Читаем CISSP Practice полностью

It includes the procedures to ensure that access to classified and sensitive unclassified information is granted only after a determination has been made about a person’s trustworthiness and only if a valid need-to-know exists. It is the procedures established to ensure that all personnel who have access to sensitive information have the required authority as well as appropriate clearances.

Petri net model

The Petri net model is used for protocol modeling to demonstrate the correctness of a protocol. Mathematical techniques are used in specifying and verifying the protocol correctness. A Petri net model has four basic elements, such as places (states), transitions, arcs (input and output), and tokens. A transition is enabled if there is at least one input token in each of its input places (states). Petri nets are a graphical technique used to model relevant aspects of the system behavior and to assess and improve safety and operational requirements through analysis and redesign. They are used for concurrent application systems that need data synchronization mechanisms and for analyzing thread interactions.

Pharming attack

(1) An attack in which an attacker corrupts an infrastructure service such as domain name service (DNS) causing the subscriber to be misdirected to a forged verifier/relying party, and revealing sensitive information, downloading harmful software, or contributing to a fraudulent act. (2) Using technical means (e.g., DNS server software) to redirect users into accessing a fake website masquerading as a legitimate one and divulging personal information.

Phishing attack

(1) An attack in which the subscriber is lured (usually through an e-mail) to interact with a counterfeit verifier, and tricked into revealing information that can be used to masquerade as that subscriber to the real verifier. (2) A digital form of social engineering technique that uses authentic-looking but phony (bogus) e-mails to request personal information from users or direct them to a fake website that requests such information. (3) Tricking or deceiving individuals into disclosing sensitive personal information through deceptive computer-based means.

Physical access controls

The controls over physical access to the elements of a system can include controlled areas, barriers that isolate each area, entry points in the barriers, and screening measures at each of the entry points.

Physical protection system

The primary functions of a physical protection system include detection, delay, and response.

Physical security

(1) It includes controlling access to facilities that contain classified and sensitive unclassified information. (2) It also addresses the protection of the structures that contain the computer equipment. (3) It is the application of physical barriers and control procedures as countermeasures against threats to resources and sensitive information. (4) It is the use of locks, guards, badges, and similar administrative measures to control access to the computer and related equipment.

Piggybacking, data frames

Electronic piggybacking is a technique of temporarily delaying outgoing acknowledgements of data frames so that they can be attached to the next outgoing data frames.

Piggybacking entry

Unauthorized physical access gained to a facility or a computer system via another user’s legitimate entry or system connection. It is same as tailgating.

Pilot testing

Using a limited version of software in restricted conditions to discover if the programs operate as intended.

Ping-of-Death attack

Sends a series of oversized packets via the ping command. The ping server reassembles the packets at the host machine. The result is that the attack could hang, crash, or reboot the system. This is an example of buffer overflow attack.

PIV issuer

An authorized identity card creator that procures blank identity cards, initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized cards to the authorized subjects along with appropriate instructions for protection and use.

PIV registrar

An entity that establishes and vouches for the identity of an applicant to a PIV issuer. The PIV registrar authenticates the applicant’s identity by checking identity source documents and identity proofing, and ensures a proper background check has been completed, before the credential is issued.

PIV sponsor

An individual who can act on behalf of a department or organization to request a PIV card for an applicant.

Plain old telephone service (POTS)