Investigation process

Four phases exist in a computer security incident investigation process: initiating the investigation (phase 1), testing and validating the incident hypothesis (phase 2), analyzing the incident (phase 3), and presenting the evidence (phase 4). The correct order of the investigation process is: gather facts (phase 1); interview witnesses (phase 1); develop incident hypothesis (phase 1); test and validate the hypothesis (phase 2); analyze (phase 3); and report the results to management and others (phase 4).

Inward-facing

It refers to a system that is connected on the interior of a network behind a firewall.

IP address

An Internet Protocol (IP) address is a unique number for a computer that is used to determine where messages transmitted on the Internet should be delivered. The IP address is analogous to a house number for ordinary postal mail.

IP payload compression (IPComp) protocol

Protocol used to perform lossless compression for packet payloads.

IP spoofing

Refers to sending a network packet that appears to come from a source other than its actual source.

Isolation

The containment of subjects and objects in a system in such a way that they are separated from one another, as well as from the protection controls of the operating system.

ISO (International Organization for Standardization)

An organization established to develop and define data processing standards to be used throughout participating countries.

IT-related risk

The net mission/business impact considering (1) the likelihood that a particular threat source will exploit, or trigger, particular information system vulnerability, and (2) the resulting impact if this should occur. IT-related risks arise from legal liability or mission/business loss due to, but not limited to (i) unauthorized (malicious, nonmalicious, or accidental) disclosure, modification, or destruction of information, (ii) nonmalicious errors and omissions, (iii) IT disruptions due to natural or man-made disasters, (iv) failure to exercise due care and due diligence in the implementation and operation of the IT function.

IT security awareness and training program

Explains proper rules of behavior for the use of organization’s IT systems and information. The program communicates IT security policies and procedures that need to be followed.

IT security education

IT security education seeks to integrate all of the security skills and competencies of the various functional specialists into a common body of knowledge, adds a multi-discipline study of concepts, issues, and principles (technological and social), and strives to produce IT security specialists and professionals capable of vision and proactive response.

IT security goal

The five security goals are confidentiality, availability, integrity, accountability, and assurance.

IT security investment

An IT application or system that is solely devoted to security. For instance, intrusion detection system (IDS) and public key infrastructure (PKI) are examples of IT security investments.

IT security metrics

Metrics based on IT security performance goals and objectives.

IT security policy

The documentation of IT security decisions in an organization. Three basic types of policy exist (1) Program policy high-level policy used to create an organization’s IT security program, define its scope within the organization, assign implementation responsibilities, establish strategic direction, and assign resources for implementation. (2) Issue-specific policies address specific issues of concern to the organization, such as contingency planning, the use of a particular methodology for systems risk management, and implementation of new regulations or law. These policies are likely to require more frequent revision as changes in technology and related factors take place. (3) System-specific policies address individual systems, such as establishing an access control list or in training users as to what system actions are permitted. These policies may vary from system to system within the same organization. In addition, policy may refer to entirely different matters, such as the specific managerial decisions setting an organization’s electronic mail policy or fax security policy.

IT security training

IT security training strives to produce relevant and needed security skills and competencies by practitioners of functional specialties other than IT security (e.g., management, systems design and development, acquisition, and auditing). The most significant difference between training and awareness is that training seeks to teach skills, which allow a person to perform a specific function, whereas awareness seeks to focus an individual’s attention on an issue or set of issues. The skills acquired during training are built upon the awareness foundation, and in particular, upon the security basics and literacy material.

J

Jamming

An attack in which a device is used to emit electromagnetic energy on a wireless network’s frequency to make it unusable by the network.

Java

A programming language invented by Sun Microsystems. It can be used as a general-purpose application programming language with built-in networking libraries. It can also be used to write small applications called applets. The execution environment for Java applets is intended to be safe; executing an applet should not modify anything outside the WWW browser. Java is an object-oriented language similar to C++ but simplified to eliminate language features that cause common programming errors. Java source code files (files with a Java extension) are compiled into a format called bytecode (files with a .class extension), which can then be executed by a Java interpreter. Compiled Java code can run on most computers because Java interpreters and runtime environments, known as Java Virtual Machines (VMs), exist for most operating system, including UNIX, the Macintosh OS, and Windows. Bytecode can also be converted directly into machine language instructions by a just-in-time compiler.

JavaScript

A scripting language developed by Netscape to enable Web authors to design interactive sites. Although it shares many of the features and structures of the full Java language, it was developed independently. JavaScript can interact with HTML source code, enabling Web authors to spice up their sites with dynamic content. JavaScript is endorsed by a number of software companies and is an open language that anyone can use without purchasing a license. Recent browsers from Netscape and Microsoft support it, though Internet Explorer supports only a subset, which Microsoft calls Jscript.

Jitter

Non-uniform delays that can cause packets to arrive and be processed out of sequence.

Job rotation

A method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task. Both job rotation and job vacation practices make a person less vulnerable to fraud and abuse.

Joint photographic experts group (JPEG)

The JPEG is a multimedia standard for compressing continuous-tone still pictures or photographs. It is the result of joint efforts from ITU, ISO, and IEC.

Journal

It is an audit trail of system activities, which is useful for file/system recovery purposes. This is a technical and detective control.

K

Kerberos

Kerberos is an authentication tool used in local logins, remote authentication, and client-server requests. It is a means of verifying the identities of principals on an open network. Kerberos accomplishes this without relying on the authentication, trustworthiness, or physical security of hosts while assuming all packets can be read, modified, and inserted at will. Kerberos uses a trust broker model and symmetric cryptography to provide authentication and authorization of users and systems on the network. In classic Kerberos, users share a secret password with a key distribution center (KDC). The user, Alice, who wants to communicate with another user, Bob, authenticates to the KDC and is furnished a ticket by the KDC to use to authenticate with Bob. When Kerberos authentication is based on passwords, the protocol is known to be vulnerable to off-line dictionary attacks by eavesdroppers who capture the initial user-to-KDC exchange.