click below
click below
Normal Size Small Size show me how
Ch. 4 Key Terms
Chapter 4 Security Key Terms
Term | Definition |
---|---|
Access list | A paper or electronic record of individuals who have permission to enter a secure area, the time that they entered, and the time they left the area. |
Activity phase controls | Subtypes of security controls, classified as deterrent, preventive, detective, compensation, or corrective. |
Administrative control | Process for developing and ensuring that policies and procedures are carried out, specifying actions that users may do, must do, or cannot do. |
Alarm | An audible sound to warn a guard of an intruder. |
Antispyware | Software that helps prevent computers from becoming infected by different types of spyware. |
Barricade | A structure designed to block the passage of traffic. |
Bayesian filtering | Spam filtering software that analyzes every word in an email and determines how frequently a word occurs in order to determine if it is spam. |
Cable lock | A device that can be inserted into the security slot of a portable device and rotated so that the cable lock is secured to the device to prevent it from being stolen. |
Closed-circuit television (CCTV) | Using video cameras to transmit a signal to a specific and limited set of receivers used for surveillance in areas that require security monitoring. |
Cross-site request forgery (XSRF) | An attack that uses the user's Web browser settings to impersonate the user. |
Data loss prevention (DLP) | A system that can identify critical data, monitor how it is being accessed, and protect it from unauthorized users. |
Deadbolt lock | A door lock that extends a solid metal bar into the door frame for extra security. |
Errors (exceptions) | Faults in a program that occur while the application is running. |
Fencing | Securing a restricted area by erecting a barrier. |
Firewall (packet filter) | Hardware or software that is designed to prevent malicious packets from entering or leaving computers. |
Fuzz testing (fuzzing) | A software testing technique that deliberately provides invalid, unexpected, or random data as inputs to a computer program. |
GPS tracking | Using the Global Positioning System (GPS) to detect the location of a portable device. |
Heuristic detection | Creating a virtualized environment to simulate the central processing unit (CPU) and memory of the computer to check for the presence of a virus. |
Host-based software firewall | A firewall that runs as a program on a local system to protect it against attacks. |
Hotfix | Software that addresses a specific customer situation and often may not be distributed outside that customer's organization. |
Input validation | Verifying a user's input to an application. |
Locking cabinet | A secure storage unit that can be used for storing portable devices. |
Log | A record of events that occur. |
Mantrap | A device that monitors and controls two interlocking doors to a small room (a vestibule), designed to separate secure and nonsecure areas. |
Patch | A general software security update intended to cover vulnerabilities that have been discovered. |
Pop-up blocker | Either a program or a feature incorporated within a browser that stops pop-up advertisements from appearing. |
Proximity reader | A device that detects an emitted signal in order to identify the owner. |
Remote wipe/sanitation | A technology that can remotely erase data from a portable device and reset it to its default factory settings. |
Safe | A ruggedized steel box with a lock. |
Security logs | Logs that are considered the primary source of log data. |
Security policy | A document or series of documents that clearly defines the defense mechanisms an organization will employ to keep information secure. |
Service pack | Software that is a cumulative package of all security updates plus additional features. |
Signature file | A sequence of bytes (a string) found in the virus as a virus signature. |
Voice encryption |