Читаем CISSP Practice полностью

(1) A framework that is established to issue, maintain, and revoke public key certificates. (2) A set of policies, processes, server platforms, software and workstations used for the purpose of administering certificates and public-private key pairs, including the ability to issue, maintain, and revoke public key certificates. (3) An architecture that is used to bind public keys to entities, enable other entities to verify public key bindings, revoke such bindings, and provide other services critical to managing public keys. (4) The PKI includes the hierarchy of certificate authorities (CAs) that allow for the deployment of digital certificates that support encryption, digital signatures, and authentication to meet business needs and security requirements.

Public security parameter (PSP)

The PSP deals with security-related public information (e.g., public key) whose modification can compromise the security of a cryptographic module.

Public seed

A starting value for a pseudorandom number generator. The value produced by the random number generator (RNG) may be made public. The public seed is often called a “salt.”

Public switched telephone network (PSTN)

The PSTN is used in the traditional telephone lines. It uses high bandwidth and has quality-related problems. However, the physical security of a PSTN is higher. Voice over IP security (VoIP) is an alternative to the PSTN with reduced bandwidth usage and quality superior to the conventional PSTN.

Pull technology

Products and services are pulled by companies based on customer orders.

Pulverization

A physically destructive method of sanitizing media; the act of grinding to a powder or dust.

Purging

(1) The orderly review of storage and removal of inactive or obsolete data files. (2) The removal of obsolete data by erasure, by overwriting of storage, or by resetting registers. (3) To render stored application, files, and other information on a system unrecoverable. (4) Rendering sanitized data unrecoverable by laboratory attack methods.

Push technology

Technology that allows users to sign up for automatic downloads of online content, such as virus signature file updates, patches, news, and website updates, to their e-mail addresses or other designated directories on their computers. Products and services are pushed by companies to customers regardless of their orders.

Q

Q.931

A protocol used for establishing and releasing telephone connections (the ITU standard).

Quality assurance (QA)

(1) All actions taken to ensure that standards and procedures are adhered to and that delivered products or services meet performance requirements. (2) The planned systematic activities necessary to ensure that a component, module, or system conforms to established technical requirements. (3) The policies, procedures, and systematic actions established in an enterprise for the purpose of providing and maintaining a specified degree of confidence in data integrity and accuracy throughout the lifecycle of the data, which includes input, update, manipulation, and output.

Quality control (QC)

A management function whereby control of the quality of (1) raw materials, assemblies, finished products, parts, and components, (2) services related to production, and (3) management, production, and inspection processes is exercised for the purpose of preventing undetected production of defective materials or the rendering of faulty services.

Quality of protection (QoP)

The quality of protection (QoP) requires that overall performance of a system should be improved by prioritizing traffic and considering rate of failure or average latency at the lower layer protocols. For Web services to truly support QoS, existing QoS support must be extended so that the packets corresponding to individual Web service messages can be routed accordingly to achieve predictable performance. Two standards such as WS-Reliability and WS-Reliable Messaging provide some level of QoS because both of these standards support guaranteed message delivery and message ordering. Note that QoP is related to quality of service (QoS) and DoS which, in turn, related to DoQ.

Quality of service (QoS)