Читаем CISSP Practice полностью

It uses multiple, overlapping protection mechanisms so that failure or circumvention of any individual protection approach will not leave the system unprotected. It is a part of security-in-depth or defense-in-depth strategy.

Least functionality

The information system security function should configure the information system to provide only essential capabilities and specifically prohibits or restricts the use of risky (by default) and unnecessary functions, ports, protocols, and/or services. This is based on the principle of least functionality or minimal functionality.

Least privilege

(1) Offering only the required functionality to each authorized user so that no one can use functions that are not necessary. (2) The security objective of granting users only those accesses they need to perform their official duties.

Least significant bit(s)

The right-most bit(s) of a bit string.

Legacy environment

It is a typical custom environment usually involving older systems or applications.

Letter bomb

A logic bomb, contained in electronic mail, triggered when the mail is read.

Library

A collection of related data files or programs.

License

An agreement by a contractor to permit the use of copyrighted software under certain terms and conditions.

Life cycle management

The process of administering an automated information system throughout its expected life, with emphasis on strengthening early decisions that affect system costs and utility throughout the system’s life.

Lightweight directory access protocol (LDAP)

LDAP is a software protocol for enabling anyone to locate organizations, individuals, and other resources (e.g., files and devices in a network) whether on the Internet or on a corporate intranet.

Line of defenses

A variety of security mechanisms deployed for limiting and controlling access to and use of computer system resources. They exercise a directing or restraining influence over the behavior of individuals and the content of computer systems. The line-of-defenses form a core part of defense-in-depth strategy or security-in-depth strategy. They can be grouped into four categories—first, second, last, and multiple depending on their action priorities and needs. A first line-of-defense is always preferred over the second or the last. If the first line-of-defense is not available for any reason, the second line-of-defense should be applied. If the second line-of-defense is not available or does not work, then the last line-of-defense must be applied. Note that multiple lines-of-defenses are stronger than a single line-of-defense, whether the single defense is first, second, or last.

Linear cryptanalysis attacks

Uses pairs of known plaintext and corresponding ciphertext to generate keys.

Link control protocol (LCP)

One of the features of the point-to-point protocol (PPP) used for bringing lines up, testing them, and taking them down gracefully when they are not needed. It supports synchronous and asynchronous circuits and byte-oriented and bit-oriented encodings (Tanenbaum).

Link encryption

Link encryption (online encryption) encrypts all of the data along a communications path (e.g., a satellite link, telephone circuit, or T3 line). Since link encryption also encrypts routing data (i.e., headers, trailers, and addresses), communications nodes need to decrypt the data to continue routing so that all information passing over the link is encrypted in its entirety. It provides good protection against external threats such as traffic analysis, packet sniffers, and eavesdroppers. This is a technical and preventive control.

List-oriented protection system

A computer protection system in which each protected object has a list of all subjects authorized to access it. Compare with ticket-oriented protection system.

Local access

Access to an organizational information system by a user (or an information system) communicating through an internal organization-controlled network (e.g., local-area network) or directly to a device without the use of a network.

Local-area network (LAN)