Читаем CISSP Practice полностью

(1) A physical or logical entity that receives and transmits data packets or establishes logical connections among a diverse set of communicating entities (usually supports both hardwired and wireless communication devices simultaneously). (2) A node that interconnects sub-networks by packet forwarding. (3) A device that connects two or more networks or network segments, and may use Internet Protocol (IP) to route messages. (4) A device that keeps a record of network node addresses and current network status, and it extends LANs. (5) A router operates in the network layer of the ISO/OSI reference model.

Router-based firewall

Security is implemented using screening routers as the primary means of protecting the network.

Routine variation

A risk-reducing principle that underlies techniques, reducing the ability of potential attackers to anticipate scheduled events in order to minimize associated vulnerabilities.

Rubber-hose cryptanalysis

The extraction of cryptographic secrets (for example, the password to an encrypted file) from a person by coercion or torture in contrast to a mathematical or technical cryptanalytic attack. The term rubber-hose refers to beating individuals with a rubber hose until they cooperate in revealing cryptographic secrets. Rubber-hose and social engineering attacks are not a general class of side channel attack (Wikipedia).

Rule-based access control (RuBAC)

Access control based on specific rules relating to the nature of the subject and object, beyond their identities such as security labels. A RuBAC decision requires authorization information and restriction information to compare before any access is granted. RuBAC and MAC are considered equivalent.

Rule-based security policy

A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being assessed and the possession of corresponding attributes by the subjects requesting access.

Rules of behavior (ROB)

Rules established and implemented concerning use of, security in, and acceptable level of risk of the system. Rules will clearly delineate responsibilities and expected behavior of all individuals with access to the system. The organization establishes and makes readily available to all information system users a set of rules that describes their responsibilities and expected behavior with regard to information system usage.

Rules of engagement (ROE)

Detailed guidelines and constraints regarding the execution of information security testing. The white team establishes the ROE before the start of a security test. It gives the test team authority to conduct the defined activities without the need for additional permissions.

Rules of evidence

The general rules of evidence require that the evidence must be sufficient to support a finding, must be competent (reliable), must be relevant based on facts and their applicability, and must be significant (material and substantive) to the issue at hand. The chain of custody should accommodate the rules of evidence and the chain of evidence.

Ruleset

(1) A table of instructions used by a controlled (managed) interface to determine what data is allowable and how the data is handled between interconnected systems. Rulesets govern access control functionality of a firewall. The firewall uses these rulesets to determine how packets should be routed between its interfaces. (2) A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take, such as forwarding or rejecting a packet, creating an alert, or allowing a system event.

S

S/MIME

(1) A version of the multipurpose Internet mail extension (MIME) protocol that supports encrypted messages. (2) A set of specifications for securing electronic mail. The basic security services offered by secure/MIME (S/MIME) are authentication, nonrepudiation of origin, message integrity, and message privacy. Optional security services by S/MIME include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s). S/MIME is based on RSA’s public-key encryption technology.

Safe harbor principle

Principles that are intended to facilitate trade and commerce between the U.S. and European Union for use solely by U.S. organizations receiving personal data from the European Union. It is based on self-regulating policy and enforcement mechanism where it meets the objectives of government regulations but does not involve government enforcement.

Safeguards