Backup operations

Methods for accomplishing essential business tasks subsequent to disruption of a computer facility and for continuing operations until the facility is sufficiently restored.

Backup plan

Synonymous with contingency plan.

Backup procedures

The provisions made for the recovery of data files and program libraries, and for restart or replacement of computer equipment after the occurrence of a system failure or of a disaster. Examples include normal (full) backup, incremental backup, differential backup, image backup, file-by-file backup, copy backup, daily backup, record-level backup, and zero-day backup.

Bandwidth

Measures the data transfer capacity or speed of transmission in bits per second. Bandwidth is the difference between the highest frequencies and the lowest frequencies measured in a range of Hertz (that is, cycles per second). Bandwidth compression can reduce the time needed to transmit a given amount of data in a given bandwidth without reducing the information content of the signal being transmitted. Bandwidth can negatively affect the performance of networks and devices, if it is inadequate.

Banner grabbing

The process of capturing banner information, such as application type and version, that is transmitted by a remote port when a connection is initiated.

Base station (WMAN/WiMAX)

A base station (BS) is the node that logically connects fixed and mobile subscriber stations (SSs) to operator networks. A BS consists of the infrastructure elements necessary to enable wireless communications (i.e., antennas, transceivers, and other equipment).

Baseline (configuration management)

A baseline indicates a cut-off point in the design and development of a configuration item beyond which configuration does not evolve without undergoing strict configuration control policies and procedures. Note that baselining is first and versioning is next.

Baseline (software)

(1) A set of critical observations or data used for comparison or control. (2) A version of software used as a starting point for later versions.

Baseline architecture

The initial architecture that is or can be used as a starting point for subsequent architectures or to measure progress.

Baseline controls

The minimum-security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection objectives. Three sets of baseline controls (i.e., low-impact, moderate-impact, and high-impact) provide a minimum security control assurance.

Baselining

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected.

Basic authentication

A technology that uses the Web server content’s directory structure. Typically, all files in the same directory are configured with the same access privileges using passwords, thus not secure. The problem is that all password information is transferred in an encoded, rather than an encrypted, form. These problems can be overcome using basic authentication in conjunction with SSL/TLS.

Basis path testing

It is a white-box testing technique to measure the logical complexity of a procedural design. The goal is to execute every computer program statement at least once during testing realizing that many programs paths could exist.

Basic testing

A test methodology that assumes no knowledge of the internal structure and implementation details of the assessment object. Basic testing is also known as black box testing.

Bastion host

A host system that is a “strong point” in the network’s security perimeter. Bastion hosts should be configured to be particularly resistant to attack. In a host-based firewall, the bastion host is the platform on which the firewall software is run. Bastion hosts are also referred to as “gateway hosts.” A bastion host is typically a firewall implemented on top of an operating system that has been specially configured and hardened to be resistant to attack.

Bearer assertion

An assertion that does not provide a mechanism for the subscriber to prove that he is the rightful owner of the assertion. The relying party has to assume that the assertion was issued to the subscriber who presents the assertion or the corresponding assertion reference to the relying party.

Behavioral outcome

What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance.

Benchmark testing

Uses a small set of data or transactions to check software performance against predetermined parameters to ensure that it meets requirements.

Benchmarking

It is the comparison of core process performance with other components of an internal organization or with leading external organizations.

Best practices

Business practices that have been shown to improve an organization’s IT function as well as other business functions.

Beta testing

Use of a product by selected users before formal release.

Between-the-lines entry

(1) Access, obtained through the use of active wiretapping by an unauthorized user, to a momentarily inactive terminal of a legitimate user assigned to a communications channel. (2) Unauthorized access obtained by tapping the temporarily inactive terminal of a legitimate use.

Binding

(1) Process of associating two related elements of information. (2) An acknowledgment by a trusted third party that associates an entity’s identity with its public key. This may take place through (i) certification authority’s generation of a public key certificate, (ii) a security officer’s verification of an entity’s credentials and placement of the entity’s public key and identifier in a secure database, or (iii) an analogous method.

Biometric access controls

Biometrics-based access controls are implemented using physical and logical controls. They are most expensive and most secure compared to other types of access control mechanisms.

Biometric information

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns).

Biometric system

An automated system capable of the following: (1) capturing a biometric sample from an end user, (21) extracting biometric data from that sample, (3) comparing the extracted biometric data with data contained in one or more references, (4) deciding how well they match, and (5) indicating whether or not an identification or verification of identity has been achieved.

Biometric template

A characteristic of biometric information (e.g., minutiae or patterns).

Biometrics

(1) Automated recognition of individuals based on their behavioral and biological characteristics. (2) A physical or behavioral characteristic of a human being. (3) A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial patterns, fingerprints, eye retinas and irises, voice patterns, and hand measurements are all examples of biometrics. (4) Biometrics may be used to unlock authentication tokens and prevent repudiation of registration.