Cissp Certification Wgu

The collection of similar elements into groups, classes, or roles for the assignment of security controls, restrictions, or permissions as a collective.

A form of testing that attempts to verify that a system satisfies the stated criteria for functionality and possibly also for security capabilities of a product. It is used to determine whether end users or customers will accept the completed product.

The letters in ACID represent the four required characteristics of database transactions: atomicity, consistency, isolation, and durability.

A number of functions that combine records from one or more tables to produce potentially useful information.

A set of software development approaches that eschew the rigid models of the past in favor of approaches that place an emphasis on the needs of the customer and on quickly developing new functionality that meets those needs in an iterative fashion.

APIs allow application developers to bypass traditional web pages and interact directly with the underlying service through function calls. While offering and using APIs creates tremendous opportunities for service providers, it also poses some security risks. Developers must be aware of these challenges and address them when they create and use APIs.

A higher level alternative to machine language code. Assembly languages use mnemonics to represent the basic instruction set of a CPU but still require hardware specific knowledge.

The degree of confidence that security needs are satisfied. Assurance must be continually maintained, updated, and reverified.

One of the four required characteristics of all database transactions. A database transaction must be an "all or nothing" affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.

A column within a table of a relational database.

Undocumented command sequences that allow individuals with knowledge of the backdoor to bypass normal access restrictions. Backdoors may be placed and left by the manufacturer or planted by hackers using exploits.

In the context of object oriented programming terminology and techniques, the results or output from an object after processing a message using a method.

A form of program testing that examines the input and output of a program without focusing on its internal logical structures.

A subset of attributes, columns, or fields that can be used to uniquely identify any record in a table.

The number of rows in a relational database.

The act of suppressing (or hiding) individual data items inside a database to prevent aggregation or inference attacks.

Software development is a collaborative effort and large software projects require teams of developers who may simultaneously work on different parts of the code. Code repositories act as a central storage point for developers to place their source code.

An object is highly cohesive if it can perform a task with little or no help from other objects. Highly cohesive objects are not as dependent on other objects as objects with lower cohesion. Objects with higher cohesion are often better. Highly cohesive objects perform tasks alone and have low coupling.

A computer language that is converted into machine language before distribution or execution.

A programming tool that converts higher level language code into an executable file designed for use on a specific operating system.

A security mechanism that endeavors to make certain that the information stored in a database is always correct or at least has its integrity and availability protected. Concurrency uses a "lock" feature to allow an authorized user to make changes and then "unlocks" data elements only after all changes are complete.

The level of interaction between objects. Lower coupling means less interaction. Lower coupling delivers better software design because objects are more independent. Lower coupling is easier to troubleshoot and update. Objects with low cohesion require lots of assistance from other objects to perform tasks and have high coupling.

Grouping data under labels for the purpose of applying security controls and access restrictions.

The database programming language that allows for the creation and modification of the database's structure (known as the schema).

The database programming language that allows users to interact with the data contained within the schema.

What happens when data or records of different values, classifications, security domains, and the like are co mingled or mixed together. It can be a form of integrity and confidentiality violation.

An application that enables the storage, modification, and extraction of information from a database.

The act of dividing a database into smaller sections or individual databases; often employed to segregate content with varying sensitivity labels.

An application that analyzes business data and presents it so as to make business decisions easier for users. DSS is considered an informational application more so than an operational application. Often a DSS is employed by knowledge workers (such as help desk or customer support) and by sales services (such as phone operators).

In the context of object oriented programming, the forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message.

Also known as the learning rule. It is the feature of expert systems that allows them to learn from experience.

The DevOps approach seeks to resolve issues of software development, quality assurance, and technology operations by bringing the three functions together in a single operational model. The word DevOps is a combination of Development and Operations, symbolizing that these functions must merge and cooperate to meet business requirements.

In a distributed data model, data is stored in more than one database but remains logically connected. The user perceives the database as a single entity, even though it consists of numerous parts interconnected over a network. Each field may have numerous children as well as numerous parents. Thus, the data mapping relationship is many to many.

One of the four required characteristics of all database transactions (the other three are atomicity, consistency, and isolation). The concept that database transactions must be resilient. Once a transaction is committed to the database, it must be preserved. Databases ensure durability through the use of backup mechanisms, such as transaction logs. expert system

A system that seeks to embody the accumulated knowledge of humankind on a particular subject and apply it in a consistent fashion to future decisions.

The response of a system to a failure so that it defaults to an "allow" posture.

The ability in the modern waterfall model that allows development to return to the previous phase to correct defects discovered during the subsequent phase.

A perimeter defining device. Fences are used to clearly differentiate between areas that are under a specific level of security protection and those that are not. Fencing can include a wide range of components, materials, and construction methods.

A primary key from another table used to cross link or express relationships between the contents of two tables.

A computational technique designed to more closely approximate human thought patterns than the rigid mathematics of set theory or algebraic approaches that utilize "black and white" categorizations of data.

A type of bar chart that shows the interrelationships over time between projects and schedules. It provides a graphical illustration of a schedule that helps to plan, coordinate, and track specific tasks in a project.

A very specific and highly detailed level of control over the security settings of an object.

A form of MAC environment. Hierarchical environments relate the various classification labels in an ordered structure from low security to medium security to high security. Each level or classification label in the structure is related. Clearance in a level grants the subject access to objects in that level as well as to all objects in all lower levels but prohibits access to all objects in higher levels.

A form of database that combines records and fields that are related in a logical tree structure. This is done so that each field can have one child or many or no children but each field can have only a single parent. Therefore, the data mapping relationship is one to many.

Programming languages that are not machine languages or assembly languages. These languages are not hardware dependent and are more understandable by humans. Such languages must be converted to machine language before or during execution.

An attack that involves using a combination of several pieces of nonsensitive information to gain access to information that should be classified at a higher level.

The second major component of an expert system that analyzes information in the knowledge base to arrive at the appropriate decision.

In object oriented programming, inheritance refers to a class which has one or more of the same methods from another class. So when a method has one or more of the same methods from another class, it is said to have inherited them.

Checking, scanning, filtering, or sanitizing input received from users (especially over the Internet) before processing the received input.

Programming languages that are converted to machine language one command at a time at the time of execution.

A platform independent programming language developed by Sun Microsystems.

A component of an expert system, the knowledge base contains the rules known by an expert system and seeks to codify the knowledge of human experts in a series of "if/then" statements.

See delta rule.

An assessment of the trust or reliability of a product based on its concepts of design, architecture, creation, testing, and distribution. Ultimately, a judgment as to whether a product was designed with security as a central feature.

A programming language that can be directly executed by a computer.

A model of models. Because the spiral model encapsulates a number of iterations of another model (the waterfall model), it is known as a metamodel.

A system in which a long chain of computational decisions that feed into each other and eventually add up to produce the desired output is set up.

See nonvolatile storage.

A storage system that does not depend on the presence of power to maintain its contents, such as magnetic/optical media and nonvolatile RAM (NVRAM).

Various levels of database organization designed to improve efficiency.

The database process that removes redundant data and ensures that all attributes are dependent on the primary key.

A passive entity that provides information or data to subjects. An object can be a file, a database, a computer, a program, a process, a file, a printer, a storage media, and so on.

A Microsoft technology used to link data objects into or from multiple files or sources on a computer.

A method of programming that uses encapsulated code sets called objects. OOP is best suited for eliminating error propagation and mimicking or modeling the real world.

A relational database combined with an object oriented programming environment.

The event that occurs when two or more rows in the same table appear to have identical primary key elements but contain different data for use at differing classification levels. Polyinstantiation is often used as a defense against some types of inference attacks.

In the context of object oriented programming terminology and concepts, the characteristic of an object to provide different behaviors based on the same message and methods owing to variances in external conditions.

A specific key from the set of candidate keys that is used as the main differentiator between records. Every record must have a unique value in its primary key field.

A project scheduling tool. It is a method used to judge the size of a software product in development and calculate the standard deviation (SD) for risk assessment. PERT relates the estimated lowest possible size, the most likely size, and the highest possible size of each component. PERT is used to direct improvements to project management and software coding in order to produce more efficient software. As the capabilities of programming and management improve, the actual produced size of software should be smaller.

The crafting and use of special test suites of data that exercise all paths of the software to the fullest extent possible and comparison of the results to the known correct expected outputs.

Used to enforce relationships between two tables. One table in the relationship contains a foreign key that corresponds to the primary key of the other table in the relationship.

A database that consists of tables that contain a set of related records.

A common security feature of a DBMS. This feature ensures that no structural or semantic rules are violated. It also checks that all stored data types are within valid domain ranges, that only logical values exist, and that any and all uniqueness constraints are met.

The security response of an operating system, such as Windows, when an application performs an illegal operation, such as accessing hardware or modifying/accessing the memory space of another process.

The main building block of a relational database; also known as a relation.

Undocumented command sequence that allows software developers to bypass normal access restrictions.

A record or row in a database.

See volatile storage.

A storage medium, such as RAM, that loses its contents when power is removed from the resource.