Читаем CISSP Practice полностью

Tabular representation of the conditions, actions, and rules in making a decision. Decision tables provide a clear and coherent analysis of complex logical combinations and relationships, and detect logic errors. Used in decision-intensive and computational application systems.

Decision trees

Graphic representation of the conditions, actions, and rule of decision making. Used in application systems to develop plans in order to reduce risks and exposures. They use probabilities for calculating outcomes.

Decrypt

To convert, by use of the appropriate key, encrypted (encoded or enciphered) text into its equivalent plaintext through the use of a cryptographic algorithm. The term “decrypt” covers the meanings of decipher and decode.

Decryption

(1) The process of changing ciphertext into plaintext using a cryptographic algorithm and key. (2) The process of a confidentiality mode that transforms encrypted data into the original usable data.

Dedicated proxy server

A form of proxy server that has much more limited firewalling capabilities than an application-proxy gateway.

Defense-in-breadth

A planned, systematic set of multidisciplinary activities that seek to identify, manage, and reduce risk of exploitable vulnerabilities at every stage of the system, network, or sub-component life cycle (system, network, or product design and development; manufacturing; packaging; assembly; system integration; distribution; operations; maintenance; and retirement). It is a strategy dealing with scope of protection coverage of a system. It is also called supply chain protection control. It supports agile defense strategy.

Defense-in-density

A strategy requiring stronger security controls for high risk and complex systems and vice versa.

Defense-in-depth

(1) Information security strategy integrating people, technology, and operations capabilities to establish variable barriers across multiple layers and dimensions of information systems. (2) An approach for establishing an adequate information assurance (IA) posture whereby (i) IA solutions integrate people, technology, and operations, (ii) IA solutions are layered within and among IT assets, and (iii) IA solutions are selected based on their relative level of robustness. Implementation of this approach recognizes that the highly interactive nature of information systems and enclaves creates a shared risk environment; therefore, the adequate assurance of any single asset is dependent upon the adequate assurance of all interconnecting assets. (3) A strategy dealing with controls placed at multiple levels and at multiple places in a given system. It supports agile defense strategy and is the same as security-in-depth.

Defense-in-intensity

A strategy dealing with a range of controls and protection mechanisms designed into a system.

Defense-in-technology

A strategy dealing with diversity of information technologies used in the implementation of a system. Complex technologies create complex security problems.

Defense-in-time

A strategy dealing with applying controls at the right time and at the right geographic location. It considers global systems operating at different time zones.

Defensive programming

Defensive programming, also called robust programming, makes a system more reliable with various programming techniques.

Degauss

(1) To apply a variable, alternating current (AC) field for the purpose of demagnetizing magnetic recording media, usually tapes and cartridges. The process involves increasing the AC field gradually from zero to some maximum value and back to zero, which leaves a very low residue of magnetic induction on the media. (2) To demagnetize, thereby removing magnetic memory. (3) To erase the contents of media. (4) To reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Also called demagnetizing.

Deleted file

A file that has been logically, but not necessarily physically, erased from the operating system, perhaps to eliminate potentially incriminating evidence. Deleting files does not always necessarily eliminate the possibility of recovering all or part of the original data.

Demilitarized zone (DMZ)

(1) An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied. (2) A host or network segment inserted as a “neutral zone” between an organization’s private network and the Internet. (3) A network created by connecting to firewalls. Systems that are externally accessible but need some protections are usually located on DMZ networks.

Denial-of-quality (DoQ)