The use of techniques to detect errors, to estimate/predict the number of errors, and to analyze error data both singly and collectively.
Error correction
Techniques that attempt to recover from detected data transmission errors.
Error-correction code
A technique in which the information content of the error-control data of a data unit can be used to correct errors in that unit.
Error-detection code
A code computed from data and comprised of redundant bits of information designed to detect, but not correct, unintentional changes in the data.
Escrow
Something (e.g., a document or an encryption key) that is “delivered to a third person to be given to the grantee upon the fulfillment of a condition.”
Escrow arrangement
(1) Placing an electronic cryptographic key and rules for its retrieval into a storage medium maintained by a rusted third party. (2) Something (e.g., a document, software source code, or an encryption key) that is delivered to a third person to be given to the grantee only upon the fulfillment of a condition or a contract.
Ethernet
Ethernet is the most widely installed protocol for local-area network (LAN) technology. It uses CSMA/CD for channel allocation. Older versions of Ethernet used a thick coaxial original cable (classic Ethernet), which is obsolete now. Newer versions of Ethernet use a thin coaxial cable with no hub needed, twisted-pair wire (low cost), fiber optics (good between buildings), and switches. Because the Internet Protocol (IP) is a connectionless protocol, it fits well with the connectionless Ethernet protocol. Ethernet uses the bus topology. Ethernet is classified as thick, thin, fast, switched, and gigabit Ethernet based on the cable used and the speed of service. Ethernet operates in the data link layer of the ISO/OSI reference model based on the IEEE 802.3 standard and uses the 48-bit addressing scheme. The gigabit Ethernet supports both full-duplex and half-duplex communication modes, and because no connection is possible, the CSMA/CD protocol is not used.
Evaluation
The process of examining a computer product or system with respect to certain criteria.
Evaluation assurance level (EAL)
One of seven increasingly rigorous packages of assurance requirements from Common Criteria (CC) Part 3. Each numbered package represents a point on the CC’s predefined assurance scale. An EAL can be considered a level of confidence in the security functions of an IT product or system.
Event
(1) Something that occurs within a system or network. (2) Any observable occurrence in a network or system.
Event aggregation
The consolidation of similar log entries into a single entry containing a count of the number of occurrences of the event.
Event correlation
Finding relationships between two or more log entries.
Event normalization
Covering each log data field to a particular data representation and categorizing it consistently.
Event reduction
Removing unneeded data fields from all log entries to create a new log that is smaller in size.
Evidence life cycle
The evidence life cycle starts with evidence collection and identification; analysis; storage; preservation and transportation; presentation in court; and ends when the evidence is returned to the victim (owner). The evidence life cycle is connected with the chain of evidence.
Examine
A type of assessment method that is characterized by the process of checking, inspecting, reviewing, observing, studying, or analyzing one or more assessment objects to facilitate understanding, achieve clarification, or obtain evidence, the results of which are used to support the determination of security control effectiveness over time.
Exclusive-OR operation (XOR)
The bitwise addition, modulo 2, of two bit strings of equal length.
Exculpatory evidence
Evidence that tends to decrease the likelihood of fault or guilt.
Executive steering committee
Committees that manage the information portfolio of the organization.
Exhaustive search attack
Uses computer programs to search for a password for all possible combinations. An exhaustive attack consists of discovering secret data by trying all possibilities and checking for correctness. For a four-digit password, you might start with 0000 and move on to 0001, 0002, and so on until 9999.
Expert systems
Expert systems use artificial intelligence programming languages to help human beings make better decisions.
Exploit code
A program that enables attackers to automatically break into a system.
Exploitable channel
Channel that allows the violation of the security policy governing an information system and is usable or detectable by subjects external to the trusted computing base (TCB).
Exposure
Caused by the undesirable events. Exposure = Attack + Vulnerability.
Extensibility
(1) A measure of the ease of increasing the capability of a system. (2) The ability to extend or expand the capability of a component so that it handles the additional needs of a particular implementation.
Extensible Access Control Markup Language (XACML)
A general-purpose language for specifying access control policies.
Extensible authentication protocol (EAP)
A standard means of extending challenge handshake authentication protocol (CHAP) and password authentication protocol (PAP) to include additional authentication data such as biometric data. EAP is used in authenticating remote users. Legacy EAP methods use MD5-Challenge, One-Time Password, and Generic Token Card. Robust EAP methods use EAP-TLS, EAP-TTLS, PEAP, and EAP-FAST.
Extensible hypertext Markup Language (XHTML)
A unifying standard that brings the benefits of XML to those of HTML.
Extensible Markup Language (XML)
A cross-platform, extensible, and text-based standard markup language for representing structured data. It provides a cross-platform, software- and hardware-independent tool for transmitting information. XML is a meta-language, a coding language for describing programming languages used on the Web. XML uses standard generalized markup language (SGML) on the Web, and it is like Hypertext Markup Language (HTML). The Web browser interprets the XML tags for the right meaning of information in Web documents and pages. It is a flexible text format designed to describe data for electronic publishing.
Exterior border gateway protocol (EBGP)
A border gateway protocol (BGP) operation communicating routing information between two or more autonomous systems (ASs).
External information system
An information system or component that is outside of the authorization boundary established by the organization and for which the organization has no direct control over the implementation of required security controls or the assessment of security control effectiveness.
External information system service provider
A provider of external information system services to an organization through a variety of consumer-producer relationships. Examples include joint venture, business partnerships, outsourcing arrangements, licensing agreements, and supply chain arrangements.
External network
A network not controlled by an organization.
External testing (security)
External security testing is conducted from outside the organization’s security perimeter.