Section 1.8. Terms and Concepts

1.8. Terms and Concepts

Virus, Trojan horse, worm, rabbit, salami, firewall, spray paint, mental poker, orange book, war dialer. The vocabulary of computer security is rich with terms that capture your attention. Also, the field is filled with acronyms: DES, AES, RSA, TCSEC, CTCPEC, ITSEC, PEM, PGP, and SSE CMM, to list a few. All of these are explained in this book. Each chapter ends with a list of terms and concepts, in order of their occurrence, as a way to review and see whether you have learned the important points of the chapter.

The list for this chapter includes some terms that may be new, as well as the major concepts introduced here. Although these terms are elaborated on in future chapters, it is good to begin now to learn the terms and the underlying concepts.

computing system, 5

principle of easiest penetration, 5

hardware, 6

software, 6

data, 6

vulnerability, 6

threat, 6

attack, 7

control, 7

interruption, 8

interception, 8

modification, 8

fabrication, 8

method, 8

opportunity, 8

motive, 8

security, secure, 10

confidentiality, 10

integrity, 10

availability, 10

secrecy, 10

privacy, 10

configuration management, 15

logic bomb, 16

Trojan horse, 16

virus, 16

trapdoor, 16

information leak, 16

principle of adequate protection, 17

salami attack, 19

replay, 19

cracker, 22

prevention, 23

deterrence, 23

deflection, 23

detection, 23

recovery, 23

encryption, 25

protocol, 26

policy, 27

procedure, 27

physical control, 27

principle of effectiveness, 28

overlapping control, 29

layered defense, 29

principle of weakest link, 29

administrative control, 31