Читаем CISSP Practice полностью

A digital signature algorithm that is an analog of digital signature algorithm (DSA) using elliptic curve mathematics.

Emanation attack

An intelligence-bearing signal, which, if intercepted and analyzed, potentially discloses the information that is transmitted, received, handled, or otherwise processed by any information-processing equipment. A low signal-to-noise ratio at the receiver is preferred to prevent emanation attack. Techniques such as control zones and white noise can be used to protect against emanation attacks.

Emanation hardware

An electronic signal emitted by a hardware device not explicitly allowed by its specification.

Emanations security

Protection resulting from measures taken to deny unauthorized individuals using information derived from intercept and analysis of compromising emissions from crypto-equipment or an information system.

Embedded system

An embedded system that performs or controls a function, either in whole or in part, as an integral element of a larger system or subsystem (e.g., flight simulators).

Emergency response

Immediate action taken upon occurrence of events such as natural disasters, fire, civil disruption, and bomb threats in order to protect lives, limit the damage to property, and minimize the impact on computer operations.

Emergency response time (EMRT)

The time required for any computer resource to be recovered from disruptive events. It is the time required to reestablish an activity from an emergency or degraded mode to a normal mode. EMRT is also called time-to-recover (TTR).

Emissions security

The protection resulting from all measures taken to deny unauthorized persons information of value that might be derived from intercept and from an analysis of compromising emanations from crypto-equipment, computer systems, and telecommunications systems.

Encapsulating security payload (ESP)

An IPsec message header designed to provide a mix of security services, including confidentiality, data origin authentication, connectionless integrity, anti-replay service, and limited traffic flow confidentiality.

Encapsulating security payload (ESP) protocol

IPsec security protocol that can provide encryption and/or integrity protection for packet headers and data.

Encapsulation

(1) The principle of structuring hardware and software components such that the interface between components is clean and well-defined and that exposed means of input, output, and control other than those that exist in the interface do not exist. (2) The packaging of data and procedures into a single programmatic structure. In object-oriented programming languages, encapsulation means that an object’s data structures are hidden from outside sources and are accessible only through the object’s protocol.

Enclave

A collection of information systems connected by one or more internal networks under the control of a single authority and security policy. The systems may be structured by physical proximity or by function, independent of location.

Enclave boundary

It is a point at which an enclave’s internal network service layer connected to an external network’s service layer (i.e., to another enclave or to a wide-area network).

Encrypt

(1) To convert plaintext into ciphertext, unintelligible forms, through the use of a cryptographic algorithm. (2) A generic term encompassing encipher and encode.

Encrypted cookies

Some websites create encrypted cookies to protect the data from unauthorized access.

Encrypted file system (EFS)

In an encrypted file system (EFS), keys are used to encrypt a file or group of files. It can either encrypt each file with a distinct symmetric key or encrypt a set of files using the same symmetric key. The symmetric keys can be generated from a password using public key cryptography standard (PKCS) and protected with trusted platform module (TPM) chip through its key cache management. EFS, which is based on public-key encryption, integrates tightly with the public key infrastructure (PKI) features that have been incorporated into Windows XP. The actual logic that performs the encryption is a system service that cannot be shut down. This program feature is designed to prevent unauthorized access, but has an added benefit of rendering the encryption process completely transparent to the user. Each file that a user may encrypt is encrypted using a randomly generated file encryption key (FEK).

Encrypted key (ciphertext key)

A cryptographic key that has been encrypted using an approved security function with a key encrypting key, a PIN, or a password to disguise the value of the underlying plaintext key.

Encrypted network