For example, (1) business records, such as sales orders and purchase orders, usually come under hearsay evidence and were not admissible before. They are admissible only when a witness testifies the identity and accuracy of the record and describes its mode of preparation. Today, all business records made during the ordinary course of business are admissible if the business is a legitimate entity. (2) Photographs are hearsay evidence, but they will be considered admissible if properly authenticated by a qualified person who is familiar with the subject portrayed and who can testify that the photograph is a good representation of the subject, place, object, or condition.
Advanced data communications control procedure (ADCCP)
Advanced data communications control procedure (ADCCP) is an example of sliding window protocol. ADCCP is a modified Synchronous Data Link Control (SDLC), which became high-level data link control (HDLC), and later became link access procedure B (LAPB) to make it more compatible with HDLC (Tanenbaum).
Advanced encryption standard (AES)
The AES specifies a cryptographic algorithm that can be used to protect electronic data. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called cipher text; decrypting the cipher text converts the data back into its original form, called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits. AES is an encryption algorithm for securing sensitive but unclassified material. The combination of XEX tweakable block cipher with cipher text stealing (XTS) and AES is called XTS-AES. The XTS-AES algorithm is designed for the cryptographic protection of data on storage devices that use fixed length data units. It is not designed for encryption of data in transit as it is designed to provide confidentiality for the protected data. The XTS-AES does not provide authentication or access control services.
Advanced persistent threat
An adversary with sophisticated levels of expertise and significant resources use multiple different attacks vectors repeatedly (e.g., cyber, physical, and deception) to generate attack opportunities to achieve its objective.
Agent
(1) A program used in distributed denial denial-of-service (DDoS) attacks that send malicious traffic to hosts based on the instructions of a handler, also known as a bot. (2) A host-based intrusion detection and prevention program that monitors and analyzes activity and may also perform prevention actions.
Aggregation
The result of assembling or combining distinct units of data when handling sensitive information. Aggregation of data at lower sensitivity level may result in the total data being designated at a higher sensitivity level.
Aggressive mode
Mode used in Internet Protocol security (IPsec) phase 1 to negotiate the establishment of the Internet key exchange security association (IKESA).
Agile defense
Agile defense can handle serious cyber attacks and supply chain attacks as it employs the concept of information system resilience. Information system resilience is the ability of systems to operate while under attack, even in a degraded or debilitated state, and to rapidly recover operational capabilities for essential functions after a successful attack.
Alarm reporting
An open system interconnection (OSI) term that refers to the communication of information about a possible detected fault. This information generally includes the identification of the network device or network resource in which the fault was detected, the type of the fault, its severity, and its probable cause.
Alarm surveillance
The set of functions that enable (1) the monitoring of the communications network to detect faults and fault-related events or conditions, (2) the logging of this information for future use in fault detection and other network management activities, and (3) the analysis and control of alarms, notifications, and other information about faults to ensure that resources of network management are directed toward faults affecting the operation of the communications network. Analysis of alarms consists of alarm filtering, alarm correlation, and fault prediction. This is a management and detective control.
Alert
(1) A notice of specific attack directed at an organization’s IT resources. (2) A notification of an important observed event.
Amplifier attack
Like a reflector attack, an amplifier attack involves sending requests with a spoofed source address to an intermediate host. However, an amplifier attack does not use a single intermediate host; instead, its goal is to use a whole network of intermediate hosts. It attempts to accomplish this action by sending an ICMP or UDP request to an expected broadcast address, hoping that many hosts will receive the broadcast and respond to it. Because the attacker’s request uses a spoofed source address, the responses are all sent to the spoofed address, which may cause a DoS for that host or the host’s network. Network administrators block amplifier attacks by configuring border routers to not forward directed-broadcasts, but some still permit them, which is a countermeasure.
Analog signal
A continuous electrical signal whose amplitude varies in direct correlation with the original input.
Anomaly
Any condition that departs from the expected. This expectation can come from documentation (e.g., requirements specifications, design documents, and user documents) or from perceptions or experiences. An anomaly is not necessarily a problem in the software but a deviation from the expected so that errors, defects, faults, and failures are considered anomalies.
Anomaly-based detection
The process of comparing definitions of what activity is considered normal against observed events to identify significant deviations.
Anti-jam
Countermeasures ensuring that transmitted information can be received despite deliberate jamming attempts.
Anti-spoof
Countermeasures taken to prevent the unauthorized use of legitimate identification & authentication (I&A) data, however it was obtained, to mimic a subject different from the attacker.
Anti-virus software
A program that monitors a computer or network to identify all major types of malware and prevent or contain malware incidents.
Applets
Small applications written in various programming languages automatically downloaded and executed by applet-enabled World Wide Web (WWW) browsers. Examples include Active-X and Java applets, both of which have security concerns.
Applicant
A party undergoing the processes of registration and identity proofing.
Application
The use of information resources (information and information technology) to satisfy a specific set of user requirements.
Application-based intrusion detection and prevention system
A host-based intrusion detection and prevention system (IDPS) that performs monitoring for a specific application service only, such as a Web server program or a database server program.
Application content filtering
It is performed by a software proxy agent to remove or quarantine viruses that may be contained in e-mail attachments, to block specific multipurpose Internet mail extension (MIME) types, or to filter other active content, such as Java, JavaScript, and Active-X® Controls.