Term | Definition |
access list | A paper or electric record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area. |
activity phase controls | Subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective. |
administrative control | Process for developing and ensuring that policies and procedures are carried out, specifying actions that users may do, must do, or cannot do. |
alarm | An audible sound to warn a guard of an intruder. |
antispyware | Software that helps prevent computers from becoming infected by different types of spyware. |
antivirus | Software that can examine a computer for any infections as well as monitor computer activity and scan new documents that might contain a virus. |
barricade | A structure designed to block the passage of traffic. |
Bayesian filtering | Spam filtering software that analyzes every word in an email and determines how frequently a word occurs in order to determine if it is spam. |
Big Data | A collection of data sets so large and complex that it becomes difficult to process using on-hand database management tools or traditional data processing application. |
blacklist | Permitting everything unless it appears on the list; a list of nonapproved senders. |
cable lock | a device that can be inserted into the security slot of a portable device and rotated s that the cable lock is secured to the device to prevent it from being stolen. |
client-side validation | Having the client web browser perform all validations and error recovery procedures. |
CCTV | Video cameras and receivers used for surveillance in areas that require security monitoring. |
compensating control | Control that provides an alternative to normal controls that for some reason cannot be used. |
corrective control | Control that is intended to mitigate or lessen the damage caused by an incident. |
cross-site request forgery (XSRF) | An attack that uses the user's web browser settings to impersonate the user. |
data at-rest | Data that is stored on electronic media. |
data in-transit | Data that is in transit across a network, such as an email sent across the Internet. |
data in-use | A state of data in which actions upon it are being performed by "endpoint devices" such as printers. |
data loss prevention (DLP) | A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users. |
deadbolt lock | A door lock that extends a solid metal bar into the door frame for extra security. |
detective control | A control that is designed to identify any threat that has reached the system. |
deterrent control | A control that attempts to discourage security violations before they occure. |
embedded system | A computer system with a dedicated function within a larger electrical or mechanical system. |
errors | Faults in a program that occur while the application is running. Also called exceptions. |
exceptions | See errors. |
fencing | Securing a restricted area by erecting a barrier. |
firewall | Hardware or software that is designed to prevent malicious packets from entering or leaving computers. Also called packet filter. |
fuzz testing (fuzzing) | A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program. |
guard | A human who is an active security element. |
host-based application firewall | A firewall that runs as a program on a local system. |
hotfix | Software that addresses a specific customer situation and often may not be distributed outside that customer's organization. |
input validation | Verifying a user's input to an application. |
lighting | Lights that illuminate an area so that it can be viewed after dark. |
locking cabinet | A ruggedized steel box with a lock. |
mainframe | A very large computing system that has significant processing capabilities. |
mantrap | A device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas. |
motion detection | Determining an object's change in position in relation to its surroundings. |
NoSQL | A nonrelational database that is better tuned for accessing large data sets. |
NoSQL databases vs. SQL databases | An argument regarding which database technology is superior. Also called SQL vs.NoSQL |
OS hardening | Tightening security during the design and coding of the OS. |
packet filter | Hardware or software that is designed to prevent malicious packets from entering or leaving computers. |
patch | A general software security update intended to cover vulnerabilities that have been discovered. |
popup blocker | Either a program or feature incorporated within a browser that stops popup advertisements from appearing. |
preventive control | A control that attempts to prevent the threat from coming in and reaching contact with the vulnerability. |
protected distribution system (PDS) | A system of cable conduits that is used to protect classified information being transmitted between two secure areas. |
proximity reader | A device that detects an emitted signal in order to identify the owner. |
safe | A ruggedized steel box with a lock. |
SCADA (supervisory control and data acquistion) | Large-scale, industrial-control systems. |
security control | Any device or process that is used to reduce risk. |
security policy | A document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure. |
server-side validation | Having the server perform all validations and error recovery procedures. |
service pack | Software that is a cumulative package of all security updates plus additional features. |
sign | A written placard that explains a warning, such as notice that an area is restricted. |
smartphone | A cell phone with an operating system that allows it to run third-party applications. |
SQL vs. NoSQL | An argument regarding which database technology is better. Also called NoSQL databases vs. SQL databases. |
static environment | Devices in which additional hardware cannot easily be added or attached. |
technical controls | Security controls that are carried out or managed by devices. |
trusted OS | An operating system that has been designed through OS hardening. |
video surveillance | Monitoring activity that is captured by a video camera. |
whitelist | Permitting nothing unless it appears on the list. |
wrapper function | A substitute for a regular function that is used in testing. |