Читаем CISSP Practice полностью

(1) Placing an electronic cryptographic key and rules for its retrieval into a storage medium maintained by a rusted third party. (2) Something (e.g., a document, software source code, or an encryption key) that is delivered to a third person to be given to the grantee only upon the fulfillment of a condition or a contract.

Ethernet

Ethernet is the most widely installed protocol for local-area network (LAN) technology. It uses CSMA/CD for channel allocation. Older versions of Ethernet used a thick coaxial original cable (classic Ethernet), which is obsolete now. Newer versions of Ethernet use a thin coaxial cable with no hub needed, twisted-pair wire (low cost), fiber optics (good between buildings), and switches. Because the Internet Protocol (IP) is a connectionless protocol, it fits well with the connectionless Ethernet protocol. Ethernet uses the bus topology. Ethernet is classified as thick, thin, fast, switched, and gigabit Ethernet based on the cable used and the speed of service. Ethernet operates in the data link layer of the ISO/OSI reference model based on the IEEE 802.3 standard and uses the 48-bit addressing scheme. The gigabit Ethernet supports both full-duplex and half-duplex communication modes, and because no connection is possible, the CSMA/CD protocol is not used.

Evaluation

The process of examining a computer product or system with respect to certain criteria.

Evaluation assurance level (EAL)

One of seven increasingly rigorous packages of assurance requirements from Common Criteria (CC) Part 3. Each numbered package represents a point on the CC’s predefined assurance scale. An EAL can be considered a level of confidence in the security functions of an IT product or system.

Event

(1) Something that occurs within a system or network. (2) Any observable occurrence in a network or system.

Event aggregation

The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event.

Event correlation

Finding relationships between two or more log entries.

Event normalization

Covering each log data field to a particular data representation and categorizing it consistently.

Event reduction

Removing unneeded data fields from all log entries to create a new log that is smaller in size.

Evidence life cycle

The evidence life cycle starts with evidence collection and identification; analysis; storage; preservation and transportation; presentation in court; and ends when the evidence is returned to the victim (owner). The evidence life cycle is connected with the chain of evidence.

Examine

A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time.

Exclusive-OR operation (XOR)

The bitwise addition, modulo 2, of two bit strings of equal length.

Exculpatory evidence

Evidence that tends to decrease the likelihood of fault or guilt.

Executive steering committee

Committees that manage the information portfolio of the organization.

Exhaustive search attack

Uses computer programs to search for a password for all possible combinations. An exhaustive attack consists of discovering secret data by trying all possibilities and checking for correctness. For a four-digit password, you might start with 0000 and move on to 0001, 0002, and so on until 9999.

Expert systems

Expert systems use artificial intelligence programming languages to help human beings make better decisions.

Exploit code

A program that enables attackers to automatically break into a system.

Exploitable channel

Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base (TCB).

Exposure

Caused by the undesirable events. Exposure = Attack + Vulnerability.

Extensibility

(1) A measure of the ease of increasing the capability of a system. (2) The ability to extend or expand the capability of a component so that it handles the additional needs of a particular implementation.

Extensible Access Control Markup Language (XACML)

A general-purpose language for specifying access control policies.

Extensible authentication protocol (EAP)

Перейти на страницу:

Похожие книги

100 абсолютных законов успеха в бизнесе
100 абсолютных законов успеха в бизнесе

Почему одни люди преуспевают в бизнесе больше других? Почему одни предприятия процветают, в то время как другие терпят крах? Известный лектор и писатель по вопросам бизнеса нашел ответы на эти очень трудные вопросы. В своей книге он представляет набор принципов, или `универсальных законов`, которые лежат в основе успеха деловых людей всего мира. Практические рекомендации Трейси имеют вид 100 доступных для понимания и простых в применении законов, относящихся к важнейшим сферам труда и бизнеса. Он также приводит примеры из реальной жизни, которые наглядно иллюстрируют, как работает каждый из законов, а также предлагает читателю упражнения по применению этих законов в работе и жизни.

Брайан Трейси

Деловая литература / Маркетинг, PR, реклама / О бизнесе популярно / Финансы и бизнес

Все жанры