Rainbow tables

Rainbow tables are lookup tables that contain pre-computed password hashes, often used during password cracking. These tables allow an attacker to crack a password with minimal time and effort.

Random access memory (RAM)

A place in the central processing unit (CPU) of a computer where data and programs are temporarily stored during computer processing.

Random number generator (RNG)

A process used to generate an unpredictable series of numbers. Each individual value is called random if each of the values in the total population of values has an equal probability of being selected.

Random numbers

Random numbers are used in the generation of cryptographic keys, nonces, and authentication challenges.

Reachability analysis

Reachability analysis is helpful in detecting whether a protocol is correct. An initial state corresponds to a system when it starts running. From the initial state, the other states can be reached by a sequence of transitions. Based on the graph theory, it is possible to determine which states are reachable and which are not.

Read-only memory (ROM)

A place where parts of the operating system programs and language translator programs are permanently stored in microcomputer.

Read/write exploits

Generally, a device connected by FireWire has full access to read-and-write data on a computer memory. The FireWire is used by audio devices, printers, scanners, cameras, and GPS. Potential security risks in using these devices include grabbing and changing the screen contents; searching the memory for login ID and passwords; searching for cryptographic keys and keying material stored in RAM; injecting malicious code into a process; and introducing new processes into the system.

Recipient usage period (crypto-period)

The period of time during the crypto-period of a symmetric key during which the protected information is processed.

Reciprocal agreement

An agreement that allows two organizations to back up each other.

Reciprocity

A mutual agreement among participating organizations to accept each other’s security assessments in order to reuse information system resources and/or to accept each other’s assessed security posture in order to share information.

Record retention

A management policy and procedure to save originals of business documents, records, and transactions for future retrieval and reference. This is a management and preventive control.

Records

The recordings (automated and/or manual) of evidence of activities performed or results achieved (e.g., forms, reports, and test results), which serve as a basis for verifying that the organization and the information system are performing as intended. Also used to refer to units of related data fields (i.e., groups of data fields that can be accessed by a program and that contain the complete set of information on particular items).

Recovery

Process of reconstituting a database to its correct and current state following a partial or complete hardware, software, network, operational, or processing error or failure.

Recovery controls

The actions necessary to restore a system’s computational and processing capability and data files after a system failure or penetration. Recovery controls are related to recovery point objective (RPO) and recovery time objective (RTO).

Recovery point objective (RPO)

The point in time in to which data must be recovered after an outage in order to resume computer processing.

Recovery procedures

Actions necessary to restore data files of an information system and computational capability after a system failure.

Recovery time objective (RTO)

(1) The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or business functions. (2) The maximum acceptable length of time that elapses before the unavailability of the system severely affects the organization.

RED/BLACK concept

A separation of electrical and electronic circuits, components, equipment, and systems that handle unencrypted information (RED) in electrical form from those that handle encrypted information (BLACK) in the same form.

RED concept (encryption)

It is a designation applied to cryptographic systems when data/information or messages that contains sensitive or classified information that is not encrypted.

Red team

(1) A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The red team’s objective is to improve enterprise information assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the blue team) in an operational environment). (2) A test team that performs penetration security testing using covert methods and without the knowledge and consent of the organization’s IT staff, but with full knowledge and permission of upper management. The old name for the red team is tiger team.

Red team exercise

An exercise, reflecting real-world conditions, that is conducted as a simulated adversarial attempt to compromise organizational missions and/or business processes to provide a comprehensive assessment of the security capability of the information system and the organization itself.

Reduced sign-on (RSO)

The RSO is a technology that allows a user to authenticate once and then access many, but not all, of the resources that the user is authorized to use.

Redundancy

(1) A concept that can constrain the failure rate and protects the integrity of data. Redundancy makes a confidentiality goal harder to achieve. If there are multiple sites with backup data, then confidentiality could be broken if any of the sites gets compromised. Also, purging some of the data on a backup device could be difficult to do. (2) It is the use of duplicate components to prevent failure of an entire system upon failure of a single component and the part of a message that can be eliminated without loss of essential information. (3) It is a duplication of system components (e.g., hard drives), information (e.g., backup and archived files), or personnel intended to increase the reliability of service and/or decrease the risk of information loss.

Redundant array of independent disk (RAID)

A cluster of disks used to back up data onto multiple disk drives at the same time, providing increased data reliability and increased input/output performance. Seven classifications for RAID are numbered as RAID-0 through RAID-6. RAID storage units offer fault-tolerant hardware with varying degrees. Nested or hybrid RAID levels occur with two deep levels. A simple RAID configuration with six disks includes four data disks, one parity disk, and one hot spare disk. Problems with RAID include correlated failures due to drive mechanical issues, atomic write semantics (meaning that the write of the data either occurred in its entirety or did not occur at all), write cache reliability due to a power outage, hardware incompatibility with software, data recovery in the event of a failed array, untimely drive errors recovery algorithm, increasing recovery times due to increased drive capacity, and operator skills in terms of correct replacement and rebuild of failed disks, and exposure to computer viruses (Wikipedia).