Cyclomatic complexity metrics

A program module’s cohesion can be measured indirectly through McCabe’s and Halstead’s cyclomatic complexity metrics and Henri and Kafura’s information flow complexity metrics.

D

Daemon

A program associated with UNIX systems that perform a housekeeping or maintenance utility function without being called by the user. A daemon sits in the background and is activated only when needed.

Dashboards

Dashboards are one type of management metrics in which they consolidate and communicate information relevant to the organizational security status in near-real time to security management stakeholders. These dashboards present information in a meaningful and easily understandable format to management. Some applications of dashboards include implementation of separation of duties, security authorizations, continuous system monitoring, security performance measures, risk management, and risk assessment.

Data

Programs, files, or other information stored in, or processed by a computer system.

Data administrator (DA)

A person responsible for the planning, acquisition, and maintenance of database management software, including the design, validation, and security of database files. The DA is fully responsible for the data model and the data dictionary software.

Data architecture

Data compilation, including who creates and uses it and how. It presents a stable basis for the processes and information used by the organization to accomplish its mission.

Data at rest

Data at rest (data on the hard drive) address the confidentiality and integrity of data in nonmobile devices and covers user information and system information. File encryption or whole (full) disk encryption protects data in storage (data at rest).

Data authentication code

The code is a mathematical function of both the data and a cryptographic key. Applying the Data Authentication Algorithm (DAA) to data generates a data authentication code. When data integrity is to be verified, the code is generated on the current data and compared with the previously generated code. If the two values are equal, data integrity (i.e., authenticity) is verified. The data authentication code is also known as a message authentication code (MAC).

Data block

A sequence of bits whose length is the block size of the block cipher.

Data classification

From data security standpoint, all data records and files should be labeled as critical, noncritical, classified, sensitive, secret, top-secret, or identified through some other means so that protective measures are taken according to the criticality of data.

Data cleansing

Includes activities for detecting and correcting data in a database or traditional file that are incorrect, incomplete, improperly formatted, or redundant. Also known as data scrubbing.

Data communications

Information exchanged between end-systems in machine-readable form.

Data confidentiality

The state that exists when data is held in confidence and is protected from unauthorized disclosure.

Data contamination

A deliberate or accidental process or act that results in a change in the integrity of the original data.

Data custodian

The individual or group that has been entrusted with the possession of, and responsibility for, the security of specified data. Compare with data owner.

Data declassification

Data and storage media declassification is an administrative procedure and decision to remove the security classification of the subject media. It includes actual purging of the media and removal of any labels denoting classification, possibly replacing them with labels denoting that the storage media is unclassified. The purging procedures should include the make, model number, and serial number of the degausser used and the date of the last degausser test if degaussing is done; or the accreditation statement of the software if overwriting is done. The reason for the data downgrade, declassification, regrade, or release should be given along with the current media’s classification and requested reclassification of the same media.

Data dictionary

A central repository of an organization’s data elements and its relationships.

Data diddling

The entering of false data into a computer system.

Data downgrade

The change of a classification label to a lower level without changing the contents of the data. Downgrading occurs only if the content of a file meets the requirements of the sensitivity level of the network for which the data is being delivered.

Data element

A basic unit of information that has a unique meaning and sub-categories (data items) of distinct value. Examples of data elements include gender, race, and geographic location.

Data encrypting key

A cryptographic key used for encrypting and decrypting data.

Data encryption algorithm (DEA)

The symmetric encryption algorithm that serves as the cryptographic engine for the triple data encryption algorithm (TDEA).

Data encryption standard (DES)

A U.S. Government-approved, symmetric cipher, encryption algorithm used by business and civilian government agencies that serve as the cryptographic engine for the triple data encryption algorithm (TDEA). The advanced encryption standard (AES) is designed to replace DES. The original “single” DES algorithm is no longer secure because it is now possible to try every possible key with special purpose equipment or a high performance cluster. Triple DES, however, is still considered to be secure.

Data file organization

Deals with the way data records are accessed and retrieved from computer files. When designing a file, security factors, access methods, and storage media costs should be considered. Record keys, pointers, or indexes are needed to read and write data to or from a file. Record key is part of a logical record used for identification and reference. A primary key is the main code used to store and locate records within a file. Records can be sorted and temporary files created using codes other than their primary keys. Secondary keys are used for alternative purposes including inverted files. A given data record may have more than one secondary key. Pointers show the physical location of records in a data file. Addresses are generated using indexing, base registers, segment registers, and other ways.

Data flow diagram (DFD)

A graphic model of the logical relationships within a computer-based application system. DFD is an input to the structure chart.

Data hiding

Data/information hiding is closely tied to modularity, abstractions, and maintainability. Data hiding means data and procedures in a module are hidden from other parts of the software. Errors from one module are not passed to other modules; instead they are contained in one module. Abstraction helps to define the procedures, while data hiding defines access restrictions to procedures and local data structures. The concept of data hiding is useful during program testing and software maintenance. Note that layering, abstraction, and data hiding are protection mechanisms in security design architecture.

Data in transit

Data in transit (data on the wire) deals with protecting the integrity and confidentiality of transmitted information across internal and external networks. Line encryption protects the data in transit and line encryption protects data in transfer.