Port scanner

A program that can remotely determine which ports on a system are open (e.g., whether systems allow connections through those ports).

Portal

A high-level remote access architecture that is based on a server that offers teleworkers access to one or more application systems through a single centralized interface.

Portal VPN

A single standard secure socket layer (SSL) connection to a website to secure access to multiple network services.

Portfolio management

It refers to activities related to the management of IT resources, as one would manage investments in a stock portfolio. The IT portfolio facilitates the alignment of technology investments with business needs and focuses on mitigating IT investment risks.

Ports

Ports are commonly used to gain information or access to computer systems. Well-known port numbers range from 0 through 1,023, whereas registered port numbers run from 1,024 through 49,151. When a service is requested from unknown callers, a service contact port (well-known port) is defined.

Possession and control of a token

The ability to activate and use the token in an authentication protocol.

Post office protocol (POP)

A standard protocol used to receive electronic mail from a server. It is a mailbox access protocol defined by IETF RFC 1939 and is one of the most commonly used mailbox access protocols.

Potential impact

The loss of confidentiality, integrity, or availability could be expected to have (1) a limited adverse effect (low), (2) a serious adverse effect (moderate), or (3) a severe or catastrophic adverse effect (high) on organizational operations, systems, assets, individuals, or other organizations.

Power monitoring attack

Uses varying levels of power consumption by the hardware during computations. It is a general class of side channel attack (Wikipedia).

Pre-activation state

A cryptographic key lifecycle state in which a key has not yet been authorized for use.

Pre-boot authentication (PBA)

The process of requiring a user to authenticate successfully before decrypting and booting an operating system.

Precursor

(1) A sign that a malware attack may occur in the future. (2) A sign that an attacker may be preparing to cause an incident.

Pre-message secret number

A secret number that is generated prior to the generation of each digital signature.

Presentation layer

Portion of an ISO/OSI reference model responsible for adding structure to data units that are exchanged.

Pre-shared key

Single key used by multiple IPsec endpoints to authenticate endpoints to each other.

Pretexting

Impersonating others to gain access to information that is restricted. Synonymous with social engineering.

Pretty Good Privacy (PGP)

(1) A standard program for securing e-mail and file encryption on the Internet. Its public-key cryptography system allows for the secure transmission of messages and guarantees authenticity by adding digital signatures to messages. (2) A cryptographic software application for the protection of computer files and electronic mail. (3) It combines the convenience of the Rivest-Shamir-Adleman (RSA) public-key algorithm with the speed of the secret-key IDEA algorithm, digital signature, and key management.

Preventive controls

Actions taken to deter undesirable events and incidents from occurring in the first place.

Preventive maintenance

Computer hardware and related equipment maintained on a planned basis by the manufacturer, vendor, or third party to keep them in a continued operational condition.

Prime number generation seed

A string of random bits that is used to determine a prime number with the required characteristics.

Principal

An entity whose identity can be authenticated.

Principle of least privilege

The granting of the minimum access authorization necessary for the performance of required tasks.

Privacy

(1) The right of an individual to self-determination as to the degree to which the individual is willing to share with others information about himself that may be compromised by unauthorized exchange of such information among other individuals or organizations. (2) The right of individuals and organizations to control the collection, storage, and dissemination of their information or information about themselves. (3) Restricting access to subscriber or relying party information.

Privacy impact assessment (PIA)

PIA is an analysis of how information is handled (1) to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy, (2) to determine the risks and effects of collecting, maintaining, and disseminating information in identifiable form in an electronic information system, and (3) to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks.

Privacy protection

The establishment of appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of data records to protect both security and confidentiality against any anticipated threats or hazards that could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual about whom such information is maintained.

Private key

(1) The secret part of an asymmetric key pair that is typically used to digitally sign or decrypt data. (2) A cryptographic key, used with a public key cryptographic algorithm that is uniquely associated with an entity and not made public. It is the undisclosed key in a matched key pair—private key and public key—used in public key cryptographic systems. In a symmetric (private) key crypto-system, the key of an entity’s key pair is known only by that entity. In an asymmetric (public) crypto-system, the private key is associated with a public key. Depending on the algorithm, the private key may be used to (a) compute the corresponding public key, (b) compute a digital signature that may be verified by the corresponding public key, (c) decrypt data that was encrypted by the corresponding public key, or (d) compute a piece of common shared data, together with other information. (3) The private key is used to generate a digital signature. (4) The private key is mathematically linked with a corresponding public key.

Privilege management

Privilege management creates, manages, and stores the attributes and policies needed to establish criteria that can be used to decide whether an authenticated entity’s request for access to some resource should be granted.

Privileged accounts

Individuals who have access to set “access rights” for users on a given system. Sometimes referred to as system or network administrative accounts.

Privileged data

Data not subject to usual security rules because of confidentiality imposed by law, such as legal and medical files.

Privileged function

A function executed on an information system involving the control, monitoring, or administration of the system.

Privileged instructions

A set of instructions (e.g., interrupt handling or special computer instructions) to control features (such as storage protection features) generally executable only when a computer system is operating in the executive state.

Privileged process

A process that is afforded (by the kernel) some privileges not afforded normal user processes. A typical privilege is the ability to override the security *.property. Privileged processes are trusted.