Читаем CISSP Practice полностью

Security association (WMAN/WiMAX)

A security association (SA) is the logical set of security parameters containing elements required for authentication, key establishment, and data encryption.

Security association lifetime

How often each security association (SA) should be recreated, based on elapsed time or the amount of network traffic.

Security assurance

It is the degree of confidence one has that the security controls operate correctly and that they protect the system as intended.

Security attribute

(1) An abstraction representing the basic properties or characteristics of an entity with respect to safeguarding information, typically associated with internal data structures (e.g., records, buffers, and files) within the information system and used to enable the implementation of access control and flow control policies, reflect special dissemination, handling or distribution instructions, or support other aspects of the information security policy. (2) A security-related quality of an object and it can be represented as hierarchical levels, bits in a bit map, or numbers. Compartments, caveats, and release markings are examples of security attributes, which are used to implement a security policy.

Security audit

An examination of security procedures and measures for the purpose of evaluating their adequacy and compliance with established policy. This is a management and detective control.

Security authorization

The official management decision to authorize operation of an information system and to explicitly accept the risk to an organization’s operations and assets based on the implementation of an agreed-upon set of security controls.

Security banner

It is a banner at the top or bottom of a computer screen that states the overall classification of the system in large, bold type. It can also refer to the opening screen that informs users of the security implications of accessing a computer resource (i.e., conditions and restrictions on system and/or data use).

Security boundaries

The process of uniquely assigning information resources to an information system defines the security boundary for that system. Information resources consist of information and related resources, such as personnel, equipment, funds, and information technology. The scope of security boundaries includes (1) both internal and external systems, (2) both logical and physical access security controls, and (3) both interior and exterior perimeter security controls.

Security breach

A violation of controls of a particular information system such that information assets or system components are unduly exposed.

Security categorization

The process of determining the security category (the restrictive label applied to classified or unclassified information to limit access) for information or an information system.

Security category

The characterization of information or an information system based on an assessment of the potential impact that a loss of confidentiality, integrity, or availability of such information or information system would have on organizational operations, organizational assets, employees and other individuals, and other organizations.

Security clearances

Formal authorization is required for subjects to access information contained in objects.

Security control assessment

The testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system (i.e., confidentiality, integrity, and availability).

Security control baseline

The set of minimum security controls defined for a low-impact, moderate-impact, or high-impact information system.

Security control effectiveness

The measure of correctness of implementation (i.e., how consistently the control implementation complies with the security plan) and how well the security plan meets organizational needs in accordance with current risk tolerance.

Security control enhancements

Statements of security capability to (1) build in additional, but related, functionality to a basic control, and/or (2) increase the strength of a basic control.

Security control inheritance