Читаем CISSP Practice полностью

A measure of the difficulty that an attacker has to guess the most commonly chosen password used in a system. It is the worst-case measure of uncertainty for a random variable with the greatest lower bound. The attacker is assumed to know the most commonly used password(s).

Minimization

A risk-reducing principle that supports integrity by containing the exposure of data or limiting opportunities to violate integrity.

Minimizing target value

A risk-reducing practice that stresses the reduction of potential losses incurred due to a successful attack and/or the reduction of benefits that an attacker might receive in carrying out such an attack.

Minimum security controls

These controls include management, operational, and technical controls to protect the confidentiality, integrity, and availability objectives of an information system. The tailored baseline controls become the minimum set of security controls after adding supplementary controls based on gap analysis to achieve adequate risk mitigation. Three sets of baseline controls (i.e., low-impact, moderate-impact, and high-impact) provide a minimum security control assurance.

Minor application

An application, other than a major application, that requires attention to security due to the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of the information in the application. Minor applications are typically included as part of a general support system.

Mirroring

Several mirroring methods include data mirroring, disk mirroring, and server mirroring. They all provide backup mechanisms so if one disk fails, the data is available from the other disks.

Misappropriation

Stealing or making unauthorized use of a service.

Mistake-proofing

It is a concept to prevent, detect, and correct inadvertent human or machine errors occurring in products and services. It is also called poka-yoke (Japanese term) and idiot-proofing.

Mobile code

(1) A program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics. (2) Software programs or parts of programs obtained from remote information systems, transmitted from a remote system or across a network, and executed on a local information system without the user’s explicit installation, instruction, or execution. Java, JavaScript, Active-X, and VBScript are examples of mobile code technologies that provide the mechanisms for the production and use of mobile code. Mobile code can be malicious or nonmalicious.

Mobile commerce (MC)

Mobile commerce (m-commerce) is conducted using mobile devices such as cell phones and personal digital assistants (PDAs) for wireless banking and shopping purposes. M-commerce uses wireless application protocol (WAP). It is any business activity conducted over a wireless telecommunications networks.

Mobile-site

A self-contained, transportable shell custom-fitted with the specific IT equipment and telecommunications necessary to provide full recovery capabilities upon notice of a significant disruption.

Mobile software agent

Programs that are goal-directed and capable of suspending their execution on one platform and moving to another platform where they resume execution.

Mobile subscriber (WMAN/WiMAX)

A mobile subscriber (MS) is a station capable of moving at greater speeds and supports enhanced power of operations (i.e., self-powered) for laptop computers, notebook computers, and cellular phones.

Mode of operation

(1) A set of rules for operating on data with a cryptographic algorithm and a key; often includes feeding all or part of the output of the algorithm back into the input of the algorithm, either with or without additional data being processed (e.g., cipher feedback, output feedback, and cipher block chaining). (2) An algorithm for the cryptographic transformation of data that features a symmetric key block cipher algorithm.

Modem

Acronym for modulation and demodulation. During data transmission, the modem converts the computer representation of data into an audio signal for transmission of telephone, teletype, or intercom lines. When receiving data, the modem converts the audio signal to the computer data representation.

Moderate-impact system

An information system in which at least one security objective (i.e., confidentiality, integrity, or availability) is assigned a potential impact value of moderate and no security objective is assigned a potential impact value of high.

Modular design