Читаем CISSP Practice полностью

A standard means of extending challenge handshake authentication protocol (CHAP) and password authentication protocol (PAP) to include additional authentication data such as biometric data. EAP is used in authenticating remote users. Legacy EAP methods use MD5-Challenge, One-Time Password, and Generic Token Card. Robust EAP methods use EAP-TLS, EAP-TTLS, PEAP, and EAP-FAST.

Extensible hypertext Markup Language (XHTML)

A unifying standard that brings the benefits of XML to those of HTML.

Extensible Markup Language (XML)

A cross-platform, extensible, and text-based standard markup language for representing structured data. It provides a cross-platform, software- and hardware-independent tool for transmitting information. XML is a meta-language, a coding language for describing programming languages used on the Web. XML uses standard generalized markup language (SGML) on the Web, and it is like Hypertext Markup Language (HTML). The Web browser interprets the XML tags for the right meaning of information in Web documents and pages. It is a flexible text format designed to describe data for electronic publishing.

Exterior border gateway protocol (EBGP)

A border gateway protocol (BGP) operation communicating routing information between two or more autonomous systems (ASs).

External information system

An information system or component that is outside of the authorization boundary established by the organization and for which the organization has no direct control over the implementation of required security controls or the assessment of security control effectiveness.

External information system service provider

A provider of external information system services to an organization through a variety of consumer-producer relationships. Examples include joint venture, business partnerships, outsourcing arrangements, licensing agreements, and supply chain arrangements.

External network

A network not controlled by an organization.

External testing (security)

External security testing is conducted from outside the organization’s security perimeter.

Extreme programming

Extreme programming (XP) is the most well known and widely implemented agile development method for software products. XP uses a test-driven and bottom-up software development approach.

Extranet

A private network that uses web technology, permitting the sharing of portions of an enterprise’s information or operations with suppliers, vendors, partners, customers, or other enterprises.

F

Failover

(1) The capability to switch over automatically without human intervention or warning to a redundant or standby information system upon the failure or abnormal termination of the previously active system. (2) It is a backup concept in that when the primary system fails, the backup system is automatically activated.

Fail-safe

An automatic protection of programs and/or processing systems when hardware or software failure is detected in a computer system. It is a condition to avoid compromise in the event of a failure or have no chance of failure. This is a technical and corrective control.

Fail-safe default

Asserts that access decisions should be based on permission rather than exclusion. This equates to the condition in which lack of access is the default, and the “protection scheme” recognizes permissible actions rather than prohibited actions. Also, failures due to flaws in exclusion-based systems tend to grant (unauthorized) permissions, whereas permission-based systems tend to fail-safe with permission denied.

Fail-secure

The system preserves a secure condition during and after an identified failure.

Fail-soft

A selective termination of affected nonessential processing when hardware or software failure is determined to be imminent in a computer system. A computer system continues to function because of its resilience. Examples of its application can be found in distributed data processing systems. This is a technical and corrective control.

Fail-stop processor

A processor that can constrain the failure rate and protects the integrity of data. However, it is likely to be more vulnerable to denial-of-service (DoS) attacks.

Failure

It is a discrepancy between external results of a program’s operation and software product requirements. A software failure is evidence of software faults.

Failure access

A type of incident in which unauthorized access to data results from hardware or software failure.

Failure control

A methodology used to detect imminent hardware or software failure and provide fail-safe or fail-soft recovery in a computer system (ANSI and IBM).

Failure rate