Index
A
Access Control
access control administration, 65
access control business logic, 75
access control concepts, 4
access control entry (ace), 11
access control gaps, 115
access control head end, 494
access control integration, 52
access control list (acl), 10
access control lists, 4
access control mechanism, 6
access control mechanisms, 10
access control node, 47
access control restrictions, 1
access control system, 490
access control systems, 1
access control violation monitoring, 513
Access decisions, 4
Access security, 54
Account permissions, 85
Account Timeouts, 57
Accounting, 60
Accounting (AAA), 40
Active Directory (AD), 53
Active monitoring, 45
Actual result, 120
Administrative Change Control, 143
Administrator, 31
Advanced Encryption Standard (AES), 160, 260
AES, 179
Agents, 62
AH, 246
Alternate Facility, 468
Alternate Site, 468
Alternate Site Selection, 432
Annual Loss Expectancy (ALE), 352
Anonymous users, 72
Anti-Malware, 182
Anti-Spam, 183
Anti-Terrorism, 481
Applicability Statement 2 (AS2), 254
Applications, 9
Applications of Cryptography, 240
Appropriate permissions, 35
APT, 274
Architectural Solutions, 404
Architecture Effectiveness, 114
Architectures, 37
Arms Embargo, 485
Assessors, 120
asset protection, 495
asset vulnerabilities, 498
Assigning groups, 85
Assurance Paradigm, 380
Assurance through Evaluation, 381
Asymmetric Attacks, 319
Asymmetric cryptography, 285
Asymmetric cryptosystems, 264
Asynchronous stream ciphers, 263
Attacks
attack by deception, 359
attack by e-mail, 358
attack models, 318
attack surface, 45
attack vectors, 355
attacks against keys, 321
Audits
audit for misuse, 86
audit log, 6
audit log access, 42
audit log review, 57
audit readiness, 336
audit records, 61
auditing, 35
Australia Group (AG), 486
Authentication
authenticated users, 72
authentication, 20, 40, 100, 241
authentication factors, 120
authentication header (ah), 205
authentication information, 54
authentication tool, 111
Author, 418
Authorization, 40
Authorized, 65
Automated deployment, 99
Automation, 4
Awareness training, 406
B
Back-end database access, 75
Back-end systems, 253
Backdoors, 123
Backup Strategies, 451
Badge Equipment, 492
Bandwidth, 47
bandwidth utilization, 175
Bare metal backup, 452
Basic Service Set (BSS), 176
BCM policy, 446
BCMS, 446
BCP, 462
BCP/DRP architecture, 455
Bind, 53
Biometrics, 56
biometric authentication tools, 107
Black box, 271
Block Cipher Modes, 259
Boundary router, 157
Brute Force Attacks, 322
BS 25999-1, 447
BS 25999-2, 446
Buisness Continuity Planning (BCP), 427
Business, 364
Business Building, 495
Business Continuity, 427
Business Impact Analysis, 432
Business Impact Analysis (BIA), 444, 465
Business rule enforcement, 75
Business to Business (B2B), 253
Business to Consumer (B2C), 253
C
Cacls tool, 15
Capability Maturity Model (CMM), 384
Capacity, 43
CAPTCHA, 189
Card Types, 492
Causes of Vulnerabilities, 380
CCMP, 179
CCTV, 514
Cellular Message Encryption Algorithm (CMEA), 260
Central switch, 73
Centralized access, 76
Centralized Access Control, 40
Certificates, 193
certificate authorities, 193
certificate issuance, 306
certificate management, 98
certificate practice framework (CPF), 298
certificate revocation, 310
certificate revocation list (CRL), 294
Certification, 416
certification/validation body (CB), 369
certification authorities, 9
Challenge-Handshake Authentication Protocol (CHAP), 200, 251
Change of Privilege Levels, 79
Channel DLP, 186
Checked, 377
Chosen-ciphertext attack, 319
Chosen-plaintext attack, 319
Churn, 226
Cipher-Based Message Authentication Code (CMAC) Mode, 259
Cipher Block Chaining (CBC), 259
Cipher Block Chaining MAC algorithm (CBC-MAC), 260
Cipher Feedback (CFB), 259
Ciphertext-only attack, 318
Circuit-Switched, 136
Circumvent controls, 115
Classifications, 22
Clock synchronization, 61
Cloud, 457
CMMI-DEV, 386
Code of, 228
Codes (ROSC), 228
Cold Site, 456
Collaboration, 69
Collision resistance, 268
Commerce Control List, 482
Commercial-Off-the-Shelf (COTS), 10
Common Criteria (CC), 366
Common Criteria (CC) Part 1, 368
Common Criteria (CC) Part 2, 371
Common Criteria (CC) Part 3, 373
Common Criteria Assurance, 381
The Common Criteria Evaluation Assurance Scale, 381
Common Implementations, 43
Communication protection, 76
Communications, 131
Complexities in administration, 26
Components, 24
Compression, 267
Computational Overhead, 274
Confidential data, 225
Configuration Files, 17
Construction, 511
Consumer to Consumer (C2C), 253
Content-aware DLP, 185
Content Addressable Storage (CAS), 252
Content Filtering, 182
Context, 363
Contingency mode, 469
Continuous, 389
Continuous operation strategy, 471
Continuous synchronization, 47
Control changes, 81
Cooperative effort, 52
Corporate Governance, 436
Corrective action, 120
Cost–Benefit Analysis (CBA), 459
Cost Control, 495
Cost sensitivity, 122
Counter (CTR) Mode, 259
Countermeasure strategies, 116
Countries of Concern, 485
Crackers, 360
Credentials, 43
Critical function, 467
Critical Staff, 432
Critical System Ranking form, 466
Critique, 417
Cross-Certificates’ Revocation, 317
Cross-Certification, 314
Cross-Certified Mesh, 308
Cross-Domain Risks, 215
Cross-Site Request Forgery (CSRF), 215
Cross-site scripting attacks, 77
Cryptanalytic Attacks, 318
Crypto Ignition Key (CIK), 251
Crypto Information in Transit, 287
Crypto Periods, 280
Cryptographic Algorithms, 209
Cryptographic Areas, 325
Cryptographic Compliance Monitoring, 331
Cryptographic hash function, 272
Cryptographic hashes, 64
Cryptographic Message Syntax (CMS), 254
Cryptographic Standards Compliance, 332, 333
Cryptographic Strength, 278
Cryptography, 237
Cyclic Redundancy Check (CRC), 138
D
Data Aggregation, 63
Data at rest, 242
Data Centers, 502
Data Encryption Standard (DES), 260
Data in flight, 242
Data Integrity, 278
Data Loss Prevention (DLP), 185
Data presentation, 76
Data Stored in Electronic Form, 449
Data Valuation, 362
Data Value, 363
Database Management System (DBMS), 70
Database Management Systems, 9, 56
Debarred List, 485
Decentralized Access Control, 46
Dedicated, 171
Dedicated Authentication Bases, 304
Defense-in-Depth, 405
Defense in depth, 116
Defined Threat Matrix, 498
Deliverables, 432
Delta CRLs, 313
Demilitarized Zone (DMZ), 49
Denial of Service (DoS), 168
Denied Persons List, 484
Department of Defense Architecture Framework (DoDAF), 410
Dependencies, 86
Depth, 382
Design Process, 413
Design Validation, 318, 415, 511
Developer, 31
Development, 24
Development (OECD), 228
Device backup, 46
Device Type, 96
Differential cryptanalysis, 319
Differential Fault Analysis, 323
Differential Power Analysis, 323
Diffie–Hellman (DH) key, 265
Digital, 255
Digital Rights Management (DRM), 19
Digital Signature Algorithm (DSA), 330
Digital Signing, 271
Directive 2002/58/EC, 365
Directories, 52
Directory Access Protocol (DAP), 53
Disaster Recovery Planning, 465
Disaster Recovery Planning (DRP), 427
Discretionary Access Control (DAC), 11
Disk Imaging, 452
Distributed, 46
Distributed Denial of Service (DDoS), 185
DLP-lite, 186
Document workflow, 30
Documentation, 419
Documenting the Plan, 433, 460
Domain Name System (DNS), 189
Domain Parameters, 290
DR Plan, 464
Dual Control, 88
Dual Data Center, 456
Duplicated groups, 80
E
E-commerce, 253
E-Commerce Protocols, 191
E-mail, 56
E-mail Filtering, 57
EAP, 43
EAR License Requirements, 485
Ease of computation, 267
EBCDIC password, 281
Ecurity reference monitor, 39
Electronic Code Book (ECB), 259
Electronic Data Interchange (EDI), 254
Electronic Distribution of Wrapped Keys (Key Transport), 288
Electronics Engineers (IEEE), 247
Elliptic Curve Digital Signature Algorithm (ECDSA), 255
Emergent vulnerabilities, 116
Encapsulating Security Payload (ESP), 205, 208
Encapsulating Security Protocol (ESP), 245
Encryption Control Protocol (ECP), 247
Encryption products, 56
End-to-End Delay, 139
End Entity (EE), 301
Endpoint Security, 214
Enforcing Security Policies, 117
Enrollment time, 108
Enterprise Architecture Frameworks, 410
Enterprise DLP, 186
Entities, 120
Entity, 101
Entity List, 485
Enumerate risk, 122
Enumeration, 29
Ephemeral key agreement keys, 277
ESP, 246
Estimated Annual Cost (EAC), 352
European Union Data Protection Directive, 336
Evacuation Drills, 505
Evaluation Assurance Level (EAL), 369, 373
Event Management (SIEM), 173
Events per second, 174
Executable binary files, 18
Execute, 12
execution permission, 13
executions, 18
Exercise controls, 118
Expected result, 120
Explicit Authentication, 302
Explicit definition of duties, 26
Explicit role, 34
Export Administration Regulations (EAR), 482
Export Control regulations, 481
Extensible Authentication Protocol (EAP), 252
External Hot Sit, 456
Extranet, 153
Extranet VPN:, 247
F
Face-to-Face, 304
Facebook, 190
Facial Recognition, 110
Facility Risk, 496
Facsimile, 151
Facsimile Communications, 134
Fail secure, 90
Failures in least privilege, 80
Federal Communications Commission of the United States (FCC), 161
Federated Access Control, 50
FEMA Emergency Management Guide for Business, 505
Fibre Channel (FC), 250
Fibre Channel Security Protocol (FC-SP), 250
FICON, 250
File Synchronization, 453
File Transfer Protocol (FTP), 165
Filter information, 14
Financial controls,, 436
Fingerprints, 109
Firewalls, 162
Firewalls vs. Routers, 165
Foreign National, 482
Forensics, 174
Formal inspection, 417
Formally Verified Design, 379
Frequency Division Multiplexer (FDM), 134
Frequency of use, 91
Frequent evaluations, 35
Friendly Countries, 485
Front-end systems, 253
Functionally Tested, 377
G
Galois/Counter Mode (GCM), 260
Gaps, 36
Gateway, 146
Generic Attribute Profile (GATT), 249
Geographical Considerations, 94
Governance, 495
Granted Rights, 78
Group 3 Facsimile Protocol (G3), 151
Groups, 79
Guard Force, 490
Guest OS, 220
H
The H.323 Protocol, 144
Hackers, 359
Hand Geometry, 109
Hardware Security Modules (HSMs), 251
Hash Function Attacks, 320
Hash Functions, 267
Hashing, 256
Health Insurance Portability Accountability Act of 1996 (HIPAA), 416
HMAC, 271
Hoaxes, 359
Holographic labels, 251
Host-based firewalls, 18
Host-based IDS (HIDS), 168
HR data, 502
HSPD-12, 493
HTTP Tunneling, 175
HTTPS, 184
Human-Made Risks, 440
Human Factor, 461
Human resource management, 106
HVAC, 502
Hybrid Cloud, 455
Hybrid Networks, 153
HyperText Transmission Protocol (HTTP), 191
Hypervisor, 220
I
Identification, Friend or Foe (IFF), 250
Identify purpose, 81
IDS Architecture, 167
IDS Load Balancer, 170
IETF RFC documents, 40
Image Backup Systems, 453
Imaginary functionality, 99
Implementation, 432
implementation considerations, 108
Inappropriate permissions, 85
Inappropriate Roles, 32
Incident Response, 509
Incomplete, 390
Increased complexity, 77
Incremental-Forever Backup, 452
Independent Basic Service Set, 177
Individual Authentication, 303
Industry, 506
Industry Risks, 442
Information Gathering, 465
Information presentation, 75
Information protection needs, 413
Information System Security Engineering (ISSE), 413
Information systems architecture, 347
Information Technology Sector Coordinating Council (ITSCC), 441
Information Technology Government Coordinating Council (ITGCC), 441
Infrastructure as a Service (IaaS), 156
Infrastructure Basic Service Set, 177
Infrastructure BSS, 178
Inherent Rights, 77
Initial, 391
Initialization Vector (IV), 259
Inline Sensor, 170
Instant Messaging, 362
Institute of Electrical, 247
Inter-VM, 220
Intergroup Coordination, 397
Internal Hot Site, 456
International Data Encryption Algorithm (IDEA), 261
International Electrotechnical Commission (IEC), 53, 368
International Monetary Fund (IMF), 228
International Organization for Standardization (ISO), 53, 368
International Privacy Laws, 336
International Telecommunications Union, 151
International Telecommunications Union–Telecommunications Standardization Sector (ITU-T), 53
International Traffic In Arms Regulations (ITAR), 483, 485
Internet Control Message Protocol (ICMP), 160, 191
Internet Engineering Task Force (IETF), 245
Internet Key Exchange (IKE), 205
Internet Protocol (IP), 191
Internet versus Intranet, 152
Interpretation, 113
Intra-VM, 220
Intrusion Detection, 57
Intrusion Prevention System, 172
Intrusion tactics, 515
IP Security (IPSec), 199
IRC, 362
Iris, 110
ISO Guidelines
ISO/IEC 24762, 448
ISO/IEC 27000 Series, 382
ISO/IEC 27001, 449
ISO/IEC 27005, 352
ISO/IEC 27031, 448
ISO/IEC 31010, 437
ISO/IEC 9594, 53
ISO/PAS 22399, 448
ISO 22301:2012, 447
ISO 31000, 437
ISO 7498, 400
ISO reference model, 187
ITAR Licensing Policy, 485
J
Jitter, 140
K
Kerberos, 251
Keys
key creation, 284
key encrypting key, 277
key escrow, 295
key exchange, 256
key generation algorithm, 272
key life cycle, 283
key management interoperability protocol (KMIP), 252
key recovery, 297
key size, 278
key storage, 290
key strength, 281
key update, 293
key usage, 306
KOOBFACE, 189
L
L2TP Packet Exchange, 204
Label sensitive data, 14
Lack of scalability, 97
Layer 2 Tunneling Protocol (L2TP), 201
Layer controls, 99
Layered Architecture, 401
LEAF, 296
Least Functionality, 27
Least Privilege, 25
Legal, 364
Level of protection, 498
Lightweight Directory Access Protocol (LDAP), 53
Limit access to essential objects only, 14
Limited enforcement, 97
Limiting access, 12
Line of Business systems, 4
Linear cryptanalysi, 319
Listen, 62
Location, 92
Log Aggregation, 174
Log diversity, 62
Logical Addresses, 96
Logical controls, 89
Logistics, 461
M
MAC address, 172
Magnetic Strip, 103
Magnetic Stripe, 492
Maintenance of data, 516
Malicious entity, 13
Malicious Macros, 361
Malware Scanning, 57
Man-in-the-Middle attack, 320
Managed Backup Services, 454
Managed devices, 328
Management console, 328
Management server, 328
Manager/team lead, 417
Mandatory Access Control (MAC), 21
Manual Key Distribution, 288
Manual processes, 122
Manual registration, 97
Manual tracking, 58
MD5, 269
MDC-2, 269
MDx-MAC scheme, 270
Media, 469
Meet-in-the-Middle attack, 322
Membership attributes, 81
Merkle–Damgård, 268
Message Authentication Code (MAC), 260
Message Authentication Codes (MACs), 267
Message Encryption, 244
Methodically Designed, 378
Methodically Tested, 377
Methods of “Vector” Attack, 355
Methods of Disclosure, 481
Meyer-Schilling, 269
Microsoft Point-to-Point Encryption (MPPE), 199
Middle-tier security, 77
Military/Space Technologies, 485
Ministry of Economy, Trade, Industry (METI), 487
Mirror Backup, 452
Misallocation of privileges, 25
Missile Technology Control Regime (MTCR), 486
MITRE Corporation, 384
Mobile Code, 185
Mobile Unit, 457
Moderator, 417
Modified CRL-Based Models, 312
Monitor weaker controls, 122
Monitored, 65
Monitoring for noncompliance, 14
Moore’s law, 279
MTLS, 329
Multiple accounts, 85
Multiple roles, 35
Multipoint Control Unit (MCU), 147
Multipoint Controller, 147
Mutual influence, 37
Mutual risk, 52
N
National Information Assurance Partnership (NIAP), 370
National Institute of Standards, 352
National Security Agency (NSA), 255, 367
National Voluntary Laboratory Accreditation Program (NVLAP), 370
Natural Hazard Risks, 438
Neighbors, 442
Netlog, 190
Network-Based Access Control, 97
Network-Based Cryptanalytic Attacks, 320
Network Architecture, 152
Network authentication, 55
Network Behavior Analysis (NBA), 168
Network Calling, 148
Network Devices, 9
Network equipment, 56
Network management, 56
Network mapping, 95
Network Operations Center (NOC), 502
Network security, 131
Network sniffing, 93
Network Tap, 170
Network Time Protocol (NTP), 61
Network Types, 153
Networked applications, 56
NIST Special Publication 800–34 Rev 1, 449
Non-disclosure agreements (NDA), 227
Non-repudiation, 240, 241, 278
Nondiscretionary Access Control, 18
Nonstandard location, 93
Notified of the changes, 498
NSA Suite B, 332
Nuclear Suppliers Group (NSG), 486
O
OCSP, 313
OCSP Request, 314
OCSP Response, 314
Off-Site Journaling, 449
Off the shelf, 459
Office of Foreign Assets Control (OFAC), 484
Offline Cross-Certification, 316
Offsite Backup, 468
One-key-pair, 300
One-Way Algorithms, 270
Ongoing Maintenance, 470
Online Certificate Request, 302
Online Cross-Certification, 316
Onsite, 468
Open Database Connectivity (ODBC), 76
The Open Group Architecture Framework (TOGAF), 409
Open source solutions, 122
Open System Interconnectivity (OSI) model, 10
Operating Systems, 9
Operational conflicts, 64
Operational phase, 283
Operationally Critical Threat, 352
Optimizing, 393
Orange Book, 367
Ordinary User, 31
Organization Drivers, 494, 516
Organization for Economic Co-operation, 228
Organization Process Definition, 399
Organizational Entity, 301
Origin authentication, 269
Originator Controlled (ORCON), 19
Originator Usage Period (OUP), 279
Orphaned groups, 80
Orphaned Linux firewall, 36
Out of the box, 459
Outbound Traffic Filtering, 184
Output Feedback (OFB), 259
Outsourcing, 457
Overlaps, 36
P
P2P File-Sharing Networks, 362
Packet-Switched, 136
Packet Loss Rate, 140
Passive Sensor, 170
Password Authentication Protocol (PAP), 200, 251
Password hashes, 74
Password splitting, 59
Payment Card Industry Data Security Standard (PCI-DSS), 334, 402
PD 25111, 448
PD 25666, 448
Peak Request Rate, 312
Peer-to-Peer (P2P), 70
Penetration testing, 118
Penetration Tests, 511
Per-role basis, 35
Performance Characteristics, 107
Performed, 390
Perimeter area, 511
Periodic Audit, 470
Periodic review, 81
Perpetrator, 511
Personal Area Networks (PANs), 248
Personal Identification Number (PIN), 491
Personalization, 493
Personnel Protection, 495
Physical, 96
Physical access controls, 477
physical security needs, 494
physical security policies, 480
physical security risks, 489
PIV credential, 493
PKI Registration, 300
Plain Old Telephone Service (POTS), 249
Plan Development, 468
Plan Maintenance Strategies, 462
Planning Phases, 432
Planning Team, 432
Platform as a Service (PaaS), 156
Point-to-Point Protocol (PPP), 199, 247, 251
Point-to-Point Tunneling Protocol (PPTP), 199
Policies
policy deficiencies, 115
policy enforcement, 99
policy enforcement design, 185
policy of denial, 486
Polling, 62
Portable tape media, 252
Postoperational phase, 284
Power Loss, 90
PPTP Security, 200
Pre-shared keys, 209
Preimage resistance, 268
Preoperational phase, 283
Pretty Good Privacy (PGP), 245
PREVIEW program of the European Commission, 439
Primary access control, 76
Prior to connecting a device, it, 96
Privacy, 254
Privacy-Enhanced Mail (PEM), 245
Private Cloud, 455
Private Networks, 153
Processes
process change management, 399
process definition, 396
process validation, 57
Processing, 24
Product Assurance Evaluation Criteria, 366
Productivity, 495
Project Plan, 465
Proof of Possession, 305
Protected bench network, 218
Protected Health Information (PHI), 335
Protection constraints, 498
Protection Plans, 503
Protection Profile (PP), 369
Protection requirements, 291
Protocol details, 91
Proxy access control system, 41
Proxy controlled authentication, 74
Proxy servers, 50
Public Key Infrastructure (PKI), 55
Public Networks, 153
Pulse Code Modulation (PCM), 135
Q
Qualified Security Assessor, 402
Qualitative Risk Analysis, 353
Quality Engineer, 418
Quantitative Process Management, 398
Quantitative Risk Analysis, 352
Quantitatively Managed, 393
R
Radio Frequency (RF), 171
Radio Frequency Identification (RFID), 250
RADIUS, 43
Random Number Generators (RNGs), 285
Read-and-copy., 12
Read permission, 12
Reader, 418
Reading up, 22
Reciprocal Agreement, 457
Recommendations, 29
Recorder, 418
Recovery
recovery plan, 468
Recovery Point Objective (RPO), 445
recovery procedures, 468
recovery requirements, 429
recovery strategies, 460
recovery strategy, 456
Recovery Time Objective (RTO), 445
Recovery Time Objectives (RTO’s), 454
Regulatory Requirements, 364
Related-Key attacks, 322
Remote Access, 246
Remote Access VPN, 247
Remote maintenance, 49
Remote MONitoring (RMON), 218
Remote Procedure Calls (RPCs), 196
Remote Replication, 449
Removable media, 18
Repeatability, 119
Replay attack, 320
Report of findings, 29
Report on Governance Principles for South Africa (King III), 228
Reporting, 174
Reports on the Observance of Standards, 228
Requests for Proposals (RFP), 348
Requests for Proposals (RFPs), 420
Requirement, 120
Requirement number, 120
Resource attributes, 81
Resource intensive, 91
Restricted Work Areas, 501
Retention, 63
Retina, 110
Reviewed, 378
Reviewers, 418
RFC 3193, 209
RFC 4510, 53
Rigid protocol, 89
Rigor, 382
Risk
risk-based considerations, 121
risk-based cryptographic architecture, 323
risk acceptance, 443
risk analysis matrix, 434
risk assessment, 465
risk avoidance, 444
risk management – risk assessment techniques, 437
risk mitigation, 434
risk reduction / mitigation, 443
risk theory, 353
risk transfer, 443
Robust, 46
Role-Based Access Control (RBAC), 18
Role assignments, 31
Role Based, 81
Router access control capabilities, 73
RSA Decryption Primitive (RSADP), 266
RSA Encryption Primitive (RSAEP), 266
RSA key pair, 286
RSA private key, 286
RSAES-OAEP, 266
Rule-Based Access Control, 20
S
Safeguarding of resources, 516
Scalability, 213
Scalable, 46
Scope, 382
Seal the room, 508
Second preimage resistance, 268
Secure/Multipurpose Internet Mail Extensions (S/MIME), 254
Secure IP Communication, 245
Secure Multi-Purpose Internet Mail Extensions (S/MIME), 245
Secure Multimedia Internet Mail Extensions (S/MIME), 195
Secure Socket Layer (SSL), 407
Secure Sourcing, 224
Secure Wireless Communication, 247
Secured areas, 511
Security, 141
security architects, 465
Security Association (SA), 205
Security Association Database (SADB), 206
security assurance requirements, 369
Security Concept of Operations (SECONOP), 415
Security design, 413
Security effectiveness, 413
Security Event Management (SEM), 62
Security Export Control Policy Division, 488
Security Export Inspection Office, 488
Security Export Licensing Division, 488
Security Functional Requirements, 369
Security Functional Requirements (SFR), 371
Security Functions Policies (SFP), 371
Security Information, 173
Security Information Management (SIM), 62
Security kernel, 38
Security Layer (SASL), 53
Security Manager (SM), 249
Security Manager Protocol (SMP), 249
Security Modems, 160
Security Officer, 31
Security Parameter Index (SPI), 206
Security policy, 5
Security Target (ST), 369
Segmented CRLs, 312
Self-synchronizing, 263
SELinux, 21
Semiformally Designed, 378
Semiformally Verified Design, 378
Sensitive Compartmental Information Facilities (SCIF), 501
Sensitive data, 28
Sensitivity, 23
Separation of Duties, 28
Separation of duty violations, 80
Service Level Agreements (SLA), 348
Service Level Agreements (SLAs), 414
Service Oriented Architecture (SOA), 404
Service Set identifier (SSID), 176
Services, 17
Session Initiation Protocol (SIP), 144, 148
Session management, 75
Set-it-and-forget-it, 176
SHA-1, 269
Shared account, 58
Shared database, 46
Shelter-in-Place, 509
Side-Channel Cryptanalysis, 322
Signets, 251
Significance of Vulnerabilities, 380
Signing algorithm, 272
Simple Authentication, 53
Simple Network Management Protocol (SNMP), 218
Simple Object Access Protocol (SOAP), 254
Single point of compromise, 43
Single point of failure, 43
Single Point of Management, 42
Site-to-Site VPN, 247
Site Planning, 499
Skipjack, 262
Smart Cards, 492
Smartcards, 56
Social Media, 188
SOCKS, 211
Software-as-a-Service (SaaS), 156
Software Code Signing, 255
Software Configuration Management, 395
Software Engineering Institute, 384
The Software Engineering Institute (SEI), 384
Software integrity inventories, 18
Software Product Engineering, 399
Software Project Planning, 394
Software Project Tracking, 395
Software Quality Assurance, 395
Software Quality Management, 398
Software Subcontract Management, 395
Solutions, 215
Spanning Port, 170
Special Publication 800–30, 352
Specialized, 98
Specialized protocols, 58
Specially Designated Nationals List, 485
Split knowledge, 243
Splitting the keys, 288
Spoofed, 103
SQL, 71
SS7, 150
SSL protocol, 192
Staged, 389
Standards, 480
State Sponsors of Terrorism, 485
Statement of Requirements (SOR), 414
Statements of Objectives (SOO), 414
Statements of Work (SOW), 414, 348
Static key agreement keys, 277
Storage, 174
Storage Area Networks (SANs), 250
Storage Encryption, 252
Stored procedures, 71
Strategic Outline for Recovery, 466
Strategies for prevention, 515
Strategy Development, 432
Stream Ciphers, 263
Structurally Tested, 377
Structured walkthrough, 417
Subject, 101
Subnet, 92
Subordinate Hierarchy, 307
Subordinate roles, 31
Suite B cryptography, 255
Supporting, 117
Symmetric Attacks, 319
Symmetric cryptography, 286
Symmetric Cryptosystems, 256
Symmetric data encryption key, 277
Symmetric key agreement key, 277
Symmetric key wrapping key, 277
Symmetric Keys Distribution, 288
Synthetic Full Backup, 451
System assessment, 29
System security, 413
System security architecture, 413
System Security Engineering Methodologies, 413
System security policy, 7
System security requirements, 413
T
TACACS, 43
TACACS+, 43
Target of Evaluation (TOE), 372
Task Based, 86
TCP/IP, 187
TCP/IP Protocol Stack, 191
TCP Wrapper, 211
Technical support, 98
Technology Transitions Policy Task Force, 162
TEMPEST Separation Matrix, 152
Temporal Key Integrity Protocol (TKIP), 179
Terminal, 146
Terrorist Supporting Countries, 485
Test date, 120
Test procedures, 120
Test the Plan, 470
Testing Objectives, 117
Testing Paradigms, 118
Testing Strategies, 116
Third-Party Software, 98
Threats, 440
Three-way handshake, 182
Thumb drives, 252
Time of Check/Time of Use (TOC/TOU), 217
Timestamp, 168
Timing attacks, 323
Tiny Encryption Algorithm (TEA), 262
TOE Security Functionality (TSF), 371
Token Management, 106
Top Secret, 22
Topology, 92
Traditional CRL Model, 311
Traffic Analysis attacks, 321
Traffic pattern analysis, 100
Transport Control Protocol, 159
Transport keys, 277
Transport Layer Security (TLS), 191, 407
Transportation schedules, 469
Triggers, 71
Trust Center, 361
Trust Models, 307
Trusted Cloud Initiative (TCI), 495
Trusted Computing Base (TCB), 38
Trusted List, 309
Tunneling, 196
Twitter, 190
Two-key-pair applications, 299
Twofish, 262
Types of protection, 498
U
U.S. Geological Survey (USGS), 438
Ublic Key Infrastructure (PKI), 240
Unauthorized Access, 490
Unauthorized duplication of information, 14
Unbalanced architecture design, 331
UNBIX, 211
Unified Threat Management Gateway (UTM), 164
Unique identifier, 113
United Nations Office for Disaster Risk Reduction (UNISDR), 439
United States Munitions List, 483
Universal Serial Bus (USB), 251
Unnecessary rights, 35
Unverified List, 484
Update, 433
US National Institute of Standards, 243
USAccess Program, 493
Usage Controlled (UCON), 19
USB devices, 252
Useful Life, 274
User Account Control, 216
User Awareness, 57
User Datagram Protocol (UDP), 191, 201
User education, 28
V
Validated, 65
Validating agents, 120
Validation date, 120
Valuation, 364
Vendor List, 469
Verification algorithm, 272
Verification of audit events, 58
Views, 70
Viruses, 362
Visibility, 219
Visually recognizable, 103
Vital Records, 432
Voice, 134
Voice Digitization, 140
Voice Protocols, 144
Voice Security, 141
VoIP Architecture, 139
VPN, 48
VPN Tunneling Protocols, 199
Vulnerability assessment, 119
Vulnerability Evaluation (OCTAVE), 352
W
Warm Site, 456
Wassenaar Arrangement (WA), 487
Watermarks, 251
Weak internal controls, 26
Web applications, 56
Web Page Attack, 360
Web Services Security (WS-Security), 254
Wi-Fi Protected Access (WPA, 179, 248
Wi-Fi Protected Access (WPA), 179, 248
Windows Registry, 17
Windows Update, 15
Wired Equivalent Privacy (WEP), 179
Wireless, 176
Wireless IDSs (WIDS), 171
Wireless Local Area Networks (WLANs), 247
Workflow violation, 35
World Bank, 228
Worms, 360
WPA2), 179
Write actions, 15
Write permission, 13
Writing down, 22
Writing matrix, 23
X
X.25 protocol, 139
X.500, 53
Z
The Zachman Framework, 412
Zangger Committee, 486
Zones of Control, 181