End-point protection platform

It is safeguards implemented through software to protect end-user computers such as workstations and laptops against attack (e.g., antivirus, antispyware, antiadware, personal firewalls, and hot-based intrusion detection systems).

End-point security

End-point protection platforms require end-point security products such as (1) use of anti-malware software; if not available, use of rootkit detectors, (2) use of personal firewalls, (3) use of host-based intrusion detection and prevention systems, (4) use of mobile code restrictively, (5) use of cryptography in file encryption, full disk encryption, and VPN connections, (6) implementation of TLS or XML gateways or firewalls, (7) placing remote access servers in internal DMZ, and (8) use of diskless nodes and thin clients with minimal functionality.

End-to-end encryption

(1) Encryption of information at the origin within a communications network and postponing decryption to the final destination point. (2) Communications encryption in which data is encrypted when being passed through a network, but routing, addresses, headers, and trailer information are not encrypted (i.e., remains visible). (3) It is encryption of information at its origin and decryption at its intended destination without intermediate decryption. This is a technical and preventive control.

End-to-end security

The safeguarding of information in a secure telecommunication system by cryptographic or protected distribution system means from point of origin to point of destination. This is a technical and preventive control.

End-to-end testing

A testing approach to verify that a defined set of interrelated systems that collectively support an organizational core business area or function interoperates as intended in an operational environment. It is conducted when a major system in the end-to-end chain is modified or replaced.

End-user device

A personal computer (e.g., desktop and laptop), consumer device (e.g., personal digital assistant [PDA] and smart phone), or removable storage media (e.g., USB flash drive, memory card, external hard drive, and writeable CD or DVD) that can store information.

Enhanced messaging service (EMS)

An improved message system for global system for mobile communications (GSM) mobile phone allowing picture, sound, animation, and text elements to be conveyed through one or more concatenated short message service (SMS).

Enterprise architecture

The description of an enterprise’s entire set of information systems: how they are configured, how they are integrated, how they interface to the external environment at the enterprise’s boundary, how they are operated to support the enterprise mission, and how they contribute to the enterprise’s overall security posture.

Entity

(1) Any participant in an authentication exchange; such a participant may be human or nonhuman, and may take the role of the claimant and/or verifier. (2) It is either a subject (an active element generally in the form of a person, process, or device that causes information to flow among objects or changes the system state) or an object (a passive element that contains or receives information). Note: Access to an object potentially implies access to the information it contains. (3) It is an active element in an open system. (4) It is an individual (person) or organization, device, or process. (5) A collection of information items conceptually grouped together and distinguished from their surroundings. An entity (party) is described by its attributes, and entities can be linked or have relationships to other entities (parties).

Entity integrity

A tuple in a relation cannot have a null value for any of the primary key attributes.

Entity-relationship-attribute (ERA) diagram

Used for data intensive application systems and shows the relationships between entities and attributes of a system.

Entrapment

The deliberate planting of apparent flaws in a system for the purpose of detecting attempted penetrations.

Entropy

(1) The uncertainty of a random variable. (2) A measure of the amount of uncertainty that an attacker faces to determine the value of a secret. Entropy is usually stated in bits.

Environmental failure protection

The use of features to protect against a compromise of the security of a cryptographic module due to environmental conditions or fluctuations outside of the module’s normal operating range.

Environmental failure testing

The use of specific test methods to provide reasonable assurance that the security of a cryptographic module will not be compromised by environmental conditions or fluctuations outside of the module’s normal operating range.

Environmental threats

Examples of environmental threats include equipment failure, software errors, telecommunications network outage, and electric power failure.

Ephemeral key pairs

Ephemeral key agreement keys are generated and distributed during a single key agreement process (e.g., at the beginning of a communication session) and are not reused. These key pairs are used to establish a shared secret (often in combination with static key pairs); the shared secret is subsequently used to derive shared keying material. Not all key agreement schemes use ephemeral key pairs, and when used, not all entities have an ephemeral key pair.

Ephemeral keys

Short-lived cryptographic keys that are statistically unique to each execution of a key establishment process and meet other requirements of the key type (e.g., unique to each message or session).

Equipment life cycle

Four phases of equipment life cycle (asset management) include: Authorization and acquisition (phase 1), Inventory and audit (phase 2), Use and maintenance (phase 3), and Dispose or replace (Phase 4). Inventory and audit includes tagging the assets, maintaining an inventory of electronic records, taking periodic inventory of these assets through physical counting, and reconciling the difference between the physical count and the book count. Maintenance includes preventive and remedial maintenance, which can be performed onsite, offsite, or both. Examples of equipment located in functional user departments and IT department include routers, printers, scanners, CPUs, disk drives, and tape drives.

Erasable programmable read-only memory (EPROM)

A subclass of ROM chip that can be erased and reprogrammed many times.

Erasure

A process by which a signal recorded on magnetic media is removed (i.e., degaussed). Erasure may be accomplished in two ways, (1) by alternating current (AC) erasure, by which the information is destroyed by applying an alternating high- and low-magnetic field to the media or (2) by direct current (DC) erasure, by which the media are saturated by applying a unidirectional magnetic field. Process intended to render magnetically stored information irretrievable by normal means.

Error

(1) The difference between a computed, observed, or measured value and the true, specified, or theoretically correct value or condition. (2) An incorrect step, process, or data definition often called a bug. (3) An incorrect result. (4) A human action that produces an incorrect result. (5) A system deviation that may have been caused by a fault. (6) A bit error is the substitution of a ‘0’ bit for a ‘1’ bit, or vice versa.

Error analysis