Official (ISC)² CSSLP - Chapter 1: Secure Software Concepts Domain Already Passed

Official (ISC)² CSSLP - Chapter 1: Secure Software Concepts Domain Already Passed Algorithm A clearly specified mathematical process for computation; a set of rules that, if followed, will give a prescribed result. Asset Anything of value may be considered an asset. Assets may be tangible or intangible. Asymmetric Algorithm A reference to cryptographic algorithms that rely on a mathematically related public-private key pair to perform encryption/decryption. Whichever key is used to encrypt a message, the other key must be used to decrypt the message. Aside from confidentiality, these algorithms may also be used for the purpose of key exchange and/or digital signatures. Authentication The process of verifying a subject's identity based on one or more authentication factors. Authentication follows identification. Authorization The process of determining the rights and permissions of subjects in regard to objects. Authorization follows authentication. Countermeasure A reference to physical, administrative, or technical security controls used to protect assets. Countermeasures are reactive in nature. Cryptographic Hash Function An algorithm (function) suited for use in cryptography and used to map input data of arbitrary length to a fixed size output. Good hash functions are one way, deterministic, and collision resistant. Deterministic A reference to hash functions that always produce the same digest from the same input data. Digital Signature A reference to cryptographic operations that, when implemented correctly, can provide assurance for data integrity, origin, and nonrepudiation. Encryption Algorithm Set of mathematically expressed rules for rendering data unintelligible by executing a series of conversions controlled by a key. Identification Claim of an identity by a subject. Malware Malicious software such as viruses, worms, or Trojans. Different malware may have different characteristics and deliver various payloads. Safeguard A reference to physical, administrative, or technical security controls used to protect assets. Safeguards are proactive in nature. Software Development Lifecycle (SDLC) A framework and a systematic process with associated tasks that are performed in a series of steps for building software applications. The lifecycle begins with planning and requirements gathering and ends with decommissioning and sunsetting the software. Threat Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, and other organizations through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Trusted Computing Base (TCB) Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy. Trusted Platform Module (TPM) A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys. Version Control Also known as revision control or source control systems. A reference to software tools that are used by software development teams to manage the access and the changes to source code over time.