The cryptographic key life cycle state that zeroizes a key so that it cannot be recovered and it cannot be used. For record purposes, the identifier and other selected metadata of a key may be retained.

Destruction

The result of actions taken to ensure that media cannot be reused as originally intended and that information is virtually impossible to recover or prohibitively expensive.

Detailed design

A process where technical specifications are translated into more detailed programming specifications, from which computer programs are developed.

Detailed testing

A test methodology that assumes explicit and substantial knowledge of the internal structure and implementation detail of the assessment object. Also known as white box testing.

Detective controls

These are actions taken to detect undesirable events and incidents that have occurred. Detective controls enhance security by monitoring the effectiveness of preventive controls and by detecting security incidents where preventive controls were circumvented.

Device communication modes

Three modes of communication between devices include simplex (one-way communication in one direction), half-duplex (one-way at a time in two directions), and full-duplex (two-way directions at the same time). The half-duplex is used when the computers are connected to a hub rather than a switch. A hub does not buffer incoming frames. Instead, a hub connects all the lines internally and electronically.

Dial-back

Synonymous with callback. This is a technical and preventive control.

Dial-up

The service whereby a computer terminal can use the telephone to initiate and effect communication with a computer.

Dictionary attack

A form of guessing attack in which the attacker attempts to guess a password using a list of possible passwords that is not exhaustive.

Differential cryptanalysis attacks

A technique used to attack any block cipher. It works by beginning with a pair of plaintext blocks that differ in only a small number of bits. An attack begins when some patterns are much more common than other patterns. In doing so, it looks at pairs of plaintexts and pairs of ciphertexts.

Differential power analysis (DPA)

An analysis of the variations of the electrical power consumption of a cryptographic module, using advanced statistical methods and/or other techniques, for the purpose of extracting information correlated to cryptographic keys used in a cryptographic algorithm.

Diffie-Hellman (DH) group

Value that specifies the encryption generator type and key length to be used for generating shared secrets.

Digest authentication

Digest authentication uses a challenge-response mechanism for user authentication with a nonce or arbitrary value sent to the user, who is prompted for an ID and password. It is susceptible to offline dictionary attacks and a countermeasure is to use SSL/TLS. Both basic authentication and digest authentication are useful in protecting information from malicious bots.

Digital certificate

A password-protected and encrypted file that contains identification information about its holder. It includes a public key and a unique private key.

Digital evidence

Electronic information stored or transmitted in a digital or binary form.

Digital forensics

The application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Digital signature

(1) Electronic information stored or transferred in digital form. (2) A non-forgeable transformation of data that allows the proof of the source (with nonrepudiation) and the verification of the integrity of that data. (3) An asymmetric key operation where the private key is used to digitally sign an electronic document and the public key is used to verify the signature. Digital signatures provide authentication and integrity protection. (4) The result of a cryptographic transformation of data that, when properly implemented, provides the services of origin authentication, data integrity, and signer nonrepudiation.

Digital signature algorithm (DSA)

The DSA is used by a signatory to generate a digital signature on data and by a verifier to verify the authenticity of the signature. It is an asymmetric algorithm used for digitally signing data.

Digital watermarking

It is the process of irreversibly embedding information into a digital signal. An example of is embedding copyright information about the copyright owner. Steganography is sometimes applied in digital watermarking, where two parties communicate a secret message embedded in the digital signal. Annotation of digital photographs with descriptive information is another application of invisible watermarking. While some file formats for digital media can contain additional information called metadata, digital watermarking is distinct in that the data is carried in the signal itself.

Directive controls

Directive controls are broad-based controls to handle security incidents, and they include management’s policies, procedures, and directives.

Disaster recovery

The process of restoring an information system (IS) to full operation after an interruption in service, including equipment repair or replacement, file recovery or restoration, and resumption of service to users.

Disaster recovery plan (DRP)

A written plan for processing critical applications in the event of a major hardware or software failure or destruction of facilities.

Discretionary access control (DAC)

The basis of this kind of security is that an individual user or program operating on the user’s behalf is allowed to specify explicitly the types of access other users or programs executing on their behalf may have to the information under the user’s control. Compare with mandatory access control.

Discretionary protection

Access control that identifies individual users and their need-to-know and limits users to the information that they are allowed to see. It is used on systems that process information with the same level of sensitivity.

Disinfecting

Removing malware from within a file.

Disintegration

A physically destructive method of sanitizing media; the act of separating into component parts.

Disk arrays

A technique used to improve the performance of data storage media regardless of the type of computer used. Disk arrays use parity disk schema to keep track of data stored in a domain of the storage subsystem and to regenerate it in case of a hardware/software failure. Disk arrays use multiple disks and if one disk drive fails, the other one becomes available. They also have seven levels from level zero through six (i.e., redundant array of independent disks –RAID0 to RAID6). They use several disks in a single logical subsystem. Disk arrays are also called disk striping. It is a recovery control.

Disk duplexing

The purpose is the same as disk arrays. The disk controller is duplicated. It has two or more disk controllers and more than one channel. When one disk controller fails, the other one is ready to operate. This is a technical and recovery control and ensures the availability goal.

Disk farm

Data are stored on multiple disks for reliability and performance reasons.

Disk imaging

Generating a bit-for-bit copy of the original media, including free space and slack space.