B

The process of verifying a person’s professional, financial, and legal background, usually in connection with employment.

Identifies a consistent basis for an organization’s security architecture, taking into account system-specific parameters, such as different operating systems.

A formal confidentiality model that defines two basic properties:

• simple security property (ss property) A subject can’t read information from an object with a higher sensitivity label (no read up, or NRU).

• star property (* property) A subject can’t write information to an object with a lower sensitivity label (no write down, or NWD).

Original, unaltered evidence, which is preferred by the court over secondary evidence. See also Best evidence rule.

Defined in the Federal Rules of Evidence, states that “to prove the content of a writing, recording, or photograph, the original writing, recording, or photograph is (ordinarily) required.”

A formal integrity model that defines two basic properties:

• simple integrity property A subject can’t read information from an object with a lower integrity level (no read down, or NRD).

• star integrity property (*-integrity property) A subject can’t write information to an object with a higher integrity level (no write up, or NWU).

Any of various means used, as part of an authentication mechanism, to verify the identity of a person. Types of biometrics used include fingerprint, palm print, signature, retinal scan, voice scan, and keystroke patterns.

A type of attack that attempts to exploit the probability of two messages using the same hash function and producing the same message digest.

A security test wherein the tester has no prior knowledge of the system being tested.

Total loss of electric power.

An encryption algorithm that divides plaintext into fixed-size blocks of characters or bits and uses the same key on each fixed-size block to produce corresponding ciphertext.

A network device that forwards packets to other devices on a network.

Prolonged drop in voltage from an electric power source such as a public utility.

A type of attack in which the attacker attempts every possible combination of letters, numbers, and characters to crack a password, passphrase, or PIN.

A type of attack in which the attacker enters an out-of-range parameter or intentionally exceeds the buffer capacity of a system or application to effect a Denial of Service or exploit a vulnerability.

The logical interconnection between basic components in a computer system including CPU, memory, and peripherals.

A network topology where all devices are connected to a single cable.

A risk analysis that, as part of a business continuity plan, describes the impact to business operations that the loss of various IT systems would impose.