Читаем CISSP Practice полностью

It is a technology that takes a password from the user and changes the passwords on other system resources to be the same as that password so that the user can use the same password when authenticating to each system resource.

Password system

A system that uses a password or passphrase to authenticate a person’s identity or to authorize a person’s access to data and that consists of a means for performing one or more of the following password operations: generation, distribution, entry, storage, authentication, replacement, encryption and/or decryption of passwords.

Patch

(1) An update to an operating system, application, or other software issued specifically to correct particular problems with the software. (2) A section of software code inserted into a program to correct mistakes or to alter the program, generally supplied by the vendor of software. (3) A patch (sometimes called a “fix”) is a “repair job” for a piece of programming. A patch is the immediate solution to an identified problem that is provided to users; it can sometimes be downloaded from the software maker’s website. The patch is not necessarily the best solution for the problem, and the product developers often find a better solution to provide when they package the product for its next release. A patch is usually developed and distributed as a replacement for or an insertion in compiled code (that is, in a binary file or object module). In many operating systems, a special program is provided to manage and track the installation of patches.

Patch management

(1) The systematic notification, identification, deployment, installation, and verification of operating system and application software code revisions, which are known as patches, hot fixes, and service packs. (2) The process of acquiring, testing, and distributing patches to the appropriate administrators and users throughout the organization.

Payback method

The payback period is stated in years and estimates the time it takes to recover the original investment outlay. The payback period is calculated by dividing the net investment by the average annual operating cash inflows. The payback method can be used to assess the financial feasibility of an investment in information security program.

Payload

(1) The portion of a virus that contains the code for the virus’s objective, which may range from the relatively benign (e.g., annoying people and stating personal opinions) to the highly malicious (e.g., forwarding personal information to others and wiping out systems and files). (2) A protection for packet headers and data in the Internet Protocol security (IPsec). (3) Information passed down from the previous layer to the next layer in a TCP/IP network. (4) A life-cycle function of a worm where it is the code that carries to perform a task beyond its standard life-cycle functions. (5) The input data to the counter with cipher-block chaining-message authentication code (CCM) generation-encryption process that is both authenticated and encrypted.

Peer review

A quality assurance method in which two or more programmers review and critique each other’s work for accuracy and consistency with other parts of the system and detect program errors. This is a management and detective control.

Peer-to-peer computing

See Mesh computing.

Peer-to-peer (P2P) file sharing program

Free and easily accessible software that poses risks to individuals and organizations. It unknowingly enables users to copy private files, downloads material that is protected by the copyright laws, downloads a virus, or facilitates a security breach.

Peer-to-peer (P2P) network

Each networked host computer running both the client and server parts of an application system.

Perfective maintenance

All changes, insertions, deletions, modifications, extensions, and enhancements made to a system to meet the user’s evolving or expanding needs.

Performance metrics

They provide the means for tying information security controls’ implementation, efficiency, effectiveness, and impact levels.

Performance testing

A testing approach to assess how well a system meets its specified performance requirements.

Persistent cookie

A cookie stored on a computer’s hard drive indefinitely so that a website can identify the user during subsequent visits. These cookies are set with expiration dates and are valid until the user deletes them.

Personal digital assistant (PDA)

A handheld computer that serves as a tool for reading and conveying documents, electronic mail, and other electronic media over a communications link, and for organizing personal information, such as a name-and-address database, a to-do list, and an appointment calendar.

Personal identification number (PIN)