A cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services.

Role-based security policy

Access rights are grouped by role names and the use of resources is restricted to individuals authorized to assume the associated roles.

Rollback

Restores the database from one point in time to an earlier point.

Rollforward

Restores the database from a point in time when it is known to be correct to a later time.

Root cause analysis

A problem-solving tool that uses a cause-and-effect (C&E) diagram. This diagram analyzes when a series of events or steps in a process creates a problem and it is not clear which event or step is the major cause of the problems. After examination, significant root causes of the problem are discovered, verified, and corrected. The C&E diagram is also called a fishbone or Ishikawa diagram and is a good application in managing a computer security incident response as a remediation step.

Rootkit

(1) A set of tools used by an attacker after gaining root-level access to a host to conceal the attacker’s activities on the host and permit the attacker to maintain root-level access to the host through covert means. (2) A collection of files that is installed on a system to alter the standard functionality of the system in a malicious and stealthy way.

Rotational cryptanalysis

A generic attack against algorithms that rely on three operations: modular addition, rotation, and XOR (exclusive OR). Algorithms relying on these operations are popular because they are relatively inexpensive in both hardware and software and operate in constant time, making them safe from timing attacks in common implementations (Wikipedia).

Rotation of duties

A method of reducing the risk associated with a subject performing a (sensitive) task by limiting the amount of time the subject is assigned to perform the task before being moved to a different task.

Round key

Round keys are values derived by the cipher key using the key expansion routine; they are applied to the state in the cipher and inverse cipher.

Round-robin DNS

A technique of load distribution, load balancing, or fault-tolerance provisions with multiple, redundant Internet Protocol (IP) service hosts (for example, Web servers and FTP servers). It manages the domain name system (DNS) response to address requests from client computers according to a statistical model. It works by responding to DNS requests not only with a single IP address, but also a list of IP addresses of several servers that host identical services. The order in which IP addresses from the list are returned is the basis for the term round robin. With each DNS response, the IP addresses sequence in the list is permuted. This is unlike the usual basic IP address handling methods based on network priority and connection timeout (Wikipedia).

Route flapping

A situation in which Border Gateway Protocol (BGP) sessions are repeatedly dropped and restarted, normally as a result of router problems or communication line problems. Route flapping causes changes to the BGP routing tables.

Router

(1) A physical or logical entity that receives and transmits data packets or establishes logical connections among a diverse set of communicating entities (usually supports both hardwired and wireless communication devices simultaneously). (2) A node that interconnects sub-networks by packet forwarding. (3) A device that connects two or more networks or network segments, and may use Internet Protocol (IP) to route messages. (4) A device that keeps a record of network node addresses and current network status, and it extends LANs. (5) A router operates in the network layer of the ISO/OSI reference model.

Router-based firewall

Security is implemented using screening routers as the primary means of protecting the network.

Routine variation

A risk-reducing principle that underlies techniques, reducing the ability of potential attackers to anticipate scheduled events in order to minimize associated vulnerabilities.

Rubber-hose cryptanalysis

The extraction of cryptographic secrets (for example, the password to an encrypted file) from a person by coercion or torture in contrast to a mathematical or technical cryptanalytic attack. The term rubber-hose refers to beating individuals with a rubber hose until they cooperate in revealing cryptographic secrets. Rubber-hose and social engineering attacks are not a general class of side channel attack (Wikipedia).

Rule-based access control (RuBAC)

Access control based on specific rules relating to the nature of the subject and object, beyond their identities such as security labels. A RuBAC decision requires authorization information and restriction information to compare before any access is granted. RuBAC and MAC are considered equivalent.

Rule-based security policy

A security policy based on global rules imposed for all subjects. These rules usually rely on a comparison of the sensitivity of the objects being assessed and the possession of corresponding attributes by the subjects requesting access.

Rules of behavior (ROB)

Rules established and implemented concerning use of, security in, and acceptable level of risk of the system. Rules will clearly delineate responsibilities and expected behavior of all individuals with access to the system. The organization establishes and makes readily available to all information system users a set of rules that describes their responsibilities and expected behavior with regard to information system usage.

Rules of engagement (ROE)

Detailed guidelines and constraints regarding the execution of information security testing. The white team establishes the ROE before the start of a security test. It gives the test team authority to conduct the defined activities without the need for additional permissions.

Rules of evidence

The general rules of evidence require that the evidence must be sufficient to support a finding, must be competent (reliable), must be relevant based on facts and their applicability, and must be significant (material and substantive) to the issue at hand. The chain of custody should accommodate the rules of evidence and the chain of evidence.

Ruleset

(1) A table of instructions used by a controlled (managed) interface to determine what data is allowable and how the data is handled between interconnected systems. Rulesets govern access control functionality of a firewall. The firewall uses these rulesets to determine how packets should be routed between its interfaces. (2) A collection of rules or signatures that network traffic or system activity is compared against to determine an action to take, such as forwarding or rejecting a packet, creating an alert, or allowing a system event.

S

S/MIME

(1) A version of the multipurpose Internet mail extension (MIME) protocol that supports encrypted messages. (2) A set of specifications for securing electronic mail. The basic security services offered by secure/MIME (S/MIME) are authentication, nonrepudiation of origin, message integrity, and message privacy. Optional security services by S/MIME include signed receipts, security labels, secure mailing lists, and an extended method of identifying the signer’s certificate(s). S/MIME is based on RSA’s public-key encryption technology.

Safe harbor principle

Principles that are intended to facilitate trade and commerce between the U.S. and European Union for use solely by U.S. organizations receiving personal data from the European Union. It is based on self-regulating policy and enforcement mechanism where it meets the objectives of government regulations but does not involve government enforcement.