks, and each block is encrypted separately.
Electronic Serial Number (ESN) – A unique identification number embedded by manufacturers on a microchip in wireless phones.
Elliptic Curve Cryptography (ECC) – A method of public key cryptography based on the algebraic structure of elliptic curves over finite fields.
Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) – A cryptographic method using ECC to establish a shared key over an insecure medium in a secure fashion using a temporary key to enable perfect forward secrecy.
Elliptic Curve Digital Signature Algorithm (ECDSA) – A cryptographic method using ECC to create a digital signature.
Emergence – The process of the coming into existence or prominence of new facts or new knowledge of a fact, or knowledge of a fact becoming visible unexpectedly.
Empiricism – Process control type in which only the past is accepted as certain and in which decisions are based on observation, experience and experimentation. Empiricism has three pillars: transparency, inspection and adaptation.
Encapsulating Security Payload (ESP) – A portion of the IPsec implementation that provides for data confidentiality with optional authentication and replay-detection services. ESP completely encapsulates user data in the datagram and can be used either by itself or in conjunction with Authentication Headers for varying degrees of IPsec services.
Encrypted File System (EFS) – A security feature of Windows, from Windows 2000 onward, that enables the transparent encryption/decryption of files on the system.
Engineering Standards – A shared set of development and technology standards that a Development Team applies to create releasable Increments of software.
Epic – A very large user story that is eventually broken down into smaller stories. Epics are often used as placeholders for new ideas that have not been thought out fully or whose full elaboration has been deferred until actually needed. Epic stories help agile development teams effectively manage and groom their product backlog.
Escalation Auditing – The process of looking for an increase in privileges, such as when an ordinary user obtains administrator-level privileges.
Estimation – The process of agreeing on a size measurement for the stories or tasks in a product backlog. On agile projects, estimation is done by the team responsible for delivering the work, usually using a planning game.
Evidence – The documents, verbal statements, and material objects admissible in a court of law.
Evil Twin – An attack involving an attacker-owned router in a wireless system, configured to match a legitimate router.
Exposure Factor (EF) – A measure of the magnitude of loss of an asset. Used in the calculation of single loss expectancy (SLE).
Extensible Authentication Protocol (EAP) – A universal authentication framework used in wireless networks and point-to-point connections. It is defined in RFC 3748 and has been updated by RFC 5247.
Extensible Markup Language (XML) – A text-based, human-readable data markup language.
Extreme Programming (XP) – A software development methodology adhering to a very iterative and incremental approach, Extreme Programming is intended to improve software quality and responsiveness to changing customer requirements.
False Acceptance Rate (FAR) – The rate of false positives acceptable to the system.
False Positive – Term used when a security system makes an error and incorrectly reports the existence of a searched-for object. Examples include an intrusion detection system that misidentifies benign traffic as hostile, an antivirus program that reports the existence of a virus in software that actually is not infected, or a biometric system that allows system access to an unauthorized individual.
False Rejection Rate (FRR) – The acceptable level of legitimate users rejected by the system.
Feature – A coherent business function or attribute of a software product or system. Features are large and chunky and usually comprise many detailed (unit) requirements. A single feature typically is implemented through many stories. Features may be functional or non-functional; they provide the basis for organizing stories.
Feature Toggle – Software development practice that allows dynamically turning (parts of) functionality on and off without impacting the overall accessibility of the system by its users.
FHSS – See frequency-hopping spread spectrum.
Fibonacci Sequence – A sequence of numbers in which the next number is derived by adding together the previous two (e.g. 1, 2, 3, 5, 8, 13, 21, 34…). The sequence is used to size stories in Agile estimation techniques such as Planning Poker.
File System Access Control List (FACL) – The implementation of access controls as part of a file system.
File Transfer Protocol (FTP) – An application layer protocol used to transfer files over a network connection.
File Transfer Protocol Secure (FTPS) – An application layer protocol used to transfer files over a network connection, which uses FTP over an SSL or TLS connection.
Firewall – A network device used to segregate traffic based on rules.
Flood Guard – A network device that blocks flooding-type DoS/DDoS attacks, frequently part of an IDS/IPS.
Flow – Continuous delivery of value to customers (vs. big-batch, big-release, big-bang).
Forecast (of functionality) – The selection of items from the Product Backlog a Development Team deems feasible for implementation in a Sprint.
Forensics (or Computer Forensics) – The preservation, identification, documentation, and interpretation of computer data for use in legal proceedings.
Free Space – Sectors on a storage medium that are available for the operating system to use.
Frequency-Hopping Spread Spectrum (FHSS) – A method of distributing a communication over multiple frequencies over time to avoid interference and detection.
Full Disk Encryption (FDE) – The application of encryption to an entire disk, protecting all of the contents in one container.
Generic Routing Encapsulation (GRE) – A tunneling protocol designed to encapsulate a wide variety of network layer packets inside IP tunneling packets.
Global Positioning System (GPS) – A satellite-based form of location services and time standardization.
Gnu Privacy Guard (GPG) – An application program that follows the OpenPGP standard for encryption.
GPG – See Gnu Privacy Guard.
GPO – See Group Policy object.
Graphic Processing Unit (GPU) – A chip designed to manage graphics functions in a system.
Group Policy Object (GPO) – A method used by Windows for the application of OS settings enterprise-wide.
Hard Disk Drive (HDD) – A mechanical device used for the storing of digital data in magnetic form.
Hardware Security Module (HSM) – A physical device used to protect but still allow use of cryptographic keys. It is separate from the host machine.
Hash – A form of encryption that creates a digest of the data put into the algorithm. These algorithms are referred to as one-way algorithms because there is no feasible way to decrypt what has been encrypted.
Hash Value – See message digest.
Hashed Message Authentication Code (HMAC) – The use of a cryptographic hash function and a message authentication code to ensure the integrity and authenticity of a message.
HDD – See hard disk drive.
Heating, Ventilation, Air Conditioning (HVAC) – The systems used to heat and cool air in a building or structure.
HIDS – See host-based intrusion detection system.
High Availability – A system design to provide assured availability.
HIPS – See host-based intrusion prevention system.
HMAC-based one time password (HOTP) – A method of producing one-time passwords using HMAC functions.
Honeypot – A computer system or portion of a network that has been set up to attract potential intruders, in the hope that they will leave the other systems alone. Since there are no legitimate users of this system, any attempt to access it is an indication of unauthorized activity and provides an easy mechanism to spot attacks.
Host-Based Intrusion Detection System (HIDS) – A system that looks for computer intrusions by monitoring activity on one or more individual PCs or servers.
Host-Based Intrusion Prevention System (HIPS) – A system that automatically responds to computer intrusions by monitoring activity on one or more individual PCs or servers and responding based on a rule set.
Hot Site – A backup site that is fully configured with equipment and data and is ready to immediately accept transfer of operational processing in the event of failure on the operational system.
HSM – See hardware security module.
Hypertext Markup Language (HTML) – A protocol used to mark up text for use across HTTP.
Hypertext Transfer Protocol (HTTP) – A protocol for transfer of material across the Internet that contains links to additional material.
Hypertext Transfer Protocol over SSL/TLS (HTTPS) – A protocol for transfer of material across the Internet that contains links to additional material that is carried over a secure tunnel via SSL or TLS.
Identification (ID) – The first step in the authentication process where the user establishes a secret with the authentication system and is bound to a userid.
Identity Provider (IdP) – A system that creates, maintains, and manages identity information, including authentication services.
IEEE – See Institute for Electrical and Electronics Engineers.
IETF – See Internet Engineering Task Force.
Impact – The result of a vulnerability being exploited by a threat, resulting in a loss.
Impediment – Anything that prevents a team member from performing work as efficiently as possible is an impediment.
Impersonation – A social engineering technique that can occur in person, over a phone, or online, where the attacker assumes a role that is recognized by the person being attacked, and in assuming that role, the attacker uses the potential victim’s biases against their better judgment to follow procedures.
Incident Response – The process of responding to, containing, analyzing, and recovering from a computer-related incident.
Incident Response Plan (IRP) – The plan used in responding to, containing, analyzing, and recovering from a computer-related incident.
Increment – A piece of working software that adds to previously created Increments, where the sum of all Increments -as a whole – form a product.
Industrial Control System (ICS) – Term used to describe the hardware and software that controls cyber-physical systems.
Information Security – Often used synonymously with computer security, but places the emphasis on the protection of the information that the system processes and stores, instead of on the hardware and software that constitute the system.
Infrared (IR) – A set of wavelengths past the red end of the visible spectrum used as a communication medium.
Infrastructure as a Service (IaaS) – The automatic, on-demand provisioning of infrastructure elements, operating as a service; a common element of cloud computing.
Initialization Vector (IV) – A data value used to seed a cryptographic algorithm, providing for a measure of randomness.
Inspect and Adapt – “Inspect and Adapt” is a slogan used by the Scrum community to capture the idea of discovering over the course of a project emergent software requirements and ways to improve the overall performance of the team. It neatly captures the both the concept of empirical knowledge acquisition and feedback-loop-driven learning.
Instant Messaging (IM) – A text-based method of communicating over the Internet.
Institute for Electrical and Electronics Engineers (IEEE) – A nonprofit, technical, professional institute associated with computer research, standards, and conferences.
Intangible Asset – An asset for which a monetary equivalent is difficult or impossible to determine. Examples are brand recognition and goodwill.
Integrity – Part of the CIA of Security, the security principle that requires that information is not modified except by individuals authorized to do so.
Iteration – A period during which the Agile development team produces an increment of completed software. All system lifecycle phases must be completed during the iteration and then demonstrated for the iteration to be accepted as successfully completed.
Interconnection Security Agreement (ISA) – An agreement between parties to establish procedures for mutual cooperation and coordination between them with respect to security requirements associated with their joint project.
Intermediate Distribution Frame (IDF) – A system for managing and interconnecting the telecommunications cable between end-user devices, typically workstations.
International Data Encryption Algorithm (IDEA) – A symmetric encryption algorithm used in a variety of systems for bulk encryption services.
Internet Assigned Numbers Authority (IANA) – The central coordinator for the assignment of unique parameter values for Internet protocols. The IANA is chartered by the Internet Society (ISOC) to act as the clearinghouse to assign and coordinate the use of numerous Internet protocol parameters.
Internet Control Message Protocol (ICMP) – One of the core protocols of the TCP/IP protocol suite, used for error reporting and status messages.
Internet Engineering Task Force (IETF) – A large international community of network designers, operators, vendors, and researchers, open to any interested individual concerned with the evolution of Internet architecture and the smooth operation of the Internet. The actual technical work of the IETF is done in its working groups, which are organized by topic into several areas (such as routing, transport, and security). Much of the work is handled via mailing lists, with meetings held three times per year.
Internet Key Exchange (IKE) – A standard key exchange protocol used on the Internet, an implementation of Diffie-Hellmann algorithm.
Internet Message Access Protocol version 4 (IMAP4) – One of two common Internet standard protocols for e-mail retrieval, the other being POP.
Internet of Things (IoT) – The networking of large numbers of devices via the Internet to achieve a business purpose.
Internet Protocol (IP) – The network layer protocol used by the Internet for routing packets across a network.
Internet Protocol Security (IPsec) – A protocol used to secure IP packets during transmission across a network. IPsec offers authentication, integrity, and confidentiality services and uses Authentication Headers (AH) and Encapsulating Security Payload (ESP) to accomplish this functionality.
Internet Relay Chat (IRC) – An application layer protocol that facilitates communication in the form of text across the Internet.
Internet Security Association and Key Management Protocol (ISAKMP) – A protocol framework that defines the mechanics of implementing a key exchange protocol and negotiation of a security policy.
Internet Service Provider (ISP) – A telecommunications firm that provides access to the Internet.
Intrusion Detection System (IDS) – A system to identify suspicious, malicious, or undesirable activity that indicates a breach in computer security.
IPsec – See Internet Protocol Security.
ISA – See interconnection security agreement.
IT Contingency Plan (ITCP) – The plan used to manage contingency operations in an IT environment.
Kerberos – A network authentication protocol designed by MIT for use in client/server environments.
Key – In cryptography, a sequence of characters or bits used by an algorithm to encrypt or decrypt a message.
Key Distribution Center (KDC) – A component of the Kerberos system for authentication that manages the secure distribution of keys.
Key Encrypting Key (KEK) – An encryption key whose function it is to encrypt and decrypt the DEK.
Keyspace – The entire set of all possible keys for a specific encryption algorithm.
LDAP – See Lightweight Directory Access Protocol.
Lean Software Development – Principles focused on reducing waste and optimizing the software production value stream.
Least Privilege – A security principle in which a user is provided with the minimum set of rights and privileges that he or she needs to perform required functions. The goal is to limit the potential damage that any user can cause.
Lightweight Directory Access Protocol (LDAP) – An application protocol used to access directory services across a TCP/IP network.
Lightweight Extensible Authentication Protocol (LEAP) – A version of EAP developed by Cisco prior to 802.11i to push 802.1X and WEP adoption.
Load Balancer – A network device that distributes computing across multiple computers.
Local Area Network (LAN) – A grouping of computers in a network structure confined to a limited area and using specific protocols, such as Ethernet for OSI Layer 2 traffic addressing.
Logic Bomb – A form of malicious code or software that is triggered by a specific event or condition. See also time bomb.
Loop Protection – The requirement to prevent bridge loops at the Layer 2 level, which is typically resolved using the Spanning Tree algorithm on switch devices.
Main Distribution Frame (MDF) – Telephony equipment that connects customer equipment to subscriber carrier equipment.
Man-In-The-Browser Attack – A man-in-the-middle attack involving browser helper objects and browsers to conduct the attack.
Man-In-The-Middle Attack (MITM) – Any attack that attempts to use a network node as the intermediary between two other nodes. Each of the endpoint nodes thinks it is talking directly to the other, but each is actually talking to the intermediary.
Managed Service Provider (MSP) – A third party that manages aspects of a system under some form of service agreement.
Mandatory Access Control (MAC) – An access control mechanism in which the security mechanism controls access to all objects (files), and individual subjects (processes or users) cannot change that access.
Master Boot Record (MBR) – A strip of data on a hard drive in Windows systems meant to result in specific initial functions or identification.
Maximum Transmission Unit (MTU) – A measure of the largest payload that a particular protocol can carry in a single packet in a specific instance.
MD5 – Message Digest 5, a hashing algorithm and a specific method of producing a message digest.
Mean Time Between Failures (MTBF) – The statistically determined period of time between failures of the system.
Mean Time To Failure (MTTF) – The statistically determined time to the next failure.
Mean Time To Repair/Recover (MTTR) – A common measure of how long it takes to repair a given failure. This is the average time, and may or may not include the time needed to obtain parts.
Media Access Control (MAC) – A protocol used in the data link layer for local network addressing.
Memorandum Of Agreement (MOA) – A document executed between two parties that defines some form of agreement.
Memorandum Of Understanding (MOU) – A document executed between two parties that defines some form of agreement.
Message Authentication Code (MAC) – A short piece of data used to authenticate a message. See hashed message authentication code.
Message Digest – The result of applying a hash function to data. Sometimes also called a hash value. See hash.
Metropolitan Area Network (MAN) – A collection of networks interconnected in a metropolitan area and usually connected to the Internet.
Microsoft Challenge Handshake Authentication Protocol (MSCHAP) – A Microsoft-developed variant of the Challenge Handshake Authentication Protocol (CHAP).
Minimum Marketable Features (MMF) – A small, self-contained feature that can be developed quickly and that delivers significant value to the user.
Minimum Viable Product (MVP) – Potentially confusing, the strict Lean Startup definition is the smallest thing we can test to enable one cycle of the build – measure – learn loop. As opposed to Minimum Marketable Feature (MMF) that is the smallest thing that delivers a user value.
Mitigation – Action taken to reduce the likelihood of a threat occurring.
MMF – See Minimum Marketable Features.
Mobile Device Management (MDM) – An application designed to bring enterprise-level functionality onto a mobile device, including security functionality and data segregation.
Monitoring as a Service (MaaS) – The use of a third party to provide security monitoring services.
MSCHAP – See Microsoft Challenge Handshake Authentication Protocol.
MTBF – See mean time between failures.
MTTF – See mean time to failure.
MTTR – See mean time to repair.
Multi-Factor Authentication (MFA) – The use of more than one different factor for authenticating a user to a system.
Multi-Function Device (MFD) – A device, such as a printer, with multiple functions, such as printing and scanning.
Multimedia Message Service (MMS) – A standard way to send multimedia messages to and from mobile phones over a cellular network.
MVP – See Minimum Viable Product.
NAP – See Network Access Protection.
NAT – See Network Address Translation.
National Institute of Standards and Technology (NIST) – A U.S. government agency responsible for standards and technology.
NDA – See non-disclosure agreement.
Near Field Communication (NFC) – A set of standards and protocols for establishing a communication link over very short distances. Used in mobile devices.
Network Access Control (NAC) – An approach to endpoint security that involves monitoring and remediating endpoint security issues before allowing an object to connect to a network.
Network Access Protection (NAP) – A Microsoft approach to network access control.
Network Address Translation (NAT) – A method of readdressing packets in a network at a gateway point to enable the use of local, non-routable IP addresses over a public network such as the Internet.
Network-Based Intrusion Detection System (NIDS) – A system for examining network traffic to identify suspicious, malicious, or undesirable behavior.
Network-Based Intrusion Prevention System (NIPS) – A system that examines network traffic and automatically responds to computer intrusions.
Network Basic Input/Output System (NetBIOS) – A system that provides communication services across a local area network.
Network Operating System (NOS) – An operating system that includes additional functions and capabilities to assist in connecting computers and devices, such as printers, to a local area network.
Network Time Protocol (NTP) – A protocol for the transmission of time synchronization packets over a network.
New Technology File System (NTFS) – A proprietary file system developed by Microsoft, introduced in 1993, that supports a wide variety of file operations on servers, PCs, and media.
New Technology LANMAN (NTLM) – A deprecated security suite from Microsoft that provides authentication, integrity, and confidentiality for users. Because it does not support current cryptographic methods, it is no longer recommended for use.
Next Generation Access Control (NGAC) – One of the primary methods of implementing attribute-based access control (ABAC). The other method is XACML.
NFC – See Near Field Communication.
NIST – See National Institute of Standards and Technology.
Non-Disclosure Agreement (NDA) – A legal contract between parties detailing the restrictions and requirements borne by each party with respect to confidentiality issues pertaining to information to be shared.
Non-Repudiation The ability to verify that an operation has been performed by a particular person or account. This is a system property that prevents the parties to a transaction from subsequently denying involvement in the transaction.
Object Identifier (OID) – A standardized identifier mechanism for naming any object.
Object Reuse – Assignment of a previously used medium to a subject. The security implication is that before it is provided to the subject, any data present from a previous user must be cleared.
One-Time Pad (OTP) – An unbreakable encryption scheme in which a series of non-repeating, random bits is used once as a key to encrypt a message. Since each pad is used only once, no pattern can be established and traditional cryptanalysis techniques are not effective.
Online Certificate Status Protocol (OCSP) – A protocol used to request the revocation status of a digital certificate. This is an alternative to certificate revocation lists.
Open Authorization (OAUTH) – An open standard for token-based authentication and authorization on the Internet.
Open Vulnerability and Assessment Language (OVAL) – An XML-based standard for the communication of security information between tools and services.
Operating System (OS) – The basic software that handles input, output, display, memory management, and all the other highly detailed tasks required to support the user environment and associated applications.
OVAL – See Open Vulnerability and Assessment Language.
Over the Air (OTA) – Refers to performing an action wirelessly.
P12 – See PKCS #12
PAC – See Proxy Auto Configuration.
Packet Capture (PCAP) – The methods and files associated with the capture of network traffic in the form of text files.
Padding Oracle on Downgraded Legacy Encryption (POODLE) – A vulnerability in SSL 3.0 that can be exploited.
Pair programming – One of the original 12 Extreme Programming (XP) practices. As counter-intuitive as it may seem to the uninitiated, pair programming is more productive than two individuals working independently on separate tasks.
PAM – See Pluggable Authentication Modules.
Pan-Tilt-Zoom (PTZ) – A term used to describe a video camera that supports remote directional and zoom control.
Pass The Hash Attack – An attack where the credentials are passed in hashed form to convince an object that permission has been granted.
Password – A string of characters used to prove an individual’s identity to a system or object. Used in conjunction with a user ID, it is the most common method of authentication. The password should be kept secret by the individual who owns it.
Password Authentication Protocol (PAP) – A simple protocol used to authenticate a user to a network access server.
Password-Based Key Derivation Function 2 (PBKDF2) – A key derivation function that is part of the RSA Laboratories Public Key Cryptography Standards, published as IETF RFC 2898.
Patch – A replacement set of code designed to correct problems or vulnerabilities in existing software.
PBX – See private branch exchange.
Peer-to-Peer (P2P) – A network connection methodology involving direct connection from peer to peer.
Penetration Testing – A security test in which an attempt is made to circumvent security controls in order to discover vulnerabilities and weaknesses. Also called a pen test.
Perfect Forward Security (PFS) – A property of a cryptographic system whereby the loss of one key does not compromise material encrypted before or after its use.
Permissions – Authorized actions a subject can perform on an object. See also access controls.
Personal Electronic Device (PED) – A term used to describe an electronic device, owned by the user and brought into the enterprise, that uses enterprise data. This includes laptops, tablets, and mobile phones, to name a few.
Personal Exchange Format (PFX) – A file format used when exporting certificates.
Personal Health Information (PHI) – Information related to a person’s medical records, including financial, identification, and medical data.
Personal Identity Verification (PIV) – Policies, procedures, hardware, and software used to securely identify federal workers.
Personally Identifiable Information (PII) – Information that can be used to identify a single person.
Phreaking – Used in the media to refer to the hacking of computer systems and networks associated with the phone company. See also cracking.
Pirate Metrics – A set of metrics designed to support LSU analytics and validation. AARRR is short for Acquisition, Activation, Retention, Referral, Revenue.
PKCS #12 – A commonly used member of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories.
Plain Old Telephone Service (POTS) – The term used to describe the old analog phone service and later the “land-line” digital phone service.
Plaintext – In cryptography, a piece of data that is not encrypted. It can also mean the data input into an encryption algorithm that would output ciphertext.
Planning Game – In XP, the planning game includes iteration (or sprint) planning and release planning. In scrum, sprint and release planning are two of the five levels of planning used in Agile projects.
Planning Poker – Planning Poker is a consensus-based technique for estimating, mostly used to estimate effort or relative size of tasks in software development.
Platform as a Service (PaaS) – A third-party offering that allows customers to build, operate, and manage applications without having to manage the underlying infrastructure.
Pluggable Authentication Modules (PAM) – A mechanism used in Linux systems to integrate low-level authentication methods into an API.
Point-to-Point Protocol (PPP) – The Internet standard for transmission of IP packets over a serial line, as in a dial-up connection to an ISP.
Point-to-Point Protocol Extensible Authentication Protocol (PPP EAP) – A PPP extension that provides support for additional authentication methods within PPP.
Point-to-Point Protocol Password Authentication Protocol (PPP PAP) – A PPP extension that provides support for password authentication methods over PPP.
Point-to-Point Tunneling Protocol (PPTP) – The use of generic routing encapsulation over PPP to create a methodology used for virtual private networking.
Port Address Translation (PAT) – The manipulation of port information in an IP datagram at a point in the network to map ports in a fashion similar to Network Address Translation’s change of network address.
Post Office Protocol (POP) – A standardized format for the exchange of e-mail.
Pre-Shared Key (PSK) – A shared secret that has been previously shared between parties and is used to establish a secure channel.
Pretty Good Privacy (PGP) – A popular encryption program that has the ability to encrypt and digitally sign e-mail and files.
Preventive – Intended to avoid an incident from occurring.
Preventative Intrusion Detection – A system that detects hostile actions or network activity and prevents them from impacting information systems.
Privacy – Protecting an individual’s personal information from those not authorized to see it.
Privacy-enhanced Electronic Mail (PEM) – Internet standard that provides for secure exchange of e-mail using cryptographic functions.
Private Branch Exchange (PBX) – A telephone exchange that serves a specific business or entity.
Privilege Auditing – The process of checking the rights and privileges assigned to a specific account or group of accounts.
Privilege Escalation – The step in an attack where an attacker increases their privilege, preferably to administrator or root level.
Privilege Management – The process of restricting a user’s ability to interact with the computer system.
Product – Broadly speaking, product refers to a collection of tangible and intangible features that are integrated and packaged into software releases that offer value to a customer or to a market.
Product Backlog – A collection of stories and tasks the Sprint team will work on at some point in the future. Either the Product Owner has not prioritized them or has assigned them lower priority. See Backlog.
Product Backlog Refinement – The activity in a Sprint through which the Product Owner and the Development Team add granularity to the Product Backlog.
Product Owner – One of the key roles in Scrum. The product owner is the primary business representative who represents the business stakeholders’ “voice of the customer” and the “voice of the business” to the sprint team.
Product Vision – A product vision is a brief statement of the desired future state that would be achieved through the project initiative.
Protected Extensible Authentication Protocol (PEAP) – A protected version of EAP developed by Cisco, Microsoft, and RSA Security that functions by encapsulating the EAP frames in a TLS tunnel.
Proxy Auto Configuration (PAC) – A method of automating the connection of web browsers to appropriate proxy services to retrieve a specific URL.
PSK – See pre-shared key.
PTZ – See pan-tilt-zoom.
Public Key Cryptography – See asymmetric encryption.
Public Key Infrastructure (PKI) – Infrastructure for binding a public key to a known user through a trusted intermediary, typically a certificate authority.
Quantitative Risk Assessment – The process of objectively determining the impact of an event that affects a project, program, or business. It usually involves the use of metrics and models to complete the assessment.
RADIUS – Remote Authentication Dial-In User Service, a standard protocol for providing authentication services. It is commonly used in dial-up, wireless, and PPP environments.
RAID – See Redundant Array of Inexpensive Disks.
Rainbow Tables – A precomputed set of hash tables for matching passwords by searching rather than computing each on the fly.
Ransomeware – Ransomware is a form of malware that essentially holds a computer system captive while demanding a ransom.
Rapid Application Development (RAD) – A software development methodology that favors the use of rapid prototypes and changes as opposed to extensive advanced planning.
RAS – See Remote Access Service/Server.
RBAC – See rule-based access control or role-based access control.
RC4 – A stream cipher used in TLS and WEP.
Real-Time Operating System (RTOS) – An operating system designed to work in a real-time environment.
Real-time Transport Protocol (RTP) – A protocol for a standardized packet format used to carry audio and video traffic over IP networks.
Recovery – Intended to bring the environment back to regular operation.
Recovery Agent (RA) – In Microsoft Windows environments, the entity authorized by the system to use a public key recovery certificate to decrypt other users’ files using a special private key function associated with the Encrypted File System (EFS).
Recovery Point Objective (RPO) – The amount of data that a business is willing to place at risk. It is determined by the amount of time a business has to restore a process before an unacceptable amount of data loss results from a disruption.
Recovery Time Objective (RTO) – The amount of time a business has to restore a process before unacceptable outcomes result from a disruption.
Redundant Array of Inexpensive Disks (RAID) – The use of an array of disks arranged in a single unit of storage for increasing storage capacity, redundancy, and performance characteristics.
Refactoring – The process of restructuring existing computer code without changing its external behavior to improve nonfunctional attributes of the software, such as improving code readability and/or reducing complexity.
Registration Authority (RA) – Part of the PKI system responsible for establishing registration parameters during the creation of a certificate.
Release (Software) – The movement of releasing a product/service from the development phase into the release phase as soon as a minimum marketable feature set can be delivered; and then proceeding with frequent incremental releases.
Release Plan – The release plan is a schedule for releasing software into productive use. Typical release plans include the key features to be delivered, along with corresponding release dates. Release plans may also expose key milestones or dependencies that parallel project activities. In agile development, release plans can be mapped back to the iterations (or sprints) that implement the released features.
Release Planning – Release planning refers to planning activities used to estimate when software will be released into product use.
Remote Access Service/Server (RAS) – A combination of hardware and software used to enable remote access to a network.
Remote-Access Trojan (RAT) – A set of malware designed to exploit a system providing remote access.
Remotely Triggered Black Hole (RTBH) – A popular and effective filtering technique for the mitigation of denial-of-service attacks.
Replay Attack – The reusing of data during an attack to cause a system to respond based on previous acts.
Repudiation – The act of denying that a message was either sent or received.
Residual Risk – Risks remaining after an iteration of risk management.
Retrospective – A timeboxed meeting held at the end of an iteration, or at the end of a release, in which the team examines its processes to determine what succeeded and what could be improved.
Return On Investment (ROI) – A measure of the effectiveness of the use of capital.
RFID – Radio frequency identification, a technology used for remote identification via radio waves.
RIPEMD – A hash function developed in Belgium. The acronym expands to RACE Integrity Primitives Evaluation Message Digest, but this name is rarely used. The current version is RIPEMD-160.
Risk – The possibility of suffering a loss.
Risk Assessment or Risk Analysis – The process of analyzing an environment to identify the threats, vulnerabilities, and mitigating actions to determine (either quantitatively or qualitatively) the impact of an event affecting a project, program, or business.
Risk Management – Overall decision-making process of identifying threats and vulnerabilities and their potential impacts, determining the costs to mitigate such events, and deciding what cost-effective actions can be taken to control these risks.
Rootkit – A type of malware that modifies or replaces one or more existing programs to hide
traces of attacks. Although rootkits commonly modify parts of the operating system to conceal traces of their presence, they can exist at any level —from a computer’s boot instructions up to the applications that run in the operating system.
Rivest, Shamir, Adleman (RSA) – The names of the three men who developed a public key cryptographic system and the company they founded to commercialize the system.
Role-Based Access Control (RBAC) – An access control mechanism in which, instead of the users being assigned specific access permissions for the objects associated with the computer system or network, a set of roles that the user may perform is assigned to each user.
RTP – See Real-time Transport Protocol.
Rule-Based Access Control (RBAC) – An access control mechanism based on rules.
SAN – See storage area network.
SCADA – See supervisory control and data acquisition.
SCEP – See Simple Certificate Enrollment Protocol.
Scrum – A framework to support teams in complex product development. Comprised of a series of short iterations – called sprints – each of which ends with the delivery of an increment of working software.
Scrum Guide™ – The definition of Scrum, written and provided by Ken Schwaber and Jeff Sutherland, co-creators of Scrum. This definition consists of Scrum’s roles, events, artifacts, and the rules that bind them together.
Scrum Master – The ScrumMaster is responsible for maintaining the Scrum process and the overall health of the team.
Scrum Team – A cross-functional group that is responsible for delivering the software or product.
Secure Copy Protocol (SCP) – A network protocol that supports secure file transfers.
Secure FTP – A method of secure file transfer that involves the tunneling of FTP through an SSH connection. This is different than SFTP, which is the Secure Shell File Transfer Protocol.
Secure Hash Algorithm (SHA) – A hash algorithm used to hash block data. The first version is SHA-1, with subsequent versions detailing hash digest length: SHA-256, SHA-384, and SHA-512.
Secure Hypertext Transfer Protocol (SHTTP) – An alternative to HTTPS, in which only the transmitted pages and POST fields are encrypted. Rendered moot, by and large, by widespread adoption of HTTPS.
Secure/Multipurpose Internet Mail Extensions (S/MIME) – An encrypted implementation of the MIME protocol specification.
Secure Real-time Transport Protocol (SRTP) – A secure version of the standard protocol for a standardized packet format used to carry audio and video traffic over IP networks.
Secure Shell (SSH) – A set of protocols for establishing a secure remote connection to a computer. This protocol requires a client on each end of the connection and can use a variety of encryption protocols.
Secure Shell File Transfer Protocol (SFTP) – A secure file transfer subsystem associated with Secure Shell (SSH).
Secure Sockets Layer (SSL) – An encrypting layer between the session and transport layers of the OSI model designed to encrypt above the transport layer, enabling secure sessions between hosts. SSL has been replaced by TLS.
Security Assertion Markup Language (SAML) – An XML-based standard for exchanging authentication and authorization data.
Security Association (SA) – An instance of security policy and keying material applied to a specific data flow. Both IKE and IPsec use SAs, although these SAs are independent of one another. IPsec SAs are unidirectional and are unique in each security protocol, whereas IKE SAs are bidirectional. A set of SAs is needed for a protected data pipe, one per direction per protocol. SAs are uniquely identified by destination (IPsec endpoint) address, security protocol (AH or ESP), and security parameter index (SPI).
Security Baseline – The end result of the process of establishing an information system’s security state. It is a known good configuration resistant to attacks and information theft.
Security Content Automation Protocol (SCAP) – A method of using specific protocols and data exchanges to automate the determination of vulnerability management, measurement, and policy compliance across a system or set of systems.
Security Controls – A group of technical, management, or operational policies and procedures designed to implement specific security functionality. Access controls are an example of a security control.
Security Information and Event Management (SIEM) – The name used for a broad range of technological solutions to the collection and analysis of security-related information across the enterprise.
Segregation or Separation of Duties – A basic control that prevents or detects errors and irregularities by assigning job responsibilities for increased risk tasks to different individuals so that no single individual can commit fraudulent or malicious actions.
Self-Encrypting Drive (SED) – A data drive that has built-in encryption capability on the drive control itself.
Self-Organization – A property of the agile development team, which autonomously organizes over time, rather than being ordered by an external force such as a project or development manager.
Sender Policy Framework (SPF) – An e-mail validation system designed to detect e-mail spoofing by verifying that incoming mail comes from a host authorized by that domain’s administrators.
Service Level Agreement (SLA) – An agreement between parties concerning the expected or contracted uptime associated with a system.
Service Set Identifier (SSID) – Identifies a specific 802.11 wireless network. It transmits information about the access point to which the wireless client is connecting.
Session Hijacking – An attack against a communication session by injecting packets into the middle of the communication session.
Shielded Twisted Pair (STP) – A physical network connection consisting of two wires twisted and covered with a shield to prevent interference.
Shimming – The process of putting a layer of code between the driver and the OS to allow flexibility and portability.
Short Message Service (SMS) – A form of text messaging over phone and mobile phone circuits that allows up to 160-character messages to be carried over signaling channels.
Shoulder Surfing – Stealing of credentials by looking over someone’s shoulder while they type them into a system.
Signature Database – A collection of activity patterns that have already been identified and categorized and that typically indicate suspicious or malicious activity.
Simple Certificate Enrollment Protocol (SCEP) – A protocol used in PKI for enrollment and other services.
Simple Mail Transfer Protocol (SMTP) – The standard Internet protocol used to transfer e-mail between hosts.
Simple Mail Transfer Protocol Secure (SMTPS) – The secure version of the standard Internet protocol used to transfer e-mail between hosts.
Simple Network Management Protocol (SNMP) – A standard protocol used to remotely manage network devices across a network.
Simple Object Access Protocol (SOAP) – An XML-based specification for exchanging information associated with web services.
Single Loss Expectancy (SLE) – Monetary loss or impact of each occurrence of a threat. SLE = asset value × exposure factor.
Single Point of Failure (SPoF) – A single system component whose failure can result in system failure.
Single Sign-On (SSO) – An authentication process by which the user can enter a single user ID and password and then move from application to application or resource to resource without having to supply further authentication information.
Slack Space – Unused space on a disk drive created when a file is smaller than the allocated unit of storage (such as a sector).
Small Computer System Interface (SCSI) – A protocol for data transfer to and from a machine.
SMS – See Short Message Service.
Sniffer – A software or hardware device used to observe network traffic as it passes through a network on a shared broadcast media.
Social Engineering – The art of deceiving another person so that he or she reveals confidential information. This is often accomplished by posing as an individual who should be entitled to have access to the information.
Software as a Service (SaaS) – The provisioning of software as a service, commonly known as on-demand software.
Software-Defined Networking (SDN) – The use of software to act as a control layer separate from the data layer in a network to manage traffic.
Software Development Kit (SDK) – A set of tools and processes used to interface with a larger system element when programming changes to an environment.
Software Development Lifecycle (SDLC) – The processes and procedures employed to develop software.
Software Development Lifecycle Methodology (SDLM) – The processes and procedures employed to develop software. Sometimes also called secure development lifecycle model when security is part of the development process.
Solid-State Drive (SSD) – A mass storage device, such as a hard drive, that is composed of electronic memory as opposed to a physical device of spinning platters.
SONET – See Synchronous Optical Network Technologies.
Spam – E-mail that is not requested by the recipient and is typically of a commercial nature. Also known as unsolicited commercial e-mail (UCE).
Spam Filter – A security appliance designed to remove spam at the network layer before it enters e-mail servers.
Spear Phishing – A phishing attack aimed at a specific individual.
Spim – Spam sent over an instant messaging channel.
Spoofing – Making data appear to have originated from another source so as to hide the true origin from the recipient.
Sprint – The Scrum term for an iteration. It is a time-boxed event of 30 days, or less, that serves as a container for the other Scrum events and activities. Sprints are done consecutively, without intermediate gaps.
Sprint Backlog – An overview of the development work to realize a Sprint’s goal, typically a forecast of functionality and the work needed to deliver that functionality.
Sprint Planning Meeting – Each sprint begins with a two-part sprint planning meeting, the activity that prioritizes and identifies stories and concrete tasks for the next sprint.
Sprint Retrospective – See Retrospective.
Sprint Review – A meeting held at the end of each sprint in which the Scrum team shows what they accomplished during the sprint; typically this takes the form of a demo of the new features.
Spyware – A software that “spies” on users, recording and reporting on their activities. Typically installed without user knowledge, spyware can perform a wide range of activities.
Conklin, Wm. Arthur. CompTIA Security+ All-in-One Exam Guide, Fifth Edition (Exam SY0-501) (Kindle Locations 2175-2176). McGraw-Hill Education. Kindle Edition.
SSD – See solid-state drive.
Stakeholder – A person external to the Scrum Team with a specific interest in and knowledge of a product that is required for incremental discovery. Represented by the Product Owner and actively engaged with the Scrum Team at Sprint Review.
Standup Meeting – See Daily Scrum/Daily Standup.
Storage Area Network (SAN) – A dedicated network that provides access to data storage.
Story (User) – A requirement, feature and/or unit of business value that can be estimated and tested. Stories describe work that must be done to create and deliver a feature for a product.
STP – See shielded twisted pair.
Structured Exception Handler (SEH) – The process used to handle exceptions in the Windows OS core functions.
Structured Query Language (SQL) – A language used in relational database queries.
Subject Alternative Name (SAN) – A field on a certificate that identifies alternative names for the entity to which the certificate applies.
Subscriber Identity Module (SIM) – An integrated circuit or hardware element that securely stores the International Mobile Subscriber Identity (IMSI) and the related key used to identify and authenticate subscribers on mobile telephones.
Supervisory Control and Data Acquisition (SCADA) – A generic term used to describe the industrial control system networks used to interconnect infrastructure elements (such as manufacturing plants, oil and gas pipelines, power generation and distribution systems, and so on) and computer systems.
Symmetric Encryption – Encryption that needs all parties to have a copy of the key, sometimes called a shared secret. The single key is used for both encryption and decryption.
Synchronous Optical Network Technologies (SONET) – A set of standards used for data transfers over optical networks.
System on a Chip (SoC) – The integration of complete system functions on a single chip, simplifying construction of devices.
Tangible Asset – An asset for which a monetary equivalent can be determined. Examples are inventory, buildings, cash, hardware, software, and so on.
Task – Tasks are descriptions of the actual work that an individual or pair does in order to complete a story.
Task Board – A chart that presents, at minimum, “to do”, “in progress”, and “done” columns for organizing a team’s work.
TDD – See Test-Driven Development.
Team – In agile software development, the team refers to the cross-functional group of people that have made a collective commitment to work together to produce the work product and improve their performance over time. In addition to software development and test roles, the team may include any skill set necessary to deliver the work product.
Telnet – A network protocol used to provide cleartext bidirectional communication over TCP.
Temporal Key Integrity Protocol (TKIP) – A security protocol used in 802.11 wireless networks.
Terminal Access Controller Access Control System Plus (TACACS+) – A remote authentication system that uses the TACACS+ protocol, defined in RFC 1492, and TCP port 49.
Test Automation – Frequently used to automate unit tests, integration tests, and functional tests.
Test-Driven Development (TDD) – Test-first software development practice in which test cases are defined and created first, and subsequently executable code is created to make the test pass. The failing tests are constructed to pass as development proceeds and tests succeed. Ken Beck is credited for having invented TDD, one of the original 12 XP practices.
Threat – Any circumstance or event with the potential to cause harm to an asset.
Ticket-Granting Ticket (TGT) – A part of the Kerberos authentication system that is used to prove identity when requesting service tickets.
Time-based One-Time Password (TOTP) – A password that is used once and is only valid during a specific time period.
Time Bomb – A form of logic bomb in which the triggering event is a date or specific time. See also logic bomb.
Timebox – A timebox is a time period of fixed length allocated to achieve some objective. In agile development, iterations and sprints are examples of timeboxes that limit work in process and stage incremental progress. Timeboxes are often used to avoid over-investing in tasks such as estimating development tasks.
TKIP – See Temporal Key Integrity Protocol.
Token – A hardware device that can be used in a challenge-response authentication process.
Transaction Signature (TSIG) – A protocol used as a means of authenticating dynamic DNS records during DNS updates.
Transmission Control Protocol/Internet Protocol (TCP/IP) – A connection-oriented protocol for communication over IP networks.
Transport Layer Security (TLS) – A replacement for SSL that is currently being used to secure communications between servers and browsers.
Trapdoor – See backdoor.
Trivial File Transfer Protocol (TFTP) – A simplified version of FTP used for low-overhead file transfers using UDP port 69.
Trojan horse – A form of malicious code that appears to provide one service (and may indeed provide that service) but that also hides another purpose. This hidden purpose often has a malicious intent. This code may also be simply referred to as a Trojan.
Trusted Platform Module (TPM) – A hardware chip to enable trusted computing platform operations.
Typo Squatting – An attack form that involves capitalizing upon common typo errors at the URL level, hoping the browser user will not notice they end up on a different site.
Unified Threat Management (UTM) – The aggregation of multiple network security products into a single appliance for efficiency purposes.
Uniform Resource Identifier (URI) – A set of characters used to identify the name of a resource in a computer system. A URL is a form of URI.
Uninterruptible Power Supply (UPS) – A source of power (generally a battery) designed to provide uninterrupted power to a computer system in the event of a temporary loss of power.
Unit Testing – Comprehensive unit test coverage is an important part of software integrity and should be automated to support the incremental delivery requirements of agile software development teams. It is a low-level technical test focusing on small parts of a software system that can be executed fast and in isolation.In most cases, unit testing is the responsibility of the developer.
Universal Resource Locator (URL) – A specific character string used to point to a specific item across the Internet.
Universal Serial Bus (USB) – An industry-standard protocol for communication over a cable to peripherals via a standard set of connectors.
Universal Serial Bus On The Go (USB OTG) – A USB standard that enables mobile devices to talk to one another without an intervening PC.
Unmanned Aerial Vehicle (UAV) – A remotely piloted flying vehicle.
Unshielded Twisted Pair (UTP) – A physical connection consisting of a pair of twisted wires forming a circuit.
Usage Auditing – The process of recording who did what and when on an information system.
User Acceptance Testing (UAT) – The application of acceptance-testing criteria to determine fitness for use according to end-user requirements.
User Datagram Protocol (UDP) – A protocol in the TCP/IP protocol suite for the transport layer that does not sequence packets—it is “fire and forget” in nature.
User ID – A unique alphanumeric identifier that identifies individuals who are logging in or accessing a system.
User Story – A requirement, feature and/or unit of business value that can be estimated and tested. Stories describe work that must be done to create and deliver a feature for a product. See Story (User).
Variable Length Subnet Masking (VLSM) – The process of using variable length subnets, creating subnets in subnets.
Velocity – Measures how much work a team can complete in an iteration. It is also used to measure how long it will take a particular team to deliver future outcomes by extrapolating on the basis of its prior performance.
Video Teleconferencing (VTC) – A business process of using video signals to carry audio and visual signals between separate locations, thus allowing participants to meet via a virtual meeting instead of traveling to a physical location. Modern videoconferencing equipment can provide very realistic connectivity when lighting and backgrounds are controlled.
Virtual Desktop Environment (VDE) – The use of virtualization technology to host desktop systems on a centralized server.
Virtual Desktop Infrastructure (VDI) – The use of servers to host virtual desktops by moving the processing to the server and using the desktop machine as merely a display terminal. VDI offers operating efficiencies as well as cost and security benefits.
Virtual Local Area Network (VLAN) – A broadcast domain inside a switched system.
Virtual Machine (VM) – A form of a containerized operating system that allows a system to be run on top of another OS.
Virtual Private Network (VPN) – An encrypted network connection across another network, offering a private communication channel across a public medium.
Virus – A form of malicious code or software that attaches itself to other pieces of code in order to replicate. Viruses may contain a payload, which is a portion of the code that is designed to execute when a certain condition is met (such as on a certain date). This payload is often malicious in nature.
Vishing – A form of social engineering attack over voice lines (VoIP).
Voice of the Customer (VOC) – A term used in business and Information Technology (through ITIL) to describe the in-depth process of capturing a customer’s expectations, preferences, and aversions.
Voice over IP (VoIP) – The packetized transmission of voice signals (telephony) over Internet Protocol.
Vulnerability – A weakness in an asset that can be exploited by a threat to cause harm.
Whaling – A phishing attack targeted against a high value target like a corporate officer or system administrator.
Wireless Access Point (WAP) – A network access device that facilitates the connection of wireless devices to a network.
War Dialing – An attacker’s attempt to gain unauthorized access to a computer system or network by discovering unprotected connections to the system through the telephone system and modems.
War Driving – The attempt by an attacker to discover unprotected wireless networks by wandering (or driving) around with a wireless device, looking for available wireless access points.
Web Application Firewall (WAF) – A firewall that operates at the application level, specifically designed to protect web applications by examining requests at the application stack level.
WEP – See Wired Equivalent Privacy.
Wide Area Network (WAN) – A network that spans a large geographic region.
Wi-Fi Protected Access/Wi-Fi Protected Access 2 (WPA/WPA2) – A protocol to secure wireless communications using a subset of the 802.11i standard.
Wi-Fi Protected Setup (WPS) – A network security standard that allows easy setup of a wireless home network.
WIP – See Work in Process or Work in Progress.
Wired Equivalent Privacy (WEP) – The encryption scheme used to attempt to provide confidentiality and data integrity on 802.11 networks.
Wireless Application Protocol (WAP) – A protocol for transmitting data to small handheld devices such as cellular phones.
Wireless Intrusion Detection System (WIDS) – An intrusion detection system established to cover a wireless network.
Wireless Intrusion Prevention System (WIPS) – An intrusion prevention system established to cover a wireless network.
Wireless Transport Layer Security (WTLS) – The encryption protocol used on WAP networks.
Work in Process or Work in Progress (WIP) – Any work that has not been completed but that has already incurred a capital cost to the organization. Any software that has been developed but not deployed to production can be considered a work in progress.
Worm – An independent piece of malicious code or software that self-replicates. Unlike a virus, it does not need to be attached to another piece of code. A worm replicates by breaking into another system and making a copy of itself on this new system. A worm can contain a destructive payload but does not have to.
Write Once Read Many (WORM) – A data storage technology where things are written once (permanent) and then can be read many times, as in optical disks.
XML – See Extensible Markup Language.
XOR – Bitwise exclusive OR, an operation commonly used in cryptography.
XP – See Extreme Programming.
XSRF – See cross-site request forgery.
XSS – See cross-site scripting.
802.11 – A family of standards that describe network protocols for wireless devices.
802.1X – An IEEE standard for performing authentication over networks.