Читаем CISSP Practice полностью

It is the comparison of core process performance with other components of an internal organization or with leading external organizations.

Best practices

Business practices that have been shown to improve an organization’s IT function as well as other business functions.

Beta testing

Use of a product by selected users before formal release.

Between-the-lines entry

(1) Access, obtained through the use of active wiretapping by an unauthorized user, to a momentarily inactive terminal of a legitimate user assigned to a communications channel. (2) Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate use.

Binding

(1) Process of associating two related elements of information. (2) An acknowledgment by a trusted third party that associates an entity’s identity with its public key. This may take place through (i) certification authority’s generation of a public key certificate, (ii) a security officer’s verification of an entity’s credentials and placement of the entity’s public key and identifier in a secure database, or (iii) an analogous method.

Biometric access controls

Biometrics-based access controls are implemented using physical and logical controls. They are most expensive and most secure compared to other types of access control mechanisms.

Biometric information

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns).

Biometric system

An automated system capable of the following: (1) capturing a biometric sample from an end user, (21) extracting biometric data from that sample, (3) comparing the extracted biometric data with data contained in one or more references, (4) deciding how well they match, and (5) indicating whether or not an identification or verification of identity has been achieved.

Biometric template

A characteristic of biometric information (e.g., minutiae or patterns).

Biometrics

(1) Automated recognition of individuals based on their behavioral and biological characteristics. (2) A physical or behavioral characteristic of a human being. (3) A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial patterns, fingerprints, eye retinas and irises, voice patterns, and hand measurements are all examples of biometrics. (4) Biometrics may be used to unlock authentication tokens and prevent repudiation of registration.

Birthday attack

An attack against message digest 5 (MD5), a hash function. The attack is based on probabilities of two messages that hash to the same value (collision) and then exploit it to attack. The attacker is looking for “birthday” pairs—that is, two messages with the same hash values. This attack is not feasible given today’s computer technology.

Bit error ratio

It is the number of erroneous bits divided by the total number of bits transmitted, received, or processed over some stipulated period in a telecommunications system.

Bit string

An ordered sequence of 0’s and 1’s. The leftmost bit is the most significant bit of the string. The rightmost bit is the least significant bit of the string.

Black bag cryptanalysis

A euphemism for the acquisition of cryptographic secrets via burglary, or the covert installation of keystroke logging or Trojan horse software on target computers or ancillary devices. Surveillance technicians can install bug concealed equipment to monitor the electromagnetic emissions of computer displays or keyboards from a distance of 20 or more meters and thereby decode what has been typed. It is not a mathematical or technical cryptanalytic attack, and the law enforcement authorities can use a sneak-and-peek search warrant on a keystroke logger (Wikipedia).

Black box testing

A test methodology that assumes no knowledge of the internal structure and implementation detail of the assessment object. It examines the software from the user’s viewpoint and determines if the data are processed according to the specifications, and it does not consider implementation details. It verifies that software functions are performed correctly. It focuses on the external behavior of a system and uses the system’s functional specifications to generate test cases. It ensures that the system does what it is supposed to do and does not do what it is not supposed to do. It is also known as generalized testing or functional testing, and should be combined with white box testing for maximum benefit because neither one by itself does a thorough testing job. Black box testing is functional analysis of a system. Basic testing is also known as black box testing.

BLACK concept (encryption)