Читаем CISSP Practice полностью

A program module’s cohesion can be measured indirectly through McCabe’s and Halstead’s cyclomatic complexity metrics and Henri and Kafura’s information flow complexity metrics.

D

Daemon

A program associated with UNIX systems that perform a housekeeping or maintenance utility function without being called by the user. A daemon sits in the background and is activated only when needed.

Dashboards

Dashboards are one type of management metrics in which they consolidate and communicate information relevant to the organizational security status in near-real time to security management stakeholders. These dashboards present information in a meaningful and easily understandable format to management. Some applications of dashboards include implementation of separation of duties, security authorizations, continuous system monitoring, security performance measures, risk management, and risk assessment.

Data

Programs, files, or other information stored in, or processed by a computer system.

Data administrator (DA)

A person responsible for the planning, acquisition, and maintenance of database management software, including the design, validation, and security of database files. The DA is fully responsible for the data model and the data dictionary software.

Data architecture

Data compilation, including who creates and uses it and how. It presents a stable basis for the processes and information used by the organization to accomplish its mission.

Data at rest

Data at rest (data on the hard drive) address the confidentiality and integrity of data in nonmobile devices and covers user information and system information. File encryption or whole (full) disk encryption protects data in storage (data at rest).

Data authentication code

The code is a mathematical function of both the data and a cryptographic key. Applying the Data Authentication Algorithm (DAA) to data generates a data authentication code. When data integrity is to be verified, the code is generated on the current data and compared with the previously generated code. If the two values are equal, data integrity (i.e., authenticity) is verified. The data authentication code is also known as a message authentication code (MAC).

Data block

A sequence of bits whose length is the block size of the block cipher.

Data classification

From data security standpoint, all data records and files should be labeled as critical, noncritical, classified, sensitive, secret, top-secret, or identified through some other means so that protective measures are taken according to the criticality of data.

Data cleansing

Includes activities for detecting and correcting data in a database or traditional file that are incorrect, incomplete, improperly formatted, or redundant. Also known as data scrubbing.

Data communications

Information exchanged between end-systems in machine-readable form.

Data confidentiality

The state that exists when data is held in confidence and is protected from unauthorized disclosure.

Data contamination

A deliberate or accidental process or act that results in a change in the integrity of the original data.

Data custodian

The individual or group that has been entrusted with the possession of, and responsibility for, the security of specified data. Compare with data owner.

Data declassification

Data and storage media declassification is an administrative procedure and decision to remove the security classification of the subject media. It includes actual purging of the media and removal of any labels denoting classification, possibly replacing them with labels denoting that the storage media is unclassified. The purging procedures should include the make, model number, and serial number of the degausser used and the date of the last degausser test if degaussing is done; or the accreditation statement of the software if overwriting is done. The reason for the data downgrade, declassification, regrade, or release should be given along with the current media’s classification and requested reclassification of the same media.

Data dictionary

A central repository of an organization’s data elements and its relationships.

Data diddling

The entering of false data into a computer system.

Data downgrade

The change of a classification label to a lower level without changing the contents of the data. Downgrading occurs only if the content of a file meets the requirements of the sensitivity level of the network for which the data is being delivered.

Data element

A basic unit of information that has a unique meaning and sub-categories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.

Data encrypting key

A cryptographic key used for encrypting and decrypting data.

Перейти на страницу:

Похожие книги

100 абсолютных законов успеха в бизнесе
100 абсолютных законов успеха в бизнесе

Почему одни люди преуспевают в бизнесе больше других? Почему одни предприятия процветают, в то время как другие терпят крах? Известный лектор и писатель по вопросам бизнеса нашел ответы на эти очень трудные вопросы. В своей книге он представляет набор принципов, или `универсальных законов`, которые лежат в основе успеха деловых людей всего мира. Практические рекомендации Трейси имеют вид 100 доступных для понимания и простых в применении законов, относящихся к важнейшим сферам труда и бизнеса. Он также приводит примеры из реальной жизни, которые наглядно иллюстрируют, как работает каждый из законов, а также предлагает читателю упражнения по применению этих законов в работе и жизни.

Брайан Трейси

Деловая литература / Маркетинг, PR, реклама / О бизнесе популярно / Финансы и бизнес

Все жанры