domain - The set of objects that a subject is allowed to access. Within this domain, all subjects and objects share a common security policy, procedures, and rules, and they are managed by the same management system.

DoS - (Denial of Service) - Any action, or series of actions, that prevents a system, or its resources, from functioning in accordance with its intended purpose.

DR - (Disaster Recovery) - Those tasks and activities required to bring an organization back from contingency operations and reinstate regular operations.

DRM - (Digital Rights Management) - A broad range of technologies that grant control and protection to content providers over their own digital media. May use cryptography techniques.

due care - Steps taken to show that a company has taken responsibility for the activities that occur within the corporation and has taken the necessary steps to help protect the company, its resources, and employees.

due diligence - The process of systematically evaluating information to identify vulnerabilities, threats, and issues relating to an organization\'s overall risk.

duress - The use of threats or violence against someone in order to force them to do something they don\'t want to do.

dynamic ports - Ports 49152

dynamic testing - When the system under test is executed and its behavior is observed.

e-discovery - The process of producing for a court or external attorney all electronically stored information pertinent to a legal proceeding.

egress monitoring - Maintaining awareness of the information that is flowing out of a network, whether it appears to be malicious or not.

electronic discovery - The process of producing for a court or external attorney all electronically stored information pertinent to a legal proceeding.

electronic vaulting - The transfer of backup data to an offsite location. This process is primarily a batch process of transmitting data through communications lines to a server at an alternative location.

emanations - Electrical and electromagnetic signals emitted from electrical equipment that can transmit through the airwaves. These signals carry information that can be captured and deciphered, which can cause a security breach. These are also called emissions.

encoding - The action of changing a message into another format through the use of a code.

encryption - The transformation of plaintext into unreadable ciphertext.

end-to-end encryption - A technology that encrypts the data payload of a packet.

exposure - An instance of being exposed to losses from a threat. A weakness or vulnerability can cause an organization to be exposed to possible damages.

exposure factor - The percentage of loss a realized threat could have on a certain asset.

fail-safe - A functionality that ensures that when software or a system fails for any reason, it does not compromise anyone\'s safety. After a failure, a fail-safe electronic lock might default to an unlocked state, which would prevent it from interfering with anyone trying to escape in an emergency.

fail-secure - A functionality that ensures that when software or a system fails for any reason, it does not end up in a vulnerable state. After a failure, a fail-secure lock might default to a locked state, which would ensure the security of whatever it is protecting.

failover - A backup operation that automatically switches to a standby system if the primary system fails or is taken offline. It is an important fault-tolerant function that provides system availability.

false acceptance rate - The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. Known as a Type II error. A system\'s FAR typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts.

false rejection rate - The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. Known as a Type I error. A system\'s FRR typically is stated as the ratio of the number of false rejections divided by the number of identification attempts.

FAR - (False Acceptance Rate) - The measure of the likelihood that the biometric security system will incorrectly accept an access attempt by an unauthorized user. Known as a Type II error. A system\'s FAR typically is stated as the ratio of the number of false acceptances divided by the number of identification attempts.

FCoE - (Fibre Channel over Ethernet) - A converged protocol that allows Fibre Channel frames to ride over Ethernet networks.

Fibre Channel over Ethernet - A converged protocol that allows Fibre Channel frames to ride over Ethernet networks.

firewall - A device that enforces administrative security policies by filtering incoming traffic based on a set of rules.

firmware - Software instructions that have been written into read-only memory (ROM) or a programmable ROM (PROM) chip.

formal security policy model - A mathematical statement of a security policy. When an operating system is created, it can be built upon a predeveloped model that lays out how all activities will take place in each and every situation. This model can be expressed mathematically, which is then translated into a programming language.

formal verification - Validating and testing of highly trusted systems. The tests are designed to show design verification, consistency between the formal specifications and the formal security policy model, implementation verification, consistency between the formal specifications, and the actual implementation of the product.

frame - Data represented at Layer 2 of the Open Systems Interconnection (OSI) model.

FRR - (False Rejection Rate) - The measure of the likelihood that the biometric security system will incorrectly reject an access attempt by an authorized user. Known as a Type I error. A system\'s FRR typically is stated as the ratio of the number of false rejections divided by the number of identification attempts.

gateway - A system or device that connects two unlike environments or systems. The gateway is usually required to translate between different types of applications or protocols.

global system for mobiles - A second-generation digital mobile telephone standard that uses a variation of Time Division Multiple Access (TDMA) to separate calls using channels and time slots.

governance - The process of how an organization is managed

governance committee - A formal body of personnel who determine how decisions will be made within the organization and the entity that can approve changes and exceptions to current relevant governance.

GSM - (Global System for Mobiles) - A second-generation digital mobile telephone standard that uses a variation of Time Division Multiple Access (TDMA) to separate calls using channels and time slots.

guidelines - Recommended actions and operational guides for users, IT staff, operations staff, and others when a specific standard does not apply.

handshaking procedure - A dialog between two entities for the purpose of identifying and authenticating the entities to one another. The dialog can take place between two computers or two applications residing on different computers. It is an activity that usually takes place within a protocol.

hash - A small representation of a larger message. Message digests are used to ensure the authentication and integrity of information, not the confidentiality.

hash function - A function that accepts an input message of any length and uses a one-way operation to generate a fixed-length output, called a message digest or hash.

honeynet - A network connecting two or more honeypots that is created for the sole purpose of luring an attacker in order to compromise it.

honeypot - A computer set up as a sacrificial lamb on the network in the hope that attackers will attack this system instead of actual production systems.

ICMP - (Internet Control Message Protocol) - Provides a means to send error messages and a way to probe the network to determine network availability.

IDaaS - (IDentity as a Service) - A type of Software as a Service (SaaS) offering that normally provides single sign-on (SSO), federated identity management (IdM), and password management services.

identification - A subject provides some type of data to an authentication service. Identification is the first step in the authentication process.

Identity as a Service - A type of Software as a Service (SaaS) offering that normally provides single sign-on (SSO), federated identity management (IdM), and password management services.

identity proofing - The process of collecting and verifying information about a person for the purpose of proving that a person who has requested an account, a credential, or other special privilege is indeed who he or she claims to be and establishing a reliable relationship that can be trusted electronically between the individual and said credential for purposes of electronic authentication.

IDS - (Intrustion Detection System) - Software employed to monitor and detect possible attacks and behaviors that vary from the normal and expected activity. The IDS can be network based, which monitors network traffic, or host based, which monitors activities of a specific system and protects system files and control mechanisms.