Disk mirroring

The purpose is the same as disk arrays. A file server contains two physical disks and one channel, and all information is written to both disks simultaneously (disk-to-disk copy). If one disk fails, all of the data are immediately available from the other disk. Disk mirroring is also called shadowed disk, and incurs some performance overhead during write operations and increases the cost of the disk subsystem since two disks are required. Disk mirroring should be used for critical applications that can accept little or no data loss. This is a technical and recovery control and ensures the availability goal. Synonymous with disk shadowing.

Disk replication

Data is written to two different disks to ensure that two valid copies of the data are always available. Disk replication minimizes the time-windows for recovery.

Disk striping

Has more than one disk and more than one partition, and is the same as disk arrays. An advantage of disk arrays includes running multiple drives in parallel, and a disadvantage includes the fact that its organization is more complicated than disk farming and highly sensitive to multiple failures.

Disposal

The act of discarding media with no other sanitization considerations. This is most often done by paper recycling containing nonconfidential information but may also include other media. It is giving up control, in a manner short of destruction.

Disruption

An unplanned event that causes the general system or major application to be inoperable for an unacceptable length of time (e.g., minor or extended power outage, extended unavailable network, or equipment or facility damage or destruction).

Distributed computing

Distributed computing, in contrast to supercomputing, is used with many users with small tasks or jobs, each of which is solved by one or more computers. A distributed system consists of multiple autonomous computers or nodes that communicate through a computer network where each computer has its own local memory and these computers communicate with each other by message passing. There is an overlap between distributed computing, parallel computing, grid computing, and concurrent computing (Wikipedia).

Distributed denial-of-service (DDoS)

A denial-of-service (DoS) technique that uses numerous hosts to perform the attack.

A DDoS is a denial-of-service (DoS) technique that uses numerous hosts to perform the attack. An attacker takes control of many computers, which then become the sources (“zombies”) for the actual attack. If enough hosts are used, the total volume of generated network traffic can exhaust not only the resources of a targeted host but also the available bandwidth for nearly any organization. DDoS attacks have become an increasingly severe threat, and the lack of availability of computing and network services now translates to significant disruption and major financial loss.

Distribution attacks

They focus on the malicious modification of hardware or software at the factory or during distribution. These attacks can introduce malicious code into a product such as a backdoor to gain unauthorized access to information or a system function at a later date.

Document type definition (DTD)

A document defining the format of the contents present between the tags in an XML and SGML document, and the way they should be interpreted by the application reading the XML or SGML document.

Domain

A set of subjects, their information objects, and a common security policy.

Domain name system (DNS)

An Internet translation service that resolves domain names to IP addresses and vice versa. Each entity in a network, such as a computer, requires a uniquely identifiable network address for proper delivery of message information. DNS is a protocol used to manage name lookups for converting between decimal and domain name versions of an address. It uses a name-server (DNS server), which contains a universe of names called name-space. Each name-server is identified by one or more IP addresses. One can intercept and forge traffic for arbitrary name-nodes, thus impersonating IP addresses. Secure DNS can be accomplished with cryptographic protocols for message exchanges between name-servers. DNS transactions include DNS query/response, zone transfers, dynamic updates, and DNS NOTIFY.

Domain parameter seed

A string of bits that is used as input for a domain parameter generation or validation process.

Domain parameters

Parameters used with cryptographic algorithms that are usually common to a domain of users. A DSA or ECDSA cryptographic key pair is associated with a specific set of domain parameters.

Domain separation

It relates to the mechanisms that protect objects in a system. Domain consists of a set of objects that a subject can access.

Downgrade

The change of a classification label to a lower level without changing the contents of the data. Downgrading occurs only if the content of a file meets the requirements of the sensitivity level of the network for which the data is being delivered.

Dual backbones

If the primary network goes down, the secondary network will carry the traffic.

Dual cable

Two separate cables are used: one for transmission and one for reception.

Dual control

The process of utilizing two or more separate entities (usually persons) operating in concert to protect sensitive functions or information. All entities are equally responsible. This approach generally involves the split-knowledge of the physical or logical protection of security parameters. This is a management and preventive control.

Dual-homed gateway firewall

A firewall consisting of a bastion host with two network interfaces, one of which is connected to the protected network, the other of which is connected to the Internet. IP traffic forwarding is usually disabled, restricting all traffic between the two networks to whatever passes through some kind of application proxy.

Dual-use certificate

A certificate that is intended for use with both digital signature and data encryption services.

Due care

Means reasonable care, which promotes the common good. It is maintaining minimal and customary practices. It is the responsibility that managers and their organizations have a duty to provide for information security to ensure that the type of control, the cost of control, and the deployment of control are appropriate for the system being managed. Both due care and due diligence are similar to the “prudent man” concept.

Due diligence

Requires organizations to develop and implement an effective security program to prevent and detect violation of policies and law. It requires that the organization has taken minimum and necessary steps in its power and authority to prevent and detect violation of policies and law. Due diligence is another way of saying “due care.” Both due care and due diligence are similar to the “prudent man” concept.

Due process

Means following rules and principles so that an individual is treated fairly and uniformly at all times. It also means fair and equitable treatment to all concerned parties.

Due professional care

Individuals applying the care and skill expected of a reasonable prudent and competent professional during their work.

Dumpster diving

Going through a company’s or an individual’s waste containers to find some meaningful and useful documents and records (information) and then use that information against that company or individual to steal identity or to conduct espionage work.