The index that appeared in the print version of this title was intentionally removed from the eBook. Please use the search function on your eReading device to search for terms of interest. For your reference, the terms that appear in the print index are listed below.
A
AAAA records, DNS and Å
Abstract data types
Abstractions
accept system call
ACCESS_ALLOWED_ACE
Access control applications
Access control entries
security flags
types
Access control lists
biometrics and
directory services and
Access controls, Windows
ACCESS_DENIED_ACE
Access matrices
Access tokens
Accountability
ACEs. See Access control entries
Achilles
man-in-the-middle example
ACID properties, electronic transactions defined by
ACLs. See Access control lists
Act-based utilitarianism
Action-reaction CTMC
Active attacks
Active Directory (Microsoft)
Active immunization
Active semantic systems
Active Server Pages
Active switches
ActiveX controls
Adaptive synthetic systems
Adaptive systems
challenges for
security for
biologically inspired security
social systems
socio-biologically inspired security systems
Ad-Aware
Address pointers, memory buffer overflows and
Address Resolution Protocol
Neighbor Discovery, poisoning and
threats and
Adleman, Len
Administrative audits
Administrative controls
Administrative countermeasures
ADO.ET technology
Adore
Advanced Encryption Standard
Advanced Microdevices (AMD) platforms
AES. See Advanced Encryption Standard
Affinity analysis
Affinity diagrams
Agency
Agent frameworks, semantic fusion and
Agentic transactions
Agents
Aggregation
Agile Unified Process
Aglets
AIR. See Artificial immune response
AirSNORT
AIS. See Intelligent Access Systems
AJAX
A-Key
ALE. See Annualized loss expectancy; Annual loss expectancy
Algebraic precedence, for operators
Algorithms, defined
ALU. See Arithmetic logic unit
Amazon Web Services
American Law Institute
American National Standards Institute
Amplifiers
AND
truth table for
Androids
attacks against
vulnerabilities and
Annualized loss expectancy
Annualized rate of loss
Anomaly detection
ANORT
ANSI. See American National Standards Institute
Antecedents
Anti-Cybersquatting Consumer Protection Act
Antivirus software
Anti-worms
Anycast addresses
Apache Tomcat
APEC Data Privacy Pathfinder Projects Implementation Work Plan
API. See Application Program Interface
Apple, GEOTAGS and
Application layer
ISO model
ISO/OSI model
Application-layer firewall monitors
Application Program Interface
Application servers
Application service providers
Applications layer protocols
Applications programming
database interaction
distributed systems
object-oriented software
Applications software
AppLocker control, in Microsoft version 7
AppNexus
AquaLogic
Arithmetic logic unit
ARL. See Annualized rate of loss
ARP. See Address Resolution Protocol
ARPwatch
Artificial immune response
Artificial immune systems
ar utility
AS. See Authentication server
ASCII character set
ASCII chart portion
ASCII files, UNIX
Asia-Pacific Economic Cooperation group
Data Privacy subgroup
formation of
Asmodeus
ASPs. See Active Server Pages
Assembler
Assembly language
Assets
assessing exposure of
risk mitigation and value of
Asymmetric algorithms
Asymmetrical warfare
Asymmetric cryptography
beyond encrypting messages
key distribution and PKI
public keys and
Asymmetric keys
Asynchronous Transfer Mode
Atomicity
Atomic units
Attackers
inside, responding to
motivations for
entertainment and status
ideology and social acceptance
personality, behavior theory and
neuroticism, impulse, and exploitation by
outside, responding to
Attacks. See also Modeling and predicting attacks; Network security; Threats; Vulnerabilities
active
cross-site scripting
DDoS
DoS
enumeration and
evidence of
half-open connection denial of service attack
host attack classifications and examples
impersonation
insertion
man-in-the-middle
masquerade
monitoring
host attacks
intrusion detection systems
motives for
over the airwaves
passive
port
prevention of
reconnaissance and preparations for
redirection
replay
social engineering
sorting out the targets and gaining a foothold
target exploitation
tools and
Attributes
Audio surveillance
Audit file
Auditors, certification and accreditation of
Audits/auditing
operational security and
risk mitigation and
software
systems and networks
AuditSetGlobalSacl
AUP. See Agile Unified Process
Authentication
biometrics and
challenge-response
operating factors tied to
strong
user
for web servers
Authentication Header standard (RFC 4302)
Authentication server
Authentication service
Authentication software
Authorization
Autoconfiguration
Autonomous system
Availability
collective agency, integrity and
of resources, maintaining
AVG
AWS. See Amazon Web Services
Azure
B
Backdoors, hacking through
Background checks
Back-off
Bad press
Bandura, Albert
Banking, online
Banking sites, keyloggers and
Base-band transmission
Base class
Basel Committee, “Group of Ten” and
Basel I
Basel II
Baseline
Baseline configuration
Base rate neglect
Bashing
Basic
Bastille Linux
Bastion hosts
Bayesian analyses
Bayesian belief
Bayesian belief network
Bayesian probability trees
Behavioral control, types of
Behavioral role conformance
Behaviorism
Behavior modification
Bell curve
Bell-LaPadula model
“Belt and braces” architecture, advantages with
Benign hacking
Best effort delivery system
Best fit strategy
BGPs. See Border gateway protocols
Biases
in decision making
decisions, naive theories and
framing effects
security decisions and
Biba model
Binary files, UNIX
Binary logic, computer hardware and
bind system call
Bing
Biologically inspired security
damage and danger
self-healing systems
trusted security kernels
Biometric framework, in Microsoft version
Biometric passports
Biometrics
acceptance of
effectiveness of
errors and technology
frontiers in computer security
security process and information protection
trends in
“Birthday” attack
BitLocker, in Microsoft version
Blackberry servers, high-profile attacks against
Blackberrys, vulnerabilities and
Black boxes
Black list
Blackmail
Block ciphers
Block devices, in UNIX
Blocks
Block segment space, process memory and
Blogs and blogging
misinformation posted in
negative postings, lawsuits and
Blowfish
Bluetooth
Boot block
Border gateway protocols
botnet
bots
Bounded population
BPM. See Business process management
BPML. See Business process modeling language
Brackets, programming languages and use of
Brainstorming
Breach of duty
BridgeGate
British Standard BS 15000/ISO 2000x
Broad attack classifications and examples
information system attack examples
mobile device attack examples
social engineering attack examples
Broadband
Broadcasting
Browsers
Budgets
Buffering, in UNIX
Buffer overflows
Buffers
Bureau of Labor Statistics
Bus
Business continuity plans
Business Objects
Business process management
Business process modeling language
Bus topology
Bylaws
Byte
C
CA. See Certificate authority
Cache
Caesar ciphers
Cain & Abel
IP/MAC capture example
SQL injection example, parts 1 and 2
California, anti-SLAPP law in
Call trees
Canadian Trusted Computer Product Evaluation Criteria
Canonical queue
Capability Maturity Model Integration
Capacitive scanners
Cardinality
Cardkeys
Carrier Sense Multiple Access with Collision Detection
CASE. See Computer-aided software engineering
Case-based systems
Case law
Caucho Resin
Causality determination
CBC. See Cipher block chaining
Cblocks
CBPR. See Cross Border Privacy Rules
cbreak, UNIX character I/O and
CCB. See Change Control Board
CCCG. See Combined Code on Corporate Governance (UK)
CCDs. See Charge-coupled devices
CCEVS. See Common Criteria Evaluation and Validation Scheme
CCITT X.509 standard
“C” corporations
CD-ROM FS (CDFS)
Cells
Center for Internet Security Benchmarks
Central processing unit
CEO. See Chief Executive Officer
CER. See Crossover error rate
Certificate authority
Certificate revocation list
Certification and accreditation (C&A)
CFO. See Chief Financial Officer
CFOs
CGI. See Common Gateway Interface
Chain of custody
Challenge handshake
Challenge-response authentication
Change Control Board
Change control log
Change control procedures
Change control system
Change management
change control process, steps in
NIST process for
Changes, controlling
CHAP protocol
Character devices, in UNIX
Characters
Charge-coupled devices
Chat protocols, bots and
Chat rooms
chattr command
Checklist
Checklist groups
Chief Executive Officer
Chief Financial Officer
Chief Information Officer
Chief Information Security Officer
Chief Security Officer
Chief Technology Officer
Child pornography, cryptographic technology and
Child Pornography Prevention Act of 1996
Child processes
Children objects
chmod command
ChoicePoint
chown command
chown utility
Churchman heuristics
CI. See Configuration item
CIA. See Confidentiality, integrity, and availability
CICS
CIO. See Chief Information Officer
Cipher algorithm
Cipher block chaining
Cipher code
simple, breaking
simple, generating
Ciphers
block
Feistel
stream
substitution, transposition, permutation and
symmetric
types of
Vigenere
Ciphertext character stack
Ciphertext dissection, “S” boxes and
Circuit gateway firewalls
Circuit-switched network
Circuit switching
Circular A-123
CISC
CISE. See Center for Internet Security
CISO. See Chief Information Security Officer
Civil law
Civil liberties, constrictions of
Civil litigation
C language
C# language
C++ language
Clark and Wilson model
Clash of laws
Classes
objects vs.
parent–child
Classification, security policies and
Cleartext
Click-stream
Clients
Client-server Web applications, security and
Client-side scripting
Client-side validation
Clists
Closed-system static model of pattern discovery
Cloud computing
Web services and
Cloud services
Cluster map
CM. See Configuration management
CMMI. See Capability Maturity Model Integration
CMMi
CMO Model
CMOS type scanners
CM plan, basic parts of
CNN website
Coaxial cabling
COBIT
COBOL
CoCreateInstance
Code, example of
Code breaking
Code of conduct
Cognitive schemas
Cohesion
characteristics of
coincidental
communicational
functional strength
importance of
logical
temporal
Coincidental cohesion
characteristics of
Collective agency
Collision
Collision detection
Co-locations
COM. See Common Object Model
COM+
Combined Code on Corporate Governance (UK)
Commercial off-the-shelf (COTS) software
Commit, two-phased, for patient record
Common Criteria, trusted computing base vs.
Common Criteria Evaluation and Validation Scheme
Common Gateway Interface
Common law
Common Object Model
Common Object Request Broker Architecture
Common (or global) coupling
Common Vulnerabilities and Exposures
Common Vulnerability Scoring System
Communicational cohesion
characteristics of
Communications Decency Act
Communications facilities
Competitive intelligence
Compiled languages
Compilers
Complex data types
Complexity
Complexity problem, illustration
Complex similar differences
Compliance audits
Component libraries
Component Object Model
Composition
object
pure
Compulsory licenses
Computer-aided software engineering
Computer behaviors
Computer competency
Computer forensics
defined
law and
Computer Fraud and Abuse Act
Computer Management function
Computer operating systems. See Operating systems
Computer security
assessing systems security
biometrics
getting past OS security features
hardening systems
hosts and security—Windows example
monitoring attacks—tools of the trade
secure software and systems SDLC
Concurrency
data integrity and
locking and
Confederated intrusion detection systems
Confidence scheme
Confidentiality
defined
integrity, availability and
threats to
Configuration item
Configuration management
computer security procedures and
defined
extended guidelines
maintaining secure state
management frameworks and
Configuration management ontology
Configuration manager, Windows Registry
Conformance to requirements
Congestion, TCP and
Connection-aware stateful packet inspection firewalls
Connection layer, security issues
connect system call
CONTAINER_INHERIT_ACE
Content coupling
Contention
Content management
Contingency operations centers
Contingency planning
Continuity planning
Continuous-time Markov chain
Contravention behaviors
management of
ethics and employee attitudes toward the law
responding to inside attacker
responding to outside attacker
theory and research
Control coupling
Control frameworks, risk determination and
Controller board
Control perceptions, security and
Conventional level of law consciousness
Convergence, defined
Cooked mode, in UNIX
Cookie bandits
Cookies
Coping assessment factors
Copyright Act
Copyright Office
Copyrights
Core processor
Corporate espionage
Corporate sabotage
Corporate trust and regulation, roles of
Corporations, types of
Corrective action
Corrective action policies
Cougaar
Cougaar framework
Counterintelligence
Countermeasures
administrative
defined
physical
risks and
stances and
technical
Coupling
common (or global)
content
control
data
external
interface (or stamp)
loose
problems
tight
Court of law, retaining documentation admissible in
Covert channels, defined
CPPA. See Child Pornography Prevention Act of
CPs. See Cryptographic parameters
CPU. See Central processing unit
Crack
Crawlers
CRC. See Cyclic redundancy check
Credit reports
Criminal justice system
Criminal law
Critical thinking skills, central importance of
CRL. See Certificate revocation list
CRM systems. See Customer relationship management systems
Cross Border Privacy Rules
Crossover error rate
Cross-site scripting
Cross-site scripting (XSS) attack
CRUD model
Cryptanalysis, frequency characteristics
Cryptographic key management
Cryptographic parameters
Cryptography
asymmetric
authentication and use of
biometrics and
breaking a simple cipher code
ciphertext dissection and “S” boxes
complications related to
concepts related to
defined
generating a simple cipher code
IPSec example
IPSec implementation
private key
public key
security goals and
SSL/TLS
symmetric
virtual private networks
X.509 certificates
Cryptosystem, goal of
CSMA/CD. See Carrier sense multiple access with collision detection
CSO. See Chief Security Officer
CTCPEC. See Canadian Trusted Computer Product Evaluation Criteria
CTMC. See Continuous-time Markov chain
CTO. See Chief Technology Officer
Cubes
Customer lock-in
Customer relationship management systems
Customer table
Customs violations, cryptographic technology and
Cutler, Dave
CVE. See Common Vulnerabilities and Exposures
CVSS. See Common Vulnerability Scoring System
Cyber attacks
Cyber bullies
Cyber crime
cyber law and
statistics on
Cyber criminals, psychodynamic driven model and
Cyber harassment
Cyber law
cyber crime and
employee behavior and
international, federal and state
Cyber pirates
Cyber smearing
Cyber squatting
Cyber stalking
defined
harassment incidents and
Cyclic redundancy check
Cyperix Cryptainer
D
DACL. See Discretionary access control list
Daemon processes
Daemons
DAG. See Directed acyclic graph
Damage
danger and
security policy-defined thresholds and
unintentional actions and
Damage-detection engine
DAML. See DARPA Agent Markup Language
DAML + OIL. See DARPA Agent Markup Language with Ontology Inference Layer
Danger
damage and
novelty and
social interactivity and
DARPA. See Defense Advanced Research Projects Agency
DARPA Agent Markup Language
DARPA Agent Markup Language with Ontology Inference Layer
Data
indexing
nature of
transiting: egress and ingress
Data abstraction
Data Accountability and Trust Act
Database interaction
software and RDBMS concurrency
SQL overview
Databases
data warehouses
extract-transform-load
relational
maintaining data integrity and
Data blocks
Data coupling
Data Definition Language
Datagrams
Data integrity, relational databases and
Data link layer
connectivity
ISO model
Data Manipulation Language
Data marts
Data mining
Data packets
Data Protection Act of 1998 (UK)
Data-scrubbing tools
Data segment, process memory and
Data warehouses
DBMS. See Database management systems
dbx debugger
dbx utility
DC. See Domain controller
DCOM. See Distributed Common Object Model
DDE. See Damage-detection engine
DDL. See Data Definition Language
DEC/HP VAX
Decision making, biases in
Decision support systems
Decision systems, heuristics and
Deconfliction
Decryption
Deductive predictions
Deen, Drew
Defacement, protecting web content from
Defamation
Defense Advanced Research Projects Agency
Defense in depth
Defense Information Systems Agency
De-individuation
Delegation, of responsibilities and power
Denial of service (DoS) attacks
Deontological behavior
Deontology
Department of Commerce, “Safe Harbor” framework
Department of Defense
Department of Homeland Security, color-coded threat level technique
Department of Justice
Department of Labor
Depression, persistent stress conditions and
DES
Description logics
Design team
Destroyed objects
Destruction of systems
Deterrence theory
Device drivers
Device interrupts
Device switch table
DHCP. See Dynamic Host Configuration Protocol
Diffie-Hellman parameters
Diffie-Hellman technique
Digital architecture
binary logic and computer hardware
hardware components
hardware logic and software instructions
Digital certificates
Digital Equipment Corporation
Digital evidence
Digital forensics
Digital signatures
Diligence, duty of
DIM statement
Directed acyclic graph
Directory files, UNIX
Directory service
Direct personal agency
Direct surrogates
DISA. See Defense Information Systems Agency
Disaster preparedness
Disaster recovery center
Disaster recovery planning
Discovery
Discrete data, QoS metrics and
Discrete problems, equivocal problems vs.
Discretionary access control lists
Discretionary controls
Discussion boards
insider attacks by
social engineering attacks and
Disk memory management
UNIX
system I/O and device drivers
Dispatcher
Disruptive technology
Distance education
Distance vector routing protocol
Distributed Common Object Model
Distributed Component Object Model
Distributed denial of service (DDoS) attacks
Distributed objects
Distributed systems
architecture
defined
distributed web-based systems
information and
active semantic systems
agent frameworks and semantic fusion
globalization and information exchange
markup: HTML and XML
parsing markup
RDF and ontology markup
JAVA servlets
web applications
processing
Distributed technologies
Distributed web-based systems
Distributed work, threats and
Distributive justice
Distrust, employee monitoring and
Distrusted networks
Divide and conquer philosophy, layered architecture and
.dll files
DML. See Data Manipulation Language
DMZ
DNA data collection
DNA evidence, biometrics and
DNA verification
DNS. See Domain Name Service
DNSSEC
Documentation, completeness of
Document object model (DOM)
Document shredding
DoD. See Department of Defense
Domain controller
Domain names
Domain Name Service
Double loop process
Downstream liability
Dress for Success (Molloy)
Drucker, Peter
Drug dealing, cryptographic technology and
Drug-testing
DSS. See Decision support systems
Dual-homed bastion gateway
Dual-homed host
Due care
Due diligence
Due process, free speech vs. rights to
Dumpster diving
Duty, defined
Duty of social responsibility
Dynamically linked library files
Dynamic hierarchical model
Dynamic Host Configuration Protocol
Dynamic link libraries
Dynamic-NAT
E
EAI. See Enterprise application integration
Eavesdropping
Eclipse
e-commuting
Economic Espionage Act
Economic forecasting formulas
ECPA. See Electronic Communications Privacy Act
EDI. See Electronic Data Interchange
EDIFACT
Editors
Education, online or distance
EER. See Equal error rate
E-Government Act of 2002
EGP. See Exterior Gateway Protocols
Egress
Egress routers
EJB. See Enterprise JavaBeans
Electronic codebook (ECB) mode
Electronic commerce, cryptographic technology and
Electronic Communications Privacy Act
Electronic Data Interchange
Electronic Funds Transfer Act
Electronic newsletters, misinformation posted in
Electronic surveillance
organizational justice and
virtual work issues and
Federal Records Act and
header contents
monitoring
phishing
RFC 822 for
Embezzlement, cryptographic technology and
Emotional instability
Employees
cyber law and
disgruntled, social engineering attacks and
information collection/storage and
surveillance of
Employee surveillance
organizational justice and
privacy and policy
video surveillance
Employer liability for injuries, virtual work and
Employment at will
Employment law, security, policies and
Encapsulating Security Payload standard (RFC 2406)
Encapsulation
Encapsulation and TCP/IP protocol stack
address resolution protocol
headers and name resolution
Enclave security
Encryption
keys and
wireless users and
Encryption algorithms
Endogenous motives
Endpoint networking
applications layer protocols
services and sockets
transport and sessions
End-to-end networks
End-to-end security
ICMP security issues
layer 4 (TCP/UDP) security issues
link-to-link security vs.
port attacks and SYN floods
Enigma machine
Enrollment, biometrics and
Enron scandal
Enterprise application integration
Enterprise deployment, HDLock and
Enterprise JavaBeans
Enterprise resource planning
Entertainment, attacker motivation and
Entity-relationship diagram
Enumeration
Environment subsystems, Microsoft Windows
e-passports
Epiorganisms, organizations as
Epistemological weighting hypothesis
Epistemology
Equal error rate
Equifax
Equity
Equity owners
Equivocal problems, discrete problems vs.
ERD. See Entity-relationship diagram
ERP. See Enterprise resource planning
ESP. See Encapsulating Security Payload standard (RFC 2406)
Espionage
corporate
cryptographic technology and
defined
historical
Ethereal. See Wireshark
Ethernet
frames
shared bus/broadcasting system and
Ethernet standard, taking advantage of
Ethical consciousness
Ethical governing, security and
Ethical relativism
Ethical standards, breaches of, examples
Ethics
different views of
employee attitudes toward law and
laws intersecting with
ETL. See Extract, translate, and load; Extract-transform-load
EU. See European Union
Eucalyptus
Euler’s totient function
European Council
European Council Directive
European Parliament
European Union
Event Logger
Events
Evidence
collecting and preserving
cyber crime
tests for admissibility in court
Evil twin
Evolutionary algorithms
Exception handling, in Windows
Exception management
Executable files
Executable machine code
Execute permissions
Execution context, of process
Executive mode, Microsoft Windows
.exe extension
Exogenous motives
Expected future value with time value of money for replacement costs
Expert power
Expert systems
forms of
role of
Exploitation, by attackers
Expressions, program creation and
eXtensible Markup Language
Exterior Gateway Protocols
Exterior threats, defending against
External coupling
Extortion
Extract, translate, and load
Extract-transform-load
Extranets
Extranet VPNs
Eye-driven biometrics
Eye retina scanning
F
FAA. See Federal Aviation Administration
Fabric, transmission
Facial recognition scans
Facilities management
FACTA. See Fair and Accurate Credit Transactions Act
Fact-nets
FAILED_ACCESS_ACE_FLAG
Fails to reject a false positive identification
Failure to enroll rate
Fair and Accurate Credit Transactions Act
Fair Credit Reporting Act
Fair use, copyrighted material and
False acceptance rate
False rejection rate
Family history databases, social identity thieves and
FAR. See False acceptance rate
Fast file systems
FAT. See File allocation table
FDCC. See Federal Desktop Core Configuration
FDDI. See Fiber Distributed Data Interconnect
Fear, maladaptive social coping responses and
Fear commerce
Federal Aviation Administration
Federal cyber law
Federal Deposit Insurance Act
Federal Desktop Core Configuration
Federal Information Processing Standard
Federal Information Security Management Act
Federal Interstate Stalking Punishment and Prevention Act
Federal Records Act
Federal Register
Federal Reserve
Federal Rules of Evidence
Federal Telephone Harassment Statute
Federal Trade Commission
Feistel cipher
fflush
Fiber Distributed Data Interchange
Fiber Distributed Data Interconnect
Fiber-optic cabling
Fiber optics
Fibers
Fiduciary responsibilities
defined
law and ethics intersection
legal and ethical consciousness
legal ethics and
File allocation table
File pointers, ilist structures and
File system manager
File Transfer Protocol
Financial antecedents for intentional omission
Financial audits
Financial evaluations, by managers
Financial Reporting Council
Financial Services Modernization Act of 1999
Fingerprints/fingerprinting
Finite state machines
FIPS. See Federal Information Processing Standard
FIPS-199
FIPS-200
Fire-and-forget simple interface
Firefox
Firewall architecture
“belt and braces” architecture
ontology-based architecture
screened subnet architecture
Firewall log, example
Firewalls
biometrics and
circuit-level
IDS and
thwarting
Firewall systems
application-layer firewall
bastion hosts
circuit gateway firewalls
stateful packet inspection
stateless screening filters
“First day” attack
First fit strategy
First-order predicate logic
FISMA. See Federal Information Security Management Act
5G mobile devices
FKs. See Foreign keys
Flag bits
Flags, system audit
Flaming
Flash
Flash drives
FLEX
Floating-point numbers
flock, UNIX file management and
Flow control
Footprinting
Foreign Corrupt Practices Act
Foreign keys
Foreign Relations Law
Forensics
Forest and trees concept
Fork system call
Formal power
For-profit companies
FOR statement
Fortran
4G smart phones
attacks over the airwaves and
security issues with
Fourier analysis
Fourth Amendment
Fourth generation languages (4GL)
FQDN. See Fully qualified domain name
FRA. See Federal Records Act
Fragile file system
Fragmented packets, blocking with IPv
Frame header
Frame Relay
Frames
Framing effects, biases and
Fraud alerts, credit bureaus and
FRC. See Financial Reporting Council
Free BSD
Freedom of Information Act
Free ports
Free riding
Free speech, due process vs.
Friedman, Thomas
FROM clause, in SQL
FRR. See False rejection rate
fsync system call
FTE. See Failure to enroll rate
FTP. See File Transfer Protocol
Fully qualified domain name
Functional cohesion
characteristics of
Functional strength, of the module
Functional strength cohesion
Functions
G
Gait identification
Game theory
attack modeling and
defined
predictive models and
Gartner Group
Gateway-to-Gateway
GC. See Global catalog
Genealogy databases, social identity thieves and
General deterrence theory
General Services Administration, Federal Computer Incident Response Center
Genetic algorithms
GEOTAGS
Get
getParameter method
getsockname system call
getsockopt system call
GGP. See Gateway-to-Gateway
GIMP
GINA. See Graphical identification and authentication dynamic-link library
Glass-Steagal Act of 1933, repeal of
GLBA. See Gramm-Leach-Bliley Act
Global catalog
Global coupling
Globalization
corporate espionage and
defined
information exchange and
information exposure and
organizations as epiorganisms and
Globally unique identification
Global Object Access Auditing
Global outsourcing, threats and
Global security, legislation and
Global unicast addresses
Global variables
Gnome
Goal-directed agents
Goal-seeking analyses
GoGrid
Good faith
Google Earth
Governance
defined
management and
analyzing the problem and managing it
enactment of security programs
security programs
non-U.S. and international
Asian APEC data privacy subgroups
Basel II
Canadian PIPEDA
Combined Code on Corporate Governance (UK)
European Union and other privacy protections
U.K. Data Protection Act
U.S. regulations and
Fair and Accurate Credit Transactions Act
Government Information Security Reform Act of 2000
Gramm-Leach-Bliley Act
HIPAA and health insurance reform
OMB Circular A-123
Sarbanes–Oxley Act
Government Information Security Reform Act of 2000
Gramm-Leach-Bliley Act
approval of
mandates of
grant command
Graphical identification and authentication dynamic-link library
Graphical user interface
Group ID
Groupthink
GUI. See Graphical user interface
GUID. See Globally unique identification
Guidelines
H
Hackers
Hacking
HAL. See Hardware abstraction layer
Half cooked mode, in UNIX
Half-open connection
Half-open connection denial of service attack
Hamming distance
Hand geometry analysis
Handle
Handle table
Handshake protocol, TLS
Hannibal
Harassment incidents, cyber stalking and
Hard disk drives
Hardening systems
defined
ensuring a trusted configuration
password protections
user authentication
Hard links
Hardware, binary logic and
Hardware abstraction layer, Windows system
Hardware components
Hardware logic, software instructions and
Harris Corporation
HAS-A relationship
Hash algorithms, repeated
Hash-based challenge and response
Hash function
HDLock
Header Message Authentication
Headers
IPv4
TCP/IP encapsulation and
Health Information Technology for Economic and Clinical Health Act
Health Insurance Portability and Accountability Act
Heap
Hegelian heuristics
Hegelian model
Helix
“Hello” code
Heuristic biases, security planning and
Heuristics
decisions systems and
synthetic
issues with
Hidden form fields
HIDS. See Host-based intrusion detection systems
High external locus of control
High-level programming languages
High-performing IT organizations characteristics of
Hijacking
HIPAA. See Health Insurance Portability and Accountability Act
HITECH. See Health Information Technology for Economic and Clinical Health Act
HKEY
groups
Microsoft Registry and
HMAC. See Header Message Authentication
HomeGroup, in Microsoft version
Honeynet Project
Honeynets
Honeynet Team
Honeypots
Hop
Horizontal strata
Host attack classifications/examples
buffer overflow
covert channels
malware
remote control systems
Trojan horses
viruses
worms
Host attacks, monitoring
Host-based intrusion detection systems
Hosts
Hosts and security—Windows example
access management framework in Windows
Microsoft Active Directory
Windows security access controls
Windows service and process security
Windows version security differences
Host security
Host servers, locating
HTML. See Hypertext Markup Language
HTTP. See Hypertext Transfer Protocol
HTTP hijacking
HTTP Interceptor
Human-induced incidents
Human intelligence (humint), corporate espionage and
Human-in-the-loop
Hybrid algorithms, fingerprint analysis and
Hybrid immunization
Hypertext Markup Language
Hypertext Transfer Protocol
I
IaaS. See Infrastructure as a service
IAB. See Internet Activities Board
IANA. See Internet Assigned Numbers Authority
IBM System
ICMP. See Internet control message protocol
IDE. See Integrated development environments
IDEA. See International Data Encryption Algorithm
Idealism, attacker motivation and
Identification
Identity theft
Identity Theft and Assumption Deterrence Act of 1998
Identity verification
Ideographic approach, to making predictions
IDS. See Intrusion detection systems
IDS/IPS. See Intrusion detection and prevention systems
IEEE 802.
IEEE 802.
IEEE 802.X standards
IESG. See Internet Engineering Steering Group
IETF. See Internet Engineering Task Force
if statements
If-then-else logic
IGP. See Interior Gateway Protocol
IIS
IKE. See Internet Key Exchange
IKMP. See Internet Key Management Protocol
ilist structures, file pointers and
IMAP. See Internet Message Access Protocol
Immunization and containment strategy
Immutable flags, setting on files
Impedance mismatch
Impersonation attacks
Impulsiveness
Inbound channels, data warehouses and
Incentive-based security system
Incidents
In-core inode table
Indemnification clauses
Inductive predictions
Inference, ontological to epistemic transformation and
Infiltration
Informal power
Information. See also Distributed systems and information
framing of
nature of
systems security infrastructure and
threats to availability of
Informational cohesion
characteristics of
Informational security threats
Information architecture
macro- and micro-levels
security and
Information assets
classification and architecture
examples of
Information caches
Information cohesion
Information exchange, globalization and
Information exposure, globalization and
Information flow security stance models
Bell-LaPadula model
Biba model
Information integration and exchange
Information integrity attacks
Information overload
Information releases, limiting and controlling
Information richness
Information security
importance of, in modern life
private industry spending on
for U.S. government, cost estimate for
Information security management
Information security management life cycle, iterative stages in
Information security management system
Information Security Oversight Office
Information system attacks, examples of
Information systems
information integration and exchange
operations, tactics, and strategies
primary purpose of
threats to
Information systems security
broad attack classifications and examples
managing organization members securely
social interactions and
threats to
Information Technology
Information Technology Infrastructure Library
Information Technology Security Evaluation Criteria
Information Technology Service Management
Information theft, protecting web content from
Infosec
administrative, technical, and physical controls
defined
important aspects of
threat awareness and risk management
Infrastructure as a service
Ingress
Ingress routers
Inheritance
INHERIT_ONLY_ACE
Initialization vector
Initiative, defined
init process, in UNIX
I-NLSP
Innate ideas
Inner joins
Innermost perimeter networks
Inodes
data structures
Inputs
Input validation, web servers and
Insertion attacks
Insider attacks
Insider trading
Instance, of given class of objects
Instantiation
Integers
Integral subsystems, Microsoft Windows
Integrated development environments
Integrated services digital networks
Integrity
constraints
of information, maintaining
threats to
Intel
Intellectual property
Intellectual property law
copyrights
patents
trade secrets
Intelligence, Surveillance, and Reconnaissance
Intelligent Access Systems
Intelligent switches
Intentional omission
financial antecedents for
organizational culture antecedents for
responding to
situational antecedents for
technological antecedents for
Interagency Guidelines Establishing Standards for Safeguarding Customer Information
Interception
Interconnectivity, threats and
Interface coupling
Interfaces
layering and standardization of
Interior Gateway Protocols
Interior threats, defending against
Internal perimeters
Internal Revenue Service
Internal subjects
International Convergence of Capital
Measurement and Capital Standards (Basel II)
International cyber law
International Data Encryption Algorithm
substitution operations performed on data
International Standards Organization
International Telecommunications Union
Internet
drafts
international, federal, and state cyber law and
Internet Activities Board
Internet Assigned Numbers Authority
Classes A-E
Internet competency
Internet control message protocol
security issues
Internet Engineering Steering Group
Internet Engineering Task Force
IP Security Working Group of
Internet Explorer
Internet Key Exchange
Internet Key Management Protocol
Internet layer, security issues with
Internet Message Access Protocol
Internet Protocol
IPv4 vs. IPv6
IPv6 address groupings and uses
Version 4 of
Internet Protocol Security Protocol
Internet relay communications
Internet Security Association and Key
Management Protocol
Internet Server Application Program Interface
Internet Service Providers
Inter-networking
InterNIC
Interpreted code
Interpreted languages
Interprocess communications
Interruption, defined
Interrupt level
Interrupt mask
Interrupt request
Interstate Communications Act
Intranet VPNs
Intrusion detection systems
Inverted tree
Invincibility reasoning
Invoices
Invoice table
ioctl system call
I/O manager, in Windows
IP. See Intellectual property; Internet Protocol
IP addressing
IP address spoofing
IPC. See Interprocess communications
IPC manager, in Windows
iPhones
threats/vulnerabilities and
virtual work issues and
IP packets
IPSec
cryptographic example
description of
encryption methods
security architecture document for
IP session hijacking
IPSP. See Internet Protocol Security Protocol
IPv4
address space in
headers
IPv6 vs.
network countermeasures and
network security management with
IPv6
address configuration
address groupings and uses
IPv4 vs.
network countermeasures and
Network Scanning
security paradigm with
Iris scanning
IRQ. See Interrupt request
IRS. See Internal Revenue Service
IRTF. See Internet Research Task Force
IS. See Information systems
ISAKMP. See Internet Security Association and Key Management Protocol
ISAPI. See Internet Server Application Program Interface
IS-A relationship
ISDN. See Integrated services digital networks
ISML. See Information security management life cycle
ISMS. See Information security management system
ISO. See International Standards Organization
ISO 13355
ISO 27001
ISO 27002
Information Technology Code of Practice for
ISO 27702
Isochronous communications
ISO 27000 family
ISO 9000 family of standards
ISO/IEC 15408
ISO/IEC 2 7000 ISMS standards
ISO 27K IT security control selection
ISO model, security protocol stack
ISO/OSI model, seven layers in
ISO900x
ISPs. See Internet Service Providers
ISR. See Intelligence, Surveillance, and Reconnaissance
IT. See Information Technology
IT capability
Iterative lock-up
ITIL. See Information Technology Infrastructure Library
ITIL/ITSM
ITILv3 areas
ITSEC, Information Technology Security Evaluation Criteria
ITSM. See Information Technology Service Management
ITU. See International Telecommunications Union
IT vendor-based standards
IV. See Initialization vector
J
JAVA
JAVA Message Service
JavaScript
Java Server Pages
JAVA Servlets
javax.crypto
JMS. See JAVA Message Service
Job rotation
Joins, inner and outer
JSPs. See Java Server Pages
Julius Caesar
Justice, law and
Just-in-time shipping and receiving, supply chain management systems and
K
Kantian heuristic
KAoS
Karn, Phil
KDC. See Key distribution center
Kerberos
Kernel
Kernel data structures
Kernel mode, in Windows
Kernels
primary set of functions with
scheduler for
Keyboards, virtual
Key distribution, public key infrastructure and
Key distribution center
functions of
Keyed hashing
Key lengths, measurement of
Keyloggers
Key management
Key performance indicators, displaying
Key rings
Keys
recovery of
symmetric
symmetric cryptography and
Key server
Key space
Keystroke logging
Knowing-doing gap
Knowledge work
KPIs. See Key performance indicators
L
Lamport, Leslie
Language keywords
LANs. See Local area networks
Laptop theft, virtual work issues and
Latency
Law
accountability, responsibility and
computer forensics and
enforceable security policies and
ethics and employee attitudes toward
intersection with ethics
Law abiding citizen reasoning
Lawsuits
Layered architecture
description of layers in
divide and conquer philosophy and
Layered defense systems
Layer 4 (TCP/UDP) layer, security issues with
Layer 2 Tunneling Protocol (L2TP)
LDSP. See Lightweight directory service protocol
Learned helplessness
Legacy systems
configuration challenges and
Legal classifications
Legal consciousness
Legal ethics, fiduciary duties and
Legal organizational structure
accountability, responsibility, and law
formal project undertakings
power and organizational structure
roles of corporate trust and regulation
Legal socialization
Legislation, global security and
Legitimate power
Leibnizian heuristic
LET keyword
LexisNexis, security breaches
Liability, downstream vs. upstream
Liability insurance
Libraries
creating
object and component
Life cycle
Lightweight directory service protocol
Lightweight threads
Limited liability corporations
Limited liability partnerships
Limiting/hiding systems, hardening and
LINC (Unisys)
Line managers, security and
Lines of business integration
Linker/loader
Link layer, security issues with
Link-local unicast addresses
Link-point networking
CSMA/CD
Internet control message protocol
physical connections
transiting data: egress and ingress
Links
hard
symbolic
Link state routing protocol
Link-to-link networks
Link-to-link security measures
ARP, Neighbor Discovery, and poisoning
connection layer security issues
end-to-end security vs.
Internet layer security issues
link layer security issues
Linux
kernel in
layered architecture and
security attacks against
Linux Ubuntu
listen system call
Litigation
LLCs. See Limited liability corporations
LOB integration. See Lines of busines integration
Local area networks
eavesdropping and
threats and
Localhost
Localized security issues
advanced technologies, threats, and attacks
biometric trends
changing technology, security, and attack landscape
security, processes, and priorities
security, situations, and behavior
Local Security Authority
Local Security Authority Subsystem Service
Lockean heuristic
lockf, UNIX file management and
Locking
optimistic
resource
Lock manager
Lockout
Locus of control
Logic, programming
Logical cohesion
characteristics of
Logical link control sublayer
Logical networks
subnets and
Logical operators
Logic block, implementing
Logic bombs
Logic bus
Logic gate chips
Logic gates
schematic representations of
Login screen, password protections and
London Tube bombings
Loopback addresses
Loops
Loose coupling
LOphtrackNTLM
Lower ontologies
Loyalty, duty of
LSA. See Local Security Authority
LSASS. See Local Security Authority Subsystem Service
M
MAC. See Media access control
MAC addresses
Machine language
Macintosh, security attacks against
MAC/OS
kernel in
vulnerabilities and
Macro-patterns, fingerprint analysis and
MACs. See Message authentication codes
MAC sublayer
Mail slot file system
Main mode
Malevolent agent discovery
Malicious insiders
Malicious outsiders
sins of commission and
Malicious websites, proliferation of
Malware
infected mobile devices and
kinds of
Managed applications
Managed devices
Managed enterprises, security checklists for
Management
duties, responsibilities, and threats handled by
functions of
governance and
initiatives and security
risk assessment and
security assessment and planning functions of
Management frameworks, configuration management and
Management information base
Management Information systems
Managers, financial evaluations by
Mandatory controls
MANETs. See Multiple ad-hoc networks
Man-in-the-middle attacks
Achilles example
mobile devices and
poisoning of ARP cache and
MANs. See Metropolitan area networks
Mao Tse-tung
Markup languages
HTML
XML
Masquerade attacks
Master file table, in Windows
Matchmakers
Maximum time to repair
Maximum transmission units
Mbps. See Megabits per second
MBSA. See Microsoft Baseline Security Analyzer
McAfee
MD5. See Message Digest
MDs. See Message digests
Mean time between failure
Media access control
Media access methods
Megabits per second
Memory, virtual
Memory buffer overflows
Memory management, in UNIX OS
Memory manager
Message authentication codes
Message Digest
Message digests
Metadata
Metcalfe, Bob
Metcalfe’s Law
Methods
Metropolitan area networks
MFT. See Master file table
MIB. See Management information base
Micro features, fingerprint analysis and
Microkernel, in Windows
Micro-processing, competitive nature of
Microsoft Access
Microsoft Active Directory
Microsoft Baseline Security Analyzer
Microsoft Internet Information Services
Microsoft Management Control
Microsoft .NET technology
Microsoft Office 2007
Microsoft Outlook, attacks on
Microsoft Registry, Regeidt view of
Microsoft Security Compliance Manager
Microsoft SQLServer relational databases
Microsoft Transaction Server
Microsoft Vista
Microsoft Windows. See also Hosts and security-Windows example
architecture
circumventing security in
desktop
layered architecture and
as proprietary system
security components in
session privileges
Microsoft Windows
Microsoft Windows NT
Microsoft Windows NT architecture
Microsoft Windows operating system
microkernel, memory, and I/O management
multitasking and
processes and security management
registry
Microsoft Windows version 7
security changes in
security goals and
Microsoft Windows Vista
Microsoft Word, launching
Middle agents
Middleware
Midlevel managers, security and
MIME. See Multipurpose Internet Mail codE
Min/max theorem
Minor device number
Minutia algorithms, fingerprint analysis and
MIS. See Management Information systems
Misdemeanors
Misuse of systems, defined
MKMP
MMC. See Microsoft Management Control
Mobile ad-hoc network
Mobile device attacks, examples of
Mobile networks, challenges for
Mobile work
Mobility, threats and
Modeling and predicting attacks
game theory and predictive models
deductive predictions
inductive predictions
Model-View-Controller design pattern, in web applications
Modification, defined
Modular arithmetic
Module coupling, categories of
Modules
classification of
functional strength of
libraries of
Molloy, Tom
Monitoring
defined
organizational justice and
as a policy
security policies and
Monitoring information, storage of
Monitoring systems and networks, operational continuity and
Moral levels classification
Most significant bit
Motif
Motorola
Mozilla Firefox, web exploits against
MPLS. See Multi Protocol Label Switching
MRA. See Mutual Recognition Arrangement
MSB. See Most significant bit
MSFS. See Mail slot file system
MTBF. See Mean time between failure
MTS. See Microsoft Transaction Server
MTTR. See Maximum time to repair
MTUs. See Maximum transmission units
Mudding
Multi-agent systems
Multicasting
Multicasts
Multi-core processors
Multiple ad-hoc networks
Multiplexing
Multiplicative decrease
Multi Protocol Label Switching (Cisco)
Multipurpose Internet Mail codE
Multitasking, Windows and
Multithreaded multitasking
Mutual Recognition Arrangement
MX records, DNS and
MySpace
N
Naive theories
NAK. See Negative lock acknowledgment
Named pipe file system
Name resolution, TCP/IP encapsulation and
NAND
Napoleon
NARA. See National Archives and Records Administration
Narcissism
Nash equilibrium
NAT. See Network address translation
National Archives and Records Administration
National Checklist Program
National Credit Union Administration
National Defense Authorization for 2001
Government Information Security Reform section of
National Information Assurance Partnership
National Institute of Standards and Technology
checklists
Special Publication
Special Publication
National Security Agency
National Semiconductor
Native programming environments
NATs. See Network address translations
Natural disasters
NCP. See National Checklist Program
Needed services, monitoring
Need-to-know
Negative lock acknowledgment
Negative reinforcers
Neighbor Discovery, ARP, poisoning and
Neighbor Solicitation message, IPv6 address configuration and
Nessus
Nested loops
NetBIOS
Netcop
example
Netop
Netsky-PWin 32 worm
netstat command
NetWare Link Services Protocol
Network address translation
Network connections
devices and addressing
ISO/OSI and TCP/IP
summary of
communications facilities
data link layer connectivity
Network effects
Network fabric
circuit- vs. packet-switching communications and
examples of
Network File System
Networking
end-point
link-point
Network interface layer
Network intrusion detection system
Network layer
ISO model
Network links
Network-management systems
Network media
Network nodes
Network operating system
Network protocols
Frame types for
standards for
Network protocol stack, ISO/OSI model and
Network security
attack classifications and examples
attacks and tools
countermeasures
limiting and controlling information releases
objectives of
protecting zone transfers and thwarting DNS spoofing
using proxies and VPNs
end to end
ICMP security issues
layer 4 (TCP/UDP) security issues
link-to-link vs.
port attacks and SYN floods
enumeration
link to link
ARP, neighbor discovery, and poisoning
connection layer security issues
end-to-end vs.
Internet layer security issues
link layer security issues
reconnaissance and attack preparations
sorting out the targets and gaining a foothold
target exploitation
threats and
Network subsystem, in Windows
Network topologies
bus
ring
star
Neuroticism
Newsgroups
NEXT statement
NFS. See Network File System
NIAP. See National Information Assurance Partnership
NICs
IRQ and
nice system call
NIDS. See Network intrusion detection system
9-11 terrorist attacks
NIST. See National Institute of Standards and Technology
NLSP. See NetWare Link Services Protocol
Nmap
NMS. See Network-management systems
No harm-no foul fallacy
Nonce
Non-malicious intentional insider omission
Non-malicious unintentional insider omission
Nonpersistent cookies
Non-profit companies
Non-repudiation
NO_PROPAGATE_INHERIT_ACE
NOR
Normalization
Normative rule
Norsys Netica
Northrop Grumman
Northwest Airlines
Norton
NOS. See Network operating system
NOT
truth table for
Notebooks, security attacks against
Notepads, security issues with
Novelty
as potential danger
Novosel v. Nationwide Insurance Company
NPFS. See Named pipe file system
NSA. See National Security Agency
NS records, DNS and
n-tier architecture
n-tier configuration
n-tiered layered systems
NTKap
NT LAN Manager (Windows)
NTROOT
Nullsys
O
OAKLEY
Oakley key exchange
OASIS Web Services Security
Obedience, duty of
Object Builder
Object composition
OBJECT_INHERIT_ACE
Objective heuristics
Object libraries
Object Linking and Embedding
Object Management Group
Object manager
in Windows
Object-oriented programming
Object-oriented software
abstractions and complex data types
applications and
encapsulation
features defining
inheritance
nature of software objects
object composition
polymorphism
Object request brokers
Objects
calling
OO syntax and
classes vs.
destroying
distributed
instance of given class of
instantiating
within security framework
OBMod. See Organizational behavior modification
Obstruction of justice, cryptographic technology and
Occupational Safety and Health Administration
OCTAVE
original methodology, specific phases, and process
overview
OCTAVE Allegro
ODBC. See Open Database Connectivity
Office of Management and Budget
Circular A-123
Circular A-123 (revised)
Office of Security
OFM. See Outputfeedback mode
OLAP. See Online analytical processing
OLE. See Object Linking and Embedding
OMB. See Office of Management and Budget
Ombudsmen
OMG. See Object Management Group
Omission behaviors
management of
leading by example
responding to intentional omission
responding to unintentional omission
Omission problems, security behaviors and
One-time pads
One-time password
Online analytical processing
Online banking
Online education
Online shopping
Online stalking
Ontological indexing, pattern detection and
Ontological to epistemic transformation, inference and
Ontology
Ontology-based architecture
Ontology-based defenses
Ontology Inference Layer
Ontology Web Language
OOP. See Object-oriented programming
OoS. See Office of Security
Open Database Connectivity
Open file table
Open information and open source movement
Open/OLTP
Open Science Grid
Open Shortest Path First
Open System Interconnection
Open Web Application Security Project
Opera
Operant conditioning
Operating systems
digital architecture
functions of
Microsoft Windows
protections needed for
software and
UNIX-based functions
Windows and UNIX (Linux)
Operational audits
Operational level
Operational planning
Operational role
Operations
capabilities maintenance
continuity of
auditing systems and networks
cloud computing
monitoring systems and networks
operations centers and contingencies
maintaining
program creation and
security incidents
Opportunity for attacks
Optical carrier (OC) technologies
Optical scanners
Optimistic locking
Optimistic stances
Optimization analyses
OR
truth table for
ORBs. See Object request brokers
ORDER BY clause, SQL
Ordinary (or due) care
Organic organizational cooperation
Organizational behavior
behavior and control
behavior modification
Organizational culture antecedents, for
intentional omission
Organizational governance
Organizational justice
monitoring and
surveillance and
Organizationally unique identifier
Organizational procedural justice
Organizational structure
power and
principals, agency and
Organization member management
perceptions of control and security
sins of commission
sins of omission
social influences and legalistic perceptions
Orphaned processes, adoption of
OSHAS. See Occupational Safety and Health Administration
OSI. See Open System Interconnection TCP/IP vs.
OSPF. See Open Shortest Path First
OSs. See Operating systems
OSSEC
OSX/Ingtana worm
OSX.Leap.A worm
OUI. See Organizationally unique identifier
Outer joins
Outermost perimeter networks
Out of scope
Outside attackers
Outsider attacks
Outsourcing
of data storage and use, tax preparation and
threats and
Overhead costs
Overlapping factorial vicissitudes
Overloading
polymorphism and
OWASP. See Open Web Application Security Project
OWL. See Ontology Web Language
P
PaaS. See Platform as a service
Packet filtering
Packet sniffer
Packet sniffing
Packet-switched network
Packet switching
“Packet Too Big” error messages
Pads, security attacks against
Pager/swapper
Panoscopia
Parameters
Parent-child classes
Parent class
Parent process identifier
Parent vehicles
Parker model
Parsing markup
Partnership, defined
Pascal
Passive attacks
Passive immunization
Passive switches
Passports, biometric
Password file, UNIX
Password protections
for web servers
on Windows
Passwords
changing
key space and
Patches, updates
Patent Office
Patents
Patriot Act
Pattern algorithms, fingerprint analysis and
Pattern detection, ontological indexing and
Pattern discovery, closed-system static model of
Payback periods on depreciated loss of assets
Payment Care Industry Data Security Standard
PCAOB. See Public Companies Accounting Oversight Board
PCB. See Process control block
PCI DSS. See Payment Care Industry Data Security Standard
“Peeping Tom,” GPS capabilities and new kind of
Peer-to-peer (P2P) networks
Pellet
Penal law
Penetration
Performance expectancies
Perimeter networks
Periodic audits
Perl
Permutations
simplified
Persistence
Persistent cookies
Persistent memory
Personal health information
Personal health records
Personal Information Protection and Electronic Documents Act (Canada)
Pessimistic stances
PGP. See Pretty Good Privacy
PHI. See Personal health information
Phishing
Phishing scams
Photographic intelligence (imint), corporate espionage and
Photouris
PHP
PHRs. See Personal health records
Physical controls
Physical countermeasures
Physical layer, ISO/OSI model and
PID. See Process identification number
Ping
PIPEDA. See Personal Information Protection and Electronic Documents Act
Pipe system call
PKI. See Public key infrastructure
PKs. See Primary keys
Plaintext
Plaintext character stack
Plain view doctrine, video surveillance and
Planning
administrative countermeasures
physical countermeasures
technical countermeasures
Plan-to-actual budgetary expenditures variances in
Platform as a service
PnP manager, in Windows
Point-of-sales
Point-to-Point Protocol
Point-to-Point Tunneling Protocol
Poisoned DNS
Poisoning, ARP, Neighbor Discovery and
Policies
Policy-based routing
Political and behavioral issues in security
globalization and information exposure
legislation and global security
security and ethical governing
Polymorphism
POP. See Post Office Protocol
Population
Port attacks, SYN floods and
Port
Port numbers
Ports
POS. See Point-of-sales
Positional power
Positive reinforcers
Post
Post-9/11, technological and behavioral security issues
Post-conventional level of law consciousness
Post Office Protocol
Power
defined
delegation of responsibilities and
types of
Power Builder
Power manager, in Windows
PPID. See Parent process identifier
PPP. See Point-to-Point Protocol
PPTP. See Point-to-Point Tunneling Protocol
Pre-commit
Pre-conventional level of law consciousness
Predictability, security awareness and
Pre-employment screening
Pre-employment testing
Presentation layer
ISO model
Pretexts
Pretty Good Privacy
Primary keys
Primary number, primitive root of
Primitive data types
Primitive root, of primary number
Principals
Principle of least privilege
“Prisoner’s dilemma,”
Privacy. See also Employee surveillance and privacy
maintaining
state laws and
virtual work and
Privacy laws
Private industry, baseline security for
Private key (or symmetric) cryptography
Private keys
private keyword
Private law
Privileged data, implicit sharing of
Probabilistic reasoning
Probability theories
Problem analysis
defined
management of
Procedural cohesion
characteristics of
Procedural justice
Procedural law
Process control and scheduling
Process control block
Processes, categories of
Process handle
Process identification number
Process manager, in Windows
Process memory, segments of
Process priorities, in UNIX
Process scheduler
proc structure
proc table
Program creation
operations, expressions, and tasks
program logic and syntax
Programmatic ID (ProgID)
Programming tools
Program text segment, process memory and
Project
Project undertakings
critical issues in
formal
Proof
Proof of authenticity, evidence and
Protected, Windows and notion of
protected keyword
Protected servers, in Windows
Protection motivation theory
Protocol conversion
Protocol layer
Protocols, types of
Proxies
Proximal exchanges
Proxy agency
Proxy services
Proxy software
Pseudo code
PSTN. See Public switched telephone network
Psychodynamic driven model
Psychological contract
Psychosocial functioning
Public Companies Accounting Oversight Board
Public Company Accounting Reform and Investor Protection Act of 2002
Public key algorithms, RSA example
Public key (asymmetric) cryptography
Public key infrastructure
key distribution and
Public keys
asymmetric cryptography and
public keyword
Public law
Public switched telephone network
Pure composition
Python
Q
QoS. See Quality of service
QoS metrics
Quality Is Free (Crosby)
Quality of service
QueryInterface method
Queues
R
RAD. See Rapid application development
Radio frequency detectors
Radio-frequency identification
RAdmin
RAD systems. See Rapid application development systems
Radware
RAID. See Redundant array of independent disks
Random access memory (RAM)
Randomization
ranlib utility
Rapid application development systems
Rapid application development tools
RARP. See Reverse ARP
Rational Unified Process
RATs. See Remote access Trojans
Raw I/O for character devices, setting
Raw mode, in UNIX
Raw queue
RBACs. See Role-based access controls
RC4
RDBMS. See Relational database management system
RDBMS concurrency, software and
RDF. See Resource Description Framework
READ command
RealPlayer ActiveX control
Reasoning, discrete vs. equivocal problems
Reasoning systems
Recommended Security Controls for Federal Information Systems
Reconnaissance by attacker
Reconstructivist management view
Record protocol, TLS
Recovery plan
recv system call
Red book
Redirection
Redirect message
Red team tests
Redundant array of independent disks
Reference monitors
Referrent power
Registry
Registry cleaners
Registry monitors
Registry virtualization
Regulation
Reinforcers
Rejection of positive identification
Relational database management system
Relational databases
customer table
data integrity and
description of
invoice table
organization of
state table
zip codes table
Relays
Release of message contents
Reliable connections
Remote access Trojans
Remote access VPNs
Remote control systems
Remote Method Invocation
Remote Monitor
Remote procedure calls
renice system call
Repeated hashing
Replay attacks
Reputation-based system
Reputation management ontology
Request
Request for Comment
Research into the Security of Operating Systems
Resilience, socially inspired security and
Resin
Resource Description Framework
Resource locking
Responsibilities
accountability, law and
delegation of
Result set
Reuse, inheritance and
Reverse ARP
RFC. See Request for Comment
RFC
RFID. See Radio-frequency identification
RIAs. See Rich Internet applications
Rich Internet applications
Ridge patterns, fingerprint analysis and
Rights
of corporations
defined
Rijndael algorithm
Ring topology
RIP. See Routing Information Protocol
RISC
Risk
arranging according to probability and severity
defined
determining
Risk analyses
Risk assessment
accuracy of asset valuations in
management and
overview of
risk management vs.
security program and
Risk determination, control frameworks and
Risk homeostasis
Risk management
administrative, technical, and physical controls
amicable problem solving and
“best practices,”
frameworks
NIST
OCTAVE
using for implementing plans
hoping for the best, planning for the worst
risk assessment vs.
threat awareness and
Risk matrices
Risk mitigation, overview
Risk mitigation analysis and recommendation report
Risks
accepting, mitigating, reducing, or transferring
countermeasures and
Risk transference
RISOS. See Research into the Security of Operating Systems
Rivest, Ron
RMI. See Remote Method Invocation
RMON. See Remote Monitor
Roaming user profile, with Windows
Rogers, C. R.
Rogue program
Rogues
Role-based access controls
Rolling TCP ports
Root certificate
Root kits
Router Advertisement message, IPv6 address configuration and
Routers
egress
ingress
network security and
Router Solicitation message, IPv6 address configuration and
Route tables, routes and
Routing data
routes and route tables
routing protocols
Routing Information Protocol
Routing protocols
Royalties
RPCs. See Remote procedure calls
RSA
RSCFIS. See Recommended Security Controls for Federal Information Systems
RSS feeds
Rule-based systems
Rule-based utilitarianism
Rule of law, rule of thumb vs.
RUP. See Rational Unified Process
Rush, Bobby
S
SA. See Security Associations
SAA. See Security Assurance and Administration
SaaS. See Software as a service
Sabotage
SACL. See System access control list
SAD. See Security association database
Salt
SAM. See Security Accounts Manager
SAML. See Security Assertion Markup Language
Sandboxed applications
SANS. See SysAdmin, Audit, and Network and Security Institute
SANs. See Storage area networks
SAPs. See Service access points
Sarbanes–Oxley Act of 2002
SAT. See System access token
SAX
“S” boxes, ciphertext dissection and
Scalability, distributed systems and
Scanning
SCAP. See Security Content Automation Protocol
Scattered modules
Scheduler
Schemas
SCM. See Service control manager; System configuration management
SCMS. See Supply chain management systems
Scope
“S” corporations
SCO v. Novell
Screened subnet
Screened subnet architecture
Screening filters, stateless
Scripting attacks, web applications and
Scripting languages
SDLC. See Software development life cycle; Systems development life cycle
SEAL
Search engines
SEC. See Securities and Exchange Commission
SeCM. See Security configuration management
Sectors
Secure/Multipurpose Internet Mail Extension
Secure shell (SH) protocol
Secure socket layer
Secure software and systems SDLC
configuration management
secure systems development
Secure state, configuring to
Secure state maintenance
certification and accreditation
conducting security impact analysis
controlling changes
Secure systems development
Securities and Exchange Commission
Security
circumventing in Microsoft Windows and other OS
client-server Web applications and
ethical governing and
perceptions of control and
political and behavioral issues in
processes priorities
productivity vs.
prompt example
situations, behavior and
systems development life cycle and
virtual work and
web services and
Security Accounts Manager
Security and incident response teams
Security Assertion Markup Language
Security association database
Security Associations
Security Assurance and Administration
Security breach as a game reasoning
Security breaches
costs and implications of
monitoring as a policy and
reasons for
security countermeasures outpaced by
Security breach notice
Security checklists
Security configuration management
Security Content Automation Protocol
Security contravention, views on
Security controls, in countermeasures
Security countermeasures and complications
Security criteria, key components
Security decisions, biases, framing effects, and
Security descriptor
Security flags, ACE
Security identification
Security impact analysis, conducting
Security improvement, phases of
Security incidents
collecting and preserving evidence
computer forensics and the law
cyber stalking and harassment incidents
handling
insiders and
reporting
Security initiatives
Security law, cyber knowledge work and
Security management
checklist groups
configuring to a secure state
managed enterprises
overview
system level planning
Security models
Security operations
Security parameter index
Security planning, heuristic biases and
Security policies
classification and
employment law and
enforced and enforceable
models and
monitoring and
people and
Security policy database
Security programs
enactment of
overview of
Security reference monitor, in Windows
Security relationships, layered
Security requirements, minimum, formula for
Security Technical Implementation Guides
Security training
Security updates, automatic
SELECT clause, in SQL
select system call
Self-control
Self-efficacy
Self-healing systems
Self-indulgence
Selfish links
Semantic fusion, agent frameworks and
Semantic intelligence, surveillance reconnaissance (ISR) fusion
Semantic web (Web 3.0)
Sendmail system, UNIX
send system call
Senior managers, security and
Sensitivity analyses
Separation of duties
Serial line Internet protocol
Server Message Block
Server-side input validation
Service access points
Service Controller
Service control manager
Service level agreements
Service models
Service-oriented architecture
Service ticket
Servlets (JAVA)
SeSecurityPrivilege feature, in Windows 7
Session cookies
Session Initiation Protocol
Session key
Session layer
ISO model
Session-level packet filtering
Session management
in web applications
web servers and
Session Manager
Session variables
setgid system call
setuid feature
setuid system call
Shadow passwords
Shamir, Adi
Shared text processes
Shareholders
Shell
Shielded twisted pair cabling
Shopping, online
shutdown system call
SID. See Security identification
Signal
Signal intelligence (sigint), corporate espionage and
Signatories
Signature
Signature-based IDS
Silicon scanners, dorms of
Similar differences
Simple Mail Transfer Protocol
Simple Network Management Protocol
Simple Object Access Protocol
Single loss expectancy
SIP. See Session Initiation Protocol
Site-local unicast addresses
Situational antecedents for intentional omission
Situational ethics
Six Sigma
Skeletons
SKEME
S/Key
Skinner, B. F.
SKIP
SKU. See Stock-keeping unit
Skype
SLA. See Service level agreement
SLAPPs. See Strategic lawsuits against public participation
SLAs. See Service level agreements
SLE. See Single loss expectancy
Sliding window
SLIP. See Serial line Internet protocol
Slow convergence
Small businesses
Small office/home office (SOHO) environment specific assumptions about
Smalltalk
smap
smapd
Smart cards
Smart chips, passports and
Smart phones
applications
attacks over the airwaves and
security attacks against
threats and
SMB. See Server Message Block
SMDS. See Switched multimegabit data service
S/MIME. See Secure/Multipurpose Internet Mail Extension
Smith Guidance
SMTP. See Simple Mail Transfer Protocol
smtpd
Sniffers
SNMP. See Simple Network Management Protocol
SNORT
SOA. See Service-oriented architecture
SOAP. See Simple Object Access Protocol
SOAP headers
“So-called” expert claims
Social acceptance, attacker motivation and
Social-cognitive theory
Social contagion
Social Contract
Social engineering
Social engineering attacks
examples of
Social identity
defined
development of
Social identity thieves
Social influences, legalistic perceptions and
Social interactions and security implications
distributed work and threats
interconnectivity and threats
mobility and threats
security countermeasures and complications
Socialization by human interaction
Socialization by societal imposition
Socialization by state-law constraints
Socially inspired security
Social media
misinformation posted in
privacy and
Social networking sites
Social responsibility
Social systems
collective agency, availability, and integrity
security adaptation and
socially inspired security
Socio-behavioral aspects of security
Socio-biological behavior, as goal-directed behavior
Socio-biologically inspired security systems
Socio-cultural aspects of security
Socio-political aspects of security
Socket layer
socketpair system call
Sockets
end-point networking and
Socket system calls
Socket types
Softlifting
Software
auditing
object-oriented
proxy
RDBMS concurrency and
reverse-engineering
systems and
Software as a service
Software construction
code-level design: cohesion
code level design: coupling
IDE, wizards, and toolkits
native programming environments
rapid application development tools
Software development life cycle
Software instructions, hardware logic and
Software objects
characteristics of
nature of
Software piracy
Software systems, anatomy of
SONET. See Synchronous Optical Network
Source code
Source quench
Source routing
SOX. See Sarbanes–Oxley Act of 2002
Spaghetti code
SPD. See Security policy database
Special files, in UNIX
Specialized Security-Limited Functionality
Spec sheets
SPI. See Security parameter index
Spies
Spoofing
IP addresses
thwarting
Sprint
SP3
Spybot
Spyware
Spyware scanners
SQL. See Structured Query Language
SQL Injection
SQL92
SQL.Slammer worm
SSCF. See Specialized Security-Limited Functionality
SSLF, security practices and controls for
Stack
Stack pointer, defined
Stack protocols
Stack segment, process memory and
Staging area of attack
Stake
Stakeholders
Stalking, online
Stamp coupling
Stances
countermeasures and
Standalone environments
NIST practices for
specific assumptions about
threats to
Star topology
State
State changes
State cyber law
Stateful configuration
Stateful packet inspection
State information, managing in web sessions
Stateless configuration
Stateless machines
Stateless screening filters
State machines
State table
State transitions
Static-NAT
Statistical anomaly-based IDS
Statistical type II error
Statistics
Status seeking, by attackers
Statutes
Statutory law
Stealing candy from a baby reasoning
Sticky bit
STIGs. See Security Technical Implementation Guides
Stochastic algorithms
Stochastic game theory
Stochastic models
game scenarios and
Stock
Stock-keeping unit
Storage allocation policy or strategy
Storage area networks
Store and forward transmission
Stored procedures
Straddle point
Strategic initiative, defined
Strategic lawsuits against public participation
Strategic level
Strategy concept
Stream ciphers
Stream data
Streaming data, QoS metrics and
Streaming video
Stress conditions, persistent, clinical diagnoses of depression and
String data types
String objects
Strong authentication
Structured Query Language
overview of
queries
Structures, in C language
Stubs
Subjects, categories of
Subnet mask
Subnets, for hiding internal systems
Subnetworks
base-10 decimal and binary for value
logical AND operation
mask operation (logical AND)
Subroutines
Substitution
simplified
transposition and, examples 1 and 2
SUCCESSFUL_ACCESS-ACE_FLAG
Sun Microsystems/Oracle
Superantispyware
Super block
Supervisor mode
Supply chain management systems, just-in-time shipping and receiving and
Surveillance
new digital domains and
trust and
Surveillance information, storage of
Surveillance laws
Susceptible-infected-susceptible (SIS) model
Swap partition
SwIPe
Switched multimegabit data service
Switched network
Switches
active
passive
SWOT analysis
Symmetric algorithms
keys and
modern
Symmetric cryptography
key issues with
modern symmetric ciphers
substitution, transposition, and permutation
symmetric ciphers and keys
Symmetric keys
SYN bit
sync command
Synchronous communications
Synchronous Optical Network
SYN flood attack
SYN floods, port attacks and
Syntax, programming
Synthesis fact-nets
Synthetic heuristics
Synthetic model of the situation
SysAdmin, Audit, and Network and Security Institute
System access control list
System access token
System audit flags
System calls
System configuration management
System processes
Systems development life cycle
Systems security assessment
assessing information and system
test reports and recommendations
vulnerability testing
Systems security infrastructure, information and
T
Tactical initiatives
Tactical level
Tactical planning
Tags, for markup language formatting
Tape drives
Target exploitation
Task Manager
Tasks, program creation and
Tax evasion, cryptographic technology and
Tax preparation, outsourcing of data storage and
TCB. See Trusted computing base
TCM. See Threat control model
TCP
port scan and
three-way handshake
example of
TCP/IP. See Transmission Control Protocol/Internet Protocol
TCP/IP protocol stack. See Encapsulation and TCP/IP protocol stack
TCP/IP suite, programs and protocols in
TCSEC. See Trusted Computer System Evaluation Criteria
TCSEC orange book
Technical audits
Technical controls
Technical countermeasures
Technological and behavioral security issues
management, duties, responsibilities, and threats
organizational governance
security, cyber crime, and costs
Technological antecedents for intentional omission
Telecommuters
Telemedicine
Teleological theory of motivation
Telework
Teleworkers
Telnet
Templates, biometrics and
Templatization, iris scanning and
Temporal cohesion
characteristics of
Temporally ordered equidistant points
10Base5
Terminals (ttys), UNIX
Terminator
Terrorism, cryptographic technology and
Terror management theory
TFTP. See Trivial File Transfer Protocol
TGS. See Ticket-granting service
TGT. See Ticket-granting ticket
Thermal scanners
Thicknet
Third Normal Form (3NF)
Threat and vulnerability assessments
Threat assessment factors
Threat control model
Threats. See also Attacks; Network security; Vulnerabilities
defined
distributed work and
information security
to information systems
from insiders and outsiders
intensity of
interconnectivity and
mobility and
network security and
standalone environments and
Web application
3DES
Three-dimensional profiling (3DP)
3G cellular phones, security issues with
3G smart phones, attacks over the airwaves and
Three-way handshake
TCP protocol and
Ticket-granting service
Ticket-granting ticket
Tickets
Tiers, checklists and
Tight coupling
Time bombs
Tivoli Privacy Manager (IBM)
TLD. See Top-level domain
TLS. See Transport Layer Security
TNI. See Trusted network interpretation
Token
Token Ring technologies
Tomcat
Toolkits, IDE
Top-down design
Top-level domain
tOrn
TPEP. See Trusted Product Evaluation Program
TPF
Traceability
Traceroute
Tracking cookies
Trademarks
Trade-Related Intellectual Property
Trade secrets
Traffic analysis
Training, information security
Transaction management systems
Transmission Control Protocol
security issues and
Transmission Control Protocol/Internet Protocol
OSI vs.
Transmission fabric
Transport layer
ISO model
Transport Layer Security
cryptographic implementation and
handshake layer
record layer
Transport mode
Transposition
substitution and, examples 1 and 2
Trapdoor
Triadic reciprocal determinism
Triadic reciprocality
Triggers
Triples
TRIPS. See Trade-Related Intellectual Property
Tripwire
Trivial File Transfer Protocol
Trojan horses
defined
integrity of information and
smart phones and
Troj/Cimuz-U
Trolls
Trust
from security perspective
surveillance and
Trusted Computer System Evaluation Criteria
Trusted computing base, Common Criteria vs.
Trusted network interpretation
Trusted networks
Trusted Product Evaluation Program
Trusted proxy, biometrics and
Trusted security kernels
Truth tables
for AND
for NOT
for OR
ttinterrupt function
ttread function
ttwrite function
Tunnel mode
Tunnels
in VPNs
Turnbull guidance
Tuxedo
Two-phase commit
for patient record
Type-1 errors
U
UAC. See User account control
UART. See Universal receiver-transmitter
UCC. See Uniform Commercial Code
UDDI. See Universal Description and Discovery Integration
UDP. See User Datagram Protocol
UID. See User identification code
UML. See Unified Modeling Language
Uncertainty
Unfamiliarity
Unified Modeling Language
Uniform Commercial Code
Uniform Resource Identifiers
Unintentional omission, responding to
Uninterruptible power supplies
Unions, in C language
Unisys
Unisys 2200
United Kingdom
Combined Code on Corporate Governance
Data Protection Act
Universal Description and Discovery Integration
Universal receiver-transmitter, in UNIX
Universal Resource Locators
UNIX
cooked mode in
half cooked mode in
orderly shutdown in
permission bits
raw mode in
sendmail system
special files in
as true demand paging system
UNIX-based file system
UNIX file management
UNIX file protections
UNIX-based operating system functions
disk memory management
OS features
UNIX-based file system
UNIX-based processes
external view of
process and memory management
process control and scheduling
UNIX system I/O and device drivers
UNIX file types
UNIX scheduler, as “fair” scheduler
Unneeded services, turning off
Upper ontologies
UPS. See Uninterruptible power supplies
Upstream liability
URIs. See Uniform Resource Identifiers
URLs. See Universal Resource Locators
Use cases
User account control, Windows 7 improvements in
User authentication
User authenticity, maintaining
User-based security model
User Datagram Protocol
security issues and
User-defined data types
User identification code
User identification number, in UNIX
User Manager Administration tool
User mode, in Windows
User processes
User structure
User view of system
USM. See User-based security model
Utilitarianism
Utility patents
V
Valuations, risk mitigation and
Value chain
Value neutral technologies
Variable assignments
VBA
VBScript
Vector
Vehicles
Verification, biometrics and
VeriSign
Vertical strata
Video recording, employee movements and actions
Video surveillance, of employees
View
Vigenere cipher
Viral marketing
Virtual addressing, with UNIX
Virtual circuit table
Virtual communities
Virtual entertainment
Virtual keyboards
Virtual machine
Virtual memory
Virtual memory manager, in Windows
Virtual private networks
cryptography and
encryption process
types of
using
Virtual teams
Virtual work, security, privacy and
Viruses
defined
integrity of information and
MAC/OS and
smart phones and
standalone environments and
Virus scanners
Visual Basic
VMS OS (DEC)
VMWare
Voice analysis
Voice over IP (VoIP)
Vonage
Voting shares
VPNs. See Virtual private networks
Vulnerabilities. See also Attacks; Network security; Threats
categories of
changing technology, attack landscape and
determining, criteria for
scanning for
testing for
test reports and recommendations
W
Wait state
WANs. See Wide area networks
WASC. See Web Application Security Consortium
Weakest link problem
Weapons dealing, cryptographic technology and
Web application processing
Web applications
defined
threats and
vulnerabilities with
Web Application Security Consortium
Web applications security
Web application threats
Web-based applications
Web-based technologies
Web-based vs. -enabled applications
Web browsers
Web browsing, monitoring
Web client and server communications intercepting
Web content, protecting
Web of trust
Web servers
protections for
authentication
authorization
content
input validation
password protections
session management
web services and security
securing
vulnerabilities of
Web services
cloud computing and
security and
Web Services Description Language
Websites, malicious, proliferation of
Web surfing
Web
Well-formed transactions
What-if analyses
Wheatstone wheel
WHERE clause, in SQL
Whistle blowing
White hat penetration testing
White list
White washing
Wide area networks
Wifi Protected Access
WikiLeaks
Wikis
WinDoctor (Norton)
Windows Explorer
Windows manager
Windows Metafile, vulnerabilities in
Windows NT password-hashing technique (NTLM)
Windows Registry, centralized nature of
Winfingerprint
scanner example
WinFixer
Winlogon
Wired networks, security and
Wireless Equivalent Privacy
Wireless fidelity (wi-fi)
Wireless networks, security and
Wireshark
network monitor example
Wiretap laws
Wisekey
Wizards
WMF. See Windows Metafile
Word processing
Workers compensation
Workplace harassment
World Trade Organization
Worms
integrity of information and
self-propagating
standalone environments and
WPA. See Wifi Protected Access
WPA2
WRITE command
WSDL. See Web Services Description Language
W3C
WTO. See World Trade Organization
X
X.509 certificates
X.509 standard
X5/x
XML. See eXtensible Markup Language
XML document, example of
XML markup, example of
XML style sheet and translator (XSLT)
XOR truth table
X.12
X.25
X/Windows
Y
Yellow page agents
YouTube
Z
Zero-sum game
Zimmerman, Phil
Zip codes table
Zombies
Zombie state, processes in
Zone Alarm
Zone transfers, protecting