Читаем CISSP Practice полностью

Add-on security

(1) A retrofitting of protection mechanisms implemented by hardware or software after the computer system becomes operational. (2) An incorporation of new hardware, software, or firmware safeguards in an operational information system.

Adequate security

This proposes that security should commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used operate effectively and provide appropriate confidentiality, integrity, and availability services through the use of cost-effective controls (i.e., management, operational, and technical controls).

Adj-routing information base (RIB)-in

Routes learned from inbound update messages from Border Gateway Protocol (BGP) peers.

Adj-routing information base (RIB)-out

Routes that the Border Gateway Protocol (BGP) router will advertise, based on its local policy, to its peers.

Administrative account

A user account with full privileges intended to be used only when performing personal computer (PC) management tasks, such as installing updates and application software, managing user accounts, and modifying operating system (OS) and application settings.

Administrative law

Law dealing with legal principles that apply to government agencies.

Administrative safeguards

Administrative actions, policies, and procedures to manage the selection, development, implementation, and maintenance of security measures to protect electronic health information (e.g., HIPAA) and to manage the conduct of the covered entity’s workforce in relation to protecting that information.

Administrative security

The management constraints, operational procedures, accountability procedures, and supplemental controls established to provide an acceptable level of protection for sensitive data, programs, equipment, and physical facilities. Synonymous with procedural security.

Admissible evidence

Evidence allowed in a court to be considered by the Trier of fact (such as, jury and/or judge) in making a legal opinion, decision, or conclusion. Admissible evidence must be relevant, competent, and material. “Sufficient” is not part of the concept of admissibility of evidence because it merely supports a legal finding.

Best evidence is admissible because it is the primary evidence (such as, written instruments, such as contracts or deeds). Business records are also admissible when they are properly authenticated as to their contents (that is, notarized or stamped with official seal).

For example, (1) business records, such as sales orders and purchase orders, usually come under hearsay evidence and were not admissible before. They are admissible only when a witness testifies the identity and accuracy of the record and describes its mode of preparation. Today, all business records made during the ordinary course of business are admissible if the business is a legitimate entity. (2) Photographs are hearsay evidence, but they will be considered admissible if properly authenticated by a qualified person who is familiar with the subject portrayed and who can testify that the photograph is a good representation of the subject, place, object, or condition.

Advanced data communications control procedure (ADCCP)

Advanced data communications control procedure (ADCCP) is an example of sliding window protocol. ADCCP is a modified Synchronous Data Link Control (SDLC), which became high-level data link control (HDLC), and later became link access procedure B (LAPB) to make it more compatible with HDLC (Tanenbaum).

Advanced encryption standard (AES)

The AES specifies a cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called cipher text; decrypting the cipher text converts the data back into its original form, called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. AES is an encryption algorithm for securing sensitive but unclassified material. The combination of XEX tweakable block cipher with cipher text stealing (XTS) and AES is called XTS-AES. The XTS-AES algorithm is designed for the cryptographic protection of data on storage devices that use fixed length data units. It is not designed for encryption of data in transit as it is designed to provide confidentiality for the protected data. The XTS-AES does not provide authentication or access control services.

Advanced persistent threat