Читаем CISSP Practice полностью

Day-to-day procedures and mechanisms used to protect operational systems and applications. They include security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by people, as opposed to systems.

Operational environment

It includes standalone, managed or custom environments, where the latter is either a specialized security-limited functionality or a legacy environment.

Originator usage period (crypto-period)

The period of time in the crypto-period of a symmetric key during which cryptographic protection may be applied to data.

Outage

The period of time for which a communication service or an operation is unavailable.

Output block

A data block that is an output of either the forward cipher function or the inverse cipher function of the block cipher algorithm.

Outward-facing

Refers to a system that is directly connected to the Internet.

Over-the-air-key distribution

Providing electronic key via over-the-air rekeying, over-the-air key transfer, or cooperative key generation.

Over-the-air key transfer

Electronically distributing key without changing traffic encryption key used on the secured communications path over which the transfer is accomplished.

Over-the-air rekeying (OTAR)

Changing traffic encryption key or transmission security key in remote cryptographic equipment by sending new key directly to the remote cryptographic equipment over the communications path it secures. OTAR is a key management protocol specified for digital mobile radios and designed for unclassified, sensitive communications. OTAR performs key distribution and transfer functions. Three types of keys are used in OTAR: a key-wrapping key, a traffic-encryption key, and a message authentication code (MAC).

Overt channel

A communication path within a computer system or network designed for the authorized transfer of data. Compare with covert channel.

Overt testing

Security testing performed with the knowledge and consent of the organization’s IT staff.

Overwrite procedure

(1) A software process that replaces data previously stored on storage media with a predetermined set of meaningless data or random patterns. (2) The obliteration of recorded data by recording different data on the same storage surface. (3) Writing patterns of data on top of the data stored on a magnetic medium.

Out-of-band management

In out-of-band management, the communications device is accessed via a dial-up circuit with a modem, directly connected terminal device, or LANs dedicated to managing traffic.

Owner of data

The individual or group that has responsibility for specific data types and that is charged with the communication of the need for certain security-related handling procedures to both the users and custodians of this data.

P

P2P

Free and easily accessible software that poses risks to individuals and organizations.

P3P

According to the Platform for Privacy Preferences Project (P3P), users are given more control over personal information gathered on websites they visit.

P-box

Permutation box (P-box) is used to effect a transposition on an 8-bit input in a product cipher. This transposition, which is implemented with simple electrical circuits, is done so fast that it does not require any computation, just signal propagation. The P-box design, which is implemented in hardware for cryptographic algorithm, follows Kerckhoff’s principle (security-by-obscurity) in that an attacker knows that the general method is permuting the bits, but he does not know which bit goes where. Hence, there is no need to hide the permutation method. P-boxes and S-boxes are combined to form a product cipher, where wiring of the P-box is placed inside the S-box; the correct sequence is S-box first and P-box next (Tanenbaum).

Packet

A piece of a message, usually containing the destination address, transmitted over a network by communications software.

Packet churns

Rapid changes in packet forwarding disrupt packet delivery, possibly affecting congestion control.

Packet filter

(1) A routing device that provides access control functionality for host addresses and communication sessions. (2) A type of firewall that examines each packet and accepts or rejects it based on the security policy programmed into it in the form of traffic rules. (3) A router to block or filter protocols and addresses. Packet filtering specifies which types of traffic should be permitted or denied and how permitted traffic should be protected, if at all.

Packet latency

The time delay in processing voice packets as in Voice over Internet Protocol (VoIP).

Packet looping

Packets enter a looping path, so that the traffic is never delivered.

Packet replay