Читаем CISSP Practice полностью

Methods for accomplishing essential business tasks subsequent to disruption of a computer facility and for continuing operations until the facility is sufficiently restored.

Backup plan

Synonymous with contingency plan.

Backup procedures

The provisions made for the recovery of data files and program libraries, and for restart or replacement of computer equipment after the occurrence of a system failure or of a disaster. Examples include normal (full) backup, incremental backup, differential backup, image backup, file-by-file backup, copy backup, daily backup, record-level backup, and zero-day backup.

Bandwidth

Measures the data transfer capacity or speed of transmission in bits per second. Bandwidth is the difference between the highest frequencies and the lowest frequencies measured in a range of Hertz (that is, cycles per second). Bandwidth compression can reduce the time needed to transmit a given amount of data in a given bandwidth without reducing the information content of the signal being transmitted. Bandwidth can negatively affect the performance of networks and devices, if it is inadequate.

Banner grabbing

The process of capturing banner information, such as application type and version, that is transmitted by a remote port when a connection is initiated.

Base station (WMAN/WiMAX)

A base station (BS) is the node that logically connects fixed and mobile subscriber stations (SSs) to operator networks. A BS consists of the infrastructure elements necessary to enable wireless communications (i.e., antennas, transceivers, and other equipment).

Baseline (configuration management)

A baseline indicates a cut-off point in the design and development of a configuration item beyond which configuration does not evolve without undergoing strict configuration control policies and procedures. Note that baselining is first and versioning is next.

Baseline (software)

(1) A set of critical observations or data used for comparison or control. (2) A version of software used as a starting point for later versions.

Baseline architecture

The initial architecture that is or can be used as a starting point for subsequent architectures or to measure progress.

Baseline controls

The minimum-security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection objectives. Three sets of baseline controls (i.e., low-impact, moderate-impact, and high-impact) provide a minimum security control assurance.

Baselining

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected.

Basic authentication

A technology that uses the Web server content’s directory structure. Typically, all files in the same directory are configured with the same access privileges using passwords, thus not secure. The problem is that all password information is transferred in an encoded, rather than an encrypted, form. These problems can be overcome using basic authentication in conjunction with SSL/TLS.

Basis path testing

It is a white-box testing technique to measure the logical complexity of a procedural design. The goal is to execute every computer program statement at least once during testing realizing that many programs paths could exist.

Basic testing

A test methodology that assumes no knowledge of the internal structure and implementation details of the assessment object. Basic testing is also known as black box testing.

Bastion host

A host system that is a “strong point” in the network’s security perimeter. Bastion hosts should be configured to be particularly resistant to attack. In a host-based firewall, the bastion host is the platform on which the firewall software is run. Bastion hosts are also referred to as “gateway hosts.” A bastion host is typically a firewall implemented on top of an operating system that has been specially configured and hardened to be resistant to attack.

Bearer assertion

An assertion that does not provide a mechanism for the subscriber to prove that he is the rightful owner of the assertion. The relying party has to assume that the assertion was issued to the subscriber who presents the assertion or the corresponding assertion reference to the relying party.

Behavioral outcome

What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance.

Benchmark testing

Uses a small set of data or transactions to check software performance against predetermined parameters to ensure that it meets requirements.

Benchmarking