Читаем CISSP Practice полностью

Auctions conducted online in which (1) a seller invites consecutive bids from multiple buyers and the bidding price either increases or decreases sequentially (forward auction), (2) a buyer invites bids and multiple sellers respond with the price reduced sequentially, and the lowest bid wins (backward or reverse auction), (3) multiple buyers propose biding prices and multiple sellers respond with asking prices simultaneously and both prices are matched based on the quantities of items on both sides (double auction) and (4) sellers and buyers interact in one industry or for one commodity (vertical auction). Prices are determined dynamically through the bidding process. Usually, negotiations and bargaining power can take place between one buyer and one seller due to supply and demand. Reverse auction is practiced in B2B or G2B e-commerce. Limitations of e-auctions include minimal security for C2C auctions (i.e., no encryption), possibility of fraud (i.e., defective products), and limited buyer participation in terms of invitation only or open to dealers only. B2B auctions are secure due to use of private lines.

Electronic authentication

The process of establishing confidence in user identities electronically presented to an information system.

Electronic business XML (ebXML)

Sponsored by UN/CEFACT and OASIS, a modular suite of specifications that enable enterprises of any size and in any geographical location to perform business-to-business (B2B) transactions using XML.

Electronic commerce (EC)

Using information technology to conduct the business functions such as electronic payments and document interchange. It is the process of buying, selling, or exchanging products, services, or information via computer networks. EC models include B2B, B2B2C, B2C, B2E, C2B, C2C, and E2E. EC security risks arising from technical threats include DoS, zombies, phishing, Web server and Web page hijacking, botnets, and malicious code (e.g., viruses, worms, and Trojan horses) and nontechnical threats include pretexting and social engineering.

Electronic credentials

Digital documents used in authentication that bind an identity or an attribute to a subscriber’s token.

Electronic data interchange (EDI) system

The electronic transfer of specially formatted standard business documents (e.g., purchase orders, shipment instructions, invoices, payments, and confirmations) sent between business partners. EDI is a direct computer-to-computer exchange between two organizations, and it can use either a value-added network (VAN-EDI) or the Internet (Web-EDI) with XML standards.

Electronic evidence

Information and data of investigative value that is stored on or transmitted by an electronic device.

Electronic funds transfer (EFT) system

Customers paying their bills electronically through electronic funds transfers from banks to credit card companies and others.

Electronic mail header

The section of an e-mail message that contains vital information about the message, including origination date, sender, recipient(s), delivery path, subject, and format information. The header is generally left in clear text even when the body of the e-mail message is encrypted. The body contains the actual message.

Electronic serial number (ESN)

(1) A number encoded in each cellular phone that uniquely identifies each cellular telephone manufactured. (2) A unique 32-bit number programmed into code division multiple access (CDMA) phones when they are manufactured.

Electronic signature

A method of signing an electronic message that (1) identifies and authenticates a particular person as the source of the electronic message and (2) indicates such person’s approval of the information contained in the electronic message.

Electronic surveillance

The acquisition of a non-public communication by electronic means without the consent of a person who is a party to an electronic communication. It does not include the use of radio direction-finding equipment solely to determine the location of a transmitter.

Electronic vaulting

A system is connected to an electronic vaulting provider to allow file/program backups to be created automatically at offsite storage. Electronic vaulting and remote journaling require a dedicated off-site location (e.g., hot site or offsite storage site) to receive the transmissions and a connection with limited bandwidth.

Elliptic curve DH (ECDH)

Elliptic curve Diffie-Hellman (ECDH) algorithm is used to support key establishment.

Elliptic curve digital signature algorithm (ECDSA)