P

A type of firewall that examines the source and destination address of an incoming packet and either permits or denies the packet based on an access control list (ACL). See also ACL.

A type of attack in which an attacker uses a sniffer to capture network packets and analyze their contents.

Personal Area Network.

A remote access control protocol that uses a two-way handshake to authenticate a peer to a server when a link is initially established.

A string of characters (a word or phrase) that a subject provides to an authentication mechanism in order to authenticate to a system.

As defined by the U.S. Patent and Trademark Office (PTO), a patent is “the grant of a property right to the inventor.”

A U.S. law that expanded the authority of law enforcement agencies for the purpose of combating terrorism.

An open standard used to transmit authentication information in a protected manner.

Provides confidentiality and authentication using 3DES for encryption, MD2 or MD5 message digests, X.509 digital certificates, and the RSA asymmetric system for digital signatures and secure key distribution. See also 3DES, RSA.

A test that attempts to penetrate a system in order to enumerate it and identify potential software vulnerabilities. Also known as “pen testing.”

A numeric-only password, usually used when only a numeric keypad (versus an alphanumeric keyboard) is available. See also Password.

A freely available, open-source e-mail application that provides confidentiality and authentication using the IDEA cipher for encryption and the RSA asymmetric system for digital signatures and secure key distribution. See also RSA.

A phishing attack that is targeted towards a specific organization. See also Phishing.

A social engineering attack technique widely used in identity theft crimes. An e-mail, purportedly from a known legitimate business (typically financial institutions, online auctions, retail stores, and so on) requests the recipient to verify personal information online at a forged or hijacked Web site. See also Pharming, Spear Phishing.

Controls that ensure the safety and security of the physical environment.

Enables secure e-commerce through the integration of digital signatures, digital certificates, and other services necessary to ensure confidentiality, integrity, authentication, non-repudiation, and access control.

A message in its original readable format or a ciphertext message that has been properly decrypted (unscrambled) to produce the original readable plaintext message.

A formal high-level statement of an organization’s objectives, responsibilities, ethics and beliefs, and general requirements and controls.

Allows different versions of the same data to exist at different sensitivity levels.

A test used to determine which TCP/IP service ports on a system are running.

Used in remote access service (RAS) servers to encapsulate IP packets and establish dial-in connections over serial and Integrated Services Digital Network (ISDN) links.

A VPN protocol designed for individual client-server connections.

Controls that prevent unwanted events.

The security and protection of personal information.

Provides detailed instructions on how to implement specific policies and meet the criteria defined in standards.

An operating system feature whereby different user processes are unable to view or modify information related to other processes.

A setting on a computer’s network adaptor wherein all network is passed to the CPU, not just traffic addressed to it. See also Sniffing.

Prevents other programs or processes from accessing and modifying the contents of address space that has already been assigned to an active program or process.

A security architecture concept that implements multiple domains with increasing levels of trust near the center.

An action taken or not taken as part of a sequence of events that resulted in negative consequences.

Under the Federal Sentencing Guidelines, senior corporate officers are required to perform their duties in good faith, in the best interests of the enterprise, and with the care and diligence that ordinary, prudent persons in a like position would exercise under similar circumstances.

A form of social engineering wherein the attacker attempts to trick persons into performing certain actions to remedy a supposed security situation.

A cryptographic method that permits parties to communicate with each other without the benefit of exchanging a secret key in advance.

Determined by a jury and intended to punish the offender.